2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	719/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 715 716 717 718 719 720 721 722 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Ethical Hacking

Protect Reports
Penetration testers will provide a report documenting their results, and this report should
be protected as sensitive information. The report will outline specific vulnerabilities and
how these vulnerabilities can be exploited. It will often include recommendations on how
to mitigate the vulnerabilities. If these results fall into the hands of attackers before the
organization implements the recommendations, attackers can use details in the report to
launch an attack.
It’s also important to realize that just because a penetration testing team makes a
recommendation, it doesn’t mean the organization will implement the recommenda-
tion. Management has the choice of implementing a recommendation to mitigate a risk
or accepting a risk if they decide the cost of the recommended control is not justified. In
other words, a one-year-old report may outline a specific vulnerability that hasn’t been
mitigated. This year-old report should be protected just as closely as a report completed
yesterday.
Ethical Hacking
Ethical hacking
is often used as another name for penetration testing. An
ethical hacker
is
someone who understands network security and methods to breach security but does not
use this knowledge for personal gain. Instead, an ethical hacker uses this knowledge to help
organizations understand their vulnerabilities and take action to prevent malicious attacks.
An ethical hacker will always stay within legal limits.
Chapter 14 mentions the technical difference between crackers, hackers, and attackers.
The original definition of a hacker is a technology enthusiast who does not have malicious
intent whereas a cracker or attacker is malicious. The original meaning of the term
hacker
has become blurred because it is often used synonymously with
attacker
. In other words,
most people view a hacker as an attacker, giving the impression that ethical hacking is a
contradiction in terms. However, the term
ethical hacking
uses the term
hacker
in its origi-
nal sense.
Ethical hackers will learn about and often use the same tools and techniques used by
attackers. However, they do not use them to attack systems. Instead, they use them to test
systems for vulnerabilities and only after an organization has granted them explicit permis-
sion to do so.

Logging, Monitoring, and Auditing
773
Logging, Monitoring, and Auditing
Logging, monitoring, and auditing procedures help an organization prevent incidents and
provide an effective response when they occur. The following sections cover logging and mon-
itoring, as well as various auditing methods used to assess the effectiveness of access controls.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 715 716 717 718 719 720 721 722 ... 881