Protecting Your System
Testing Your System
An Ethical Hacker is a computer systems expert who tries to penetrate a computer system, website, cloud site or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker, criminal or state based actor could use to gain access and information.
Ethical Hackers (EH) use many of the same tools and processes that a malicious hacker may employ to gain access to systems. There are also commercial tools that EH's use to speed up the process of finding vulnerabilities and then testing them to see if they provide access to a system.
The purpose of ethical hacking is to evaluate the security of a network or system's infrastructure. It entails finding and attempting to exploit any vulnerability to determine whether unauthorized access or other malicious activities are possible. Vulnerabilities tend to be found in poor or improper system configuration, known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures. A successful test doesn't necessarily mean a network or system is 100% secure, but it should be able to withstand automated attacks and unskilled hackers.
Any organization that has a network connected to the Internet or provides an online service should consider subjecting it to a penetration test. Various standards such as the Payment Card Industry Data Security Standard require companies to conduct penetration testing from both an internal and external perspective on an annual basis and after any significant change in the infrastructure or applications.
Ethical hacking is a proactive form of information security and is also known as penetration testing, intrusion testing and red teaming. An ethical hacker is sometimes called a legal or white hat hacker and its counterpart a black hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat. The term "ethical hacker" is frowned upon by some security professionals who see it has a contradiction in terms and prefer the name "penetration tester."
Once the EH has finished testing, they then produce a remediation step report which details how the organisation can apply patches or reconfigure systems to protect the underlying system.
They then work with the organisation to remediate their systems and secure the underlying infrastructure.