Use your computer fearlessly.

[ Security | Consulting | Research ]

Ethics: No Hacking

by Brent Kirkpatrick

(Date Published: .)

Responsible professionals neither hack nor do penetration testing.

Responsible computer security professionals do not hack and do not penetration test. There is no need to do either of these, if hackers are testing your security. Hackers provide the only necessary test of your defenses. Penetration testing provides no advantages. Detection of actual hacking is the goal that accomplished professionals have.

There is no need to "know thine enemy" by capturing and using the hacker's exploit toolkit. Quite the opposite, people who waste all their time studying how to hack have no general knowledge of either how to detect hacking or how to prevent it. The computer security professional is properly focused on security, on detection, and on preventing hacking.

Detection of hacking is best done de novo, without specific knowledge of the hack or exploit in use. This is because the problem of finding the best signals indicating exploitation is a needle-in-the-haystack problem. This kind of problem needs to be approached with an open mind. People who have studied how to hack with pre-existing exploits tend to close their minds; they fail to consider the creativity of an unknown hacker. People who hack focus only on the hacks they already know and are blind to discovering hacks they do not know. An accomplished computer security professional will focus on detecting unknown, creatively conceived exploits.

The best professionals do not hack and do not penetration test. The best professionals have a thorough grounding in computer science and in science. The best professionals simply defend and learn to recognize other people's hacking.

Intrepid Net Computing provides a consulting service to educate your IT department on full-featured security and on the latest threats to security.

© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.