What
is mean by Ethical Hacking??
Ethical Hacking, also known as penetration testing, intrusion
testing, or red teaming, is the controversial act of locating weaknesses
and vulnerabilities of computer and information systems by duplicating the
intent and actions of malicious hackers
An Ethical Hacker, also known as a white hat hacker, or simply
a white hat, is a security professional who applies their hacking skills
for defensive purposes on behalf of the owners of information systems.
Nowadays, certified ethical hackers are among the most sought after information
security employees in large organizations such as Wipro ,Infosys ,IBM
,Airtel and Reliance among others.
Definition
Ethical hacking refers to the act of locating weaknesses and
vulnerabilities of computer and information systems by duplicating the intent
and actions of malicious hackers. Ethical hacking is also known
as penetration testing, intrusion testing, or red teaming. An
ethical hacker is a security professional who applies their hacking
skills for defensive purposes on behalf of the owners of information
systems. By conducting penetration tests, an ethical hacker looks to answer the
following four basic questions [1] :
1.
What information/locations/systems can an attacker gain access?
2.
What can an attacker see on the target?
3.
What can an attacker do with available information?
4.
Does anyone at the target system notice the attempts?
An ethical hacker operates with the knowledge and permission of the
organization for which they are trying to defend. In some cases, the
organization will neglect to inform their information security team of the
activities that will be carried out by an ethical hacker in an attempt to test
the effectiveness of the information security team. This is referred to as a
double blind environment In order to operate effectively and legally, an
ethical hacker must be informed of the assets that should be protected,
potential threat sources, and the extent to which the organization will support
an ethical hacker's efforts .
Steps
involve in Ethical Hacking
Planning
Planning is essential for having a successful project. It provides an
opportunity to give critical thought to what needs to be done, allows for goals
to be set, and allows for a risk assessment to evaluate how a project should be
carried out.
Reconnaissance
Reconnaissance is the search for freely available information to
assist in an attack. This can be as simple as a ping or browsing newsgroups on
the Internet in search of disgruntled employees divulging secret information or
as messy as digging through the trash to find receipts or letters.
Enumeration
Enumeration is also known as network or vulnerability discovery. It is
the act of obtaining information that is readily available from the target's
system, applications and networks. It is important to note that the enumeration
phase is often the point where the line between an ethical hack and a malicious
attack can become blurred as it is often easy to go outside of the boundaries
outlined in the original attack plan.
Vulnerability Analysis
In order to effectively analyze data, an ethical hacker must employ a
logical and pragmatic approach. In the vulnerability analysis phase, the
collected information is compared with known vulnerabilities in a practical
process.
Exploitation
A significant amount of time is spent planning and evaluated an ethical
hack. Of course, all this planning must eventually lead to some form of attack.
The exploitation of a system can be as easy as running a small tool or as
intricate as a series of complex steps that must be executed in a particular
way in order to gain access.
Maintaining Access
At this stage, hackers attempt to construct backdoors or access pathways
so they have a way back into the system or perform steps to make sure they can
always come back at a later date or time and access the breached
resource(s). Attempts are made to perpetuate access to the breached
resource(s). Hackers can use rootkits, Trojans & other tools to
maintain access.
Covering Tracks
The stage and time that hackers attempt to hide or conceal their success
and avoid detection. Hackers might delete system logs, hide directories,
delete files or alter logs to accomplish this.
No comments:
Post a Comment