Today's Quote – Whether you think you can or whether you think you can't, you're right.

Categories

Recent Comments

Determining What Systems to Hack

Written by admin on 26 December 2008

You probably don’t want — or need — to assess the security of all your systems

at the same time. This could be quite an undertaking and could lead to

problems. 

 You may decide which systems to test based on a high-level risk

analysis, answering questions such as:

 

  •  What are your most critical systems? Which systems, if hacked, would cause the most trouble or the greatest losses?
  •  Which systems appear to be most vulnerable to attack?
  •  Which systems are not documented, are rarely administered, or are the ones you know the least about?

 

After you’ve established your overall goals, decide which systems to test.

This step helps you carefully define a scope for your ethical hacking so that

you not only establish everyone’s expectations up front, but also better estimate

the time and resources for the job.

 

The following list includes systems and applications that you may consider

performing your hacking tests on:

 

  •  Routers
  •  Firewalls
  •  Network infrastructure as a whole
  •  Wireless access points and bridges
  •  Web, application, and database servers
  •  E-mail and file/print servers
  •  Workstations, laptops, and tablet PCs
  •  Mobile devices (such as PDAs and cell phones) that store confidential information
  •  Client and server operating systems
  •  Client and server applications, such as e-mail or other in-house systems

 

What specific systems you should test depends on several factors. If you have

a small network, you can test everything from the get-go. You may consider

testing just public-facing hosts such as e-mail and Web servers and their

associated applications. The ethical hacking process is flexible. Base these

decisions on what makes the most business sense.

 

Start with the most vulnerable systems, and consider the following factors:

 

  •  Where the computer or application resides on the network
  •  Which operating system and application(s) it runs
  •  The amount or type of critical information stored on it

 

If you’re hacking your own systems or a customer’s systems, a previous

security-risk assessment or vulnerability test may already have generated

this information. If so, that documentation may help identify systems for

more testing.

Ethical hacking goes a few steps beyond the higher-level information risk

assessments and vulnerability testing. As an ethical hacker, you first glean

information on all systems — including the organization as a whole — and

then further assess the systems that appear most vulnerable. 

 

Another factor to help you decide where to start is to assess the systems that

have the greatest visibility. For example, focusing on a database or file server

that stores customer or other critical information may make more sense — at

least initially — than concentrating on a firewall or Web server that hosts

marketing information about the company.

Posted in Introduction | No Comments »

Previous Topic
Next Topic

Leave a Reply

Creative Commons License
This work by Ashutosh Jha is licensed under a Creative Commons Attribution-Share Alike 2.5 India License.
Custom Search

Enter your email address:

Delivered by FeedBurner

Chat Box


Loading

WP Shoutbox
Name
Website
Message
Smile
:mrgreen::neutral::twisted::arrow::shock::smile::???::cool::evil::grin::idea::oops::razz::roll::wink::cry::eek::lol::mad::sad:8-)8-O:-(:-):-?:-D:-P:-o:-x:-|;-)8)8O:(:):?:D:P:o:x:|;):!::?:

Recent Posts

Archives

SponsoredTweets referral badge
Improve the web with Nofollow Reciprocity.