Skip to main content
x

5 Elements of Ethical Hacking

blog

Discover Your Vulnerabilities.  Uncovering and addressing vulnerabilities in your systems before they are exploited is the only way to mitigate the risk they pose to your organization.

It’s imperative to know if your security can hold up to real-world scenarios and one of the best ways to discovery this is through Penetration Testing also referred to as Ethical Hacking.

External Network Penetration Testing mimics attacks from outside the network.  Reconnaissance analyzes hardware, software and all available public information including data from social profiles of known users that may indicate potential passwords.

Internal Network Penetration Testing focuses on the organization’s security protocols, testing several network access points.

These processes identify the weaknesses and vulnerabilities of your organization’s computer and information systems by duplicating the intent and actions of malicious hackers.

The process can be broken down into 5 elements:

Reconnaissance

This is the pre-engagement period.  The “Pen-Test” professional will use this time to gather information on the target as well as to iron out the details of the assignment.   Parameters will be set, and written permission needs to be gathered by the “Target” and any third parties that own or operate the target systems.   Once the details are in place the team will work to discover any public details that may serve to aid penetration including learning more about users via their social networks.

Scanning & Enumeration

During this phase the “Pen-Test” team will apply tools and techniques based on the reconnaissance to discover further information on the target focusing on their systems.

Gaining Access

Ethical attacks begin against the target systems.   The goal here is to take control of a device and either extract data or use the device in unauthorized ways.

Maintaining Access

Hackers ensure they can return to the compromised systems.  This element requires the hacker to be able to persistently gain entry and act within the target environment.

Covering Their Tracks

The “Pen-test” team must then conceal their success.  Any evidence of their access but be removed or concealed and they must avoid detection from the host network’s administrators.  

Once testing is complete the team will provide the target with a full report detailing the vulnerabilities discovered as well as detailed steps to address the given issues.

Operational Technology systems can also benefit from penetration tests as they are also at risk.  Attacks can damage infrastructure, products and seize production.  Adequate results of these types of tests may also be required to meet compliance regulations such as PCI DSS.

For more information contact info@saisystems.com 203-929-0790.