Indonesian Political, Business & Finance News

Assessing your vulnerability through Pure Hacking

Mon, 17 Oct 2005 | Source: VISHNU K MAHMUD

Assessing your vulnerability through Pure Hacking

Vishnu K. Mahmud, vmahmud@yahoo.com

Recently a Rp 1.95 billion Indonesian website was hacked by protesters complaining about the fuel price hikes, in what appears to be a simple vulnerability exploit.

This act of cyber sabotage could bring into question the viability of an organization's information technology practices, if not the company's data security as a whole. What kind of IT personnel would allow such Internet hoodlums to deface a such an expensive investment?

Enter Pure Hacking (www.purehacking.com). Just like out of the movie Sneakers, Robert McAdam and his team of internet security specialists are contracted by various organizations to fully scrutinize the sanctity of their client's IT communications infrastructure. Using "penetration testing", the Pure Hacking team actually simulates what dark-hat hackers (otherwise known as "crackers") would do when trying to take over a server or network.

"Pure Hacking is a dedicated penetration testing firm," says McAdam. "We will identify the risks to (our client's) business, establish the appropriate measures to minimize the exposure to hacking and continue to monitor the state of their security."

The Singapore and Sydney-based company is different from other firms that offer a variety of security services such as policy work, security architecture, and others that require resources to be shared across the different segment areas.

Pure Hacking focuses on their one core competency, bringing a service that remains pure and dedicated to its mandate resulting in exceptional value for its clients, argues McAdam.

In determining whether a network or server is vulnerable to attack, the hacking team would first "footprint" a target to acquire all pertinent information towards launching a surgical cyber strike. The next step would be to scan the various listening services on a network to seek out any promising vulnerabilities.

With this data in hand, the more intrusive probing begins, as the testers identify poorly protected resources and gain access into the system.

Once in, they attempt to escalate their IT privileges to obtain complete control over the network. It is at this critical stage that all resources, data and information within the company are vulnerable to theft, corruption or erasure, which would of course be costly to organizations in terms of downed systems, missing data and lost productivity.

Not to mention potential lawsuits from irate shareholders and angry clients.

"The security team has all the tools, techniques and know-how to stay ahead of the criminal hacking community," notes McAdam.

"Clients cite our expertise, reliability and the excellence of our recommendations as qualities that set us apart in the IT security market."

It is keeping up with progress in the IT world that some companies may have trouble with. Once an application or system is online, there may be various patches or exploits that companies usually miss, giving crackers a small but critical window of opportunity.

What's more, with the wealth of intrusion tools freely available on the Internet, anyone with little or no skill can attempt to take over a corporate network.

These "script kiddies" usually lack the knowledge and finesse to steal highly sensitive data, but their attempts on the system can cause some collateral damage.

Apart from the regular penetration testing and security audit, Pure Hacking also offers ongoing security management to ensure that any new company changes to the systems do not introduce new vulnerabilities.

The firm checks their client's infrastructure every business day to see if there are any intrusion issues. Perhaps most importantly, its reports with its specific tests, results and recommendations cam be actionable for all levels of staff as IT security should be a company-wide effort.

As Indonesian entities begin to upgrade their systems to comply with international regulations, ensuring the infrastructure is secure from possible internal and external threats is vital to ensure business continuity. Often, McAdam says, IT security policies demand an independent penetration test as sound business practice.

As the world becomes more accepting (and perhaps susceptible) to digital networks, information and transactions, extraordinary steps must be taken to ensure confidence in systems that could be the backbone of international commerce.

As promising as information technology is in increasing productivity and slashing costs, it should not be a playground or free market bazaar for crackers to steal and profit.

Pure Hacking is an endorsed supplier to the Australian Federal government, a platinum sponsor of the Information Systems Security Association, Singapore chapter (www.issa.org.sg), and follows the systems and methodologies of the Open Source Security Testing Methodology Manual (www.osstmm.org).

View JSON | Print