To catch a thief, you must think like a thief. That’s the basis for ethical hacking. Knowing you enemy is absolutely critical. The law of averages works against security. With the increased number of hackers and their expanding knowledge, and the growing number of system vulnerabilities and other unknowns, eventually all computer systems and applications will be hacked or compromised in some way. Protecting your systems from the bad guys — and not just the generic vulnerabilities that everyone knows about — is absolutely critical. When you know hacker tricks, you find out how vulnerable your systems really are.
Hacking preys on weak security practices and undisclosed vulnerabilities. More and more research, such as the annual Verizon Data Breach Investigations Report ( www.verizonenterprise.com/DBIR ), is showing that long-standing, known vulnerabilities are also being targeted. Firewalls, encryption, and passwords can create a false feeling of safety. These security systems often focus on high-level vulnerabilities, such as basic access control, without affecting how the bad guys work. Attacking your own systems to discover vulnerabilities — especially the low-hanging fruit that gets so many people into trouble — helps make them more secure. Ethical hacking is a proven method of greatly hardening your systems from attack. If you don’t identify weaknesses, it’s only a matter of time before the vulnerabilities are exploited.
As hackers expand their knowledge, so should you. You must think like them and work like them to protect your systems from them. As the ethical hacker, you must know the activities that hackers carry out and how to stop their efforts. Knowing what to look for and how to use that information helps you to thwart hackers’ efforts.