|
L in u X ba sics for h acke rs g e t t I n g s t a r t e d w I t hBog'liq linuxbasicsforhackersxxiii
Chapter 14 deals with wireless networks. You’ll learn basic networking
commands, then crack Wi-Fi access points and detect and connect to
Bluetooth signals.
Chapter 15 dives deeper into Linux itself with a high level view of how
the kernel works and how its drivers can be abused to deliver malicious
software. In Chapter 16 you’ll learn essential scheduling skills in order to
automate your hacking scripts. Chapter 17 will teach you core Python con-
cepts, and you’ll script two hacking tools: a scanner to spy on TCP/IP con-
nections, and a simple password cracker.
What Is Ethical Hacking?
With the growth of the information security field in recent years has come
dramatic growth in the field of ethical hacking, also known as white hat
(good guy) hacking. Ethical hacking is the practice of attempting to infil-
trate and exploit a system in order to find out its weaknesses and better
secure it. I segment the field of ethical hacking into two primary compo-
nents: penetration testing for a legitimate information security firm and
working for your nation’s military or intelligence agencies. Both are rapidly
growing areas, and demand is strong.
Penetration Testing
As organizations become increasingly security conscious and the cost of
security breaches rises exponentially, many large organizations are begin-
ning to contract out security services. One of these key security services is
penetration testing. A penetration test is essentially a legal, commissioned
hack to demonstrate the vulnerability of a firm’s network and systems.
Generally, organizations conduct a vulnerability assessment first to find
potential vulnerabilities in their network, operating systems, and services. I
emphasize potential, as this vulnerability scan includes a significant number
of false positives (things identified as vulnerabilities that really are not). It is
the role of the penetration tester to attempt to hack, or penetrate, these vul-
nerabilities. Only then can the organization know whether the vulnerability
is real and decide to invest time and money to close the vulnerability.
|
| |