Ethical Hackers

Working in the field of cybersecurity, Wayne Nordstrom wears many hats. He is a network engineer, a network security architect, and a Linux security engineer. One of the roles that Wayne Nordstrom fulfills is that of an ethical hacker.

An ethical hacker breaks into or tries to break into the digital network of an organization. The difference between ethical hackers and other hackers is that ethical hackers do this legally with the goal of ensuring that an organization’s network is secure. Another difference between hacking and ethical hacking is the reporting requirements. Ethical hackers give feedback to the organization on the result of their attempts to breach network security. Part of the job of an ethical hacker is keeping up with the latest technologies and hacking techniques to ensure that they mimic the tool set and skill set of malicious hackers.

The first thing an ethical hacker does is define the goal of the hacking activity or penetration testing activity. The scope of the testing or the specific network components involved is also defined. The analysis of the target is then begun. During this phase the ethical hacker gleans as much information about the network and allied technologies as they can, information such as IP addresses, ports, OS types and versions, and so forth. The ethical hacker then begins the break-in phase and attempts to defeat the network’s security protocols. If successful, the hacker accomplishes the defined goal and creates a report about the network’s vulnerabilities, along with recommendations on how to strengthen the network.

Cloud Jacking and Multifactor Authentication Defenses

Working toward a BS at the University of Maryland, Wayne Nordstrom is an IT engineering specialist studying networks and cybersecurity. Wayne Nordstrom is interested in emergent technology threats, including cloud jacking.

Driven by the reliance on cloud computing, cloud jacking typically involves misconfiguration and is conducted via code injection. Such attacks can be introduced directly into the cloud platform’s code through SQL injection or third-party libraries using cross-site scripting. When users unknowingly download and execute the maliciously injected code, hackers are given various levels of control, including eavesdropping and the modification of sensitive data and files that have been placed in cloud storage.

One cloud-jacking safeguard that companies should take is multifactor authentication (MFA), which goes beyond simple passwords/PINs to require an additional factor, such as token, device, fingerprint, or facial scan. Companies are also setting up MFA with continuous authentication, which helps ensure that the same person who was first authenticated and identified at the gate continues to be the person using the system.