Picture what would happen if you discovered that you had hired a suspected hacker in your IT department. Here are just a few thoughts to consider:
What can you do?
You might ask yourself a question – Is he a white or black hat? The former is an ethical hacker whilst the latter is non-ethical. What’s the difference?
As per the Wikipedia definition, An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker for the purpose of finding and fixing computer security vulnerabilities. Unauthorized hacking (i.e., gaining access to computer systems without prior authorization from the owner) is a crime in most countries, but penetration testing done by request of the owner of the victim system(s) or network(s) is not.
A hacker is someone who seeks and exploits weaknesses in a computer system network. Hackers may be motivated by a multitude of reasons, such as profit, protest, challenge or enjoyment.
So what can you do to determine if the employee is exhibiting hacker behaviours
1) Check your that your security controls are working effectively – You might look at your firewall port profile, recent IDS, FIM, log analysis reports, etc. You could as far as undertaking a vulnerability scan of your internal network or external perimeter. The problem with vulnerability scanning is that often leads to false positives and more effort goes into sorting these out than addressing the other vulnerabilities. It usually requires a highly competent individual to undertake this. You might also want to check the employee’s authority levels.
2) Is the Employee adhering to corporate standards?
Has he or she done something different which they claim is required to undertake security testing etc? Such things include:
– Setting up a “back door” WAN circuit which by-passes corporate perimeter security controls.
– Provision of anonymous access tools to the web and intranets etc – e.g. Tor Browser
– Weakening of security controls – e.g. replacing IMAP with POP3 on smart phones or moving from WPA2 to WEP on corporate wi-fi networks.
– Setting up new domains or networks.
I hope this has been useful.
The Technology Whodunnit 