As I have mentioned in a couple of my previous 100 Days of Cybersecurity posts, Beau (Beauregard, aka Bo) is our current foster dog. He’s just finding his sealegs, but his talents are starting to emerge. One of his burgeoning skills is penetration (pen) testing, in particular, physical security.
On Day 5, I introduced the idea of white hat hackers who are also known as ethical hackers or penetration testers. These are the people who test systems and networks to determine where they are weak and how they need to be hardened (better secured). In this task, they are doing the same tasks that black hat hackers do, but in a very different manner. To begin with, pentesters only perform these tests at the written request of the system owner. Pentesters do not initiate hacking on their own. Secondly, a penetration test is planned out in advance, much like many unethical hacking attacks. The system owner and the pentester determine what parts of the system will be tested and the methods that will be used to test them. The pentester will not test areas outside the predetermined boundaries and will not use methods that were not previously agreed upon. This is known as the scope of the test. As the testing is taking place, the pentester is meticulously taking notes on the results of the testing. These results are compiled into a report that is presented to the system owner. The findings are often sorted into categories like informational, warnings, and needing immediate attention. This helps the system owner prioritize which issues to address first and which can wait until later.
Beau tends to be very good at physical penetration testing. He is able to find the smallest possible hole in our fence and chew and wriggle his way through it. These holes do not look big enough for him to fit through, and yet, he squeezes out. This parallels access points into a network. They may not look like they would allow unauthorized users into the system, but it happens. Beau is also excellent at tailgating. In cyber, tailgating is a method of breaching physical security by following tightly behind someone who has access. Beau will keep closely behind one of the other dogs being let out and he’ll slip through the door even when we are trying to keep him inside. To keep his claim to being a pentester, Beau has to report back to us what he has found. He does that by running straight to the garage door and howling until we let him in the house. He’s quite clever in that way, just like a hacker.
コメント