ethical hacking
TRANSCRIPT
Ethical Hacking: Issues and Types of Hackers
Rajan ChhanganiMBA, 1st Sem. Jodhpur Institute of Engineering and Technology
Hemant GaurMBA, 1st Sem. . Jodhpur Institute of Engineering and Technology
1. Introduction
With the increasing need and demand for information security, business organizations which plan to adopt new technologies like IT outsourcing, virtualization, online services and cloud computing must be able to identify and face each security threats and come up with security architectures, policies, and processes. They must have knowledge of ethical hacking to prevent from fraud and sudden losses (Hack of important/secret information regarding their service/business) which can be harmful for their business and services. The main objective and aim of this study is to let people know about what is ethical hacking and how they can take advantage of it to prevent from fraud regarding their hacking situations.
2. Conceptual Framework
Ethics: Ethics are the moral principles that govern a person's behaviour or the conducting of an activity.
Ethics are a set of moral principles that govern an individual or a group on what is acceptable behaviour while using a computer. Computer ethics is a set of moral principles that govern the usage of computers. One of the common issues of computer ethics is violation of copyright issues.
Hacking: Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose. The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a Hacker.
Computer hacking is the most popular form of hacking nowadays, especially in the field of computer security, but hacking exists in many other forms, such as phone hacking, brain hacking, etc. and it's not limited to either of them.
Ethical Hacking:
Methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems, operating environments.
With the growth of the Internet, computer security has become a major concern for businesses and governments. For a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.
Ethical Hacking and Ethical Hacker are terms that describe hacking performed to help a company or individual identify potential threats on the computer or network. An ethical hacker attempts to hack their way past the system security, finding any weak points in the security that could be exploited by other hackers. The organization uses what the ethical hacker finds to improve the system security, in an effort to minimize, if not eliminate any potential hacker attacks.
Study on Ethical Hacking
One of the ethical issues that comes into play with cybercrime is “ethical hacking.” “Ethical hackers or white hat hackers” are those who try to compromise computer systems for the sake of informing the content owner so they can fix the problem. Some security professionals do this for a living, so there is no ethical issue, since the target company is aware of and is paying for this service.
On the other hand, some security enthusiasts are freelancing white hat hackers. These people penetrate software and websites and publish the problem and sometimes the solutions to the problems. Sometimes these white hat hackers send this information privately to the creator, and sometimes they publish the hack publicly. Software companies and website owners are often upset about people penetrating their systems, no matter what their intentions.
Hacktivism:
Hacktivism is exactly what it sounds like: hacking + activism, using computers and the Internet to promote a political or social cause. Obviously, some types of hacktivism are illegal, like breaking into proprietary systems or stealing information. Some types of hacktivism are legal, like website parodies. One of the most common types of hacktivism is a denial of service attack. This attack involves sending large amount of traffic to a certain website until it reaches its limit and crashes. More recently, DoS attacks have been done in a distributed manner, so that traffic comes from hundreds or thousands of nodes around the
world. This makes the source of attacks much harder to trace. DoS attacks are illegal under US law, but very hard to enforce.
Hacktivism is in an ethical grey area. Some claim that hacktivist activities are protected under free speech. If you think about it, a Denial of Service attack is just accessing a website at a larger scale and an accelerated rate. There is no hacking or penetration of systems. Today, the Internet is the primary medium for our communication, and grassroots movements are using it as such.
Ethical hacking and Ethical Hacker are terms used to describe hacking performed by a company or individual to help identify potential threats on a computer or network. An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers. This information is then used by the organization to improve the system security, in an effort to minimize or eliminate any potential attacks.
For hacking to be deemed ethical, the hackers must obey the following rules:
Expressed permission to probe the network and attempt to identify potential security risks.
You respect the individual’s or company’s privacy. You close out your work, not leaving anything open for you or someone else
to exploit at a later time. You let the software developer or hardware manufacturer know of any
security vulnerabilities you locate in their software or hardware, if not already known by the company.
The era of the Internet has introduced many new dimensions to the study and practice of ethics. Online ethics refers to patterns of behaviour used when on the Internet, guided both by law and personal philosophy. The great capabilities of this communication medium allow for the potential of great harm, cruelty, and even crime. Major concerns in the field of online ethics include the protection of private information, the limits of a presumed freedom of expression, and issues of libel. Understanding legal ramifications and trusting personal philosophy used in other areas of life can help a person determine his or her online ethics.
Netiquette and Online Ethics:
Netiquette is a combination of the words network and etiquette, and is defined as a set of rules for acceptable online behaviour. Similarly, online ethics focuses on the acceptable use of online resources in an online social environment.
Both phrases are frequently interchanged and are often combined with the concept of a ‘netizen’ which itself is a contraction of the words internet and citizen and refers to both a person who uses the internet to participate in society, and an individual who has accepted the responsibility of using the internet in productive and socially responsible ways.
Commandment of Ethical Hacking which should be following:
Obtain Permission:
When doing ethical hacking, don’t follow the old saw that “asking forgiveness is easier than asking for permission.” Not asking for permission may land you in prison.
You must get your permission in writing. This permission may represent the only thing standing between you and an ill-fitting black-and-white-striped suit and a lengthy stay in the Heartbreak Hotel. It should state that you are authorized to perform a test according to the plan. It should also say that the organization will “stand behind you” in case you are criminally charged or sued. This means they will provide legal and organizational support as long as you stayed within the bounds of the original plan.
Work Ethically:
The term ethical in this context means working professionally and with good conscience. You must do nothing that is not in the approved plan or that has been authorized after the approval of the plan.
As an ethical hacker, you are bound to confidentiality and non-disclosure of information you uncover, and the includes the security-testing results. You cannot divulge anything to individual who do not “need-to-know.” What you learn during your work is extremely sensitive- you must not openly share it.
You must also ensure you are compliant with you organization’s governance and local laws. Do not perform an ethical hack when your policy expressly forbids it – or when the law does.
Keep Records:
Major attributes of an ethical hacker are patience and thoroughness. Doing this work requires hours bent over a keyboard in a darkened room. You may have to do some off-hours work to achieve you goals, but you don’t have to wear hacker gear. What you do have to do is keep plugging away until you reach you goal.
One hallmark of professionalism is keeping adequate records to support you findings. When keeping paper or electronic notes, do the following:
Log all work performed. Record all information directly into your log. Keep a duplicate of your log. Document – and –date – every test.
Keep factual records and record all work, even when you think you were not successful.
Respect the Privacy of others:
Treat the information you gather with utmost respect. You must protect the secrecy of confidential or personal information. All information you obtain during your testing – for example, encryption keys or clear text passwords – must be kept private. Don’t abuse you authority; use it responsibly. This means you won’t snoop into confidential corporate records or private lives. Treat the information with the same care you would give to your own personal information.
Do no Harm:
Remember that the actions you take may have unplanned repercussions. Its easy to get caught up in the gratifying work of ethical hacking. You try something, and it works, so you keep going, unfortunately, by doing this you may easily cause an outage of some sort, or trample on someone else’s rights. Resist the urge to go too far and stick to your original plan.
Also, you must understand the nature of your tools. Far too often, people jump in without truly understanding the full implications of the tool. They do not understand that setting up an attack might create a denial of service. Relax, take a deep breath, set you goals, plan your work, select your tools, and read the documentation.
Type of Hackers:
White Hat:A white hat hacker breaks security for non-malicious reasons, perhaps to test their own security system or while working for a security company which makes security software. The term ‘white hat’ in internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement.
Black Hat:A black hat hacker is a hacker who ‘violets computer security for little reason beyond maliciousness or for personal gain’. Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are ‘the epitome of all that the public fears in a computer criminal.’ Black hat hackers break into secure networks to destroy, modify, or steal data; or to make the network unusable for those who are authorized to use the network. Black hat hackers are also referred to as the “crackers” within the security industry and by modern programmers.
Grey Hat:A grey hat hacker lies between a black hat and a white hat hacker. A grey hat hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has a security defect, for example. They may then offer to correct the defect for a fee. Grey hat hackers sometimes find the defect of a system and publish the facts to the world instead of a group of people. Even though grey hat hackers may not necessarily perform hacking or their personal gain, unauthorized access to a system can be considered illegal and unethical.
Elite Hacker:A social status among hackers, elite is used to describe the most skilled. Newly discovered exploits circulate among these hackers. Elite groups such as masters of deception conferred a kind of credibility on their members.
Script Kiddie:A script kiddie is an unskilled hacker who breaks into computer system by using automated tools written by others, hence the term script kiddie, usually with little understanding of the underlying concept.
Neophyte:A neophyte is someone who is new to hacking or phreaking and has almost no knowledge or experience of the working of technology and hacking.
Blue Hat:A blue hat hacker is someone outside computer security consulting firms who is used to bug-test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term blue hat to represent a series of security briefing events.
Hacktivist:A hacktivist is a hacker who utilizes technology to publicize a social, ideological, religious or political message.Hacktivist can be divided into two main groups:
o Cyber terrorism – Activities involving website defacement or denial-of-service attacks.
o Freedom of Information – making information that is not public, or is public in non-machine-readable formats, accessible to the public.
Nation State:Intelligence agencies and cyber warfare operatives of nation states.
Organized Criminal Gangs:Groups of hackers that carry out organized criminal activities for profit.
Conclusion:The term “ethical hacking” has received criticism at times from people who say that there is no such thing as an “ethical” hacking. Hacking is hacking, no matter how you look at it and those who do the hacking are commonly referred to as computer criminals or cyber criminals. However, the work that ethical hackers do for organizations has helped improve system security and can be said to be quite effective and successful. Individual interested in becoming an ethical hacker can work towards a certification to become a Certified Ethical Hacker or CEH.
In today’s era, every organization or individuals who are directly or indirectly connected to network, should have some knowledge of hacking in context of ethics, so that than can easily be come out from the critical situations.
References:www.networkworld.comwww.wiziq.comwww.wikipedia.com