Read Online Hacking Wireless Networks for Dummies by Peter T. Kevin.; Davis Beaver - Free Book Online Page B
Authors: Peter T. Kevin.; Davis Beaver
Tags: Team DDU
Ads: Link
working professionally and with good conscience. You must do nothing that is not in the approved plan or that has been authorized after the approval of the plan.
As an ethical hacker, you are bound to confidentiality and non-disclosure of information you uncover, and that includes the security-testing results. You cannot divulge anything to individuals who do not “need-to-know.” What you learn during your work is extremely sensitive — you must not openly share it.
Everything you do as an ethical hacker must be aboveboard, and must support the goals of the organization. You should notify the organization whenever you change the testing plan, change the source test venue, or detect high-risk conditions — and before you run any new high-risk or high-traffic tests, as well as when any testing problems occur.
You must also ensure you are compliant with your organization’s governance and local laws. Do not perform an ethical hack when your policy expressly forbids it — or when the law does.
Thou shalt keep records
Major attributes of an ethical hacker are patience and thoroughness. Doing this work requires hours bent over a keyboard in a darkened room. You may have to do some off-hours work to achieve your goals, but you don’t have to 07_597302_ch02.qxd 8/4/05 7:26 PM Page 23
Chapter 2: The Wireless Hacking Process
23
wear hacker gear and drink Red Bull. What you do have to do is keep plugging away until you reach your goal.
In the previous commandment we talked about acting professionally. One hallmark of professionalism is keeping adequate records to support your findings. When keeping paper or electronic notes, do the following: ߜ Log all work performed.
ߜ Record all information directly into your log.
ߜ Keep a duplicate of your log.
ߜ Document — and date — every test.
ߜ Keep factual records and record all work, even when you think you were not successful.
This record of your test design, outcome, and analysis is an important aspect of your work. Your records will allow you to compile the information needed for a written or oral report. You should take care in compiling your records.
Be diligent in your work and your documentation.
Thou shalt respect the privacy of others
Treat the information you gather with the utmost respect. You must protect the secrecy of confidential or personal information. All information you obtain during your testing — for example, encryption keys or clear text passwords —
must be kept private. Don’t abuse your authority; use it responsibly. This means you won’t (for example) snoop into confidential corporate records or private lives. Treat the information with the same care you would give to your own personal information.
Thou shalt do no harm
The prime directive for ethical hacking is, “Do no harm.” Remember that the actions you take may have unplanned repercussions. It’s easy to get caught up in the gratifying work of ethical hacking. You try something, and it works, so you keep going. Unfortunately, by doing this you may easily cause an outage of some sort, or trample on someone else’s rights. Resist the urge to go too far — and stick to your original plan.
Also, you must understand the nature of your tools. Far too often, people jump in and start using the tools shown in this book without truly understanding the full implications of the tool. They do not understand that setting up a monkey-in-the-middle attack, for example, creates a denial of service. Relax, take a deep breath, set your goals, plan your work, select your tools, and (oh yeah) read the documentation.
07_597302_ch02.qxd 8/4/05 7:26 PM Page 24
24 Part I: Building the Foundation for Testing Wireless Networks Many of the tools we discuss here allow you to control the depth and breadth of the tests you perform. Remember this point when you want to run your tests on the wireless access point where your boss connects!
Thou shalt use a “scientific” process
By this
As an ethical hacker, you are bound to confidentiality and non-disclosure of information you uncover, and that includes the security-testing results. You cannot divulge anything to individuals who do not “need-to-know.” What you learn during your work is extremely sensitive — you must not openly share it.
Everything you do as an ethical hacker must be aboveboard, and must support the goals of the organization. You should notify the organization whenever you change the testing plan, change the source test venue, or detect high-risk conditions — and before you run any new high-risk or high-traffic tests, as well as when any testing problems occur.
You must also ensure you are compliant with your organization’s governance and local laws. Do not perform an ethical hack when your policy expressly forbids it — or when the law does.
Thou shalt keep records
Major attributes of an ethical hacker are patience and thoroughness. Doing this work requires hours bent over a keyboard in a darkened room. You may have to do some off-hours work to achieve your goals, but you don’t have to 07_597302_ch02.qxd 8/4/05 7:26 PM Page 23
Chapter 2: The Wireless Hacking Process
23
wear hacker gear and drink Red Bull. What you do have to do is keep plugging away until you reach your goal.
In the previous commandment we talked about acting professionally. One hallmark of professionalism is keeping adequate records to support your findings. When keeping paper or electronic notes, do the following: ߜ Log all work performed.
ߜ Record all information directly into your log.
ߜ Keep a duplicate of your log.
ߜ Document — and date — every test.
ߜ Keep factual records and record all work, even when you think you were not successful.
This record of your test design, outcome, and analysis is an important aspect of your work. Your records will allow you to compile the information needed for a written or oral report. You should take care in compiling your records.
Be diligent in your work and your documentation.
Thou shalt respect the privacy of others
Treat the information you gather with the utmost respect. You must protect the secrecy of confidential or personal information. All information you obtain during your testing — for example, encryption keys or clear text passwords —
must be kept private. Don’t abuse your authority; use it responsibly. This means you won’t (for example) snoop into confidential corporate records or private lives. Treat the information with the same care you would give to your own personal information.
Thou shalt do no harm
The prime directive for ethical hacking is, “Do no harm.” Remember that the actions you take may have unplanned repercussions. It’s easy to get caught up in the gratifying work of ethical hacking. You try something, and it works, so you keep going. Unfortunately, by doing this you may easily cause an outage of some sort, or trample on someone else’s rights. Resist the urge to go too far — and stick to your original plan.
Also, you must understand the nature of your tools. Far too often, people jump in and start using the tools shown in this book without truly understanding the full implications of the tool. They do not understand that setting up a monkey-in-the-middle attack, for example, creates a denial of service. Relax, take a deep breath, set your goals, plan your work, select your tools, and (oh yeah) read the documentation.
07_597302_ch02.qxd 8/4/05 7:26 PM Page 24
24 Part I: Building the Foundation for Testing Wireless Networks Many of the tools we discuss here allow you to control the depth and breadth of the tests you perform. Remember this point when you want to run your tests on the wireless access point where your boss connects!
Thou shalt use a “scientific” process
By this
Similar Books
