Free Essay

Ethical Hacking

In:

Submitted By bobbiesworld99
Words 1280
Pages 6
Ethical Hacking
Computer Ethics – CIS 324
Dr. Nelson Stewart
June 7, 2013

INTRODUCTION
When most people hear the term “hacker” they think of an evil person committing crimes by hacking into their computers to steal, destroy and/or steal identities. This is so in some cases, but not all hackers are bad. Hackers are merely curious technically skilled individuals who gain unauthorized access to computers, networks of various companies, organizations and individuals. Good hackers are considered white hat hackers. They are the ones that are hired to break into systems as a way of testing the vulnerabilities and security issues that may be present in the computer system. Bad hackers are considered black hat hackers. They are the “evil” hackers, or should I say “crackers” who hack into systems to steal identities, information, crack into software programs and create nasty viruses.
What is Ethical Hacking?
Ethical hacking provides a way to determine the security of an information technology environment – at least from a technical point of view. As the name ethical hacking already tells, the idea has something to do with hacking. But what does “hacking” mean? The word hacking has two definitions. The first definition refers to the hobby/profession of working with computers. The second definition refers to breaking into computer systems. While the first definition is older and is still used by many computer enthusiasts (who refer to cyber-criminals as “crackers”), the second definition is much more commonly used.”
Ethical hackers attack and penetrate systems and networks in order to discover points of weaknesses. The government along with many businesses has taken drastic steps to better secure their networks by using ethical hackers. Ethical hackers are people who have a vast technical knowledge about operating systems and computer networks. The only difference between a ethical hacker and a “real” hacker or blackhat, is that the ethical hacker (white hat) uses their knowledge on how to hack a system in an ethical way. Some ex-hackers have been hired by companies as an ethical hacker but there is a lot of controversy on whether ex-hackers should be given access to highly sensitive information and if they are trustworthy.
In the movie, Live Free or Die Hard, a former Department of Defense agent, Thomas Gabriel, sets out to shut down and sell access to America’s infrastructure – hence term “fire sale.” He begins by attacking America’s infrastructure by disrupting transportation, communication and crashing the Stock Market. His intention is to prove that the security in place was vulnerable and could be easily compromised and of course to be compensated for the embarrassment from being fired. Although this has never happened and it’s Hollywood fiction, this scenario could be a possibility in the very near future with today’s technology. Using an ethical hacker in this scenario could determine if there were any weaknesses in the infrastructure and how to fix them so that the system isn’t compromised. One of the first examples of ethical hackers at work was in the 1970s, when the United States government used groups of experts called red teams to hack its own computer systems. According to Ed Skoudis, Vice President of Security Strategy for Predictive Systems’ Global Integrity consulting practice, ethical hacking has continued to grow in an otherwise lackluster IT industry, and is becoming increasingly common outside the government and technology sectors where it began. Many large companies, such as IBM, maintain employee teams of ethical hackers.
Pros and Cons of Ethical Hacking
As with anything, there are some advantages and disadvantages to ethical hacking.
Many security-researcher hackers are very scornful of big software companies both because of the large number of security flaws in their products and because they are slow to plug leaks even when they know of them. The hackers argue that businesses do not behave responsibly toward the public. Publicizing security problems spurs the companies to take action. This argument has some truth to it. Many system operators do not close loopholes, even well-publicized ones, until there is a break-in. Hackers and security consultants say they repeatedly warn companies of flaws that allow access by hackers, but the companies do not respond until hackers exploit the flaws and cause significant problems. (Basse, 2008)
Apple recently had a security breach in their system. A small amount of its employees’ computers had been hacked but according to Apple, there was no evidence of data being exposed. Apple discovered the problem in the Java patch for the OS.X software. In the end, it was determined that the security hole was actually in Oracle’s Java software which was responsible for a number of recent attacks.
Conclusion
In 2007 Scott Lunsford was told that it was impossible to hack into a nuclear power station using the Supervisory Control and Data Acquisition software (SCADA). SCADA is a popular software program used around the world for infrastructure such as water, transportation, and water filtration systems. Scott was able to hack into the nuclear power station with little or no effort stating that the vulnerabilities in the system made it easy and it was the easiest hack job he had ever done.
There are some who do not believe that ethical hacking is a good thing and that once a hacker always a hacker. For instance, Parmy Olson argues that it doesn’t seem logical to refer to someone as an “ethical hacker” because he or she has moved over from the dark side “into the light,” It just makes them a bad hacker. She also believes that the term “ethical” hacker, means someone who is good at breaking into things by using creative techniques and methods but without the criminal intention. (Olson, 2012).
In many cases, when a system is hacked into generally it is not known until after the fact. Even with all the modern up-to-date security measures in place, hacking is basically unavoidable. Tougher laws in place may help deter or at least decrease the amount of hacking that takes place. Educating others in security and regular maintenance of their system could dramatically reduce the number of hacking incidences.
“Ethical hacking” seems to be a new buzz word although the techniques and ideas of testing security by attacking an installation aren’t new at all. Administrators tested their systems already decades ago and even discussed their ideas and findings in public. Nevertheless, ethical hacking provides results which can be used to strengthen a information technology environments security nearly immediately. The revealed vulnerabilities and problems may lead to a successful compromise of one or multiple systems – ethical hacking provides data which is based on real tests, which have been successful after all. An ethical hack per se doesn’t fix or improve the security at all—it does provide information about what should be fixed.
References
Basse, S. (2008). A Gift of Fire: Social Legal and Ethical Issues for Computing and the Internet. (3rd ed.). Upper Saddle River, NJ: Pearson.
Kelly, Heather. (2013). “Apple: We were hacked, too.” Retrieved from http://www.cnn.com/2013/02/19/tech/web/apple-hacked. Accessed on June 7, 2013.
SANS Institute. (2003) “Global Information Assurance Certification Paper”. Retrieved from http://www.giac.org/paper/gsec/2468/ethical-hacking/104292. Accessed May 24, 2013.
Wang, Wally. (2000) “Steal This Computer Book: What They Won’t Tell You About The Internet.” No Starch Press; 2nd edition (January 15, 2000).
Retrieved from http://www.iss.net/security_center/advice/Underground/Hacking/default.htm. Accessed May 24, 2013.
Retrieved from http://searchsecurity.techtarget.com/definition/ethical-hacker. Accessed May 24, 2013.
Retrieved from http://www.sudohacks.com/2012/12/pros-cons-of-ethical-hacking.html. Accessed on June 7, 2013.

Similar Documents

Free Essay

Ethical Hacking

...Chapter 1 Ethical Hacking Overview    Describe the role of an ethical hacker Describe what you can do legally as an ethical hacker Describe what you cannot do as an ethical hacker Hands-On Ethical Hacking and Network Defense 2  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings, does not solve problems  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network Hands-On Ethical Hacking and Network Defense 3  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission Hands-On Ethical Hacking and Network Defense 4  Script kiddies or packet monkeys  Young inexperienced hackers  Copy codes and techniques from knowledgeable hackers  Experienced penetration testers write programs or scripts using these languages  Practical Extraction and Report Language (Perl), C, C++, Python, JavaScript, Visual Basic, SQL, and many others  Script  Set of instructions that runs in sequence Hands-On Ethical Hacking...

Words: 1129 - Pages: 5

Premium Essay

Ethical Hacking

...Danish Jamil et al. / International Journal of Engineering Science and Technology (IJEST) IS ETHICAL HACKING ETHICAL? DANISH JAMIL Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300,Pakistan mallick251@hotmail.com MUHAMMAD NUMAN ALI KHAN Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300,Pakistan mallick89@yahoo.co.uk Abstract : This paper explores the ethics behind ethical hacking and whether there are problems that lie with this new field of work. Since ethical hacking has been a controversial subject over the past few years, the question remains of the true intentions of ethical hackers. The paper also looks at ways in which future research could be looked into to help keep ethical hacking, ethical. Keywords— Ethical hacking, hacking, hackers, education and training, risk management, automated security I. INTRODUCTION Understanding the true intentions of the general public is quite a hard task these days, and it is even harder so, to understand the intentions of every single ethical hacker getting into vulnerable systems or networks. Technology is ever growing and we are encountering tools that are beneficial to the general public, but in the wrong hands can create great controversy, breaching our basic right to privacy, respect and freewill. The constant issues highlighted by the media always reporting some type...

Words: 3974 - Pages: 16

Free Essay

Ethical Hacking

...Topic #2 Research Topic – Ethical Hacking 1. http://www.networkworld.com/news/2009/042409-usenix-hacking.html This is a Network World article talking about the legal risks of ethical hacking. The article talks about whether or not ethical hackers risk prosecution themselves. The articles discusses developing a set of ethical guidelines that can be shown to the government when and if they starting taking a greater role in oversight. It mentions that it might be a good idea to work with law enforcements when it comes to ethical hacking. 2. https://www.eccouncil.org/certification/certified_ethical_hacker.aspx This site provides information about becoming a certified ethical hacker. The group doing the certifying is the International Council of E-Commerce Consultants (EC-Council). This is a member-based organization that certifies individuals in various e-business and information security skills. The site provides a great FAQ, exam info, where to get training, and the path to get certified as an ethical hacker. 3. http://www.go4expert.com/forums/forumdisplay.php?f=55 This is a great online forum for those who are ethical hackers, or interested in becoming one. The page warns that the forum is only for ethical or as a learning purpose. It gives many tips, tricks, and tutorials share amongst other ethical hackers in this online community. 4. http://www.purehacking.com/ This company offers penetration testing and other ethical hacking services for a company to...

Words: 339 - Pages: 2

Premium Essay

Ethical Hacking

...Ethical Hacking – Is There Such A Thing? Alexander Nevermind Nelson Stewart, PhD CIS 324 December 9, 2011 ABSTRACT ------------------------------------------------- When someone hears the word hacker, many things come to mind. Bad, thief, terrorist, crook and unethical are some words that may be used to describe a hacker. The reputation of a hacker is well deserved as many company networks have been compromised with viruses and spyware causing untold millions in damage, the theft of sensitive consumer information such as Social Security numbers and financial data and the unauthorized access of classified government information. To combat these issues, many companies employ individuals called ethical hackers who, by their direction and supervision look for vulnerabilities in network systems. There are naysayers who bristle at the term “ethical hacker” saying that a hacker is a hacker but those who hold such views could be missing the point. These subjects will be discussed in detail later in the text. ------------------------------------------------- Is there such a thing as “Ethical Hacking?” Define ethical hacking and support an argument in favor or against the concept. Consider who might believe/use ethical hacking and discuss if hacking, even for the purpose of protecting human rights, is ethical. You should extend the paper beyond the topics suggested in the questions within the paper description. Ethical hacking does exist, in fact, companies...

Words: 904 - Pages: 4

Premium Essay

Ethical Hacking

...2014 Ethical Hacking Ethical hacking is used to describe hacking performed by a company or individual to help identify potential threats on a computer or network. An ethical hacker works passed the system security to detect the vulnerabilities or weak points of a company’s network. Then this type of information is used to improve the company’s network from the bad hackers who exploit the company in a destructive way. In 1960s, U.S military began testing their own IT systems, but when Dan Farmer a security expert from San Francisco and a security programmer at the Netherlands University of Eindhoven had posted the techniques they used to gather information to the Usenet, that could have compromised the security of a number of target networks(Langely). Their goal was to raise the overall level of security on the internet. Dan farmer and Eindhoven were elected to share their work freely on the internet for others to learn. Eventually, they gather up the work they used and developed a program called Security Analysis Tool for Auditing Networks (Langely). This tool is used to perform an audit of the vulnerabilities of the system and how to eliminate the problem. The concept of ethical hacking started emerging in 1993 (Langely). According to some, ethical hacking does not exist and they feel hacking is just hacking, no matter how you put it. Therefore the one that is doing the hacking is a computer criminal. This is not the case, so in order for hacking it to be “ethical “you...

Words: 589 - Pages: 3

Premium Essay

Ethical Hacking

...What is Ethical Hacking Ethical hacking provides a way to determine the security of an information technology environment – at least from a technical point of view. As the name ethical hacking already tells, the idea has something to do with hacking. But what does “hacking” mean “The word hacking has two definitions. The first definition refers to the hobby/profession of working with computers. The second definition refers to breaking into computer systems. While the first definition is older and is still used by many computer enthusiasts(who refer to cyber-criminals as "crackers"), the second definition is much more commonly used.” – Definition by Internet Security Systems In the context of “ethical hacking”, hacking refers to the second definition –breaking into computer systems. It can be assumed that hacking is illegal, as breaking into a house would be. At this point, “ethical” comes into play. Ethical has a very positive touch and describes something noble which leads us to the following definition of ethical hacking: Ethical hacking describes the process of attacking and penetrating computer systems and networks to discover and point out potential security weaknesses for a client which is responsible for the attacked information technology environment. An ethical hacker is therefore a “good” hacker, somebody who uses the methods and tools of the blackhat4 community to test the security of networks and servers. The goal of an ethical hack is neither to do damage...

Words: 1321 - Pages: 6

Premium Essay

Ethical Hacking

...sensitive consumer information such as Social Security numbers and FINANCIAL data and the unauthorized access of classified government information. To combat these issues, many companies employ individuals called ethical hackers who, by their direction and supervision look for vulnerabilities in network systems. There are naysayers who bristle at the term “ethical hacker” saying that a hacker is a hacker but those who hold such views could be missing the point. These subjects will be discussed in detail later in the text. ------------------------------------------------- Is there such a thing as “Ethical Hacking?” Define ethical hacking and support an argument in favor or against the concept. Consider who might believe/use ethical hacking and discuss if hacking, even for the purpose of protecting human rights, is ethical. You should extend the paper beyond the topics suggested in the questions within the paper description. Ethical hacking does exist, in fact, companies employ individuals to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. These individuals can obtain a certification for ethical hacking. This certification is called Certified Ethical Hacker that is provided by the International Council of E-Commerce Consultants (EC-Council). Qualifications for certification are as follows: 1 Attending an accredited training...

Words: 271 - Pages: 2

Premium Essay

Ethical Hacking

... HACKING 1. Learn about hardware - basicly how your computer works. 2. Learn about different types of software. 3. Learn DOS.(learn everything possible) 4. Learn how to make a few batch files. 5. Port scanning. ( download blues port scanner if it's your first time) 6. Learn a few programming languages HTML,C++,Python,Perl.... (i'd recommend learning html as your first lang) 7. How to secure yourself (proxy,hiding ip etc) 8. FTP 9. TCP/Ip , UDP , DHCP , 10. Get your hands dirty with networking 11. Learn diassembler language (its the most basic language for understanding machine language and very useful to ubderstand when anything is disassembled and decoded) 12. Learn to use a Unix os. (a Unix system is generally loaded with networking tools as well as a few hacking tools) 13. Learn how to use Exploits and compile them. (Perl and c++ is must) ETHICAL HACKER Traditionally, a Hacker is someone who likes to play with Software or Electronic Systems. Hackers enjoy Exploring and Learning how Computer systems operate. They love discovering new ways to work electronically. Hacker is a word that has two meanings: 1-Recently, Hacker has taken on a new meaning someone who maliciously breaks into systems for personal gain. 2-Technically, these criminals are Crackers as Criminal Hackers. Crackers break into systems with malicious Intentions An ethical hacker is a computer and network expert...

Words: 2587 - Pages: 11

Premium Essay

Ethical Hacking

...As the internet is growing there has been a higher demand for network security. With the higher demand comes a new form of job known as ethical hacking. An ethical hacker is a person that conducts penetration testing on networks to test the integrity of a network for any given business or corporation (White hat (computer security)). With this technique, corporations and businesses will have the assurance they need for protecting their personal identifiable information (PII) on their network. To beat a hacker, first you must think like one. Ethical hacking is an accepted hacking method of network security systems for a particular business or corporation. Ethical Hacking has provided network security administrators with the knowledge they need to continually keep their network secure. With this method of penetration testing, you can see that there is no negative effect on a business or corporation’s network security. The ethical hacker must first receive authorization. If authorization is not obtained, ethical hacking can be considered a federal offense punishable by a prison sentence of no less than five years (Computer Hacking Law & Legal Definition). “The authorization can be as simple as an internal memo or e-mail from your boss if you're performing these tests on your own systems. If you're testing for a client, have signed contracts in place, stating the client's support and authorization” (Beaver). Once authorization has been made you will need to develop a strategy...

Words: 857 - Pages: 4

Premium Essay

Ethical Hacking

...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are critically...

Words: 6103 - Pages: 25

Premium Essay

Ethical Hacking

...Importance of ethical hacking Chapter 1 Introduction Ethical hacking is an emerging tools used by most of the organizations for testing network security. The security risks and vulnerabilities in a network can be recognized with the help of ethical hacking. This research completely concentrates on ethical hacking, problems that may occur while hacking process is in progress and various ethical hacking tools available for organizations. Information is the important source for any organizations while executing business operations. Organizations and government agencies have to adopt ethical hacking tools in order secure important documents and sensitive information (Harold F. Tipton and Micki Krause, 2004). Ethical hacker professionals have to be hired in order to test the networks effectively. Ethical hackers perform security measure on behalf of the organization owners. In order to bring out the ethical hacking efforts perfectly a proper plan must be executed. Ethical hacking has the ability to suggest proper security tools that can avoid attacks on the networks. Hacking tools can be used for email systems, data bases and voice over internet protocol applications in order to make communications securely. Ethical hacking can also be known as penetration testing which can be used for networks, applications and operating systems (Jeff Forristal and Julie Traxler, 2001). Using hacking tools is a best method for identifying the attacks before it effect the entire organization. Ethical hackers...

Words: 9223 - Pages: 37

Premium Essay

Ethical Hacking

...Chapter-1 1.0 Introduction With the tremendous advancement of Internet, different aspects of it are achieving the highest peak of growth. An example of it is e-commerce. More and more computers get connected to the Internet, wireless devices and networks are booming and sooner or later, nearly every electronic device may have its own IP address. The complexity of networks is increasing, the software on devices gets more sophisticated and user friendly – interacting with other devices and people are a main issues. At the same time, the complexity of the involved software grows, life cycles are getting shorter and maintaining high quality is difficult. Most users want (or need) to have access to information from all over the world around the clock. Highly interconnected devices which have access to the global network are the consequence. As a result, privacy and security concerns are getting more important. In a word, information is money. There is a serious need to limit access to personal or confidential information – access controls are needed. Unfortunately most software is not bug free due to their complexity or carelessness of their inventors. Some bugs may have a serious impact on the access controls in place or may even open up some unintended backdoors. Security therefore is a hot topic and quite some effort is spent in securing services, systems and networks. On the internet, there is a silent war going on between the good and the bad guys – between the ones...

Words: 8365 - Pages: 34

Premium Essay

Ethical Hacking

...Ethical hacking by C. C. Palmer The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization’s secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained, along with many of the problems that the Global Security Analysis Lab has seen during its early years of ethical hacking for IBM clients. T he term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as: HACKER noun 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the minimum amount necessary. 2. One who programs enthusiastically...

Words: 6482 - Pages: 26

Free Essay

Ethical Hacking

...This page was intentionally left blank This page was intentionally left blank Hands-On Ethical Hacking and Network Defense Second Edition Michael T. Simpson, Kent Backman, and James E. Corley ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. This is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed. Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. The publisher reserves the right to remove content from this title at any time if subsequent rights restrictions require it. For valuable information on pricing, previous editions, changes to current editions, and alternate formats, please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword for materials in your areas of interest. Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated...

Words: 185373 - Pages: 742

Free Essay

Ethical Hacking

...One of the first aspects to consider when determining vulnerabilities are the vulnerabilities that lie within an organization- internal vulnerabilities. Vulnerability assessments allowed Jacket-X Organization to determine prevalent vulnerabilities within their organization. As observed, there were irregularities within the organizations payroll system. Although Human Resources brought it to the attention to the CIO, there was no documentation of fraudulent activity that occurred. After reviewing the current implementation of the payroll process of Jack-X Organization, there were a couple of red flags that were brought to my attention: • Payroll specialists and administrators both have the ability to add employees to payroll directly. • Payroll specialists can change payroll details during validation. • There is too much “power” given to specialists. • Strong possibilities for false time cards to be created. • Time cards can be modified easily. • Payrolls that are deleted are not recorded (needed for audit). • Direct deposit and paycheck generation systems are not linked. • Reports are easily exported into an Excel file. These are just some of the vulnerabilities that were noticed. To address these vulnerabilities, the following should be considered: • Have clear and concise polices as to the extent of permissions given to specialists and administrators. If it pertains to any managerial content, they should not be able to access this content. • Prohibit payroll...

Words: 843 - Pages: 4