Overseas Security Advisory Council: " How Hackers Break In To Enterprise Networks--A Step-By-Step Demo
from Internet Week on Tuesday, September 09, 2003
Ryan Breed is a hacker. He's honed his skills since his undergraduate days at the University of Rochester, where a cryptography course piqued his interest in network security. Breed, 28, enjoys the analysis of computer systems and 'decomposing systems and figuring out how they work.'
As a security consultant for Unisys, hacker Breed tests his mettle against company security systems, pointing out weak spots. He's gearing up to do his thing. But this evening's hack is sanctioned, commissioned, and paid for by the targeted company. Breed is an ethical hacker, a security consultant for Unisys, and tonight he's conducting a penetration test on an international business-consulting firm with 10 servers and more than 150 desktops. The name of the company and information that would disclose its identity have been withheld at the company's request. "
This article will give you a taste of how companies like Unisys use ethical hacking exercises to put the fear into a client that they are vulnerable. It shouts of "Hire us Now Before its Too Late". What is important here is to realize that any large enterprise is in a dynamic environment full of moves, adds and changes. It requires a daily proactive program of internal risk management exercises to be effective against the sales tactics of vendors threat exercises like this one.