Chapter 18. Managing Security Changes

In This Chapter

  • Automating tasks

  • Watching for misbehavior

  • Outsourcing testing

  • Keeping security on everyone's mind

Information security is an ongoing process that must be managed effectively to be successful. This goes beyond periodically applying patches and hardening systems. Performing your ethical hacking tests again and again is critical; information security threats and vulnerabilities constantly emerge. Combine this with the fact that ethical hacking tests are just a snapshot in time of your overall information security, so you have to perform your tests continually to keep up with the latest security issues. Ongoing vigilance is required for minimizing business risks related to your information systems.

Automating the Ethical Hacking Process

A large portion of the ethical hacking tests in this book can be run automatically if you have the right tools:

  • Ping sweeps and port scans showing which systems are available and what's running

  • Password-cracking tests for externally accessible Web applications, remote access servers, and so on

  • Vulnerability scans using a tool that checks for missing patches, misconfigurations, and exploitable holes

  • Exploitation of vulnerabilities (to an extent, at least)

    Note

    You have to have the right tools to automate tests:

  • Some commercial tools can set up ongoing assessments and create nice reports for you without any hands-on intervention — just a little setup and scheduling time up front. This is why I like many of the commercial ...

Get Hacking For Dummies®, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.