Читать книгу Hacking For Dummies - Kevin Beaver - Страница 33

Good security testing takes persistence. Time and patience are important. Also, be careful when you’re performing your tests. A criminal on your network or a seemingly benign employee looking over your shoulder may watch what’s going on and use this information against you or your business.

Making sure that no hackers are on your systems before you start isn’t practical. Just be sure to keep everything as quiet and private as possible, especially when you’re transmitting and storing test results. If possible, encrypt any emails and files that contain sensitive test information or share them via a cloud-based file sharing service.

You’re on a reconnaissance mission. Harness as much information as possible about your organization and systems — much as malicious hackers do. Start with a broad view and narrow your focus. Follow these steps:

1 Search the Internet for your organization’s name, its computer and network system names, and its IP addresses.Google is a great place to start.SAMPLE SECURITY TESTING TOOLSWhen selecting the right security tool for the task, ask around. Get advice from your colleagues and from other people via Google, LinkedIn, and YouTube. Hundreds, if not thousands, of tools are available for security tests. Following are some of my favorite commercial, freeware, and open-source security tools:Acunetix Web Vulnerability ScannerCain & AbelBurp SuiteCommView for WiFiElcomsoft System RecoveryLUCYManageEngine Firewall AnalyzerMetasploitNessusNetScanTools ProNetsparkerOmniPeekProactive Password AuditorProbelyQualysSoftPerfect Network ScannerI discuss these tools and many others in Parts 2 through 5 in connection with specific tests. The appendix contains a more comprehensive list of these tools for your reference.

2 Narrow your scope, targeting the specific systems you’re testing.Whether you’re assessing physical security structures or web applications, a casual assessment can turn up a lot of information about your systems.

3 Further narrow your focus by performing scans and other detailed tests to uncover vulnerabilities on your systems.

4 Perform the attacks and exploit any vulnerabilities you find (if that’s what you choose to do).

Check out Chapters 4 and 5 for information and tips on this process.