The 1992 film “Sneakers” presented the idea of a Penetration Test (“pen test”) company, hired by banks to test their security by breaking in. While the popular conception of the word “hacking” is almost always negative – someone is hacking your laptop, hacking your email, hacking your web site – the idea of a pen test is paradoxically one of the best ways to prevent the damaging type of hacking. This technique, also called white hat hacking or ethical hacking, boils down to the idea of “hack yourself now so others can’t hack you later.”
The most common and effective attacks these days don’t occur because the firewall didn’t block a port on a server. These attacks leverage flaws in your applications, whether it’s a java vulnerability or a SQL injection, just to name some recent examples.
With white hat hacking, network engineers and security professionals alike can use security test tools to scan the network and attack different services to find security holes. This technique is extremely important for any organization, as it helps find potential problems so they can be fixed, and reduce the chance of being penetrated by an outside source. If a site is difficult to penetrate, it’s less likely to be hacked by a non-determined attacker.
How Often Should You Hack Yourself?
This is a tough question to answer. Paying for an external Penetration Test, where experienced security professionals break into your system, has a high security ROI, but is too costly for most organizations more than a couple of times each year. However, there are many tools which are available for frequent, even continuous, self-analysis.
What’s important to remember is HD Moore’s Law (based on a bad pun), which essentially says that even casual attackers have powerful tools which are constantly updated, so yesterday’s protections might not even keep the script kiddies out today. However, while your network holds some of your most sensitive data, only a few of your servers or services are critical to your business.
The question of “how often” is therefore closely related to the question, “how important is each of my systems?” Critical systems should be examined most frequently, with specific breach recovery plans. Is the website defaced? Restore from backup, or have a hot standby ready to take over. Did your customer password list get leaked? That’s a harder issue to recover from, and, if it’s likely, it might require more mitigation steps, like using an API for database calls rather than allowing direct database access. You should definitely keep your servers patched, even though that might be difficult in our current age of constant uptime, but load balancers help here by removing a server from the pool, patching it, then adding it back in while the other server(s) get patched.
What Tools Should You Use?
There are various tools on the market that can help you determine if there is a flaw to your security policy. One of the most powerful is Metasploit, which is often the first tool updated with exploits for the latest vulnerabilities. It’s available both in Open Source and in Commercial versions. There are also other tools and services available from a variety of sources, ranging from scanning software on your laptop, to cloud-based services for external-only scanning, up through on-site appliances which download daily tests and perform automatic internal checks.
What Else Should You Do to Protect Your Network?
It is also a good practice, outside of white hat hacking, to maintain an ongoing baseline of your network to understand its normal behavior. The information is very useful in determining whether questionable traffic is normal or an anomaly. Additionally, many of our customers like to use network recorders, which keep a running capture of the traffic on monitored segments. That way, even if a breach does occur, there’s a record of the traffic, so you can learn what went wrong, and how to prevent it in the future.
No matter how prepared you think your network is for attacks and no matter how well you prepare yourself, there is always a chance that a breach will happen. Therefore, it is important to not only monitor your network 24/7, but to also have a contingency plan in place. Check out our recommended steps for a security breach in this eWeek slideshow.
Keeping your network safe is a pronged approach, and white hat hacking is an essential practice to be used along with your regular security tools and the practice of understanding and tracking your overall network health.