9.4: Identifying Vulnerabilities
Why is it important to identify vulnerabilities in a system / network?
It is important for organisations to identify any weaknesses in their computer systems and networks so that they can fix them and be prepared for any type of attack or malware.
Below are three methods for identifying any vulnerable areas in a computer system:
Footprinting is the first way to evaluate the security of a computer system.
As much information about the system is collected as possible, such as who has access, which companies are involved in running the system and the different ports and devices used.
Companies use the internet to gather this information and can see what a potential attacker could also discover, therefore by being in the attacker's shoes they can remove the information from the web or increase security in areas that are highlighted by this research.
Ethical hacking is when an organisation will give permission for hackers to try and attack a system so that the weak points can be highlighted and then fixed.
The hacker will attempt various different attack methods as if they were actually trying to penetrate the system and steal data. This type of hacker is also known as a 'white hat' hacker.
Penetration tests are carried out as part of ethical hacking.
The purpose of a penetration test is to review the system's security to find any risks or weaknesses and to fix them.
There are four main types of penetration tests:
Internal tests are to see how much damage could be done by somebody within the company with a registered account.
External tests are for white hat hackers to try and infiltrate a system from outside the company.
Blind tests are done with no inside information, to simulate what a real attacker would have to do to infiltrate the system.
Targeted tests are conducted by the company's IT department and the penetration team cooperating together to find faults in the system.
9.4 - Identifying Vulnerabilities:
1. What is footprinting and how does it work? 
2. What is an ethical hacker? 
3a. Describe the purpose of penetration tests. 
3b. Describe each type of penetration test.