It would
not be useful to prove that attackers could get through the security barriers with Tool A if
attackers do not use Tool A. The ethical hacker has to know what the bad guys are using,
know the new exploits that are out in the underground, and continually keep her skills
and knowledgebase up to date. This is because the odds are against the company and
against the security professional. The reason is that the security professional has to identify
and address all of the vulnerabilities in an environment. The attacker only has to be
really good at one or two exploits, or really lucky. A comparison can be made to the U.S.
Homeland Security responsibilities. The CIA and FBI are responsible for protecting the
nation from the 10 million things terrorists could possibly think up and carry out. The
terrorist only has to be successful at one of these 10 million things.
NOTE Many ethical hackers engage in the hacker community so they can
learn about the new tools and attacks that are about to be used on victims.
How Are These Tools Used for Good Instead of Evil?
How would a company??™s networking staff ensure that all of the employees are creating
complex passwords that meet the company??™s password policy? They can set operating system
configurations to make sure the passwords are of a certain length, contain upper- and
lowercase letters, contain numeric values, and keep a password history.
Pages:
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73