Chapter 18. Managing Security Changes
In This Chapter
Automating tasks
Watching for misbehavior
Outsourcing testing
Keeping security on everyone's mind
Information security is an ongoing process that you must manage effectively to be successful. This goes beyond periodically applying patches and hardening systems. Performing your ethical hacking tests repeatedly is critical; information security threats and vulnerabilities emerge constantly. Additionally, ethical hacking tests are just a snapshot of your overall information security, so you have to perform your tests continually to keep up with the latest security issues. Ongoing vigilance is not only required for compliance with various laws and regulations but also for minimizing business risks related to your information systems.
Automating the Ethical Hacking Process
You can run a large portion of the ethical hacking tests in this book automatically if you have the right tools:
Ping sweeps and port scans to show what systems are available and what's running
Password-cracking tests to attempt access to external Web applications, remote access servers, and so on
Vulnerability scans to check for missing patches, misconfigurations, and exploitable holes
Exploitation of vulnerabilities (to an extent, at least)
Note
You must have the right tools to automate tests:
Some commercial tools can set up ongoing assessments and create nice reports for you without any hands-on intervention — just a little setup and scheduling time up front. This is why ...
Get Hacking For Dummies® 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
