The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization's secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained, along with many of the problems that the Global Security Analysis Lab has seen during its early years of ethical hacking for IBM clients.
[1]
Dan Farmer,et al.
Improving the Security of Your Site by Breaking Into it
,
2000
.
[2]
Simson L. Garfinkel,et al.
Practical UNIX Security
,
1991
.
[3]
Gerald J. Popek,et al.
Preliminary Notes on the Design of Secure Military Computer Systems.
,
1973
.
[4]
Alan Boulanger.
Catapults and Grappling Hooks: The Tools and Techniques of Information Warfare
,
1998,
IBM Syst. J..
[5]
P. A. Karger,et al.
Multics security evaluation: vulnerability analysis
,
2002,
18th Annual Computer Security Applications Conference, 2002. Proceedings..
[6]
Eric S. Raymond,et al.
The New Hacker's Dictionary
,
1991
.
[7]
Steve R. White,et al.
Fighting Computer Viruses
,
1997
.
[8]
Simson Garfinkel,et al.
Database Nation
,
2000
.