Our systems may be vulnerable and, perhaps, we are not aware of what an attack both internal as external may involve us, and what best checking that our systems are safe or not, that the make a fictional attack or what is currently called as ethical hacking? The objective of this audit focuses on evaluating all their security systems, trying to find some hole to access the information as if it were a hacker. To perform a good audit of Ethical Hacking, and following the internationally recognized OSSTMM methodology, should evaluate and verify the following aspects: u Information Gathering: the Information Gathering phase is intended to obtain information free access available on the company or entity to study. u study and analysis of the network: the phase of study of the network is carried out from a point of connection to the network to study and is considered intrusive, obtaining the information to be obtained is: list of active devices and their services, map network, etc. u detection of vulnerabilities: the objective is to list all possible vulnerabilities for all computers and detected services. u gain access: this phase is intended to obtain passwords, elevation of privileges, and access to data, or restricted locations.
The audit report would contrast deficiencies identified and the plan of action to mitigate the risks, i.e., we will have the necessary information to know where we have holes and what we need to cover them. Thus we can achieve any hacker steal us data of a personal nature or any information of the company. We therefore believe that it is essential to conduct this type of audits that provide us with actual data where we need and we have to strengthen our security to not see us attacked..