Introduction To Ethical

Hacking

The term ‘Hacker’ was coined to describe experts who used their
skills to re-develop mainframe systems, increasing their efficiency
and allowing them to multi-task. Nowadays, the term routinely
describes skilled programmers who gain unauthorized access into
computer systems by exploiting weaknesses or using bugs,
motivated either by malice or mischief. For example, a hacker can
create algorithms to crack passwords, penetrate networks, or even
disrupt network services.

The primary motive of malicious/unethical hacking involves stealing

valuable information or financial gain. However, not all hacking is
bad.

Defining hacker

Hacker is a word that has two meanings:

I Traditionally, a hacker is someone who likes to tinker with

software or electronic systems. Hackers enjoy exploring and
learning how computer systems operate. They love discovering new
ways to work electronically.

All Rights Reserved.

Copyrights © by MRWEBSECURE.
I Recently, hacker has taken on a new meaning — someone who
maliciously breaks into systems for personal gain. Technically, these
criminals are crackers (criminal hackers). Crackers break into (crack)
systems with malicious intent. They are out for personal gain: fame,
profit, and even revenge. They modify, delete, and steal critical
information, often making other people miserable.

The good-guy (white-hat) hackers don’t like being in the same

category as the bad-guy (black-hat) hackers. (These terms come
from Western movies where the good guys wore white cowboy hats
and the bad guys wore black cowboy hats.) Whatever the case,
most people give hacker a negative connotation.

Many malicious hackers claim that they don’t cause damage but
instead are altruistically helping others. Yeah, right. Many malicious
hackers are elec- tronic thieves.

What is Ethical Hacking?

Ethical Hacking is an authorized practice of bypassing system

security to identify potential data breaches and threats in a network.
The company that owns the system or network allows Cyber
Security engineers to perform such activities in order to test the
system’s defenses. Thus, unlike malicious hacking, this process is
planned, approved, and more importantly, legal.

Ethical hackers aim to investigate the system or network for weak

points that malicious hackers can exploit or destroy. They collect
and analyze the information to figure out ways to strengthen the
security of the system/network/applications. By doing so, they can
All Rights Reserved.
Copyrights © by MRWEBSECURE.
 improve the security footprint so that it can better withstand
attacks or divert them.

Ethical hackers are hired by organizations to look into the

vulnerabilities of their systems and networks and develop solutions
to prevent data breaches. Consider it a high-tech permutation of
the old saying “It takes a thief to catch a thief.”

They check for key vulnerabilities include but are not limited to:

 Injection attacks

 Changes in security settings

 Exposure of sensitive data

 Breach in authentication protocols

 Components used in the system or network that may be used

as access points

All Rights Reserved.

Copyrights © by MRWEBSECURE.
Understanding the Need to Hack Your Own Systems

To catch a thief, think like a thief. That’s the basis for ethical
hacking.

The law of averages works against security. With the increased

numbers and expanding knowledge of hackers combined with the
growing number of system vulnerabilities and other unknowns, the
time will come when all computer systems are hacked or
compromised in some way. Protecting your systems from the bad
guys — and not just the generic vulnerabilities that everyone knows
about — is absolutely critical. When you know hacker tricks, you
can see how vulnerable your systems are.

Hacking preys on weak security practices and undisclosed

vulnerabilities. Firewalls, encryption, and virtual private networks
(VPNs) can create a false feeling of safety. These security systems
often focus on high-level vulnerabili- ties, such as viruses and traffic
through a firewall, without affecting how hack- ers work. Attacking
your own systems to discover vulnerabilities is a step to making
them more secure. This is the only proven method of greatly
hardening your systems from attack. If you don’t identify
weaknesses, it’s a matter of time before the vulnerabilities are
exploited.

As hackers expand their knowledge, so should you. You must think

like them to protect your systems from them. You, as the ethical
hacker, must know activities hackers carry out and how to stop
All Rights Reserved.
Copyrights © by MRWEBSECURE.
their efforts. You should know what to look for and how to use that
information to thwart hackers’ efforts.

You don’t have to protect your systems from everything. You can’t.
The only protection against everything is to unplug your computer
systems and lock them away so no one can touch them — not even
you. That’s not the best approach to information security. What’s
important is to protect your sys- tems from known vulnerabilities
and common hacker attacks.

It’s impossible to buttress all possible vulnerabilities on all your

systems. You can’t plan for all possible attacks — especially the
ones that are currently unknown. However, the more combinations
you try — the more you test whole systems instead of individual
units — the better your chances of discovering vulnerabilities that
affect everything as a whole.

Don’t take ethical hacking too far, though. It makes little sense to
harden your systems from unlikely attacks. For instance, if you
don’t have a lot of foot traffic

in your office and no internal Web server running, you may not
have as much to worry about as an Internet hosting provider
would have. However, don’t forget about insider threats from
malicious employees!

Your overall goals as an ethical hacker should be as follows:

I Hack your systems in a nondestructive fashion.

All Rights Reserved.

Copyrights © by MRWEBSECURE.
 I Enumerate vulnerabilities and, if necessary, prove to
upper management that vulnerabilities exist.

I Apply results to remove vulnerabilities and better

secure your systems.

Type of Hackers

The practice of ethical hacking is called “White Hat” hacking, and

those who perform it are called White Hat hackers. In contrast to
Ethical Hacking, “Black Hat” hacking describes practices involving
security violations. The Black Hat hackers use illegal techniques to
compromise the system or destroy information.

Unlike White Hat hackers, “Grey Hat” hackers don’t ask for
permission before getting into your system. But Grey Hats are also
different from Black Hats because they don’t perform hacking for
any personal or third-party benefit. These hackers do not have any
malicious intention and hack systems for fun or various other
reasons, usually informing the owner about any threats they find.
Grey Hat and Black Hat hacking are both illegal as they both
constitute an unauthorized system breach, even though the
intentions of both types of hackers differ.

All Rights Reserved.

Copyrights © by MRWEBSECURE.
White Hat vs Black Hat Hacker

The best way to differentiate between White Hat and Black Hat
hackers is by taking a look at their motives. Black Hat hackers are
motivated by malicious intent, manifested by personal gains, profit,
or harassment; whereas White Hat hackers seek out and remedy
vulnerabilities, so as to prevent Black Hats from taking advantage.

The other ways to draw a distinction between White Hat and Black
Hat hackers include:

Techniques Used

 White Hat hackers duplicate the techniques and methods

followed by malicious hackers in order to find out the system
discrepancies, replicating all the latter’s steps to find out how a
system attack occurred or may occur. If they find a weak point
in the system or network, they report it immediately and fix the
flaw.

Legality

 Even though White Hat hacking follows the same techniques

and methods as Black Hat hacking, only one is legally acceptable.
Black Hat hackers break the law by penetrating systems without
consent.

Ownership

 White Hat hackers are employed by organizations to

penetrate their systems and detect security issues. Black hat
All Rights Reserved.
Copyrights © by MRWEBSECURE.
 hackers neither own the system nor work for someone who owns
it.

After understanding what is ethical hacking, the types of ethical

hackers, and knowing the difference between white-hat and black-
hat hackers, let's have a look at the ethical hacker roles and
responsibilities.

Ethical Hacker Roles and

Responsibilities

Ethical Hackers must follow certain guidelines in order to perform

hacking legally. A good hacker knows his or her responsibility and
adheres to all of the ethical guidelines. Here are the most important
rules of Ethical Hacking:

 An ethical hacker must seek authorization from the

organization that owns the system. Hackers should obtain
complete approval before performing any security assessment on
the system or network.

 Determine the scope of their assessment and make known

their plan to the organization.

 Report any security breaches and vulnerabilities found in the

system or network.

 Keep their discoveries confidential. As their purpose is to

secure the system or network, ethical hackers should agree to and
respect their non-disclosure agreement.
All Rights Reserved.
Copyrights © by MRWEBSECURE.
 Erase all traces of the hack after checking the system for any
vulnerability. It prevents malicious hackers from entering the
system through the identified loopholes.

Ethical Hacking Benefits

Learning ethical hacking involves studying the mindset and

techniques of black hat hackers and testers to learn how to identify
and correct vulnerabilities within networks. Studying ethical hacking
can be applied by security pros across industries and in a multitude
of sectors. This sphere includes network defender, risk management,
and quality assurance tester.

However, the most obvious benefit of learning ethical hacking is its

potential to inform and improve and defend corporate networks.
The primary threat to any organization's security is a hacker:
learning, understanding, and implementing how hackers operate
can help network defenders prioritize potential risks and learn how
to remediate them best. Additionally, getting ethical hacking
training or certifications can benefit those who are seeking a new
role in the security realm or those wanting to demonstrate skills and
quality to their organization.

You understood what is ethical hacking, and the various roles and
responsibilities of an ethical hacker, and you must be thinking about
what skills you require to become an ethical hacker. So, let's have a
look at some of the ethical hacker skills.

All Rights Reserved.

Copyrights © by MRWEBSECURE.
 Skills Required to Become an Ethical
Hacker

An ethical hacker should have in-depth knowledge about all the

systems, networks, program codes, security measures, etc. to
perform hacking efficiently. Some of these skills include:

 Knowledge of programming - It is required for security

professionals working in the field of application security and
Software Development Life Cycle (SDLC).

 Scripting knowledge - This is required for professionals

dealing with network-based attacks and host-based attacks.

 Networking skills - This skill is important because threats

mostly originate from networks. You should know about all of the
devices present in the network, how they are connected, and how
to identify if they are compromised.

 Understanding of databases - Attacks are mostly targeted

at databases. Knowledge of database management systems such
as SQL will help you to effectively inspect operations carried out in
databases.

 Knowledge of multiple platforms like Windows, Linux, Unix,

etc.

 The ability to work with different hacking tools available in the

market.

 Knowledge of search engines and servers.

All Rights Reserved.

Copyrights © by MRWEBSECURE.