Ethical Hacking
v Ethical
Hacking is testing the resources for a good cause and for the betterment of
technology. Technically Ethical Hacking means penetration testing which is
focused on Securing and Protecting IT Systems.
Hactivism
v Another type of Hackers are
Hacktivists, who try to broadcast political or social messages through their
work. A Hacktivist wants to raise public awareness of an issue. Examples of
hacktivism are the Web sites that were defaced with the Jihad messages in the
name of Terrorism.
Cyber
Terrorist
v There are Hackers who are
called Cyber Terrorists, who attack government computers or public utility
infrastructures, such as power
stations and air-traffic-control towers. They crash critical systems or steal
classified government information. While
in a conflict with enemy countries some government start Cyber war via
Internet.
Why
Hackers Hack?
v The main reason why Hackers
hack is because they can hack. Hacking is a casual hobby for some Hackers —
they just hack to see what they can hack and what they can’t hack, usually by
testing their own systems. Many Hackers are the guys who get kicked out of
corporate and government IT and security organizations. They try to bring down
the status of the organization by attacking or stealing information.
v The knowledge that malicious
Hackers gain and the ego that comes with that knowledge is like an addiction.
Some Hackers want to make your life miserable, and others simply want to be
famous. Some common motives of malicious Hackers are revenge, curiosity,
boredom, challenge, theft for financial gain, blackmail, extortion, and
corporate work pressure.
v Many Hackers say they do not
hack to harm or profit through their bad activities, which helps them justify
their work. They often do not look for money full of pocket. Just proving a
point is often a good enough reward for them.
Prevention
from Hackers
v What can be done to prevent
Hackers from finding new holes in software and exploiting them?
v Information security research
teams exist—to try to find these holes and notify vendors before they are exploited.
There is a beneficial competition occurring between the Hackers securing
systems and the Hackers breaking into those systems. This competition provides
us with better and stronger security, as well as more complex and sophisticated
attack techniques.
v Defending Hackers create
Detection Systems to track attacking Hackers, while the attacking Hackers
develop bypassing techniques, which are eventually resulted in bigger and
better detecting and tracking systems. The net result of this interaction is
positive, as it produces smarter people, improved security, more stable
software, inventive problem-solving techniques, and even a new economy.
v Now when you need protection
from Hackers, whom you want to call, “The Ethical Hackers”. An Ethical Hacker possesses
the skills, mindset, and tools of a Hacker but is also trustworthy. Ethical
Hackers perform the hacks as security tests computer systems.
v Ethical Hacking — also known
as Penetration Testing or White-Hat Hacking —involves the same Tools, Tricks
and Techniques that Hackers use, but with one major difference:
v Ethical hacking is Legal.
v Ethical hacking is performed with
the target’s permission. The intent of Ethical Hacking is to discover vulnerabilities
from a Hacker’s viewpoint so systems can be better secured. Ethical Hacking is
part of an overall information Risk Management program that allows for ongoing
security improvements. Ethical hacking can also ensure that vendors’ claims
about the security of their products are legitimate.
v As Hackers expand their
knowledge, so should you. You must think like them to protect your systems from
them. You, as the ethical Hacker, must know activities Hackers carry out and
how to stop their efforts. You should know what to look for and how to use that
information to thwart Hackers’ efforts.
v You don’t have to protect
your systems from everything. You can’t.
The only protection against everything is to unplug your
computer systems and lock them away so no one can touch them—not even you.
v That’s not
the best approach to information security. What’s important is to protect your
systems from known Vulnerabilities
and common Hacker attacks.
v It’s impossible to overcome all possible
vulnerabilities of your systems. You can’t plan for all possible attacks — especially
the ones that are currently unknown which are called Zero Day Exploits. These
are the attacks which are not known to the world. However in Ethical Hacking,
the more combinations you try — the more you test whole systems instead of
individual units — the better your chances of discovering vulnerabilities.
