|
Key concepts in this chapter are:
Conducting a threat and vulnerability analysis
Taking preventative measures
Detecting when an attack is in progress
Responding to an attack
Hacking is an odd sort of business where high crime can lead to notoriety and a secure, high paying job, at least for some in the long run. This is exemplified by the story of Kevin Mitnick. In January 2003, Kevin Mitnick—perhaps history’s most notorious hacker, who over an eight-year period reportedly broke into some of world’s largest and presumably most secure companies— was released from probation and allowed to reconnect to the Internet. Upon the news of his release, Kevin Mitnick was presented with a number of offers from companies who wanted to hire him as a corporate security consultant.
This story reflects the fact that corporations are hungry for anyone who can provide a hacker’s view of their security systems. Corporations value getting advice straight from the horse’s mouth on how to break these systems and, more importantly, they want to know how to harden their systems against attack. Who better than a reformed hacker to do the job?
While stopping short of hiring a legendary reformed hacker, this chapter identifies steps you can take to:
Analyze your application design to identify threats and vulnerabilities.
Prevent attacks by mitigating the threats you’ve identified.
Detect when an attack that thwarts your preventative measures is in progress.
Respond to an attack.
|