http://www.zdnet.com/computershopper/edit/cshopper/content/9902/383168.html Hackers Go Pro by Nancy Nicolaisen and Dan Costa Penetration analysis, or ethical hacking, is an increasingly popular way for businesses to find holes in their networks. Vendors are lining up to break and enter for profit Introduction Ethical hacking might seem like an oxymoron, and it does present some confusing issues, but it is also a growing and legitimate IT specialty. Ethical hackers can be separated into two broad classes--independents and consultants. Independent ethical hackers believe that discovering the weaknesses of software, hardware, and the networks upon which we all depend is an inherently good or ethical act. These good-Samaritan Netizens have been around for years--poking holes in Internet Explorer, breaking encryption algorithms, accessing networks without authority. Sometimes they report the hack to the company; other times the hack announces itself, and the vendor must quickly fix the problem. This real-world market testing can make products stronger and safer for the rest of us. Ethical-hacker consultants do basically the same thing, but they get paid for it. We should mention that ethical hacking never entails damaging property, destroying data, or stealing private information. These activities may be hacks, but they fail most any standard of ethics. In fact, some in the hacker community refer to these kinds of criminals as "crackers." Though most professional system managers accept garden-variety hackers, or crackers, as part of the spectrum of risk-management responsibility by which they earn their daily bread, the emergence of expert hackers represents a new kind and degree of threat. Truly dangerous hackers come from one of two groups: disgruntled insiders, and those rare few who command expert knowledge of targeted systems' communication protocols and operating-system internals. In the first case, a bit of prudence is an effective defense. The latter requires more aggressive measures, like hiring professional ethical hackers to find the weak points in a company's security. [snip...] -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:16:24 PDT