What is Ethical Hacking
Ethical hacking provides a way to determine the security of an information technology environment – at least from a technical point of view. As the name ethical hacking already tells, the idea has something to do with hacking. But what does “hacking” mean
“The word hacking has two definitions.
The first definition refers to the hobby/profession of working with computers.
The second definition refers to breaking into computer systems. While the first definition is older and is still used by many computer enthusiasts(who refer to cyber-criminals as "crackers"),
the second definition is much more commonly used.” – Definition by Internet Security Systems In ...view middle of the document...
An ethical hacker’s knowledge is very much comparable to the one of a “real” hacker. It is known, that some black hats have been converted to whitehats6 and are now using their knowledge on how to hack a system in an ethical way. Hiring ex-hackers as ethical hackers is very controversial. After all, an ethical hacker will see sensitive information and needs to be extremely trustworthy. During his assignment an ethical hacker may get access to sensitive and confidential customer information where he will see and discover customers weak points – As C. C. Palmer writes in his article7 “the ethical hacker often holds the keys to the company”. A lot of companies therefore won’t employ former hackers for doing their ethical hacks as the risk and
uncertainty is to high, although they may know the craft very well and even have connections to the underground for getting the newest tools and exploits. As already pointed out, one of the main requirements for an ethical hacker is its trustworthiness. The customer needs to be 100% certain that information found by the ethical hacker won’t be abused. Another very important ability is patience. Professional hackers are known to be very patient and persistent. Sometimes they listen to network traffic or scan through newsgroups for days just to find a piece of information which could help hacking a system. Unfortunately, most ethical hackers don’t have “every time on earth” as most contractors don’t want to pay for such an extensive listening phase. For an ethical hacker it is therefore even more important keeping up to date with the current exploits and attack techniques, as he hasn’t the time for extensive research. Having all these requirements, it’s not very astonishing that most ethical hackers are not evolving from the security practice – they especially need a good
understanding for operating systems as well as network equipment. They got their security education and awareness on their careers as network or system administrators. For an ethical hacker it’s more important to know a system inside out than to know what security processes on a business levels have to be in place to provide a certain level of corporate information security.
What is an Ethical doing
Ethical hackers are working on a contract basis with a customer to attack his systems. A customer is interested in the following three questions:
1. What can an intruder see?
2. What can he get access to?
3. What kind of valuable information can he retrieve?
Ethical hackers are acting like they are real hackers – using the same methods and tools. Due the fact that hacking is illegal in most countries, an ethical hacker will not start his mission as long as he has not an “out-of-jail-letter”. This is a paper where the contractor states that he hired the hacker to hack his designated
systems. As soon as the liability and legal aspect is cleared, an ethical hacker can start his work. Depending on the kind of ethical hack which has to be...