18 Chapter 1 ■ Getting Started with Ethical Hacking
■ A stolen equipment attack is a type of attack where an aggressor steals a piece of
equipment and uses it to gain access or extracts the information desired from the
equipment itself.
■ A social engineering attack is a form of attack where the pen tester targets the users of
a system seeking to extract the needed information. The attack exploits the trust inher-
ent in human nature.
Once you discuss each test, determine the suitability of each, and evaluate the potential
advantages and side effects, you can finalize the planning and contracts and begin testing.Vulnerability Research and Tools
An important part of your toolkit as an ethical hacker will be the information gathered
from vulnerability research. This process involves searching for and uncovering vulner-
abilities in a system and determining their nature. Additionally, the research seeks to clas-
sify each vulnerability as high, medium, or low. You or other security personnel can use
this research to keep up to date on the latest weaknesses involving software, hardware, and
environments.
The benefit of having this information is that an administrator or other personnel could
use this information to position defenses. Additionally, the information may show where to
place new resources or be used to plan monitoring.
Vulnerability research is not the same as ethical hacking in that it passively uncovers
security issues whereas the process of ethical hacking actively looks for the vulnerabilities.Ethics and the Law
As an ethical hacker, you need to be aware of the law and how it affects what you will do.
Ignorance or lack of an understanding of the law is not only a bad idea, but it can quickly
put you out of business—or even in prison. In fact, under some situations the crime may be
serious enough to get you prosecuted in several jurisdictions in different states, counties, or
even countries due to the highly distributed nature of the Internet. Of course, prosecution
of a crime can also be difficult considering the web of various legal systems in play. A mix
of common, military, and civil laws exists, requiring knowledge of a given legal system to
be successful in any move toward prosecution.Depending on when and where your testing takes place, it is even possible
for you to break religious laws. Although you may never encounter this
problem, it is something that you should be aware of—you never know
what type of laws you may break.Always ensure that you exercise the utmost care and concern to ensure that you observe
proper safety and avoid legal issues. When your client has determined their goals along