...term “hacker” they think of an evil person committing crimes by hacking into their computers to steal, destroy and/or steal identities. This is so in some cases, but not all hackers are bad. Hackers are merely curious technically skilled individuals who gain unauthorized access to computers, networks of various companies, organizations and individuals. Good hackers are considered white hat hackers. They are the ones, who are hired to break into systems as a way of testing the vulnerabilities and security issues that may be present in the computer system. Consider this: company XYZ, a mid-sized corporation, is in the middle of satisfying their regulatory compliance needs. The manager of security at the company has been tasked by the CIO (Chief Information Officer) to report on the company’s current security posture. If the manager decided to outsource an ethical or white hat hacker in attempt to test their security measures. Over the course of this document various things the third party hacker would need from the company, things he or she would provide to the company and some predictions for the tests. In order to exploit the targeted systems the initial steps to gain as much information as possible about the targets. In this case, the manager is the contact in which questions may be posed. The hacker would have several questions, such as: how intrusive does the manager want the hacker to be? What is the physical makeup of the network? Does the manager want the hacker to stay...
Words: 1432 - Pages: 6
...Main University Road, Karachi, Sindh-75300,Pakistan mallick251@hotmail.com MUHAMMAD NUMAN ALI KHAN Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300,Pakistan mallick89@yahoo.co.uk Abstract : This paper explores the ethics behind ethical hacking and whether there are problems that lie with this new field of work. Since ethical hacking has been a controversial subject over the past few years, the question remains of the true intentions of ethical hackers. The paper also looks at ways in which future research could be looked into to help keep ethical hacking, ethical. Keywords— Ethical hacking, hacking, hackers, education and training, risk management, automated security I. INTRODUCTION Understanding the true intentions of the general public is quite a hard task these days, and it is even harder so, to understand the intentions of every single ethical hacker getting into vulnerable systems or networks. Technology is ever growing and we are encountering tools that are beneficial to the general public, but in the wrong hands can create great controversy, breaching our basic right to privacy, respect and freewill. The constant issues highlighted by the media always reporting some type of cyber crime, a study showing that nearly 90% of attacks happen on the inside [1] raising concerns of how easy it is to be working on the inside to be able to infiltrate attacks. Has ethical hacking finally...
Words: 3982 - Pages: 16
...Jade McKinney Mrs. Kidd ITE 119-08 October 26, 2014 Ethical Hacking Ethical hacking is used to describe hacking performed by a company or individual to help identify potential threats on a computer or network. An ethical hacker works passed the system security to detect the vulnerabilities or weak points of a company’s network. Then this type of information is used to improve the company’s network from the bad hackers who exploit the company in a destructive way. In 1960s, U.S military began testing their own IT systems, but when Dan Farmer a security expert from San Francisco and a security programmer at the Netherlands University of Eindhoven had posted the techniques they used to gather information to the Usenet, that could have compromised the security of a number of target networks(Langely). Their goal was to raise the overall level of security on the internet. Dan farmer and Eindhoven were elected to share their work freely on the internet for others to learn. Eventually, they gather up the work they used and developed a program called Security Analysis Tool for Auditing Networks (Langely). This tool is used to perform an audit of the vulnerabilities of the system and how to eliminate the problem. The concept of ethical hacking started emerging in 1993 (Langely). According to some, ethical hacking does not exist and they feel hacking is just hacking, no matter how you put it. Therefore the one that is doing the hacking is a computer criminal. This is not the...
Words: 589 - Pages: 3
...the scope of industrialisation, automation is a step beyond mechanization. Whereas mechanization provides human operators with machinery to assist them with the muscular requirements of work, automation greatly decreases the need for human sensory and mental requirements while increasing load capacity, speed, and repeatability. Automation plays an increasingly important role in the world economy and in daily experience. Automation has had a notable impact in a wide range of industries beyond manufacturing (where it began). Once-ubiquitous telephone operators have been replaced largely by automated telephone switchboards and answering machines. Medical processes such as primary screening in electrocardiography or radiography and laboratory analysis of human genes, sera, cells, and tissues are carried out at much greater speed and accuracy by automated systems. Automated teller machines have reduced the need for bank visits to obtain cash and carry out transactions. In general, automation has been responsible for the shift in the world economy from industrial jobs to service jobs in the 20th and 21st centuries. The term automation, inspired by the earlier word automatic (coming from automaton), was not widely used before 1947, when General Motors established the automation department. At that time automation technologies were electrical, mechanical, hydraulic and pneumatic. Between 1957 and 1964 factory output nearly doubled while the number of blue collar workers started to...
Words: 1182 - Pages: 5
...unlock hidden functionalities on a machine. Most of these hacks are open source and free soft wares. These hacks manipulate the firmware update option on many devices to run and install themselves. Many researchers have found out that breaking into a computer’s encrypted hard drive is very easy with the help of the right tools. A research by Princeton University revealed how low tech hackers access even the most well protected computers (Jordan Robertson 2008). This paper details how encryption was coveted for a long time as a vital shield against hackers, but can be manipulated by altering the operations of the memory chips. This paper outlines just how vulnerable the data we store on our computers and laptops is to possible hacking. Through freezing the Dynamic Random Access Memory (DRAM) chip, which is the most frequently used memory chip in personal gadgets. Freezing DRAM makes it retain data for many hours way after the machine loses its power. This data includes the keys used to unlock encryptions. If the memory chip is not frozen the chip can lose its contents in a matter of milliseconds. Hackers can use this vulnerability to steal information which is stored in the memory through rebooting of the compromised machine through the use of a simple program or software which is designed to purposely copy the contents in the memory (Gollmann, Dieter1999). The most vulnerable machines are those left...
Words: 901 - Pages: 4
...Hacking Describe a negative aspect of ICT’s impact on the information society. Describe how ICT has brought this about and what society is has done in response to it. Abstract Hacking has been and still disease different societies suffer from. The essay aims to provide the reader with knowledge regarding the effects hacking caused to our society, and how the society responded and tried to solve or minimize those effects. Different issues regarding hacking are discussed, such as the motivations that were behind guiding hackers who were at first computer professional to perform unauthorized activities, at the same time a discussion about the types of attacks can be found. The society response to hacking attacks lacks till this moment the ability to stop or completely prevent attacks from happening because as long as security tools are developed, more sophisticated hacking attacks are invented. That’s why we should start to think about hacker’s psychology as the main way to prevent and stop attacks by understanding their needs or desires. Introduction The Oxford English Dictionary defines hacking as “cut or chop roughly; mangle: cut (one’s way)”… to its present definition as “gain unauthorized access (to data in a computer)”. Banks (1997:11) defines hacking as “something that boring mainframe computer operators did to improve performance and battle boredom.” Here banks focuses on boredom as the reason of hacking. A more technical definition of hacking according...
Words: 4368 - Pages: 18
...White hat hackers are the ethical, legal hackers (2002). Companies pay them to find holes in software or networks and fix the problems. The difference between white hat hackers and black hat hackers is that white hats have permission to carry out their attacks on a company to fix the problems. (2) A majority of company owners say that white hat protection is the only true way to ensue security in their businesses. White hats use the same programs and knowledge as black hats do. They usually stay in the cyber underworld to keep updated on attacks and information. Black hat hackers are the most rare and elite of all the hacker groups. Most are connected with criminal activities, such as espionage. (2001) Not all hackers labeled black hat hackers are connected with criminal activities in real life. There are many "old school" hackers considered black hat. They are the ones that are usually from the 1960's and use the word hacker with honor and freedom. (Quinter 2) Most of these hackers do not have a negative intent they are usually programs from Stanford or MIT. They have good ethics and believe in open source and fixing flaws in programming. Most black hat hackers are criminals and are very powerful. (Glenn 8) Political and personal revenge is a major motivating factor in becoming a true black hat hacker, but the most elite hackers go for the money. Industrial espionage is one of the best paid jobs for a hacker. A typical espionage attacks takes about three weeks and they...
Words: 4683 - Pages: 19
...Network Security & Ethical Hacking ------------------------------------------------- ------------------------------------------------- Neal Patrick and his friends did not realise they were doing anything unethical, in fact: when asked by Congress “At what point he questioned the ethics of his actions” – he answered “Once the FBI knocked upon my door.” “I have found that inadequate network security is usually caused by a failure to implement security policies and make use of the security tools that are readily available. It’s vital that companies complete professional risk assessments and develop comprehensive security plans and infrastructures that are publicly supported by upper management” Network security is not only about the WAN (Wide Area Network) but also the LAN (Local Area Network) as the two go hand in hand. It is possible to not only have an attack from the Internet but also internally. The moment any form of computer device becomes network capable or dependent of some form of network function, there is a given need for protection to safeguard the flow of information to and from the said device on a given network whether public or private and/or from a trusted to non-trusted source. The problem with locking down a network tightly is the administrative overhead it creates. The more secure the network becomes the greater the need is for someone or a team to administrate this. Eventually you would reach a point where it becomes impossible for the end-user...
Words: 5261 - Pages: 22
...things: electronic commerce, online banking, e-mail, video conferencing etc. The improvement of systems security to prevent criminal hacker has become an important concern to society. There are many ways to protect those information systems; it seems that the Ethical Hacking is a better way. Therefore, whether to teach or not teach the "Ethical Hacking" as a course in Tertiary education has become an interesting argument. In this article will analysis the ethical, legal, and ethical implications of this issue. In order to discuss the ethical, legal, and social implications of this issue, one has to understand the definition of Ethical Hacking. The Word Spy states that "Ethical hacking is a computer hacker who attempts to infiltrate a secure computer system in an effort to learn the system's weaknesses so that they can be repaired" (The Word Spy, 2003). The question arises here is whether Ethical Hacking is ethical or unethical. Ethical The "Computer Ethics" states in part that all information belongs to everyone and there should be no boundaries or restraints to prevent disclosure of this information (Johnson, 1994). From most hacker's perspective, freedom of information includes the right to source codes and the programs themselves. This freedom also includes the right to access information stored on a computer network. At times, hackers argue that the freedom of information doctrine gives them the right to have unrestricted access to computer accounts, passwords and...
Words: 1017 - Pages: 5
...hidden functionalities on a machine. Most of these hacks are open source and free soft wares. These hacks manipulate the firmware update option on many devices to run and install themselves. Many researchers have found out that breaking into a computer’s encrypted hard drive is very easy with the help of the right tools. A research by Princeton University revealed how low tech hackers access even the most well protected computers (Jordan Robertson 2008). This paper details how encryption was coveted for a long time as a vital shield against hackers, but can be manipulated by altering the operations of the memory chips. This paper outlines just how vulnerable the data we store on our computers and laptops is to possible hacking. Through freezing the Dynamic Random Access Memory (DRAM) chip, which is the most frequently used memory chip in personal gadgets. Freezing DRAM makes it retain data for many hours way after the machine loses its power. This data includes the keys used to unlock encryptions. If the memory chip is not frozen the chip can lose its contents in a matter of milliseconds. Hackers can use this vulnerability to steal information which is stored in the memory through rebooting of the compromised machine through the use of a simple program or software which is designed to purposely copy the contents in the memory (Gollmann, Dieter1999). The...
Words: 901 - Pages: 4
...Assignment 1: Attack Methodology and Countermeasures Terrance Moore Professor Siplin Perimeter Defense 10/31/2013 When you are utilizing security features in an application, consideration should be given to the design, implementation, and deployment. It would helpful if you understand how a hacker thinks and then utilize the tools a hacker would use. Today, every company is becoming completely networked, through the exchanging of information on desktops, laptops, tablets and smart phones. Thinking like a hacker and understanding a hacker’s tactics and scams could make you aware and become more effective when applying countermeasures. There are several methods for carrying out ethical hacking, the most common are limited vulnerability and penetration testing. Limited vulnerability analysis, focus on entry points to gather critical systems and data. By understanding the basic approach used by hackers to target organizations, you will be better equipped to take defensive measures you will be better equipped and know what you are up against. There are steps involved in scanning a network, the following points will highlight them. 1) Check for live systems, 2) Check for open ports, 3) Fingerprint the operating system, 4) Scan for vulnerabilities, 5) Probe the network. Tools that can be used to detect scanning threats and countermeasures that a company can use to deter and avoid vulnerabilities are as follows. “Spoofing user identity -use strong authentication for passwords...
Words: 996 - Pages: 4
...the information to be stored and kept properly. It's also extremely important to protect computers from data loss, misuse and abuse. For example, businesses need to keep their information secure and shielded from hackers. Home users also need to ensure their credit card numbers are secure when participating in online transactions. A computer security risk is any action that could cause loss of information to software, data, processing incompatibilities or damage to computer hardware. An intentional breach in computer security is known as a computer crime, which is slightly different from a cybercrime. A cybercrime is known as illegal acts based on the Internet and is one of the FBI's top priorities. There are several distinct categories for people that perpetrate cybercrimes, and they are: hacker, cracker, cyberterrorist, cyberextortionist, unethical employee, script kiddie and corporate spy. A hacker is defined as someone who accesses a computer or computer network unlawfully. They often claim that they do this to find leaks in the security of a network. The term cracker refers to someone intentionally accessing a computer or computer network with malice in mind. They access computers with the intention of destroying or stealing information. Both crackers and hackers are having advanced network skills. A cyberterrorist is someone who uses a computer network or the Internet to destroy computer systems for political reasons. It’s similar to a terrorist attack because it requires...
Words: 308 - Pages: 2
...Certified Ethical Hacking - The 5 phases Every Hacker Must Follow The 5 Phases Every Hacker Must Follow Originally, to “hack” meant to possess extraordinary computer skills to extend the limits of computer systems. Hacking required great proficiency. However, today there are automated tools and codes available on the Internet that makes it possible for anyone with a will and desire, to hack and succeed. Mere compromise of the security of a system does not denote success. There are websites that insist on “taking back the net” as well as those who believe that they are doing all a favor by posting the exploit details. These can act as a detriment and can bring down the skill level required to become a successful attacker. The ease with which system vulnerabilities can be exploited has increased while the knowledge curve required to perform such exploits has shortened. The concept of the elite/super hacker is an illusion. However, hackers are generally intelligent individuals with good computer skills, with the ability to create and explore into the computer’s software and hardware. Their intention can be either to gain knowledge or to dig around to do illegal things. Attackers are motivated by the zeal to know more while malicious attackers would intend to steal data. In general, there are five phases in which an intruder advances an attack: 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Covering Tracks For More Informaton contact EC-Council – (505)341-3228...
Words: 2322 - Pages: 10
...depending on who that person may be could in fact determine whether it is a positive viewpoint or a negative one. In this paper I will prove why it is necessary to have Ethical Hackers in today’s security models and how they have come a long way to improve how our information systems operate in a more secure manner. Ethical Hacking in today’s Society Hacker’s for years have been able to do things that the normal individuals have never even thought of pursuing and for several different reasons. There are several different types of hackers out there, but they all have one thing in common and that is their knowledge of Information System exploits and vulnerabilities. The constant issues highlighted by the media always reporting some type of cyber crime, a study showing that nearly 90% of attacks happen on the inside (Durant, 2007). The biggest key is that of understanding the hacker’s true intention and determining whether or not it was ethical or malicious. This leads us to first understand what an ethical hacker is and help determine their purpose is a positive venture when wanting to run your organization in a more secure manner. Who is the Ethical Hacker? The term “White Hat” has been slang term that often refers to an ethical hacker, who tends to be a computer security expert. These types of hackers have been known to specialize in penetration testing and help to ensure the security of an organization’s information system. This is unlike other type of hacker’s...
Words: 2916 - Pages: 12
...a. An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. b. Black hat: Hacks systems to do damage, cause harm, or to steal information without a consent. Grey hat: Walks the line between good and evil hacking. These hackers have the potential to be either a white hat hacker or a black hat hacker. White hat: Gets hired by a company to hack into their system to test and see if there are potential weaknesses within the network. c. A malicious user is an individual or group who has the knowledge, skills, or access to compromise a system's security. A malicious user could be a black hat hacker, grey hat hacker, or and white hat hacker. d. Hacking your own system exposes your system’s weaknesses. Once your system’s weaknesses have been fixed, it decreases your chances of a potential threat. e. The goals of an ethical hacker is to use penetration testing methods on the customer’s system. It’s a structure means of investigating, uncovering, attacking and reporting. f. Trojan: Looks innocent, but its meant to cause harm. Malicious attacks: getting hacked. Spyware: is used to gather a user’s personal information. g. Formulate your plan, Execute your plan, Evaluate your results. 2. a. * Track what worked in previous tests and why. * Help prove what you did. * Correlate your testing with intrusion detection systems (IDSs) and other log files if trouble...
Words: 499 - Pages: 2