Sunday, January 6, 2013

Ethical Hacking

Hacking can be defined as unauthorised access to computer systems. The 1990 Computer Misuse Act made hacking an illegal activity.

Ethical hacking is the legitimate investigation of system security flaws using tools and techniques known to be employed by hostile attackers. It is also known as penetration testing.

The main purpose of ethical hacking is to discover the risks which you may be exposed to. The main drawbacks are that
  • It is at a single point in time.
  • The hackers resources are constrained by time and money which may not be the case with an actual hacker.
  • The ethical hacker may not have the requisite expertise.
You also have to consider the trustworthiness of the hacker.

As result ethical hacking should not be seen as a panacea. It should be complemented by other IT controls aimed at preventing or detecting unauthorised remote access including patch control management, strong access controls and monitoring use of systems.