What is mean by Ethical Hacking??

What is mean by Ethical Hacking??

Ethical Hacking, also known as penetration testing, intrusion testing, or red teaming, is the controversial act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers

An Ethical Hacker, also known as a white hat hacker, or simply a white hat, is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems. Nowadays, certified ethical hackers are among the most sought after information security employees in large organizations such as Wipro ,Infosys ,IBM ,Airtel and Reliance among others.

Definition

Ethical hacking refers to the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers. Ethical hacking is also known as penetration testing, intrusion testing, or red teaming. An ethical hacker is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems. By conducting penetration tests, an ethical hacker looks to answer the following four basic questions ^[1] :

1.     What information/locations/systems can an attacker gain access?

2.     What can an attacker see on the target?

3.     What can an attacker do with available information?

4.     Does anyone at the target system notice the attempts?

An ethical hacker operates with the knowledge and permission of the organization for which they are trying to defend. In some cases, the organization will neglect to inform their information security team of the activities that will be carried out by an ethical hacker in an attempt to test the effectiveness of the information security team. This is referred to as a double blind environment In order to operate effectively and legally, an ethical hacker must be informed of the assets that should be protected, potential threat sources, and the extent to which the organization will support an ethical hacker's efforts .

Steps involve in Ethical Hacking

Planning

Planning is essential for having a successful project. It provides an opportunity to give critical thought to what needs to be done, allows for goals to be set, and allows for a risk assessment to evaluate how a project should be carried out.

Reconnaissance

Reconnaissance is the search for freely available information to assist in an attack. This can be as simple as a ping or browsing newsgroups on the Internet in search of disgruntled employees divulging secret information or as messy as digging through the trash to find receipts or letters.

Enumeration

Enumeration is also known as network or vulnerability discovery. It is the act of obtaining information that is readily available from the target's system, applications and networks. It is important to note that the enumeration phase is often the point where the line between an ethical hack and a malicious attack can become blurred as it is often easy to go outside of the boundaries outlined in the original attack plan.

Vulnerability Analysis

In order to effectively analyze data, an ethical hacker must employ a logical and pragmatic approach. In the vulnerability analysis phase, the collected information is compared with known vulnerabilities in a practical process.

Exploitation

A significant amount of time is spent planning and evaluated an ethical hack. Of course, all this planning must eventually lead to some form of attack. The exploitation of a system can be as easy as running a small tool or as intricate as a series of complex steps that must be executed in a particular way in order to gain access.

Maintaining Access

At this stage, hackers attempt to construct backdoors or access pathways so they have a way back into the system or perform steps to make sure they can always come back at a later date or time and access the breached resource(s).  Attempts are made to perpetuate access to the breached resource(s).  Hackers can use rootkits, Trojans & other tools to maintain access.

Covering Tracks

The stage and time that hackers attempt to hide or conceal their success and avoid detection.  Hackers might delete system logs, hide directories, delete files or alter logs to accomplish this.