Who’s that knocking at my port? Or, how do I secure these cyber doors?
What if someone knocked on your door every fifteen minutes? What if they just tried the knob and walked in? Since locked doors help prevent burglary[1], I check the doors before going to bed at night and you may do the same thing. On average, a typical internet facing computer will be probed by unknown clients every fifteen minutes or less.[2] If not properly secured by its own configuration and network infrastructure, it may be subject to exploitation, denial of service, or worse. Do you check your servers every night?
But, how do I check the cyber “doors” on a server? Network penetration testing is how.
Network penetration testing probes the same weaknesses that attackers use to exploit systems. Configuration errors, operating system bugs, and application programming errors are just some of the vulnerabilities that expose a system to compromise. By understanding the vulnerabilities, we can better focus our efforts to secure our systems and networks. By learning how to use the tools and techniques used by attackers — most of which were originally intended for respectable uses — we can find and correct or compensate for those vulnerabilities before systems are compromised. That is the job of a penetration tester, whether working for their own company or providing testing services to others.
Interested in learning more about network penetration testing? Come to my class this fall, SANS SEC560 Network Penetration Testing and Ethical Hacking[3], and I’ll help you enter the world of ethical hacking. You can enter the world of the ‘white hat’[4] hacker, where as an “ethical hacker”[5], you can help turn the tables. You will learn how to find and evaluate vulnerabilities in a practical and hands-on course. The lectures will help you understand the tools and how attackers use them. More importantly, the labs will give you the skills and experience needed to begin using the tools to find and mitigate vulnerabilities before a compromise occurs. We will also talk about the legal issues that inevitably come up when using these tools and discuss how to keep the “ethical” in ethical hacking. Finally, as things wrap up, you’ll play a game of capture-the-flag that puts everything you’ve learned together in a realistic scenario.
Whether you are looking for a career change or just to prevent your own systems and applications from being used against you, this is a great place to start. The SANS SEC560 Network Penetration Testing and Ethical Hacking course is coming to Annapolis Junction, MD this fall, located at the CollabraSpace main office. You can receive a 15% discount by using the discount code “Menref15” when you signup online. When you complete the class, you’ll be ready to study for and pass the GIAC Penetration Tester (GPEN)[6] exam and certification!
Joe Skora
Technical Consultant at CollabraSpace
——————————-
[1] “Security measures that burglars loathe”, https://homes.yahoo.com/news/protect-home-from-burglars-005405786.html.
[2] “Survival Time”, SANS Internet Storm Center, https://isc.sans.edu/survivaltime.html.
[3] SANS, SEC516 Network Penetration Testing and Ethical Hacking, http://www.sans.org/mentor/class/sec560-annapolis-junction-10sep2014-joseph-skora.
[4] “White hat (computer security)”, http://en.wikipedia.org/wiki/White_hat_(computer_security).
[5] “ethical hacker”, TechTarget.com , http://searchsecurity.techtarget.com/definition/ethical-hacker.
[6] GIAC, Penetration Tester, http://www.giac.org/certification/penetration-tester-gpen.
