PET2002
San Francisco

Home

Call for Papers

Computer Forensics Training Course Certified Computer Examiner

Next Workshop

Previous Workshop

Ethical Hacking Security Training Course

Certified Ethical Hacker

Most organizations concentrate on the external computer security threat and do not put as much emphasis on securing systems from internal threats. However, network security archive statistics show that a large amount of unauthorized activity comes from internal sources. For most organizations this means the internal network is where the company is most vulnerable, and you need the certified ethical hacker. Internal users have already bypassed many physical controls designed to protect computer resources. Therefore, the CEH certification company needs to take further steps to protect itself from the internal hacker threat. Internal penetration testing can help identify resources that are internally vulnerable and assist the system administrator in plugging these holes. While internal security protects the organization from unauthorized internal abuse, it also helps to make life difficult for a hacker who manages to penetrate the perimeter defenses. If the certified ethical hacker finds a rogue modem and exploits it, he or she may be limited to having access only to a workstation with a modem on it. However, if internal security is lax, the hacker may be able to run freely throughout the network.

This chapter provides an ethical hacking framework for penetration testing from within the physical location of the company, using an ethical hacker. This inside access can be obtained either by gaining physical access to the organization or by remotely exploiting a system from an external site. The general process that we use for internal testing is similar to that used for external testing. However, there are several variations in the methodology and many techniques that are specific to internal penetration testing. Once we are internal, we have bypassed most of the perimeter controls, such as firewalls, certified ethical hacker, and network-based intrusion detection systems (IDSs). We may then be able to access many services and resources that were not available to us from outside the firewall, such as NetBIOS, rservices, telnet, FTP, and others.

Source : Hack I.T, Security Through Penetration testing.