1.4 Ethical Hacking Concepts and Scope
What is Ethical Hacking?
- Ethical hacking involves the use of hacking tools, tricks, and techniques to identify vulnerabilities so as to ensure system security.
- It focuses on simulating techniques used by attackers to verify the existence of exploitable vulnerabilities in the system security.
- Ethical hackers performs security assessment of their organization with the permission of concerned authorities.
Why Ethical Hacking is Necessary
- To beat a hacker, you need to think like one!
- Ethical hacking is necessary as it allows to counter attacks from malicious hackers by anticipating methods used by them to break into a system.
Reasons why Organizations Recruit Ethical Hackers:
- To prevent hackers from gaining access to organization's information.
- To uncover vulnerabilities in systems and explore their potential as a risk.
- To analyze and strengthen an organization's security posture including policies, network protection infrastructure, and end-user practices.
Ethical Hackers Try to Answer the Following Questions:
- What can the intruder see on the target system? (Reconnaissance and Scanning phases)
- What can an intruder do with that information? (Gaining Access and Maintaining Access phases)
- Does anyone at the target notice the intruders' attempts or successes? (Reconnaissance and Covering Tracks phases)
- If all the components of information system are adequately protected, updated, and patched
- How much effort, time, and money is required to obtain adequate protection?
- Are the information security measures in compliance to industry and legal standards?
Scope and Limitations of Ethical Hacking
- Ethical hacking is a crucial component of risk assessment, auditing, counter fraud, and information systems security best practices.
- It is used to identify risks and highlight the remedial actions, and also reduces information and communications technology (ICT) costs by resolving those vulnerabilities.
- However, unless the businesses first know what it is at that they are looking for and why they are hiring an outside vendor to hack systems in the first place, chances are there would not be much to gain from the experience.
- An ethical hacker thus can only help the organization to better understand their security system, but it is up to the organization to place the right guards on the network.
Skills of an Ethical Hacker
- Has in-depth knowledge of major operating environments, such as Windows, Unix, Linux, and Macintosh.
- Has in-depth knowledge of networking concepts, technologies and related hardware and software.
- Should be a computer expert adept at technical domains.
- Has knowledge of security areas and related issues.
- Has "high technical" knowledge to launch the sophisticated attacks.
Non-Technical Skills: Some of the non-technical characteristics of an ethical hacker include:
- Ability to learn and adapt new technologies quickly.
- Strong work ethics, and good problem solving and communication skills.
- Committed to organization's security policies.
- Awareness of local standards and laws.