Root-me

From Embedded Lab Vienna for IoT & Security
Revision as of 10:04, 12 January 2021 by JKrzyzak (talk | contribs)
Jump to navigation Jump to search

Root-me

Root-me is a non-profit organization whose aim is to offer a great learning platform for ethical hacking. Together with its members, Root-me builds up a community where everyone can contribute as well as participate to the website’s development. Since it was founded in 2010 it became a platform offering the largest number and variety of content dedicated to cyber security such as ethical hacking or forensics as well as numerous exercises to train ethical hacking. Another name for ethical hacking is penetration testing which is performed using penetration testing tools.

Background

Rapid changes in the IT do not only bring more benefits into our everyday life but also cause new challenges for IT security. It is difficult nowadays to find any company that does not take advantage of the online services for better management, organization, or advertising. It thus seems necessary to protect this part of a business. Unfortunately, cyber-attacks definitely became the norm. Unauthorized individuals try to gain access to confidential data and resources by breaking into a system and get more and more creative in exploiting vulnerabilities. This led developers to undertake regular system checks in order to prevent potential attacks. This process is called a penetration test.

Penetration testing

A penetration test (PEN test) is a simulated cyber-attack against a system to identify its weak points. As a result, all present safety vulnerabilities should be detected. Those can have several different origins – human errors, bad design, or poor system configuration. Identifying the insecure areas does not only help to protect sensitive data from attackers and intruders but it also checks the strength of the organization’s security policies, the employee security awareness, and the general reaction to security events . In order to provide a platform for practical ethical hacking and information security, Root-Me was created.

Test types

Due to the variety of possible vulnerabilities, several test types are used to perform ethical hacking. The most common are:

  • external test: aims to exploit externally visible servers and devices, for instance the email server. Here the hacker tries to find possibilities how an attacker could gain access to the system.
  • internal test: an attack done by an authorized user is simulated
  • blind test: a real attack is simulated, the employees know about it and the ethical hacker gets very little knowledge about the whole system
  • double blind test: where only a few people within the organization know that a penetration test is going to take place
Retrieved from "https://wiki.elvis.science/index.php?title=Root-me&oldid=5761"