Reference no: EM132272767
Need to review given article and give response with 2 references.
Network security is becoming more and more crucial as the size of data being exchanged on the internet increases. Anyone uses the internet is expecting their confidentiality, integrity, and authentication protected and secured.
I think the most accurate method to evaluate an organization's information security stance is to be able to observe how it holds up against an attack.
The best way to ensure the system is protected or secured is to by conducting penetration testing. Penetration testing is the most effective way to find out if the system is vulnerable to any attack or not and allow to patch the found vulnerabilities.
Passive reconnaissance is a way that allow a person to gain information about the targeted computers and networks without actively engaging or touching the system. For instance, a hacker who does not have information about the targeted company, passively, he/she can be as simple watching the building to identify the time the employees come/leave the building.
Passive reconnaissance is usually done using the search engines (google, yahoo, etc) to gather information about the targeted company. Some of the passive information gathering methods could be social engineering and dumpster diving (Walker, 2017). Furthermore, hackers want to know IP addresses, OS platforms, applications, patch level, advertised network ports, users, and any information that lead to exploitation. Unfortunately, there is a thin line between black hat and white hat hacking when ethical hacker conducting exploitation. Therefore, to stay out of trouble, the ethical hacker should follow certain framework for performing audit of an organization.
According Kruger, Nickolay & Gaycken, 2013, the ethical hacker must: Talk to the client, and discuss the needs to be addressed during testing Prepare and sign non-disclosure agreement (NDA) documents with the client.
Prepare a schedule for testing conduct the test Analyze the results of the testing, and prepare a report Present the final report to the client Ethical hackers should know the penalties of an unauthorized access to a system.
Moreover, no penetration testing should begin until a signed document giving to him/her that express permission to perform hacking on a company's system is received from the company.
For instance, the 2002 Cyber-Security Enhancement Act, mandates life sentences for hacker who "recklessly" endangers the lives of others. According to Grave, 2010 stated, " Malicious hackers who create a life- threatening situation by attacking computer networks for transportation systems, power companies, or other public services can be prosecuted under the 2002 Cyber-Security Enhancement Act."
A person should be brave and true to himself about conducting something beneficial to society and to himself, " All scripture is God-breathed and is useful for teaching, rebuking, correcting and training in righteousness, so that the servant of god may be thoroughly equipped for every good work."
Timothy 3:16-17. The scriptures instruct people to provide a good work ethically.
References Walker, M. (2017). CEH Certified Ethical Hacker All-in-one Exam Guide.
Third Edition. New York, NY: McGraw-Hill. Kruger, J., Nickolay, B.; & Gaycken, S. (2013). The secure information society: Ethical, legal and political challenges (1. Aufl.ed). London: New York, Springer. DOI: 10.1007/978-1-4471-4763-3. Graves, K. (2010). CEH Certified Ethical Hacker Study Guide. Indianapolis, Indiana: Wiley Publishing, Inc.