Ethical Hacking

Ethical Hacking

Vinitha K. P Computer Department Ansar womens college Perumpilavu, Thrissur

Abstract:- The explosive growth of the Internet has brought many good things such as E-commerce-banking, E-mail, Cloud computing, but there is also a Dark side such as Hacking, Backdoors etc. Hacking is the first big problem faced by Governments, companies, and private citizens around the world , Hacking includes reading others e-mail, steal their credit card number from an on-line shopping site, secretly transmitting secrets to the open Internet. An Ethical Hacker can help the people who are suffered by this Hackings. This Paper Describes about Ethical Hackers, Their Skills, Their Attitudes, and How They Go About Helping TheirCustomers Find and Plug up Security Holes.

1. INTRODUCTION

   Ethical Hacking can be defined as a legal access of an Internet geek or group in any organizations online property after their official permission. An Ethical Hacker can help the people who are suffered by this Hackings. Ethical Hacking can be defined as a legal access of an Internet geek or group in any organizations online property after their official permission. A good hacker, or security professional acting as an ethical hacker, just has to understand how a computer system works and know what tools to employ in order to find a security weakness. By learning the same skills and employing the software tools used by hackers, you will be able to defend your computer networks and systems against malicious attacks.

   Ethical hacking and ethical hacker are terms used to describe hacking performed by a company or individual to help identify potential threats on a computer or network. An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers. This information is then used by the organization to improve the system security, in an effort to minimize or eliminate any potential attacks.

   The work that ethical hackers do for organizations has helped improve system security and can be said to be quite effective and successful. Individuals interested in becoming an ethical hacker can work towards a certification to become aCertified Ethical Hacker, or CEH. This certification is provided by the International Council of E- Commerce Consultants (EC-Council).

   Ethical hackers they should be completely trustworthy and strong programming and computer network skills. They posses same skill, mindset, andtools of a hacker but the attacks are done in a non-destructive manner.

2. TYPE OF ETHICAL HACKERS Hackers can be divided into three groups:

   White-Hats Good guys, include ethical hackers Black-Hats Bad guys, include malicious hackers Gray-Hats Good or bad hacker; depends on the situation

   Ethical hackers usually fall into the white-hat category, but sometimes theyre former gray hats who have become security professionals and who now use their skills in an ethical manner.

   White-Hats

   White hats are the good guys, the ethical hackers who use their hacking skills for defensive purposes. White-hat hackers are usually security professionals with knowledge of hacking and the hacker toolset and who use this knowledge to locate weaknesses and implement countermeasures. White-hat hackers are prime candidates for the exam. White hats are those who hack with permission from the data owner. It is critical to get permission prior to beginning any hacking activity. This is what makes a security professional a white hat versus a malicious hacker who cannot be trusted.

   Black-Hats

   Black hats are the bad guys: the malicious hackers or crackers who use their skills for illegal or malicious purposes. They break into or otherwise violate the system integrity of remote systems, with malicious intent. Having gained unauthorized access, black-hat hackers destroy vital data, deny legitimate users service, and just cause problems for their targets. Black-hat hackers and crackers can easily be differentiated from white-hat hackers because their actions are malicious. This is the traditional definition of a hacker and what most people consider a hacker to be.

   Gray-Hats

   Gray hats are hackers who may work offensively or defensively, depending on the situation. This is the dividing line between hacker and cracker. Gray-hat hackers may just be interested in hacking tools and technologies and are not malicious black hats. Gray hats are self- proclaimed ethical hackers, who are interested in hacker tools mostly from a curiosity standpoint. They may want to highlight security problems in a system or educate victims so they secure their systems properly.

3. SOME OF THE FAMOUS ETHICAL HACKERS

   Some of the famous Ethical hackers are Benild joseph, Pranav Mistry, Andrianlemo(Black Hat),Jonathan James, Linus torvats(white Hat), Stephan woniak etc.

   Benild Joseph the 20 years old world renowned Ethical Hacker | Information Security Consultant | Speaker | Author in Indian IT Industry was born in Calicut, A City of Kerala. Currently acting as the Chief Executive Officer of Tp art of h@ckin9 International IT Security Project. He has his credit to many registered and pending patents in cyber forensic and information security domain. He specializes in Web Application security, Penetration testing and Forensic investigation. His research interests include Computer Security, Networking, Data Forensic, Virtualization, Web Application Vulnerability and Information Security.

   Pranav Mistry is a research assistant and a PhD candidate at MIT Media Lab. Sixth Sense has recently attracted global attention. Among some of his previous work, Pranav has invented Mouse less – an invisible computer mouse; intelligent sticky notes that can be searched, located and can send reminders and messages; a pen that can draw in 3D; and a public map that can act as Google of physical world. Pranav has commercialized his invention, the sixth sense and Sixth Sense is now being actively used at NASA. It is rumored that Facebook tried to acquire the technology from Pranav for a reportedly $2 billion and 5% ownership of Facebook, but Pranav decided to open source it instead. He is currently working with Samsung company presently.

4. PHASES OF HACKING

   Phase1Reconnaissance Phase 2Scanning

   Phase 3Gaining Access Phase 4Maintaining Access Phase 5Covering Tracks

   Phase 1: Passive and Active Reconnaissance

   Passive reconnaissance involves gathering information regarding a potential target without the targeted individuals or companys knowledge. However, its usually done using Internet searches or by Goggling an individual or company to gain information. This process is generally called information gathering. Social engineering and dumpster diving are also considered passive information-gathering methods. Sniffing the network is another means of passive reconnaissance and can yield useful information such as IP address ranges, naming conventions, hidden servers or networks, and other available services on the system or network. Sniffing network traffic is similar to building monitoring: A hacker watches the flow of data to see what time certain transactions take place and where the traffic is going.

   Active reconnaissance involves probing the network to discover individual hosts, IP addresses, and services on the network. This usually involves more risk of detection than passive reconnaissance and is sometimes called rattling the doorknobs. Active reconnaissance can give a hacker an indication of security measures in place, but the process also increases the chance of being caught or at least aising suspicion.

   Both passive and active reconnaissance can lead to the discovery of useful information to use in an attack. This information may enable a hacker to find vulnerability in that OS version and exploit the vulnerability to gain more access.

   Phase2:Scanning

   Scanning involves taking the information discovered during reconnaissance and using it to examine the network. Tools that a hacker may employ during the scanning phase can include dialers, port scanners, network mappers, sweepers, and vulnerability scanners. Hackers are seeking any information that can help them perpetrate attack such as computer names, IP addresses, and user accounts.

   Phase 3: Gaining Access

   This is the phase where the real hacking takes place. Vulnerabilities discovered during the reconnaissance and scanning phase are now exploited to gain access. The method of connection the hacker uses for an exploit can be a local area network (LAN, either wired or wireless), local access to a PC, the Internet, or offline. Gaining access is known in the hacker world as owning the system.

   Phase4:Maintaining-Access

   Once a hacker has gained access, they want to keep that access for future exploitation and attacks. Sometimes, hackers harden the system from other hackers or security personnel by

   securing their exclusive access with backdoors, root kits, and Trojans. Once the hacker owns the system, they can use it as a base to launch additional attacks. In this case, the owned system is sometimes referred to as a zombie system.

   Phase 5: Covering Tracks

   Once hackers have been able to gain and maintain access, they cover their tracks to avoid detection by security personnel, to continue to use the owned system, to remove evidence of hacking, or to avoid legal action. Hackers try to remove all traces of the attack, such as log files or intrusion detection system (IDS) alarms.

5. AN ETHICAL HACKERS SKILL

Ethical hackers who stay a step ahead of malicious hackers must be computer systems experts who are very knowledgeable about computer programming, networking, and operating systems. In-depth knowledge about highly targeted platforms (such as Windows, UNIX, and Linux) is also a requirement. Patience, persistence, and immense perseverance are important qualities for ethical hackers because of the length of time and level of concentration required for most attacks to pay off. Networking, web programming, and database skills are all useful in performing ethical hacking and vulnerability testing. Most ethical hackers are well rounded with wide knowledge on computers and networking. In some cases, an ethical hacker will act as part of a tiger team who has been hired to test network and computer systems and find vulnerabilities. In this case, each member of the team will have distinct specialties, and the ethical hacker may need more specialized skills in one area of computer systems and networking. Most ethical hackers are knowledgeable about security areas and related issues but dont necessarily have a strong command of the countermeasures that can prevent attacks.

VI.IMPORTANCE OF ETHICAL HACKING

Ethical hacking important for some of the services like Application Testing, War Dialing, Network Testing, Wireless Security, System Hardening etc. It used to judge the security programs of the organization. It makes software and codes and more efficient of organizations. Ethical hacking faces the organizations security risk.

Advantage and Disadvantage Advantage

• This prevents identity theft and the leaking of vital information.

• It allows them to implement stronger security measures.

• It is also beneficial to help government entities to protect major computer system from being compromised in a way that national security would be an issue.

• Ethical hacking also help families of deceased people to access account to see what their final vital transmissions may have been or gain access to some accounts to close them down.

  Disadvantage

• This may corrupt the files of an organization.

• Basic problem with this is trustworthiness of the Ethical hacker.

• Ethical hacker might use the information maliciously.

1. FUTURE SCOPE OF ETHICAL HACKERS

   As it as evolving branch the scope of enhancement in technology is immense. No ethical hackers can ensure the system security by using the same technique repeatedly. He would have to improve, develop and explore efficient new avenues repeatedly. More enhanced softwares should be used for optimum protection. Tools used, need to be updated regularly and more efficient once need to be developed.

2. CONCLUSION

Ethical hacking is legal way to securing your system. Main way that system in hands of ethical hacker so that he can make your system full proof. It is a part of overall security program. System administrator should always try to find the loop holes in to the system and make preventive majors. Ethical hackers possess same skill, mindset and tools of a hacker but the attacks are done in a non- destructive manner.

REFERENCE

1. http://www.wikipedia.org/wiki/ethical hacking

2. www.computerhope.com

3. http://searchsecurity.techtarget.com/

4. http://www.pcworld.com/

5. http://image.slidesharecdn.com/

6. http://www.instructables.com