Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

The Role of Security Penetration Testers

A hacker accesses a computer or network without the authorization of the system's owner. By doing so, a hacker is breaking the law and can go to prison. Those who break into systems to steal or destroy data are often referred to as crackers; hackers might simply want to prove how vulnerable a system is by accessing the computer or network without destroying any data. For the purpose of this book, no distinction is made between the terms "hackers" and "crackers." The U.S. Department of justice labels all illegal access to computer or network systems as "hacking," and that usage is followed in this book.

An ethical hacker is a person who performs most of the same activities a hacker does but with the owner or company's permission. This distinction is important and can mean the difference between being charged with a crime or not being charged. Ethical hackers are usually contracted to perform penetration tests or security tests. Companies realize that intruders might attempt to access their network resources and are willing to pay for someone to discover these vulnerabilities first. Companies would rather pay a "good hacker" to discover problems in their current network configuration than have a "bad hacker" discover these vulnerabilities. bad hackers spend many hours scanning systems over the Internet, looking for openings or vulnerable systems.

Some hackers are skillful computer experts, but others are younger, inexperienced people who experienced hackers refer to as script kiddies or packet monkeys. These derogatory terms refer to people who copy code from knowledgeable programmers instead of creating the code themselves. Many experienced penetration testers can write computer programs or scripts in Perl (Practical Extraction and Report Language, although it's always referred to as "Perl") or the C language to carry out network attacks. (A script is a set of instructions that run in sequence to perform tasks on a computer system.)

An Internet search on IT job recruiter sites for "penetration tester" produces hundreds of job announcements, many from Fortune 500 companies looking for experienced applicants. A typical ad might include the following requirements:

[] Perform vulnerability, attack, and penetration assessments in Internet, intranet, and wireless environments.
[] Perform discovery and scanning for open ports and services.
[] Apply appropriate exploits to gain access and expand access as necessary.
[] Participate in activities involving application penetration testing and application source code review.
[] Interact with the client as required throughout the engagement.
[] Produce reports documenting discoveries during the engagement.
[] Debrief with the client at the conclusion of each engagement.
[] participate in research and provide recommendations for continuous improvement.
[] participate in Knowledge sharing.

Penetration testers and security testers usually have a laptop computer configured with multiple OSs and hacking tools. The online resources accompanying this book contains the Linux OS and many tools needed to conduct actual network attacks. This collection of tools for conducting vulnerability assessments and attacks is sometimes referred to as a "tiger box." You can order tiger boxes on the Internet, but if you want to gain more experience, you can install multiple OSs and security tools on your own system. Learning how to install an OS isn't covered in this book, but you can find books on this topic easily. The procedure for installing security tools varies, depending on the OS.

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268