IT Security Ethical Hacking

IT Security Ethical Hacking

Ethical hacking is an advanced, offensive form of security testing designed to provide a deep technical analysis of a target environment’s vulnerability to exploitation and attack. A skilled security professional will explore a combination of approaches to discover weaknesses that a hacker could exploit.

This service is currently: 

For questions or assistance related to this service

Please contact the ITS Service Center
Enter a Ticket Online | Call 734-764-HELP (764-4357) | 4help@umich.edu | Chat

Tabs

Overview

Ethical hacking, also known as penetration testing, is an advanced, offensive form of security testing designed to provide a deep technical analysis of a target environment’s vulnerability to exploitation and attack. Ethical hacking goes beyond basic risk assessment and automated techniques and relies on a skilled security professional. An ethical hacking test target might include anything from web or client-server applications to infrastructure components to hosting environments.

Features: 

A skilled professional follows the test process below to uncover vulnerabilities in a target. The outcome of the testing process is a detailed report with recommendations for securing the target environment.

Test Process

While every test is different, most follow a high-level methodology as shown below:

  1. Reconnaissance – The tester will attempt to find out as much information as possible about the target environment through available repositories such as search engines, DNS, mailing lists, etc.
  2. Scanning – The tester will use port and vulnerability scanners to discover and fingerprint open ports and services in the environment, as well as identify potential vulnerabilities in those services.
  3. Application Testing – The tester will use both automated and manual testing to probe in-scope applications in the environment. The tester may use provided credentials to emulate an authorized user.
  4. Exploitation – Vulnerabilities detected during testing will be exploited to determine the impact and scope of the vulnerability. If possible, the tester will leverage any advantage gained through exploitation to penetrate further into the environment within the defined scope.

Report of Findings
At the conclusion of the agreed-upon test window, the tester will provide a report of findings that includes a list of all vulnerabilities found and validated during the test. Each vulnerability will be assigned a severity level and ranked relative to other vulnerabilities discovered in the environment. A description of the impact of the vulnerability and recommendations for remediation will also be included.

Who can use the service?: 

IT Security Ethical Hacking may be requested by units across the University of Michigan. While any unit can request a test of a target environment, cases are accepted and prioritized based on factors such as the impact of a breach in the environment, history of prior incidents, sensitivity of data stored or transmitted, and scope of usage at the university.

The release of IT Security Ethical Hacking to campus will follow the same release schedule as the MiWorkspace rollout. To learn more about this schedule, please visit the MiWorkspace project site

Rates & Pricing: 

Time and materials to be determined during the initial consultation.

Related Categories: 
User Groups: 
IT Professionals