Not
everyone is cut out to be a security analyst; for one thing, it's not
easy to develop that level of professional paranoia. One of the most
famous security analysts, Bruce Schneier, tells a story about how as a
child he realised that a company that sold ant farms (and mailed out
tubes of live ants) could be used to send ants to anyone, anywhere.
That's a very different mindset to that of most of us, and essentially
it means looking at the world to see how it can be broken or subverted. A
security analyst would walk into a shop and think of three different
ways to rob it and another dozen to defraud it. It's a good job that
those minds are on the side of good and serve to help protect us against
their less than honourable counterparts.
Opportunities are everywhere. You might see a USB charging port at an
airport as a quick way of getting your phone or iPod charged between
flights, but a security analyst will be counting the connections in the
port and wondering just how much data someone could steal from an idle
phone using nothing more than a USB connection.
Penetration
tests capitalise on that security mindset. White hat hackers working for
security companies attempt to use their skills (and the tools that the
black hats use) in order to find ways into a business network.
If you're running a big network that carries data that needs to be
secure, you're likely to need certification from one of the big security
consultancies before you'll get any insurance – and that certification
is going to require one or more major penetration tests.
These
tests aren't simply restricted to the computer side of things. Network
security is about people, policy and technology. While you may be
thinking about encrypting your network traffic and using two-factor
authentication, your penetration testers may well be gaming your social
network, tracking down backdoors into your network through staff who
might have forgotten passwords one time too many and tailgating their
way into the office building.
The slightest crack in your
network's armour and all the passwords in the world are rendered next to
useless for keeping that precious data safe.
No comments:
Post a Comment