Hacking by Solis Tech: How to Hack Computers, Basic Security and Penetration Testing (2014)
Chapter 16: Ethical Hacking
Ethical hacking refers to hacking systems to help improve them. This kind of hacking is not meant to cause problems but to find potential problems and provide solutions for them. This type of hacking is conducted by a company or an individual for the sole purpose of finding vulnerabilities and potential threats. What an ethical hacker basically does is to try to bypass the system security and then search for any weak points that may be exploited by malicious hackers. It’s essentially like taking a new car out for a test drive and trying to find any issue that may come up. This way, developers are able to fix and modify it so that by the time it is put in place or marketed, the product is already at its best and most secure.
The ethical hacker makes a report on the processes and findings, which the company or organization will use to improve upon and strengthen its security system. This helps to lessen, if not eliminate, the potential for attacks in the future. This is a very important process for developers and organizations because security is one of the most important features that people are seeking for today.
Factors in Ethical Hacking
Hacking, as has been mentioned before, is neither always bad nor always good. For a hacking activity to be ethical, it has to have the following elements:
· There should be expressed permission to prod a network and make an attempt at identifying the vulnerabilities and potential risks to security. The permission is most often best given in written form (for legalities and formalities).
· Respect for the privacy of the company or of the individual. Thus, any findings should be kept confidential.
· Close the work thoroughly. Do not leave any loopholes or openings in the system that others may exploit.
· Make vulnerabilities and security issues known to the developer or hardware manufacturer. That is, fully disclosing the results of the hacking in order to help them fix these issues and strengthen their products.
Ethical hacking is something that a lot of people are dubious about. Most people are unconvinced that there is such a thing as ethics in hacking. But there is. Truthfully speaking, a lot of ethical hackers started out as malicious or black hat hackers. Also, some companies, universities and agencies do offer legitimate hacking jobs and software development opportunities to some hackers.
Hackers are indispensable in creating secure and reliable systems. They go through numerous backdoors and holes trying to see openings or vulnerabilities. To make this point so much simpler, just think of a homeowner. He wants to make sure that his house is safe and burglarproof. So he installed several anti-theft systems like alarms and such. No matter how much he tries to burglar-proof his home with everything from primitive traps to high tech alarm systems, he only time gets to know full well how these things work is when faced with an intruder. Imagine two scenarios.
First scenario: The owner installed all these security features and then moved into the home only to find out later that a burglar was still able to enter the premises. This placed the owner in peril because he was unable to see any vulnerability in his security system yet he placed his full trust and confidence in it.
Second scenario: The homeowner installed all available security systems in his home, but before he moved in, he hired someone who knows how a burglar works to test his security features. This “hired burglar” then acted as if truly invading this home. He used every means possible to try to break in. If he was successful, he reports to the homeowner how he got in. What features or weaknesses did he find that enabled him to break in despite all the security system. Then, basing on these findings, the homeowner installed the necessary add-ons and reinforced these weak points to finally make it virtually impossible for anyone to break into his home without permission.
The first scenario places any software or hardware at risk for serious compromise once ii is in full use. For example, a security software that underwent a similar process as in the first scenario was installed in a facility that required the highest possible security, like a bank or a museum of rare and valuable artifacts. That would be placing all the valuable items at high risk because there is a high potential that hackers out there would find some opening or weakness they can exploit in order to get in and destroy the security system. But if the second scenario was performed, there will be higher confidence in the security system because it has been subjected to more rigorous and real-life testing.
This is just one of the many contributions of hackers in the development of software and hardware. Their findings are invaluable that help organizations and developers to improve and strengthen their systems.
Hackers who wish to be known as ethical hackers can take a test and be certified as a CEH or Certified Ethical Hacker. This way, organizations needing their input would know they can be trusted to do the job. The certification is given by the EC-Council (International Council of E-Commerce Consultants). Interested individuals can take the test for $500. The test has 125 items, consisting of multiple-choice type of questions for the version 8 of the test. The version 7 of the certification test has 150 multiple choice-type questions.