Ashutosh Jha's Page

ETHICAL HACKING – AN INTRODUCTION

Little more than 10 years ago, security was barely a newborn in diapers.

With only a handful of security professionals in 1994, few practiced security

and even fewer truly understood it. Security technologies amounted to

little more than anti-virus software and packet filtering routers at that time.

And the concept of a “hacker” came primarily from the Hollywood movie “War

Games”; or more often it referred to someone with a low golf score. As a result,

just like Rodney Dangerfield it got “no respect” and no one took it seriously.

IT professionals saw it largely as a nuisance, to be ignored — that is until

they were impacted by it.

 

Today, the number of Certified Information Systems Security Professionals

(CISSP) have topped 23,000 (www.isc2.org) worldwide, and there are more

security companies dotting the landscape than anyone could possibly remember.

Today security technologies encompass everything from authentication

and authorization, to firewalls and VPNs. There are so many ways to address

the security problem that it can cause more than a slight migraine simply considering

the alternatives. And the term “hacker” has become a permanent part

of our everyday vernacular — as defined in nearly daily headlines. The world

(and its criminals) has changed dramatically.

 

So what does all this mean for you, the home/end user or IT/security professional

that is thrust into this dangerous online world every time you hit the

power button on your computer? The answer is “everything”. The digital

landscape is peppered with land mines that can go off with the slightest

touch or, better yet, without any provocation whatsoever. Consider some

simple scenarios:

 

Simply plugging into the Internet without a properly configured firewall

can get you hacked before the pizza is delivered, within 30 minutes

or less.

 

Opening an email attachment from a family member, friend, or work colleague

can install a backdoor on your system allowing a hacker free

access to your computer.

 

Downloading and executing a file via your Internet Messaging (IM) program

can turn your pristine desktop into a Centers for Disease Control

(CDC) hotzone, complete with the latest alphabet soup virus.

 

Browsing to an innocent (and trusted) website can completely compromise

your computer, allowing a hacker to read your sensitive files or

worse delete them.

 

Do you believe the energy commissions report about the biggest power outage

in U.S history? The one that on August 14, 2003 left 1/5th of the U.S. population

without power (about 50 million people) for over 12 hours? Do you believe that

it has to do with untrimmed trees and faulty control processes? If you believe

in Occam’s Razor, then yes, the simplest explanation is usually the correct one

but remember this: the power outage hit just three days after the Microsoft

Blaster worm, one of the most vicious computer worms ever unleashed on

the Internet, first hit. Coincidence? Perhaps.

 

Make no mistake; the digital battlefield is very real. It has no beginning, it has

no ending, it has no boundaries, and it has no rules. Read this book, learn

from it and defend yourself or we may lose this digital war.

Posted in Introduction | 1 Comment »