In This Chapter
Watching for misbehavior
Keeping security on everyone's mind
Information security is an ongoing process that you must manage effectively to be successful. This goes beyond periodically applying patches and hardening systems. Performing your ethical hacking tests repeatedly is critical; information security threats and vulnerabilities emerge constantly. Additionally, ethical hacking tests are just a snapshot of your overall information security, so you have to perform your tests continually to keep up with the latest security issues. Ongoing vigilance is not only required for compliance with various laws and regulations but also for minimizing business risks related to your information systems.
You can run a large portion of the ethical hacking tests in this book automatically if you have the right tools:
Ping sweeps and port scans to show what systems are available and what's running
Password-cracking tests to attempt access to external Web applications, remote access servers, and so on
Vulnerability scans to check for missing patches, misconfigurations, and exploitable holes
Exploitation of vulnerabilities (to an extent, at least)
You must have the right tools to automate tests:
Some commercial tools can set up ongoing assessments and create nice reports for you without any hands-on intervention — just a little setup and scheduling time up front. This is why ...