Indonesian Political, Business & Finance News

Assessing your vulnerability through Pure Hacking

| Source: VISHNU K MAHMUD

Assessing your vulnerability through Pure Hacking

Vishnu K. Mahmud, vmahmud@yahoo.com

Recently a Rp 1.95 billion Indonesian website was hacked by
protesters complaining about the fuel price hikes, in what
appears to be a simple vulnerability exploit.

This act of cyber sabotage could bring into question the
viability of an organization's information technology practices,
if not the company's data security as a whole. What kind of IT
personnel would allow such Internet hoodlums to deface a such an
expensive investment?

Enter Pure Hacking (www.purehacking.com). Just like out of the
movie Sneakers, Robert McAdam and his team of internet security
specialists are contracted by various organizations to fully
scrutinize the sanctity of their client's IT communications
infrastructure. Using "penetration testing", the Pure Hacking
team actually simulates what dark-hat hackers (otherwise known as
"crackers") would do when trying to take over a server or
network.

"Pure Hacking is a dedicated penetration testing firm," says
McAdam. "We will identify the risks to (our client's) business,
establish the appropriate measures to minimize the exposure to
hacking and continue to monitor the state of their security."

The Singapore and Sydney-based company is different from other
firms that offer a variety of security services such as policy
work, security architecture, and others that require resources to
be shared across the different segment areas.

Pure Hacking focuses on their one core competency, bringing a
service that remains pure and dedicated to its mandate resulting
in exceptional value for its clients, argues McAdam.

In determining whether a network or server is vulnerable to
attack, the hacking team would first "footprint" a target to
acquire all pertinent information towards launching a surgical
cyber strike. The next step would be to scan the various
listening services on a network to seek out any promising
vulnerabilities.

With this data in hand, the more intrusive probing begins, as
the testers identify poorly protected resources and gain access
into the system.

Once in, they attempt to escalate their IT privileges to
obtain complete control over the network. It is at this critical
stage that all resources, data and information within the company
are vulnerable to theft, corruption or erasure, which would of
course be costly to organizations in terms of downed systems,
missing data and lost productivity.

Not to mention potential lawsuits from irate shareholders and
angry clients.

"The security team has all the tools, techniques and know-how
to stay ahead of the criminal hacking community," notes McAdam.

"Clients cite our expertise, reliability and the excellence of
our recommendations as qualities that set us apart in the IT
security market."

It is keeping up with progress in the IT world that some
companies may have trouble with. Once an application or system is
online, there may be various patches or exploits that companies
usually miss, giving crackers a small but critical window of
opportunity.

What's more, with the wealth of intrusion tools freely
available on the Internet, anyone with little or no skill can
attempt to take over a corporate network.

These "script kiddies" usually lack the knowledge and finesse
to steal highly sensitive data, but their attempts on the system
can cause some collateral damage.

Apart from the regular penetration testing and security audit,
Pure Hacking also offers ongoing security management to ensure
that any new company changes to the systems do not introduce new
vulnerabilities.

The firm checks their client's infrastructure every business
day to see if there are any intrusion issues. Perhaps most
importantly, its reports with its specific tests, results and
recommendations cam be actionable for all levels of staff as IT
security should be a company-wide effort.

As Indonesian entities begin to upgrade their systems to
comply with international regulations, ensuring the
infrastructure is secure from possible internal and external
threats is vital to ensure business continuity. Often, McAdam
says, IT security policies demand an independent penetration test
as sound business practice.

As the world becomes more accepting (and perhaps susceptible)
to digital networks, information and transactions, extraordinary
steps must be taken to ensure confidence in systems that could be
the backbone of international commerce.

As promising as information technology is in increasing
productivity and slashing costs, it should not be a playground or
free market bazaar for crackers to steal and profit.

Pure Hacking is an endorsed supplier to the Australian Federal
government, a platinum sponsor of the Information Systems
Security Association, Singapore chapter (www.issa.org.sg), and
follows the systems and methodologies of the Open Source Security
Testing Methodology Manual (www.osstmm.org).

View JSON | Print