Ethical hacking is the process of testing the network infrastructure by employing ethical hackers to perform penetration tests. Ethical hackers perform the same activities as malicious hackers, but they do so with the approval of the organization and without causing damage. The goal is to test the network in much the same fashion as a malicious hacker would. Because of the global nature of the Internet and the increased emphasis on networking, these types of activates have gained increased prominence in the last several years.
Penetration testing is the process of evaluating the organization's security measures. These tests can be performed in a number of ways, including internal testing, external testing, whitebox testing (you know the infrastructure), and blackbox testing (you don't know the infrastructure). After the test methodology is determined, the penetration test team is responsible for determining the weaknesses, technical flaws, and vulnerabilities. When these tests are complete, the results are delivered in a comprehensive report to management.
Several good documents detail the ways in which to conduct penetration testing. One is NIST-800-42, which even includes recommendations for tools intended for self-evaluation. NIST divides penetration testing into four primary stages:
- Planning As the old saying goes, success is 90% preparation and 10% perspiration. What's the point? Good planning is the key to success. Know where you are going, what your goals are, what the time frame is, and what the limits and boundaries are.
- Discovery This stage consists of two distinct phases:
- Passive During this stage, information is gathered in a very covert manner. Examples of passive information gathering include surfing the organization's website to mine valuable information, and reviewing job openings to gain a better understanding of the technologies and equipment used by the organization.
- Active This phase of the test is split between network scanning and host scanning. As individual networks are enumerated, they are further probed to discover all hosts, determine their open ports, and attempt to pinpoint their OS. Nmap is a popular scanning program.
- Attack At this point, the ethical hacker attempts to gain access, escalate privilege, browse the system, and, finally, expand influence.
- Reporting This is the final step listed, but it is not least in importance. Reporting and documentation should be conducted throughout each step of the process. This documentation should be used to compile the final report. The report should serve as the basis for corrective action. Corrective action can range from nothing more than enforcing existing policies to closing unneeded ports and adding patches and service packs.