IT Security, a way of life.
Uh oh. Looks like your using an ad blocker.
Our site is support by ads that help to pay our hosting costs. Please disable or whitelist us within your ad blocker to help us keep the site online.
All money generate by ads and donations is used to pay the hosting costs of the site, for more information about our income and expenses please see our donation page.
IT Security, a way of life.
IT Security is a choice for some and a lifestyle for others.It brings us satisfaction that we accomplished something, we learned something new, and we see the world in a different light.A war is waged on the internet, twenty-four hours a day, seven days a week. Some attack and some defend.Targets can include: Corporate Networks, Government Networks and even Home Networks.Most often times attacking a network can be seen as wrong and we as humans commonly only see one side of the coin.Humans as a whole most often times we as humans see offensive security as illegal.It brings up so many questions, such as: Is being on the defensive side of computer security the only legal and ethical option? How can being on the offensive side of computer security possibly be legal? Is there a way to do both, ethically and legally?
How can being on the offensive side of computer security be legal? Offensive security, is a privilege, not a right, to be held.Company's and governments alike hire on Information Technology Security Professionals for the purpose of pen-testing their networks, as well as to strengthen their defenses.This option is only given to those who have shown integrity, trust, knowledge and understanding of networks and policies as well as loyalty to protecting a company's or governments assets, confidentiality, and the identity of those envolved within the company, regardless of whether they are an employee or a customer.It is an opportunity to explore the network you were authorized to pen-test, an opportunity to try new attack vectors and an opportunity to become more efficient on the pen-testing side of things.Typical pen-tests consist of the following: Rules and guidelines as to what is allowed and not allowed during the authorized pen-test List of systems the government, company or entity wishes to have tested Methods allowed to pen-test the target network given the amount of resources available(A smaller company for example may not allow a simulated DDoS attack but a larger company might for purposes of network stress testing)
Is there a way to do both, ethically and legally? Yes, while practicing offensive security, you practice writing patches for the security holes that you do find.Some other methods for practicing defensive security, during penetration tests, are all common knowledge, such as: Keeping your computers and servers, up to date Using strong passwords of at least twelve characters, while using uppercase and lowercase letters, number and symbols. Keeping your defenses such as IDS, IPS, firewalls, etc. up-to-date Those are but a few examples.From there, you expand your skills and knowledge further you can even test your own systems, or petition a company to set up computers and servers with there defenses at max, to see if you can get around the heightened security.
Is being on the defensive side of computer security the only legal and ethical option? No, as referenced above, company's, governments and other organizations hire not only defensive security IT professionals, but offensive security IT professionals as well.The more you know and the higher the integrity you have, the higher chances you have of becoming an offensive security professional are.
In closing, I can only hope that this was an insightful, inspiring essay that has shed some light on the offensive security world.An IT professional who specializes in digital forensics known as Allan Brill once said "there is a difference and the difference is this: I think the typical forensics specialist is somebody that has that skill set but their moral compass has rusted on good." This is also true for offensive security.