What is Ethical hacking ?
- Ethical hacking ,also known as penetration testing or white-hat hacking involves the same tools, tricks, and techniques that hackers use,
- duplicating the intent and actions of malicious hacker.
- Ethical hacking is performed with the target’s permission
Who are Ethical Hackers?
- An Ethical Hacker, also known as a whitehat hacker, or simply a Whitehat is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems.
- They are completely trustworthy.
- They have strong programming and computer networking skills.
- They should have more patience.
- Continuous updating of their knowledge on computer and network security is required.
- They should know the techniques of the criminals, what their activities would be, how to detected them and how to stop them.
Hacker Classes
1.Black Hat:-
- They use their knowledge and skill set for illegal activities
- destructive intents.
- E.g.-to gain money (online robbery), to take revenge.
- Disgruntled Employees is the best example of Black Hats.
- (Black Hat Hackers)are not at all concerned with security
- professionals whitehat.
- Actually these hackers Are Bad Guys!!!
2.White Hat:-
- They use their knowledge and skill set for good, constructive intents.
- They find out new security loopholes and their solutions.
- E.g.-Cyber Security Peoples.
3.Gray HatHacker:-
- Individuals who works both offensively and defensively at
- various times.
- E.g.-Third Party Security Testing in IT sectors Gray Hat.
Required Skills of an Ethical Hacker?
Routers: knowledge of routers, routing protocols, and access control lists.
Microsoft: skills in operation, configuration and management.
Linux: knowledge of Linux/Unix; security setting, configuration, and services.
Firewalls: configurations, and operation of intrusion detection systems.
Ethical Hacking Process
1.Preparation
2.Foot printing
3.Enumeration and fingerprinting
4.Identification of vulnerabilities
5.Attack-exploit the vulnerabilities.
1.Preparation:
- Identification of target –company website, mail server, extranet.
- Signing of contract
- Agreement on protection against any legal issue.
- Contracts to clearly specify limits and dangers of the test.
- Total time for testing.
- Key people made aware of testing.
2.Footprinting
- Collecting required information about target:
- DNS server.
- IP ranges.
- Problem reveled by Administrative contacts.
3.Enumeration and Fingerprinting
- Operating system enumeration.
- Identification of services/open port.
4.Identification of vulnerabilities
- Vulnerabilities
- Insecure configuration.
- Weak passwords.
- Insecure programming.
- Weak access control.
Advantage
- These are good hackers.
- Have genuine license to hack.
- Generally owned by companies for security designing.
- Provides security to banking and financial establishments.
Conclusions
- Always security professionals are one step behind the hackers and crackers.
- Plan for the unplanned attacks.
- The role of ethical hacking in security is to provide customers with awareness of how they could be attacked and why they are targeted.