Ethical Hacking - Overview
Ethical Hacking - Overview
Hacking is the act of finding the possible entry points that exist in a computer system or a computer network and finally entering into them. Hacking is usually done to gain unauthorized access to a computer system or a computer network, either to harm the systems or to steal sensitive information available on the computer.The first known event of hacking had taken place in 1960 at MIT and at the same time, the term "Hacker" was originated.
A hacker is a person who finds and exploits weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.
Hacking is usually legal as long as it is being done to find weaknesses in a computer or network system for testing purpose. This sort of hacking is what we call Ethical Hacking.
A computer expert who does the act of hacking is called a "Hacker". Hackers are those who seek knowledge, to understand how systems operate, how they are designed, and then attempt to play with these systems.
The Ethical Hacking Process
Planning is essential for having a successful project. It provides an opportunity to give critical thought to what needs to be done, allows for goals to be set, and allows for a risk assessment to evaluate how a project should be carried out.
Reconnaissance is the search for freely available information to assist in an attack. This can be as simple as a ping or browsing newsgroups on the Internet in search of disgruntled employees divulging secret information or as messy as digging through the trash to find receipts or letters.
Enumeration is also known as network or vulnerability discovery. It is the act of obtaining information that is readily available from the target's system, applications and networks. It is important to note that the enumeration phase is often the point where the line between an ethical hack and a malicious attack can become blurred as it is often easy to go outside of the boundaries outlined in the original attack plan.
In order to effectively analyze data, an ethical hacker must employ a logical and pragmatic approach. In the vulnerability analysis phase, the collected information is compared with known vulnerabilities in a practical process.
A significant amount of time is spent planning and evaluated an ethical hack. Of course, all this planning must eventually lead to some form of attack. The exploitation of a system can be as easy as running a small tool or as intricate as a series of complex steps that must be executed in a particular way in order to gain access.
Although the exploitation phase has a number of checks and validations to ensure success, a final analysis is required to categorize the vulnerabilities of the system in terms of their level of exposure and to assist in the derivation of a mitigation plan. The final analysis phase provides a link between the exploitation phase and the creation of a deliverable.
Deliverables communicate the results of tests in numerous ways. Some deliverables are short and concise, only providing a list of vulnerabilities and how to fix them, while others are long and detailed, providing a list of vulnerabilities with detailed descriptions regarding how they were found, how to exploit them, the implications of having such a vulnerability and how to remedy the situation.
Finally, it essential that there is some means of using the test results for something productive. Often, the deliverable is combined with existing materials, such as a risk analysis, security policy, previous test results, and information associated with a security program to enhance mitigation and develop remedies and patches for vulnerabilities.
There are three distinguishing factors that should be considered during the integration of any test results:
Mitigation: If vulnerability beyond acceptable risk was found, then it would need to be fixed. Mitigation of a vulnerability can include testing, piloting, implementing, and validating changes to systems.
Defense: Vulnerabilities need to be addressed in a strategic manner in order to minimize future or undetected vulnerabilities. Defense planning is establishing a foundation of security to grow on and ensure long-term success.
Incident Management: The ability to detect, respond, and recover from an attack is essential. Knowing how attacks are made and the potential impacts on the system aids in formulating an incident response plan. The ethical hacking process provides an opportunity for discovering the various weaknesses and attractive avenues of attack of a system which can aid in preventing future attacks.
Types of Hacking
We can segregate hacking into different categories, based on what is being hacked. Here is a set of examples −
Ethical Hacking − Ethical hacking involves finding weaknesses in a computer or network system for testing purpose and finally getting them fixed.
Computer Hacking − This is the process of stealing computer ID and password by applying hacking methods and getting unauthorized access to a computer system
Network Hacking − Hacking a network means gathering information about a network by using tools like Telnet, NS lookup, Ping, Tracert, Netstat, etc. with the intent to harm the network system and hamper its operation.
Website Hacking − Hacking a website means taking unauthorized control over a web server and its associated software such as databases and other interfaces.
Email Hacking − It includes getting unauthorized access on an Email account and using it without taking the consent of its owner.
Password Hacking − This is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system.
Advantages of Hacking
Hacking is most useful in the following scenarios
Fighting against terrorism and national security breaches
Having a computer system that prevents malicious hackers from gaining access
Having adequate preventative measures in place to prevent security breaches
Disadvantages of Hacking
Hacking is most dangerous if it is done with harmful intent. It can cause −
The ethical hacker using the knowledge they gain to do malicious hacking activities
Allowing the company’s financial and banking details to be seen
The possibility that the ethical hacker will send and/or place malicious code, viruses, malware and other destructive and harmful things on a computer system
Massive security breach
Purpose of Hacking
There could be various positive and negative intentions behind performing hacking activities. Here is a list of some probable reasons why people indulge in hacking activities −
To evaluate the security of a network or system's infrastructure.
Hacking for fun.
Damaging the system
Hacking for criminal gain.