- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Three Different Shades of Ethical Hacking: Black, White and Gray
- Abstract
- Corporations and other entities are faced with the unenviable task of trying to defend their networks against various types of intrusive attacks. Although traditional methods of deterrence, (i.e. firewalls, intrusion detection devices, etc.) have their place in this battle, there has arisen the need to utilize specialists who are adept at exploiting both known and unknown vulnerabilities in networks in order to determine the security posture of an organization. These "Ethical Hackers" have created a niche for themselves in the "Defense in-Depth" spectrum. This paper seeks to investigate the rationale for using these penetration experts in order to determine the level of security in an organization. Additionally, it will examine the underlying philosophy behind choosing one of three possible attack models for the penetration tests: Black Box, White Box and Gray Box. Finally, each one of these ethical hacking approaches will be discussed.