/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsMost perceive a 'hacker' as a tech-savvy but irresponsible teenager out to
steal your credit card information or put across a mischievous and sometimes an
offensive message on your Website. In the present scenario where anything
connected with hacking is associated with other illegal activities and
ostracized by the society in general, ethical hacking in this tech-savvy world
almost seems like an oxymoron. So, what exactly is ethical hacking?
- Ethics of an ethical hacker
Ethical hacking is a process of simulating an attack by a hacker but without interrupting the systems’ function. With more and more advanced versions of the operating systems, software, browsers and network devices hitting the IT market, an increasing number of IT managers are seeking the help of these ethical hackers to trouble shoot and safe guard their networks. Though white-hat hackers are often looked down upon by society in general, the significance of ethical hacking cannot be farfetched. But before that we need to understand the concept behind ethical hacking and the thin line of differentiation with black hat hackers.
Hacking is illegal by law and is often done with a malicious motive. Moreover, hackers are categorized into two groups: The disgruntled employees and the other type is rare experts who are on a test drive. In fact they are termed more often as "crackers".
On the other hand, ethical hacking is legal and done with the objective of helping find the security loopholes in the information system with the customer's consent. Similarly ethical hackers are also classified into two broad areas, independents and consultants. Independent ethical hackers are those who find the security loopholes on a goodwill basis often taking the companies by
surprise and making timely alerts, while the consultants also basically do the
same job, but are paid for their services.
Risk assessment
Ethical hacking involves several techniques, like vulnerability assessment and
penetration testing. Vulnerability assessment includes identifying
vulnerabilities in servers and internal network of the customer. This is done
after the customer permits the installing of scanners and running them on their
systems and network. This provides internal state of security in a company.
Information Security Review, on the other hand, involves procedures that takes a
review of the entire security system of a company, such as Penetration testing,
Vulnerability Assessment, and audit of present security policies and procedures.
With number of hacking attempts on the rise, more and more companies are
using these tests to assess their own perimeter security. These tests are
beneficial because they provide organizations with an opportunity to test their
network with the most modern hacking tools and techniques. Experts believe that
these tests are most effective if done on a regular basis, perhaps quarterly, to
identify new security vulnerabilities that has been introduced since the
pervious test.
A good white hat hacker should have expert knowledge of current hacking
methods along with a good knowledge of business practices to provide a thorough,
well-documented test. With the issue of hacking and other ethical issues now
being taken up, the next few columns will deal with some critical features such as on who needs to do these assessments and how.