Ethical hacking is the process of testing the network infrastructure by employing ethical hackers to perform penetration tests. Ethical hackers perform the same activities as malicious hackers, but they do so with the approval of the organization and without causing damage. The goal is to test the network in much the same fashion as a malicious hacker would. Because of the global nature of the Internet and the increased emphasis on networking, these types of activates have gained increased prominence in the last several years.
Penetration testing is the process of evaluating the organization's security measures. These tests can be performed in a number of ways, including internal testing, external testing, whitebox testing (you know the infrastructure), and blackbox testing (you don't know the infrastructure). After the test methodology is determined, the penetration test team is responsible for determining the weaknesses, technical flaws, and vulnerabilities. When these tests are complete, the results are delivered in a comprehensive report to management.
Several good documents detail the ways in which to conduct penetration testing. One is NIST-800-42, which even includes recommendations for tools intended for self-evaluation. NIST divides penetration testing into four primary stages:
The CISSP Cram Sheet
A Note from Series Editor Ed Tittel
About the Author
We Want to Hear from You!
The CISSP Certification Exam
Access-Control Systems and Methodology
System Architecture and Models
Telecommunications and Network Security
Applications and Systems-Development Security
Business Continuity Planning
Law, Investigations, and Ethics
Practice Exam 1
Answers to Practice Exam 1
Practice Exam 2
Answers to Practice Exam 2