Monday, May 2, 2016
Ten Important Rules Of Ethical Hacking
Time and again we have been bringing you valuable resources on ethical hacking since we know and understand the nature of things as far as security goes. Ethical hacking is picking up steam each day with more and more organisations spending heftily to maintain the sanctity of their systems and data. As such, ethical hacking is a glorious career option in the current scheme of things.
1.Set your goals straight
To begin with, an ethical hacker must start thinking like the intruder. He must be able to identify the loopholes on the target access points or networks that are prone to attack, he must be aware of the repercussions of these loopholes and how the intruder can use it against the same. An ethical hacker then has to find out if anyone at the target notice the intruder's attempts to carry out his/her acts. Finding out and eliminating unauthorised wireless access points is always the top most priority of an ethical hacker.
2.Plan your testing process
You can never be sure when something or the other comes along that could make you take a backseat. Money, personnel, or time is not in your hands, therefore constraints might knock on your door anytime without prior notice. As such, to avoid any untoward incidence, you must identify the networks you intend to test and decide before hand the time period for this process. Once the basics are set right you must specify a testing process that you'll carry out. Planning is crucial and sharing it with all the concerned personnel advisable. An approval of the testing process by all stakeholders involved is also necessary.
3.Ask for permission
Getting permission for your deeds is a must to avoid any legal repercussions that might turn up against you in the future. This permission must be in written and must clearly state that you hold the authorised rights to carry out the particular test you intend for and that the said organisation will back you at all times in case any criminal charges come up against you.
4.Work ethically, work professionally
Refrain from stepping out of the said plan, stick to the set goals and plan. Also, refrain from sharing any information regarding your plan and testing to anyone outside your set domain. As an ethical hacker you're bound to confidentiality and non-disclosure of events that unfold during your hacking process to anyone other than the organisation and concerned authority.
5.Always keep records
Spending countless hours within the confines of a lowly-lit room with a computer and a piping pot of coffee doesn't mean you start to loose it with time. Always maintain formal records of what you do and what you test and what results you get. Notes can be either in paper or electronic, in all cases they must be well maintained.
6.Respect the privacy of others
You're bound to gain access to private information (encryption keys for instance) while on your quest, however, how you use this information is key to being a good ethical hacker and a good human being most importantly. Getting first hand information about others' private lives doesn't give you access to intrude. There's a thin line here that must not be crossed, with great power comes great responsibility, remember?
7.Respect others' rights
It's only human to be proud of your achievements. Once you get through a locked window, chances are you'd want to pry further. However, you must understand that your deeds must not cause harm to the rights of others. Also, use tools of the trade wisely. The same tool you use for an attack might in turn have long lasting implications, a denial of service for instance.
8.Use a scientific process
Follow a scientific/empirical approach while hacking. To begin with set a goal that is quantifiable, meaning you know when you've reached it rather than going around in circles. Your test must be consistent to your findings. If the same test brings out two different results when done twice in the same case scenarios, there's something terribly wrong about how you're going about it.
9.Pick one tool and stick with it
The internet is rife with countless good tools to carry out your process, both free and commercial tools are available. However, rather than being overwhelmed by the sheer quantity, it's ideal you pick up one tool and stick with it.
10.Provide timely progress updates
Many a times the time duration of your test might extend beyond the set interval (over a week for instance). In all such cases, you must provide your organisation with progress updates from time to time rather than waiting for the process to reach a completion.
Credit - http://comexpo-cyber-security.blogspot.com/2014/08/ten-important-rules-of-ethical-hacking.html