Taking on the skillset associated with ethical hacking will quickly and effectively put you into the role of evaluating environments to identify, exploit, report, and recommend corrective actions to be taken in respect to threats and vulnerabilities. Note, however, that pentesters usually do not do corrective actions because that is something that the client must decide to perform or not, but in some cases the client may ask you do so.
Through a robust and effective combination of technological, administrative, and physical measures, these organizations have learned to address their given situation and head off major problems wherever and whenever possible. Technologies such as virtual private networks (VPNs), cryptographic protocols, intrusion detection systems (IDSs), intrusion prevention systems (IPSs), access control lists (ACLs), biometrics, smart cards, and other devices have helped security. Administrative countermeasures such as poli- cies, procedures, and other rules have also been strengthened and implemented over the past decade. Physical measures include cable locks, device locks, alarm systems, and similar devices. Your new role as an ethical hacker will deal with all of these items,
plus many more.
As an ethical hacker, you must know not only the environment you will be working
in but also how to find weaknesses and address them as needed. But before we get to all of that, this chapter discusses the history of hacking and what it means to be an ethical hacker. We’ll also look at the process of penetration testing and explore the importance of contracts.