Hacking
Hacking is the gaining of access to
a computer and viewing, copying, or creating data without the intention of
destroying data or maliciously harming the computer. Ethical Hacking is term used to describe hacking performed by a company or
individual to help identify potential threats on a computer or network. The explosive growth of the Internet has
brought many good things e.g. Electronic Commerce, Collaborative Computing,
e-mail etc. As with most technological advances, there is also a dark side i.e.
Criminal Hackers. Citizen, people of society, Governments and Companies around the world want to be
a part of this revolution of technology, but they are afraid that some hacker
will break into their Web server, read their e-mail, steal their credit card
number from an on-line shopping site, or implant software that will secretly
transmit their organization’s secrets to the open Internet. With these concerns
and others, the ethical hacker can help. This paper describes about working and
intention of ethical hackers: their skills, their attitudes, and how they go
about helping their customers find resolve their security problems.
Hacker
The term ‘Hacker’ is defined as: A person who enjoys learning the details
of computer systems and how to stretch their capabilities, contrary to most
users of computers, who prefer to learn only the minimum amount necessary. Term
‘Hacker’ is also defined as: One who
programs actively or who enjoys programming rather than just theorizing about programming.
Whether users programmed the computers to play games, draw pictures, or to help
them with the problems of their daily work, once computers were available for
use, there were a number of individuals wanting to use them. Because of this
increasing demand and use of computers and their continued high cost, access to
them was usually restricted. When users refused to access to the computers,
some of them would challenge the access controls that had been put in place.
They would steal passwords or account numbers, explore the system for bugs, or
even take control of the whole system. They would do these things in order to
be able to run the programs of their choice, or just to change or remove the
limitations and restrictions under which their programs were running. Initially
these computer intrusions were less in number. However, these intrusions did
not stay kind and gentle for long. Occasionally the less talented, or less
careful, intruders would accidentally bring down a system or damage its files,
and the system administrators would have to restart it or make repairs. With
the passage of time, when these intruders were again restricted and refused to
access once their activities were traced, they would react with serious and
destructive actions. When the number of these destructive computer intrusions
became noticeable, due to the visibility of serious damage to the system, it
became ‘NEWS’. Instead of using the more accurate term “Computer Criminal,” the
media began using the term “hacker” to describe individuals who break into
computers for damage, fun, revenge, or profit.
What is Ethical
Hacking?
With the growth of the Internet, computer security has become a major
concern for businesses and governments. They want to be able to take advantage
of the Internet for electronic commerce, advertising, information distribution
and access, but they are worried about the possibility of being “hacked.” In
their search for a way to approach the problem, organizations came to realize
that one of the best ways to evaluate the intruder threat is that they would
have independent computer security professionals attempt to break into their
computer systems. They are called “Tiger Teams” or “Ethical Hackers”. In case
of computer security, they would employ the same tools and techniques as the
intruders, but they would neither damage the target systems nor steal information.
Instead, they would evaluate the target systems’ security and report back to
the owners with the threats they found and ways for how to solve them. This
method of evaluating the security of a system has been in use from the early
days of computers.
Who are ethical hackers?
Successful ethical hackers possess a variety of skills. First and most
important is that they must be completely trustworthy. While testing the
security of a client’s systems, the ethical hacker may discover information
about the client that should remain secret. In many cases, if this information
is publicized then it could lead to real intruders breaking into the systems,
possibly leading to financial losses. During an evaluation, the ethical hacker
often holds the “keys to the company,” and therefore must be trusted to
exercise tight control over any information about a target that could be
misused. The sensitivity of the information gathered during an evaluation
requires that strong measures be taken to ensure the security of the systems
being employed by the ethical hackers themselves. These strong measures are: limited-access
labs with physical security protection, multiple secure Internet connections, a
safe to hold paper documentation from clients, strong check and balance to
protect electronic results, and isolated networks for testing. Ethical hackers
typically have very strong programming and computer networking skills and have
experience in the computer and networking field for several years. They are
also skilled and expert at installing and maintaining systems that use the more
popular operating systems (e.g., UNIX** or Windows NT**) used on target
systems. These basic skills are improved with detailed knowledge of the
hardware and software provided by the more popular computer and networking
hardware vendors. An additional specialization in security is not always
necessary, as strong skills in the other areas imply a very good understanding
of how the security on various systems is maintained. A good candidate for ethical
hacking has more skills and patience than most people. Unlike the way someone
breaks into a computer in the movies, the work that ethical hackers do demands
a lot of time, hard work and patience. This is a critical quality, since
criminal hackers are known to be extremely patient and willing to monitor
systems for days or weeks while waiting for an opportunity. A typical
evaluation may require several days of boring and dull work that is difficult
to do. When ethical hackers encounter a system with which they are unfamiliar,
they will spend the time to learn about the system and try to find its
weaknesses. Finally, keeping up with the ever-changing world of computer and
network security requires continuous education and review. In the computer
security, the ethical hacker’s task is the harder than a criminal hacker. On
the Internet anyone can download criminal hacker tools and use them to attempt
to break into computers anywhere in the world. Ethical hackers have to know the
techniques of the criminal hackers, how their activities might be detected, and
how to stop them.
What ethical hackers do?
An ethical hacker’s seeks answers to three basic questions:
1.
What
can an intruder see on the target systems?
2.
What
can an intruder do with that information?
3.
Does
anyone at the target notice the intruder’s attempts or successes?
While the first and
second of these are clearly important, the third is even more important.
If the owners or operators of the target systems do not
notice when someone is trying to break in, the intruders can, and will, spend
weeks or months trying and will usually eventually succeed. When the client
requests an evaluation, there is quite a bit of discussion and paperwork that
must be done up front. The discussion begins with the client’s answers to
questions:
1. What are you trying to protect?
2. What are you trying to protect against?
3. How much time,
effort, and money are you willing to expend to obtain adequate protection?
The client usually has to be guided to briefly describe all
of the critical information assets for which loss could adversely affect the
organization or its clients. These assets should also include secondary
information sources, such as employee names and addresses, computer and network
information, and other organizations with which this organization collaborates.
[ Top ten Hacking Countries:
As of 2013, following are top ten hacking
countries:
i.
China
ii.
United
States
iii.
Turkey
iv.
Russia
v.
Taiwan
vi.
Brazil
vii.
Romania
viii.
India
ix.
Italy
x.
Hungary
It is concluded that an
average of 2000 Websites defaced each day.
Scope of Ethical Hacking
In USD,
as of May 2016, Average salary of
Certified Ethical Hacker is 81%
higher than average salaries of all other jobs nationwide.
Conclusions
Technology is a huge field. Everyone wants to be a part of this world.
With this increasing and never ending advancement in technology risks and
threats to ones privacy is increasing whether it is an organization or an
individual. Security threats will remain. With the usage of latest technology
and gadgets, one should also be aware of risks and threats. Protection measures
must be taken by an individual himself.
Regular auditing, vigilant intrusion detection, good system
administration practice, and computer security awareness are all essential
parts of an organization’s security efforts. The most skilled and talented
individuals are hired by an organisation to analyse and evaluate the threats an
organisation is being faced. Proper check and balance is maintained on Ethical
Hacker as he knows all the ways to break into an organisation’s or individual’s
system.
A single failure in any of these
areas could very well expose an organization, embarrassment, loss of revenue or
mind share, or worse. Any new technology has its benefits and its risks. While
ethical hackers can help clients better understand their security needs, it is
up to the clients to keep their guards in place.
