Executing The Plan

intercepter ng windows

Executing The Plan

 

Ethical Hacking can take persistence. Time and patience are important. Be careful when you're performing your ethical hacking tests. A hacker in your network or a seemingly benign employee looking over your shoulder may watch what's going on. This person could use this information against you.

   It's not practical to make sure that no hackers are on your systems before you start. Just make sure you keep everything as quiet and private as possible. This is especially critical when transmitting and storing your test result. If possible, encrypt these e-mails and files using Pretty Good Privacy (PGP) or something similar. At a minimum, password protect them.

   You're now on a reconnaissance mission. Harness as much information as possible about your organization and systems, which is what malicious hackers do. Start with a broad view and narrow your focus:

1. Search the internet for your organization's name, your computer and network system names, and your IP addresses.

Google is a great place to start for this.

2. Narrow your scope, targeting the specific systems you're testing.

Whether physical-security structures or Web applications, a casual assessment can turn up much information bout your systems.

3. Further narrow your focus with a more critical eye. Perform actual scans and other detailed tests on your systems.

4. Perform the attacks, if that's what you choose to do.

Evaluating results

   Assess your results to see what you uncovered, assuming that the vulnerabilities haven't been made obvious before now. This is where knowledge counts. Evaluating the results and correlating the specific vulnerabilities discovered is a skill that gets better with experience. You'll end up knowing your systems as well as anyone else. This makes the evaluation process much simpler moving forward.

   Submit a formal report to upper management or to your customer, outlining your results. Keep these other parties in the loop to show that your effort and their money are well spent.

Moving on

   When you've finished your ethical hacking tests, you still need to implement your analysis and recommendations to make sure your systems are secure.

   New security vulnerabilities continually appear. Information systems constantly change and become more complex. New hacker exploits and security vulnerabilities are regularly uncovered. You may discover new ones! Security tests are a snapshot of the security posture of your your systems. At any time, everything can change, especially after software upgrades, adding computer systems, or applying patches, plan to test regularly (for example, once a week or once a month).