A project has been engaged by a company and with it’s to pretend to show the entire company the status of the company's security against all the threats that exist today on the Internet, focusing its efforts on the human factor and the dimensioning and configuration of their systems.
What do it mean? That is a typical ethical hacking project. It should not be confused with hacker ethics or computer ethics, although all these issues go hand in hand.
Ethical hacking is a professional discipline in the field of computer security that allows evaluate the level of vulnerability and risk in which the computer systems or assets of an organization are found through a prior agreement with the client. This has been enforced by society to differentiate the ethical behavior of a professional from unauthorized illegal actions by someone with worse intentions.
The main target of an Ethical Hacking process is to detect, investigate and exploit existing vulnerabilities in a system of interest. It is important to emphasize the interest, since if the information contained in that system is less valuable than the time it would take a hacker to access it, nobody would want it.
Control of the situation
At any time during the Ethical Hacking process, all activities must be controlled, every attack must be blocked at any time. For example, in a DDOS attack you can’t rent or use a botnet, to cover this test.
Managers of these processes
Ethical hackers are also known as pen testers, and are responsible for performing penetration testing or intrusion systems. These hackers are often called as white hat, since in Western movies the good guy always wear a white hat. Another name is samurai, who investigate cases about privacy rights. The difference between both is, samurais do that attack on behalf of their customers, as long as they attack assets of these.
- Knowledge the degree of vulnerability of information systems. Knowledge that must allow the reduction of those risks that can compromise the confidentiality and integrity of the most asset of any organization that is the information that manages.
- Improvement the security of the organization. The security audit should contribute to improving the robustness of information systems against possible external and internal attacks and bad uses.
- Training and awareness the employees of the organization, to promote a behavior and attitude in their daily operations to improve information security, avoiding unnecessary risks.
There are several professional certifications that can be obtained for the professional practice of Ethical Hacking. Some of them are:
- Certified Ethical Hacker by EC-Council
- Certified Information Security Manager (CISM) by ISACA
- Professional Certificate of Security Information Systems (CISSP) by ISC2
- Professional Certified Wireless Security (CWSP) by Certified Wireless Network Professional (CWNP)
- CompTIA Security +
- All Global Information Assurance (GIAC)