Which of the following statements pertaining to ethical hacking is incorrect?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
This means that many of the tools used for ethical hacking have the potential of exploiting vulnerabilities and causing disruption to IT system.
It is up to the individuals performing the tests to be familiar with their use and to make sure that no such disruption can happen or at least shoudl be avoided.
The first step before sending even one single packet to the target would be to have a signed agreement with clear rules of engagement and a signed contract.
The signed contract explains to the client the associated risks and the client must agree to them before you even send one packet to the target range.This way the client understand that some of the test could lead to interruption of service or even crash a server.The client signs that he is aware of such risks and willing to accept them.
The following are incorrect answers: An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services.An ethical hacking firm's independence can be questioned if they sell security solutions at the same time as doing testing for the same client.There has to be independance between the judge (the tester) and the accuse (the client)
Testing should be done remotely to simulate external threatsTesting simulating a cracker from the Internet is often time one of the first test being done,this is to validate perimeter security.By performing tests remotely, the ethical hacking firm emulates the hacker's approach more realistically.
Ethical hacking should not involve writing to or modifying the target systems negatively.Even though ethical hacking should not involve negligence in writing to or modifying the target systems or reducing its response time, comprehensive penetration testing has to be performed using the most complete tools available just like a real cracker would.
Reference(s) used for this question: KRUTZ, Ronald L.
& VINES, Russel.
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Appendix F: The Case for Ethical Hacking (page 520).
Ethical hacking is a process in which an organization employs ethical hackers to simulate cyber attacks and test their security infrastructure. The purpose of ethical hacking is to identify vulnerabilities in the system and to take corrective action before an attacker can exploit those vulnerabilities.
Out of the given options, the statement that is incorrect regarding ethical hacking is D. Ethical hackers never use tools that have the potential of affecting servers or services.
The correct statement regarding ethical hacking is that ethical hackers should use any means necessary to simulate real-world cyber attacks, including using tools that have the potential to affect servers or services. However, ethical hackers should exercise caution and have permission from the organization before using such tools. Ethical hacking should not cause any permanent damage to the target system, and the ethical hacker should restore the system to its original state after the testing is completed.
Option A is a correct statement as ethical hackers should not be involved in the sales of auditing, hardware, software, firewall, hosting, and/or networking services to avoid any conflict of interest.
Option B is also a correct statement as testing should be done remotely to simulate external threats.
Option C is a correct statement as ethical hacking should not involve writing to or modifying the target systems negatively. Ethical hackers should not perform any actions that may cause harm or disrupt the normal functioning of the target system.
In summary, ethical hacking is a valuable process in identifying and addressing potential vulnerabilities in a system. Ethical hackers should use any means necessary to simulate real-world attacks, but always exercise caution and obtain permission from the organization before using any tools that have the potential to affect servers or services.