Chapter 18. Managing Security Changes
In This Chapter
Watching for misbehavior
Keeping security on everyone's mind
Information security is an ongoing process that must be managed effectively to be successful. This goes beyond periodically applying patches and hardening systems. Performing your ethical hacking tests again and again is critical; information security threats and vulnerabilities constantly emerge. Combine this with the fact that ethical hacking tests are just a snapshot in time of your overall information security, so you have to perform your tests continually to keep up with the latest security issues. Ongoing vigilance is required for minimizing business risks related to your information systems.
Automating the Ethical Hacking Process
A large portion of the ethical hacking tests in this book can be run automatically if you have the right tools:
Ping sweeps and port scans showing which systems are available and what's running
Password-cracking tests for externally accessible Web applications, remote access servers, and so on
Vulnerability scans using a tool that checks for missing patches, misconfigurations, and exploitable holes
Exploitation of vulnerabilities (to an extent, at least)
You have to have the right tools to automate tests:
Some commercial tools can set up ongoing assessments and create nice reports for you without any hands-on intervention — just a little setup and scheduling time up front. This is why I like many of the commercial ...