Like practically any IT or security project, you need to plan your security testing. It’s been said that action without planning is at the root of every failure. Strategic and tactical issues in the ethical hacking process need to be determined and agreed upon. To ensure the success of your efforts, spend time up front … Read more
t’s one thing to know generally that your systems are under fire from hackers around the world and malicious users around the office; it’s another to understand the specific attacks against your systems that are possible. This section discusses some well-known attacks but is by no means a comprehensive listing. Many security vulnerabilities aren’t critical … Read more
To catch a thief, you must think like a thief. That’s the basis for ethical hacking. Knowing you enemy is absolutely critical. The law of averages works against security. With the increased number of hackers and their expanding knowledge, and the growing number of system vulnerabilities and other unknowns, eventually all computer systems and applications … Read more
You need protection from hacker shenanigans; you have to become as savvy as the guys trying to attack your systems. A true security assessment professional possesses the skills, mindset, and tools of a hacker but is also trustworthy. He or she performs the hacks as security tests against systems based on how hackers might work. … Read more
Malicious user — meaning a rogue employee, contractor, intern, or other user who abuses his or her trusted privileges — is a common term in security circles and in headlines about information breaches. The issue isn’t necessarily users “hacking” internal systems, but rather users who abuse the computer access privileges they’ve been given. Users ferret … Read more
Although you can’t know about and detect all vulnerabilities in advance of deployment, you certainly can be proactive in mitigating the potential of a SCADA security breach by taking the following defense-in-depth methods into consideration: • Develop a security policy. • Implement ACLs (access control lists). • Use MAC address filtering. • Use VLAN segmentation. … Read more
SCADA stands for supervisory control and data acquisition. SCADA networks control and monitor the critical utility and process control infrastructures for manufacturing, production, and power generation for utility companies, including electricity, natural gas, oil, water, sewage, and railroads. The development of SCADA can be traced back to the beginning of the 19 th century through … Read more
To protect against VoIP attacks, you should follow the same conventional methods and security best practices that you use for any other software segment. Test your system thoroughly via penetration testing and implement a strategy of defense in depth that encompasses the entire system. Defense in depth is achieved by • Making it harder for … Read more
It would be fair to say that in most industries reverse engineering for the purpose of developing competing products is the most well-known application of reverse engineering. The interesting thing is that it really isn’t as popular in the software industry as one would expect. There are several reasons for this, but it is primarily … Read more
Hacking into a system and environment is almost always carried out by exploiting vulnerabilities in software. Only recently has the light started to shine on the root of the problem of successful attacks and exploits, which is flaws within software code. Most attack methods described in this book can be carried out because of errors … Read more