Ethical Hacking

 Abstract

Today more and more softwares are developing and people are getting more and more options in their present softwares. But many are not aware that they are being hacked without their knowledge. One reaction to this state of affairs is a behavior termed Ethical Hacking” which attempts to proactively increase security protection by identifying and patching known security vulnerabilities on systems owned by other parties.

A good ethical hacker should know the methodology chosen by the hacker like reconnaissance, host or target scanning, gaining access, maintaining access and clearing tracks. For ethical hacking we should know about the various tools and methods that can be used by a black hat hacker apart from the methodology used by him. From the point of view of the user one should know atleast some of these because some hackers make use of those who are not aware of the various hacking methods to hack into a system. Also when thinking from the point of view of the developer, he also should be aware of these since he should be able to close holes in his software even with the usage of the various tools. With the advent of new tools the hackers may make new tactics. But atleast the software will be resistant to some of the tools

what is ethical hacking

An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking is also known as penetration testing, intrusion testing and red teaming. An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat.

One of the first examples of ethical hackers at work was in the 1970s, when the United States government used groups of experts called red teams to hack its own computer systems. According to Ed Skoudis, Vice President of Security Strategy for Predictive Systems' Global Integrity consulting practice, ethical hacking has continued to grow in an otherwise lackluster IT industry, and is becoming increasingly common outside the government and technology sectors where it began. Many large companies, such as IBM, maintain employee teams of ethical hackers.

Ethical Hacking PDF 1

Ethical Hacking PDF 2

Ethical Hacking PPT 1

Ethical Issues of Computer Hacking

By Mateo Zeske, eHow Contributor

Computer hackers learn to circumvent security measures, such as passwords.

Many discussions about the ethical ramifications of computer hacking have occurred since the issue gained prominence. Some see the ethical issues involved as cut and dry, some consider ethical breaches only when laws have been broken and others consider certain types of hacking ethically sound and some types as ethically questionable. The first layer of this debate usually focuses on the definition of computer hacking and the motivation of the hackers.

Definitions of Hacking

• Hacking occurs when someone intentionally accesses a computer without authorization. The term is often used to refer to a person with detailed computer knowledge who commits the act to accomplish criminal acts. The act often damages property, spreads viruses and causes financial loss. The New Hacker`s Dictionary uses several definitions including someone who "enjoys exploring the details of programmable systems and how to stretch their capabilities," "programs enthusiastically (even obsessively)," and "enjoys the intellectual challenge of creatively overcoming or circumventing limitations."

Ethical Considerations by Motive

• The New Hacker Dictionary and Marcia J. Wilson of Computerworld both define hackers while distinguishing them from hackers with intent to harm. Such a "cracker" is, according to the Hacker Dictionary, "a malicious meddler who tries to discover sensitive information by poking around." Wilson contrasts crackers with three other motivations she believes are ethically justified. "Hacktivists" infiltrate systems for political purposes; hobbyist hackers do so to learn and share with those in the hacking community; and research and security hackers are "those concerned with discovering security vulnerabilities and writing the code fixes." Wilson and others believe ethical issues arise in hacking when the goals are outside of these three categories. She considers political activism through computer hacking equitable to peaceful protests in the streets and points to the First and Fourth Amendments as justification.

Ethical Issues by Legality

• One way that people can interpret actions for unethical behavior is considering the legality. The United States Credit Fraud and Abuse Act prohibits intentionally accessing another`s computer system when it threatens the financial well-being of an individual or business to reveal state secrets, upset international communications, defraud, cause damage or aid extortion. States have their own laws as well.

Other Ethical Considerations

• Other points considered in discussions of ethical hacking include the costs associated with security checks even when no alterations or damages have occurred. Many consider the high amount of adolescent participants and factor this into ethical judgments, believing the anonymity associated with hacking makes crimes more likely to happen than they would outside of cyberspace.

Read more: Ethical Issues of Computer Hacking | eHow.com http://www.ehow.com/info_8482153_ethical-issues-computer-hacking.html#ixzz2BLFphvcI

Types of Ethical Hackers

By Curtis Fease, eHow Contributor

Hackers access computers and networks without authorization.

Hacker movies like "Swordfish" can give people the idea that hackers may not be all that bad. In actuality, hackers often pose a serious security threat. A Florida company named Acxiom had to spend $7 million to repair its database after an attack by one hacker. Luckily, there are hackers out their whose intent is not to caues harm. While the word "ethical" can depend on perception, the following are hackers you may not be too afraid of.

Hacktivists

• Hacktivism is hacking into a computer system illegally for a social or politically motivated reason. These hackers could just leave a large message on the main page of a website, or even disrupt traffic to a site altogether. Some people see this as a form of protest, and therefore as protected speech. The question is whether anybody in America would object if someone hacked into a website where pedophiles congregate and left a message saying that phedophilia is wrong. Therein lies the moral debate on whether hacktivists are ethical or not.  Read More

Cyberwarrior

• This is another gray area of ethical hacking. Whether or not this type of hacking is ethical is all in the eye of the beholder. Cyberwarriors are computer experts and hackers who participate in cyberwarfare, which are actions undertaken or sanctioned by a nation-state to infiltrate another country's networks or computers to cause disruption or damage.

  Black Box Penetration Testers

  • This is a hacker who is hired by a person or company to actually infiltrate a computer network or system. The hacker will act as a malicious hacker, trying to find vulnerabilities in a system or network that would allow him to attack it. The black box penetration tester has no prior knowledge of the network or system he is trying to infiltrate. By finding vulnerabilities, he can advise the company of individual about what is needed to strenghten a website from future hacking.

  White Box Penetration Testers

  • This is another type of hacker that is hired by a person or company to break into a computer network or system. The white box hacker is much like the black box hacker in that they both are legally breaking into these systems in an effort to help the person or company who hires them. The only difference between the two is that white box penetrators are given complete knowledge of the system or network they are infiltrating. The hacker simulates an attack from an insider of the organization.

  Certified Ethical Hacker/Licensed Penetration Tester

  • These hackers perform the duties of black box and white box penetration testers. They look for vulnerabilities and weaknesses in systems and networks. These two certifications are given by the International Council of E-Commerce Consultants. All of these ethical hackers must be re-certified every three years.

  
  

  References:

  Read more: Types of Ethical Hackers | eHow.com http://www.ehow.com/info_8279840_types-ethical-hackers.html#ixzz2BLDRtcSX
  

  
  

  
  
  
  

  The Advantages of Ethical Hacking

  
  
  
  

  By Corr S. Pondent, eHow Contributor

  
  

  
  
  
  

  

  Ethical hacking helps alert a company to system vulnerabilities.

  The term "hacking" has negative connotations and is associated with outsiders breaking into somebody else's computer network. Hackers could aim to steal information, or their activities could disable a company's systems. However, another practice is "ethical hacking" whereby an organization pays hackers -- the good kind -- to protect its computer system from attack by learning how to attack it themselves. This practice enables an organization to learn how nefarious hackers can exploit vulnerabilities in its computer systems.

  
  
  

  Techniques

  
  

  • One type of ethical hacking involves testing an organization's networks, both internal and external, to identify any weaknesses that outsiders could tap. Ethical hackers could also test applications to find any flaws and go through an organization's source codes. Other techniques include testing for the possibility of attacks from someone with access to the wireless network, and checking for unauthorized modems.

  Advantage

  • One major advantage of ethical hacking is that it helps an organization better protect its systems and information. It is a way of augmenting the efforts of an organization's information technology professionals. The adoption of ethical hacking techniques must be a part of an organization's overall security efforts. However, the realities of tight budgeting mean that this additional layer of security is not always a priority for many organizations.

  
  
  Read more: The Advantages of Ethical Hacking | eHow.com http://www.ehow.com/info_8431442_advantages-ethical-hacking.html#ixzz2BLGTve9n
  

  
  

  Protection Against Theft

  • If a hacker gets into an organization's systems, then the hacker could gain access to valuable information. The organization's intellectual property and sensitive client information are at risk. Hackers have been known to steal such information. If organizations want to protect against theft, they could schedule routine ethical hacking exercises to find out if any flaws exist in their systems. This makes them less vulnerable to outside hackers.

  Protection from Lawsuits

  • The United States is a litigious society. If hackers get into a company's systems and steal customer information, then the company could face potential lawsuits. Consumers could file lawsuits against an organization for failing to safeguard their personal information. Ethical hacking could help prevent the possibility of such lawsuits. Organizations may also have to meet certain legislative and regulatory requirements relating to safety of consumer information. Ethical hacking helps them meet such mandates.

  
  
  Read more: The Advantages of Ethical Hacking | eHow.com http://www.ehow.com/info_8431442_advantages-ethical-hacking.html#ixzz2BLGa57Nv
  
  Seminar Report
  
  
  

  Ethical Hacking from Binit Kumar