Ethical hacking

What is Ethical Hacking?

Ethical Hacking is identifying weakness in computer systems and/or computer networks and coming with countermeasures that protect the weaknesses. Ethical hackers must abide by the following rules.

• Get written permission from the owner of the computer system and/or computer network before hacking.
• Protect the privacy of the organization been hacked.
• Transparently report all the identified weaknesses in the computer system to the organization.
• Inform hardware and software vendors of the identified weaknesses.

Why Ethical Hacking?

• Information is one of the most valuable assets of an organization. Keeping information secure can protect an organization’s image and save an organization a lot of money.
• Hacking can lead to loss of business for organizations that deal in finance such as PayPal. Ethical hacking puts them a step ahead of the cyber criminals who would otherwise lead to loss of business.

Legality of Ethical Hacking

Ethical Hacking is legal if the hacker abides by the rules stipulated in the above section on the definition of ethical hacking. The International Council of E-Commerce Consultants (EC-Council) provides a certification program that tests individual’s skills. Those who pass the examination are awarded with certificates. The certificates are supposed to be renewed after some time.

Importance of  Ethical Hacking

"Government agencies and business organizations today are in constant need of ethical hackers to combat the growing threat to IT security. A lot of government agencies, professionals and corporations now understand that if you want to protect a system, you cannot do it by just locking your doors".  

         – says Jay Bavisi, CEO of EC-Council

In the dawn of international conflicts, terrorist organizations funding cybercriminals to breach security systems, either to compromise national security features or to extort huge amounts by injecting malware and denying access. Resulting in the steady rise of cybercrime. Organizations face the challenge of updating hack-preventing tactics, installing several technologies to protect the system before falling victim to the hacker.

New worms, malware, viruses, and ransomware are multiplying every day and is creating a need for ethical hacking services to safeguard the networks of businesses, government agencies or defense.

Benefits of Hacking

The primary benefit of ethical hacking is to prevent data from being stolen and misused by malicious attackers, as well as:

1.Discovering vulnerabilities from an attacker’s POV so that weak points can be fixed.

2.Implementing a secure network that prevents security breaches.

3.Defending national security by protecting data from terrorists.

4.Gaining the trust of customers and investors by ensuring the security of their products and data.

5.Helping protect networks with real-world assessments.

Types of Ethical Hacking

It is no big secret that any system, process, website, device, etc., can be hacked. In order to understand how the hack might happen and what the damage could be, ethical hackers must know how to think like malicious hackers and know the tools and techniques they are likely to use.

1.Web application hacking:

Web application provides an interface between the web server and the client to communicate. Web pages are generated at the server, and browsers present them at the client side. The data is passed between client and server in the form of HTML pages through HTTP protocol.

There are client-side vulnerabilities and server-side vulnerabilities which lead to a web application attack.

Types of Attack in web application hacking

A. Parameter tampering
B. Unvalidates inputs
C. Directory traversal attacks

2. System hacking:

System hacking is the way hackers get access to individual computers on a network. Ethical hackers learn system hacking to detect, prevent, and counter these types of attacks.  Main methods of system hacking password cracking, privilege escalation, spyware installation, and keylogging—and the countermeasures IT security professionals can take to fight these attacks.

3. Web server hacking:

Websites are hosted on web servers. Web servers are themselves computers running an operating system; connected to the back-end database, running various applications. Any vulnerability in the applications, Database, Operating system or in the network will lead to an attack on the web server.
Types of Attack in web application hacking
A. DOC Attacks
B. Website defacement
C. Misconfiguration attacks
D. Phishing attack

4. Hacking wireless network

Even wireless networks are not left without security problems, in spite facilitating greater flexibility. A hacker without being in the same building can sniff the network
packets.The radio waves can be easily sniffed by the hacker from a nearby location.

A wireless network is hacked by identifying the SSID by using network sniffing. Wireless cards when converted to Sniffing modes are called monitor mode.

5. Social hacking:

Social hacking describes the act of attempting to manipulate outcomes of social behaviour through orchestrated actions. The general function of social hacking is to gain access to restricted information or to a physical space without proper permission. Most often, social hacking attacks are achieved by impersonating  an individual or group who is directly or indirectly known to the victims or by representing an individual or group in a position of authority.This is done through pre-meditated research and planning to gain victims’ confidence. Social hackers take great measures to present overtones of familiarity and trustworthiness to elicit confidential or personal information. 

Social hacking is most commonly associated as a component of “social engineering".

Phases of Ethical Hacking

Planning and Reconnaissance:

The first step in ethical hacking is to define the scope and goals of a test as well as the testing methods to be followed. It also addresses intelligence to understand the potential vulnerabilities and how a target works. The prospective footprinting is made through search engines, web services, social network sites, DNS, email, network, etc. by using footprinting tools.

Scanning:

In the second step, scanning is performed to understand how a target reacts to various intrusion attempts, in two ways – when the application’s code is static and when the application’s code is functioning. The later is the most practical way to understand the application’s performance in real-time.

Gaining Access:

This is a crucial step where the web application is attacked using SQL injections, cross-site scripting, backdoors, etc. to find the vulnerabilities and then exploit them by stealing, intercepting traffic, and interfering privileges to understand the amount of damage that it can cause.

Maintaining Access:

In this step of penetration testing, the vulnerability is used as a persistent presence for a long duration in the infected system in order to steal sensitive information or to spread inside the network, quickly gaining access to the server.

Analysis:

The final stage of a penetration test is to compile the result by analyzing and commenting about the vulnerabilities exploited, access to the data, and the amount of time that the tester can remain unnoticed in the system.

The various phases listed above form part of EC-Council Certified Ethical Hacking Certification program. In the first 6 modules, our CEH program teaches how to reconnaissance, scan, enumeration and its techniques and vulnerability analysis. In further modules of CEH, you can learn Malware Threats, Sniffing, Types of Hacking including social engineering, and DDoS, Evading IDS, Firewalls and Honeypots, SQL Injections, Hacking web services, mobile IoT, and more.

Who is an ethical hacker ?

Roles & Responsibilities of an Ethical Hacker

There seems to be a general misconception that a person with an ethical hacking career is only responsible for penetration testing of systems and applications. This is not true, and an ethical hacker is responsible for much more.

• Scanning open and closed ports using Reconnaissance tools like Nessus and NMAP

• Engaging in social engineering methodologies 

• Examining patch releases by performing vigorous vulnerability analysis on them

• An ethical hacker will see if he/she can evade IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems), honeypots and firewalls
• Ethical hackers can employ other strategies like sniffing networks, bypassing and cracking wireless encryption, and hijacking web servers and web applications

An ethical hacker strives to replicate the working of a black hat hacker by analyzing the defense protocols and social-engineering aspects of an organization. His job is to make sure the organization reacts to these situations well enough if they are already not doing so.

Ethical Hacker Skill Set

A person with an ethical hacking career is expected to be proficient in database handling, networking, and operating systems and also have excellent soft skills as they need to communicate problems regarding security to the rest of the organization. Other than these generalized skillsets, an ethical hacker also have a good grasp on the following skills:

• Network traffic sniffing
• Orchestrate various network attacks
• Exploit buffer overflow vulnerabilities
• SQL injection
• Password guessing and cracking
• Session hijacking and spoofing
• DNS spoofing

Apart from this, an ethical hacker must be a creative thinker because black hat hackers are constantly coming up with ingenious ways to exploit a system and it is an ethical hacker’s job to predict and prevent such breaches. 

An Ethical Hacker is a skilled professional  has excellent technical knowledge and skills and knows how to identify and exploit vulnerabilities in target systems. He works with the permission of the owners of systems. An ethical Hacker must comply with the rules of the target organization or owner and the law of the land and their aim is to assess the security posture of a target organization/system.

Various government jobs in Ethical Hacking

• Information Security Analyst.
• Security Analyst.
• Certified Ethical Hacker (CEH)
• Ethical Hacker.
• Security Consultant, (Computing / Networking / Information Technology)
• Information Security Manager.
• Penetration Tester. etc..

Top Institute in India for ethical hacking courses

1.NIELIT , Srinagar 

2.Quest Institute of Knowledge Borivali West,Mumbai

3.Jetking Infotrain Ltd. Andheri East,Mumbai

4. IANT - Institute of Advance Network Technology Paldi,Ahmedabad

5.ACTS CDAC, Software Training and Development Centre, Thiruvananthapuram

6.Indian Institute Of Hardware Technology Ltd. (IIHT), GTB Nagar, Delhi