Featured Post

Step Wise Project Planning

Planning is the most difficult process in project management. The framework described is called the Stepwise method to help to distinguis...

  1. Home

What is Ethical Hacking?



What is Ethical Hacking?


Art and Science of determining vulnerabilities within the existing network architecture. The idea of ethical hacking is to put yourself in the shoes of hacker and access monitor the flaws in your own network.It is used to determine the security flaws in the network before the hacker does by using similar tools and techniques as the hacker.



Types of Ethical Hacking :-

White Box: Full knowledge of the system. What this means is that you have full information about the system. i.e. you know what IP the database server is running on and what version of the operating system is running on that box etc. This makes it easy for you to learn about the various details and then fingerprint that very system.


Black Box: You have NO knowledge of the system infrastructure. As a Ethical hacker, this should be the one that can help you see things from a hacker’s perspective as you like the hacker does not have any initial knowledge about the system. 



Vulnerability Assessment: Usually done by using an automated script. The only negative is that your testing will be as good as your tool. The positive is pretty clear, you run an automated script which covers certain things and you are all set for those covered topics.


Penetration Testing: Comprehensive review of vulnerabilities, how to exploit those vulnerabilities and understanding how networks react to them.
Also, when talking to a lot of students who are new in the arena of web application development, i get a feeling that they want to know a lot about how hackers are able to do all “those things”. For such enthusiasts i would like to share some of the skills of a good hacker.




Skills of the Hacker :-

1.) Should possess Extensive Knowledge –  This means that you need to know everything about everything. Though it sounds unrealistic, but this is true.

2.) Should already be a security expert in other areas ( like perimeter security etc).

3.) Should have experience as network or system administrator. The concept is pretty simple, you can’t hack a PBX box, if you don’t know how to operate one. Or you can’t hack a Linux/Unix box if you don’t know various Unix commands.

4.) Should have good working knowledge of various OS.

5.) Good understanding of ports, protocols and TCP/IP.

6.) You also need to have a good understanding of common security vulnerabilities and their fixes like buffer overflow etc.


7.) Good understanding of the various security tools and techniques.


Next
« Prev Post
Previous
Next Post »
Subscribe to: Post Comments (Atom)