need to Build Foundation for Ethical Hacking

Your mission — should you choose to accept it — is

to find the holes in your network before the bad guys

do. This mission will be fun, educational, and most likely

entertaining. It will certainly be an eye-opening experience.

The cool part is that you can emerge as the hero,

knowing that your company will be better protected

against malicious hacker and insider attacks and less

likely to have its name smeared across the headlines.

If you’re new to ethical hacking, this is the place to begin.

The chapters in this part get you started with information

on what to do and how to do it when you’re hacking your

own systems. Oh, and also, you find out what not to do as

well. This information will guide you through building the

foundation for your ethical hacking program to make sure

you go down the right path and don’t veer off and end up

going down a one-way dead-end street. This mission is

indeed possible — you’ve just got to get your ducks in

a row.

Little more than a decade ago, IT security was barely a newborn in

diapers. With only a handful of security professionals in 1994, few practiced

security and even fewer truly understood it. Security technologies

amounted to little more than anti-virus software and packet filtering routers

at that time. And the concept of a “hacker” came primarily from the

Hollywood movie WarGames; or more often it referred to someone with a low

golf score. As a result, just like Rodney Dangerfield, it got “no respect,” and

no one took it seriously. IT professionals saw it largely as a nuisance, to be

ignored — that is until they were impacted by it.

Today, the number of Certified Information Systems Security Professionals

(CISSP) has topped 41,000 (www.isc2.org) worldwide, and there are more

security companies dotting the landscape than anyone could possibly

remember. Today security technologies encompass everything from authentication

and authorization to firewalls and VPNs. There are so many ways to

address the security problem that it can cause more than a slight migraine

simply considering the alternatives. And the term hacker has become a permanent

part of our everyday vernacular — as defined in nearly daily headlines.

The world (and its criminals) has changed dramatically.

So what does all this mean for you, the home/end-user or IT/security professional

that is thrust into this dangerous online world every time you hit the

power button on your computer? The answer is everything. The digital landscape

is peppered with land mines that can go off with the slightest touch

or, better yet, without any provocation whatsoever. Consider some simple

scenarios:

Simply plugging into the Internet without a properly configured

firewall can get you hacked before the pizza is delivered,

within 30 minutes or less.

Opening an e-mail attachment from a family member, friend,

or work colleague can install a back door on your system,

allowing a hacker free access to your computer.

Downloading and executing a file via your Internet Messaging

(IM) program can turn your pristine desktop into a Centers

for Disease Control (CDC) hotzone, complete with the latest

alphabet soup virus.

Browsing to an innocent (and trusted) Web site can completely

compromise your computer, allowing a hacker to read

your sensitive files or, worse, delete them