CIO Symmetry

A SearchCIO Small Business blog

» VIEW ALL POSTS Aug 4 2011   11:17PM GMT

Intrusion testing means thinking like a hacker



Posted by: Wendy Schuchart
Tags:
CIO
Hacking
security risk

Back in the ’90s and early 2000s, I had two acquaintances who called themselves “hackers.” Being a burgeoning geek girl myself, I kind of figured that they were affecting the moniker to be cool. Back then, the image of a hacker was different, more like the Robin Hoods of the Internet age. It was before we really knew how destructive those forces could be regarding the loss of identity information and the carnage inflicted across the globe by nefarious groups bent on destruction or collapsing infrastructures. Think only back to the Sony security breach or the nightmare with Epsilon data loss, and you know that the popular opinion is that hackers seem less like Robin Hood and more like Freddy Krueger.

Flash forward to today: One of those hackers has his own security firm and consults with companies on vulnerability testing and intrusion testing, highlighting their weaknesses and blind spots and helping them do network security audits.

In this capacity, for instance, he foiled a large corporate system by tricking one of the company’s own employees into holding a door open for him. Then he set up shop in an unused conference room, logged into the network and spent two days downloading gigabytes of proprietary and confidential data. No one ever even questioned him about what he was doing there.

When thinking about security and intrusion testing, you have to think like a bad guy. Law enforcement does it all the time, hiring criminal informants and infiltrating crime syndicates by going undercover (at least, this is what my years of watching Dexter and The Wire tell me). Speaking of crime shows, not all hackers are that altruistic. That other guy with whom I was acquainted? He’s currently incarcerated for terrorist-like activities.

Have you engaged in third-party vulnerability testing of your network defenses? What was the outcome? Is intrusion testing worthwhile? How frequently do you perform a network security audit? The comments are eager to hear about how you defend your company against the dark arts.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: