- slide 1 of 7
There are several different ways to define hacking, but the best and most used definition describes hacking as a computer system being entered through unauthorized access. Ethical hackers are network and computer experts who attack a security system to help the computer system's owners. They do this to look for any vulnerabilities that could be exploited by a malicious hacker. They will use the same methods as a malicious hacker to test a security system, but instead of taking advantage of these vulnerabilities, they will report them. Ethical hacking is also referred to as intrusion testing, penetration testing and red teaming.
- slide 2 of 7
Goals of Ethical Hacking
Before an ethical hacker can begin the process they must create a plan, such as:
- Identify any and all networks they will test
- Detail the testing interval
- Detail the testing process
- Create their plan and then share it with stakeholders
- Get the plan approved
Ethical hacking has a variety of uses on the primary and secondary levels. The primary uses include:
- Quality assurance by using information technology security analysis
- Compliance documentation with respect to legal regulations, standards and parameters
- Supporting arguments for information technology activities and projects in the future
- Prevention to provide for indirect and direct cost savings as time goes on
- Know-how transfer
- Building awareness at all levels
Primary and secondary uses are basically the questions that ethical hacking answers. These include:
- Do the technical measures put into place in the company adhere to legal requirements?
- Are any necessary patches up to date, and/or is the firewall correctly configured?
- Is the e-shop or mail server properly protected against potential attacks?
- Are all promises delivered by the external service provider?
- Have all necessary and possible security measures been put into place?
- Is home office access to the company's network adequately secure?
- Is protection against malicious code, such as denial-of-service tools, trojans, and viruses, adequate?
- Are there any “illegal" installations or are all of the company's systems set up in conformance with the standards?
- slide 3 of 7
Drawbacks of Ethical Hacking
As with all types of activities which have a darker side, there will be dishonest people presenting drawbacks. The possible drawbacks of ethical hacking include:
- The ethical hacker using the knowledge they gain to do malicious hacking activities
- Allowing the company's financial and banking details to be seen
- The possibility that the ethical hacker will send and/or place malicious code, viruses, malware and other destructive and harmful things on a computer system
- Massive security breach
These are not common, however, they are something all company's should consider when using the services of an ethical hacker.
- slide 4 of 7
Benefits of Ethical Hacking
Most of the benefits of ethical hacking are obvious, but many are overlooked. The benefits range from simply preventing malicious hacking to preventing national security breaches. The benefits include:
- Fighting against terrorism and national security breaches
- Having a computer system that prevents malicious hackers from gaining access
- Having adequate preventative measures in place to prevent security breaches
- slide 5 of 7
Example of Ethical Hacking
One of the earliest examples of using ethical hackers occurred in the 1970's. At this time, the United States government utilized the knowledge and services of groups of experts, referred to as red teams. They enlisted these ethical hackers to hack into the United States government's computer system. The purpose was to evaluate how secure it was and to recognize any possible vulnerabilities. Ethical hacking is now a growing profession that is still used by the United States government, as well as technology companies and other corporations. Many large companies employ teams of ethical hackers to help keep their systems secure, such as IBM.
- slide 6 of 7
Search Security. (2010). Ethical Hacker. Retrieved on July 11, 2010 from Search Security: http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci921117,00.html
One Consult. (2010). Benefits of Security Scan, Penetration Test and Ethical Hacking. Retrieved on July 11, 2010 from One Consult: http://www.oneconsult.com/dienstleistungen/penetration-test-nutzen-en.html
- slide 7 of 7
Digital World: ilco – sxc.hu