Reference: Ethical Hacking and Penetration with Kali Linux
What are the responsibilities of an Ethical Hacker?
As an Ethical hacker you have a clear responsibly about how you use your knowledge and techniques. It is also very important to understand what the expectations from an Ethical hacker are and what you should consider when assessing the security of a customer’s organization.
Below are a couple of important things you must consider as an Ethical hacker:
- Must use your knowledge and tools only for legal purposes
- Only hack to identify security issues with the goal of defence
- Always seek management approval before starting any test
- Create a test plan with the exact parameters and goals of test and get the management approval for that plan
- Don’t forget, your job is to help strengthen network and nothing else!
What are the customer’s expectations?
It is very important to understand the customer’s expectation before starting any work. As the nature of this work (Ethical hacking) is high risk and requires a lot of attentions; if you don’t have a clear understanding of their requirements and expectations, the end result might not be what they want and your time and effort will be wasted. This could also have some legal implications as well if you don’t follow the rules and address customer’s expectation.
Below are some important things you should note:
- You should work with customer to define goals and expectations
- Don’t surprise or embarrass them by the issues that you might find
- Keep the results and information confidential all the time
- Company usually owns the resultant data not you
- Customers expect full disclosure on problems and fixes
What are the required skills of the hacker?
To be an Ethical hacker you should have extensive knowledge about a range of devices and systems. Ideally you should have multiple years of experience in IT industry and be familiar with different hardware, software and networking technologies.
Some of the important skills required to be an Ethical hacker are as below:
- Should already be a security expert in other areas (perimeter security, etc.)
- Should already have experience as network or systems administrator
- Experience on wide variety of Operating Systems such as Windows, Linux, Unix, etc.
- Extensive knowledge of TCP/IP - Ports, Protocols, Layers
- Common knowledge about security and vulnerabilities and how to correct them
- Must be familiar with hacking tools and techniques (We will cover this in this book)
Relevant laws that you need to know
We won’t be talking about these laws in this book but it is always a good idea if you look for these laws online and understand their requirements and basics. Each country might have their own specific law which can be different than others. There are some important laws in US which are:
- Title 18 USC 1029
- Fraud and related activity in connection with access devices
- Title 18 USC 1030
- Fraud and related activity in connection with computers
- Title 18 USC 3121-27
- General prohibition on pen register and trap and trace device use; exception
- Title 18 2510-22
- Wire and electronic communications interception and interception of oral communications
- Other statutes
http://www.law.cornell.edu/uscode/text
No comments:
Post a Comment