Saturday, 18 August 2012

What is Ethical Hacking

Individuals who intrude on or “attack” a system are called by a number of names but are generally referred as hackers. An attack is any “unauthorised” action taken with intent of hindering, damaging, incapacitating, or breaching the security of a network. An attack typically carries out threat to your critical assets. Some of these attacks attempt to infiltrate into your systems and networks which are relatively harmless whereas some others can bring your system or network to a grinding halt and cripple a business.

Hackers use many techniques to attack your network or system. When “hackers” attack a network, they “break the rules” in such a way that makes the “attack” appear to be a normal transmission. Hence hackers are “people who use and create computer software to illegally gain access to information” (marriam-webster) and you consider them as dangerous and a threat to your systems, networks & critical assets. But recently you have heard about “ethical hackers” and have become confused.

Why are these hackers “ethical”? Because they are security experts hired by the companies to analyze the vulnerabilities that exist in their network & systems. The company and the “Ethical” hacker enter into a legally binding contract. The contract, as stated by Paul Walsh (, sometimes called a "get out of jail free card," sets forth the parameters of the testing. It's called the "get out of jail free card" because it's what harbours the Ethical Hacker from prosecution. Hacking is a felony, and a serious one. The terms of the agreement are what transform this illegal behaviour into a legal and legitimate occupation. Ethical hackers are security experts who examine systems and networks for vulnerabilities and analyze the various ways a "hacker can think" and attempt to attack your network. Ethical hackers may use the same techniques as those used by illegal hackers to breach corporate security systems. The end result is the company's ability to prevent an intrusion attack before it occurs and devise respective solutions to protect their networks by implementing proper security solutions for potential threats.

With so many standards and government regulatory requirements including HIPAA, Sarbanes Oxley, and SB-1386 and BS 7799, the companies require a trusted third party to check that the systems are secure. The companies may not be able to confirm that their security system is solid unless they test it. It's hard for a company's IT team to go to the system with all the malicious or mischievous motives of a true illegal hacker and thoroughly test out the system. Hence, to thoroughly uncover vulnerabilities, to test the security system, a legal hacker called “Ethical” hacker is hired to perform an illegal hacker’s job with a legal “ethical” contract.

An Ethical hacker works legally to uncover:
  • All the information an illegal hacker can gain access to
  • What an illegal hacker could do with that information once gained and
  • Break-ins, successful or not 

Lately, hacking methods are being taught legally and a certification can be obtained namely CEH – Certified Ethical Hacker. ECCouncil (The International Council of E-Commerce Consultants) is an organization that manages and develops the Ethical Hacker Certification. Before taking the tests, one must sign an ethics form. The CEH certification is by far one of the most challenging exams in Information Technology.

No comments:

Post a Comment