What is Ethical hacking ?

  • Ethical hacking ,also known as penetration testing or white-hat hacking involves the same tools, tricks, and techniques that hackers use,
  • duplicating the intent and actions of malicious hacker.
  • Ethical hacking is performed with the target’s permission

 

Who are Ethical Hackers?

  • An Ethical Hacker, also known as a whitehat hacker, or simply a Whitehat is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems.
  • They are completely trustworthy.
  • They have strong programming and computer networking skills.
  • They should have more patience.
  • Continuous updating of their knowledge on computer and network security is required.
  • They should know the techniques of the criminals, what their activities would be, how to  detected them and how to stop them.

 

Hacker Classes

1.Black Hat:-

 

  •   They use their knowledge and skill set for illegal activities
  •   destructive intents.
  •   E.g.-to gain money (online robbery), to take revenge.
  •   Disgruntled Employees is the best example of Black Hats.
  •   (Black Hat Hackers)are not at all concerned with security
  •   professionals whitehat.
  •   Actually these hackers Are Bad Guys!!!

 

2.White Hat:-

  •    They use their knowledge and skill set for good, constructive intents.
  •    They find out new security loopholes and their solutions.
  •    E.g.-Cyber Security Peoples.

 

3.Gray HatHacker:-

  •    Individuals who works both offensively and defensively at
  •    various times.
  •    E.g.-Third Party Security Testing in IT sectors Gray Hat.
     

 

 

 

Required Skills of an Ethical Hacker?

Routers:  knowledge of routers, routing protocols, and access control lists.

Microsoft:  skills in operation, configuration and management.

Linux:  knowledge of Linux/Unix; security setting, configuration, and services.

Firewalls:  configurations, and operation of intrusion detection systems.

 

 

Ethical Hacking Process

1.Preparation
2.Foot printing
3.Enumeration and fingerprinting
4.Identification of vulnerabilities
5.Attack-exploit the vulnerabilities.

 

     1.Preparation:

 

  •  Identification of target –company website, mail  server, extranet.
  •  Signing of contract
  •  Agreement on protection against any legal issue.
  •  Contracts to clearly specify limits and dangers of the test.
  •  Total time for testing.
  •  Key people made aware of testing.
     

 

2.Footprinting

 

  •  Collecting required information about target:
  •  DNS server.
  •  IP ranges.
  •  Problem reveled by Administrative contacts.



3.Enumeration and Fingerprinting

 

  •  Operating system enumeration.
  •  Identification of services/open port.
     

 

4.Identification of vulnerabilities

 

 

  •  Vulnerabilities
  •  Insecure configuration.
  •  Weak passwords.
  •  Insecure programming.
  •  Weak access control.       


 

Advantage

 

  • These are good hackers.
  • Have genuine license to hack.
  • Generally owned by companies for security designing.
  • Provides security to banking and financial establishments.


 

Conclusions

 

  •  Always security professionals are one step behind the hackers and crackers.
  •  Plan for the unplanned attacks.
  •  The role of ethical hacking in security is to provide customers with awareness of how they could be attacked and why they are targeted.