Understanding the Need to hack your own systems

Understanding the Need to
Hack Your Own Systems
To catch a thief, think like a thief. That’s the basis for ethical hacking.
The law of averages works against security. With the increased numbers and
expanding knowledge of hackers combined with the growing number of system
vulnerabilities and other unknowns, the time will come when all computer
systems are hacked or compromised in some way. Protecting your systems
from the bad guys — and not just the generic vulnerabilities that everyone
knows about — is absolutely critical. When you know hacker tricks, you can
see how vulnerable your systems are.
Hacking preys on weak security practices and undisclosed vulnerabilities.
Firewalls, encryption, and virtual private networks (VPNs) can create a false
feeling of safety. These security systems often focus on high-level vulnerabilities,
such as viruses and traffic through a firewall, without affecting how hackers
work. Attacking your own systems to discover vulnerabilities is a step to
making them more secure. This is the only proven method of greatly hardening
your systems from attack. If you don’t identify weaknesses, it’s a matter of
time before the vulnerabilities are exploited.
As hackers expand their knowledge, so should you. You must think like them
to protect your systems from them. You, as the ethical hacker, must know
activities hackers carry out and how to stop their efforts. You should know
what to look for and how to use that information to thwart hackers’ efforts.
You don’t have to protect your systems from everything. You can’t. The only
protection against everything is to unplug your computer systems and lock
them away so no one can touch them — not even you. That’s not the best
approach to information security. What’s important is to protect your systems
from known vulnerabilities and common hacker attacks.
It’s impossible to buttress all possible vulnerabilities on all your systems. You
can’t plan for all possible attacks — especially the ones that are currently
unknown. However, the more combinations you try — the more you test whole
systems instead of individual units — the better your chances of discovering
vulnerabilities that affect everything as a whole.
Don’t take ethical hacking too far, though. It makes little sense to harden your
systems from unlikely attacks. For instance, if you don’t have a lot of foot traffic
Chapter 1: Introduction to Ethical Hacking 11
in your office and no internal Web server running, you may not have as much
to worry about as an Internet hosting provider would have. However, don’t
forget about insider threats from malicious employees!
Your overall goals as an ethical hacker should be as follows:
Hack your systems in a nondestructive fashion.
Enumerate vulnerabilities and, if necessary, prove to upper management
that vulnerabilities exist.
Apply results to remove vulnerabilities and better secure your systems.