What is hacking?
Hacking is a technical process of exploiting the vulnerabilities of the system or modifying the features of a system in order to gain authorised or unauthorised access to a system and its resources. But lately hacking has taken up various forms and hence definitions may vary. It’s not a necessity for the hackers to obtain any certification but ultimately the goal is to obtain access to a system’s databases, servers or stored files.
Three categories of hackers
White hat hackers
White hat hacking is legal. It is used to test the security of the system and its network. They can also be called as ethical hackers as they deal with cyber security and use their skills for good, moral and ethical purposes rather immoral and unethical purposes.
Black hat hackers
Black hat hackers target the system in order to damage it. It can be called illegal or unwanted hacking. Black hat hacker will possibly destroy copy or modify the data. Intentions of a hacker here are purely unethical.
Grey hat hackers
Grey hat hackers neither have purely ethical standards nor purely malicious. If a system is found vulnerable then grey hat hacker may trade with the owner in order to fix it but wouldn’t exploit it on his own.
Why use ethical hacking?
Why use ethical hacking?
It’s necessary to protect the system from malicious software therefore an ethical hacker should think like a black hat hacker to expose the vulnerabilities of the system and report it to the company or client without taking advantage of it. Ethical hacking is necessary to protect the sensitive information from falling into wrong hands.
All hackers think similarly but act differently. An ethical hacker will make use of appropriate security tools to protect the system and networks. Communication media can be secured by using hacking tools for email systems, databases and voice mails over the internet. For networks and applications we use penetration testing most of the times.
Services of ethical hacking
Application testing
It deals with uncovering the vulnerabilities and flaws of system, networks, applications and databases. Application testing is used for identifying and exposing the extent and criticality of problems exposure to java and web browsers. Application testing deals with the client-side application testing and web application testing. Reverse engineering is employed in client-side application testing. Here a software is developed that can measure security into the client software constituents.
War dialling or phone hacking
War dialling is a technique of using a modem to automatically scan a list of numbers to identify open modem connection that supplies access in a remote way to a network for targeting a particular system. It is a type of “port scanning “which is done on telephones. Scanning is carried out to find out the strength of the network connection. Once the connection testing is done and range of services are discovered (war dialling), we attempt access to discovered services such as modems and Voicemail Systems.
Finally a report is made based on the approach used, techniques involved and the exposed vulnerabilities and system is made secure against the attack.
As recommended, each organisation must perform a Penetration Test as part of their regular Security Program in order to ensure the security of their telecom security defences.
Network testing
Network testing deals with the networks, services, networking protocols etc. The testing process is carried out on both internal and external devices. It includes private and public assessments of how the device performs, it’s interoperability and scalability.
Private testing
Network testing offers services for manufacturers and resellers of networking equipment. Designing rigorous system test methodologies to ensure products work the way customers will actually use them is a vital part of it.
independent testing expertise is brought about to help clients compare results from marketing claims and choose the top performers from the short list of candidates for enterprises and service providers.
Public testing
For equipment makers network test can help with independent, unbiased validation testing. Customers usually believe that a product or a network will function as claimed.
Network Test has worked with various industry groups such as the 10 Gigabit Ethernet Alliance and the Network Processor Forum to design and conduct tests so that customers have a clear and compelling view of new technologies For industry consortia.
For trade publications network testing is used to assess various aspects of network device infrastructure like switches and routers and security devices such as intrusion detection and prevention, virtual private network gateways, and firewalls.
Wireless security
One might e familiar with the wep, wpa and wpa2 protocols. These are the wireless security protocols. These were developed to protect home wireless network but again they have their own strengths and weaknesses.
Wireless security services measures the security in the available architecture and provides guidelines and ensuring the accessibility of system’s resources.
Wireless security consists of three phases.
First phase : identifying if the wireless networks are active.
Second phase: evaluation of security measures and securing the infrastructure of the organization from being vulnerable and to control accessing of devices.
Third phase: threats detected as used to access other networks.
This provides security in wireless LAN, VPN etc.
Types of ethical hacking
In case there is a cyber-attack then ethical hackers make use of various methods to break the security of the system in the organization. Given below are the different types of ethical hacks.
Stolen equipment hack:
We make use of stolen equipment hack to identify the thefts. For example if a laptop is stolen, information secured by laptop owner such as username, password and security settings can be identified and encoded.
Social engineering:
This method is used to know the security information that is used in the organization. A social engineering hack is done to check the reliability of the organization and is mainly done by making use of telecommunication means or face to face to share the data that can be used during the attacks.
Remote network
This process deals with handling the attacks caused over the internet. Here the role of the ethical hacker is to identify the proxy info in the network.
Remote dial up network
This type of an attack is an example of open system. In order to find out the open system we make use of war dialling. During this type of attack, ethical hackers protest against it.
Local network
This type of hack is a process of accessing the illegal information by making use of someone who has physical access to the local network. An ethical hacker must be ready to have a direct access to the local network.
Physical entry Sometimes the attacks are obtained through physical premises. This method is used in organizations to control such unauthorised entry. By making use of physical entry, ethical hacker can inject a large number of viruses into the network.
Application network
Sometimes the flaws present in the applications may give way to the illegal or unauthorized access to the network or even the application and can control the info in the application. This may lead to complete access of the network in the hands of a hacker.
Network testing
It Deals with the unsafe data that is present in both internal and external network. Here the flaws of a network are checked and detected threats are used to gain access to other networks.
Code review
This method is use to determine the strength and weaknesses of the software modules. It observes the source code which is a part of verification system.
Problems with ethical hacking
Network security clearly depends on ethical hacking. But how can one put all their trust in an ethical hacker? It’s about making a risky deal. Ethical hacking is merely a solution to the problem of hacking but not the ultimate cure. Suppose a bank is under a financial crisis and unable to hire a professional ethical hacker, they end up hiring someone who is ready to solve their problems at lower price. But the confidentiality of the sensitive information is at stake.
No comments:
Post a Comment