What is hacking
Hacking is
unauthorized use of computer and network resources. (The term
"hacker" originally meant a very gifted programmer. In recent years
though, with easier access to multiple systems, it now has negative
implications.)
Hacking is a felony in the United States and
most other countries. When it is done by request and under a contract between
an ethical hacker and an organization, it's OK. The key difference is that the
ethical hacker has authorization to probe the target.
We work with IBM Consulting and its customers
to design and execute thorough evaluations of their computer and network
security. Depending on the evaluation they request (ranging from Web server
probes to all-out attacks), we gather as much information as we can about the
target from publicly available sources. As we learn more about the target, its
subsidiaries and network connectivity, we begin to probe for weaknesses.
Examples of weaknesses include poor
configuration of Web servers, old or unpatched software, disabled security
controls, and poorly chosen or default passwords. As we find and exploit
vulnerabilities, we document if and how we gained access, as well as if anyone
at the organization noticed. (In nearly all the cases, the Information Syhstems
department is not informed of these planned attacks.) Then we work with the
customer to address the issues we've discovered.
The number of really gifted hackers in the
world is very small, but there are lots of wannabes.... When we do an ethical
hack, we could be holding the keys to that company once we gain access. It's
too great a risk for our customers to be put in a compromising position. With
access to so many systems and so much information, the temptation for a former
hacker could be too great -- like a kid in an unattended candy store.
No comments:
Post a Comment