Phenomenon of Ethical Hacking - Report Example

? Ethical Hacking Introduction The term hacker has more than one meaning in the industry of information technology, hacker is considered a computer operator who gives preferences to gaining additional and far stretched information about computer systems and the information he gains is more than what an average computer system user has. Another definition of hacker states that, hacker is an individual who is continuously involved in the part of creating programs and conducted tasks recognized as programming and does not only theorize about these tasks. As computer systems came into existence, the number of users even increased period after period and the ways of programming even elevated and new ways were explored by users. This sudden increase in popularity made authorities restrict its usage; this made programmers use different ways to get into different systems by stealing passkeys, by looking for vulnerabilities in the protected systems and exploiting them to access programs that they want to use and to alter the restrictions levied by the authority (COFFIN, 2003). Initially these intrusions were con ducted for small purposes such as for fun and to steal computer time, but as restrictions increased, the degree of harm done by these break-ins became adverse. For example: due to these break-ins, computer system owners had to get their computers repaired in certain instances and they even experienced major losses. The destructions conducted by intruders, were soon caught by the eyes of media and media reported these destructions while referring computer criminals as hackers and presenting them as people who intrude computer systems to gain enjoyment, benefits and revenge. During the early days of hacking, the term hacker was referred to as a person who has great skills, so different terminologies were invented to differentiate between hackers who use this skill to conduct destructive activities and those who don’t commit too much damage. Discussion As internet became a portion of the human world, concerns for security for computer systems have increased for organizations and government. Increase in concern for security has been of top most issue because these business and governments want to conduct business activities such as managing, marketing and financing through the use of computer technology and they have a fear of being hacked. While on the other end customers have a fear that their personal information and information that can cause huge damage can be caused due to vulnerabilities in security system. One way to solve this issue figured out by authorities was to make independent hackers break into these systems and analyze the degree of vulnerability and security risk faced by these systems. In such cases, hacking is considered as auditing firm’s records to find out what the problem is and people who conduct this kind of hacking are recognized as ethical hackers and the task they perform is referred to as ethical hackers. They are referred to as “ethical” hackers because they are conducting this task with the consent of the organizations, they are conducting these tasks for the right reasons which are to find vulnerabilities in the system and provide solutions and protective measures to make the systems safe. This system of Ethical hacking is being used for years, for example: this method was once utilized by the air force of United States of America to identify any possible weaknesses and vulnerabilities in the system regarded as Multics (Ethical 2001). The end result of this exercise determined that Multics was one of the best systems and was better than other systems; still it had certain degree of weaknesses and vulnerabilities. These vulnerabilities were identified in the hardware, software and processes of the system, and these vulnerabilities could be exploited very easily. The efforts made by the ethical hackers helped identify the sources and the secrets that could have been easily obtained by unethical hackers. As the threats to computer systems and internet networks increased, studies for ethical hacking even became a part of the nongovernmental or defense organizations. One of the most reputable works was conducted by Farmer and Venema, these researchers conferred publically about the use of techniques used by unethical hackers to identify the vulnerabilities and weaknesses in the security of computer systems. Through their public awareness effort they informed the public about the various security threats that their systems can experience and the information that can be extracted through these intrusions and they even provided remedies so the public can make their internet and systems safe and secure. Farmer and Venema figured out that the solutions for the security risks faced by the public can be very difficult for them to implement, might even seem to be very boring and might cost too much time (New Scientist 2012). They decided to create an application that can help people analyze the security risks to their systems and they gave this application for free to anybody who wanted it. This effort gained heavy attention by the media, in the initial period, the effort was made popular with a negative view as in the initial level the media failed to recognize the uses of the application. The application or utility did not perform hacking activities for the user, rather it helped identify the security weaknesses that the users system had and advised on methods that can be implemented by the users to make the system secure. This tool was performing a task similar to a banks audit, the banks audit is supposed to find weaknesses in the system, similarly the application was performing the task of auditing weaknesses in the security of the system. It was performing an extra task of how these security risks can be dealt with, this software was not performing the task of informing users about the damage that they can face due to intrusions because this was not necessary or would not make any huge difference. The above stated examples are a few representations of who ethical hackers are and what they do. Ethical hackers considered successful own various skills; firstly an ethical hacker should be one who values trust and integrity. This is an important trait of an ethical hacker because, an ethical hacker is supposed to give top priority to keep the personal information secret that he/she has extracted while performing his/her duty (COMPUTER WEEKLY 2005). If such information becomes public, the hackers who have been conducting the hacking practices for unethical reasons main try to break into these systems and cause huge damages including heavy financial losses. The client has to trust the ethical hacker completely to give him access to his system so the ethical hacker can conduct the duty in the best possible fashion. Ethical hacker himself has to employ tools in order to ensure that while he/she is performing his/her duty, the system remains safe and no break-ins take place (FARSOLE 2010). People working in the field of ethical hacking have several years of experience and knowledge of how programming is done and vast knowledge of networking systems and how these systems work. It is not necessary for ethical hackers to have special skills and knowledge of security, because their skills and knowledge of other aspects of computer systems are enough for them to determine the vulnerabilities in the system, still security skills and knowledge is required so ethical hackers can create reports for clients. The most important trait of ethical hackers is that they should have high amount of patience as the entire process of ethically hacking and analyzing systems and generating reports for vulnerabilities. The ethical hackers have to act exactly like criminal hackers do, criminal hackers monitor systems for weeks and days to find vulnerabilities in them and they pounce upon the opportunity as soon as they have it, similarly the ethical hackers have to study the system for weeks and months to find all vulnerabilities in the security of the system, they have to located the slightest weakness of the system. Ethical hackers are even required to be involved in the process of continuous learning in order to remain updated with new systems and new processes. The skills and traits analyzed here are similar to the skills and traits of a criminal hacker. The point to note here is that just like in sports and in wars, the defender has to gain complete knowledge of the attacker in order to gain an advantage, similarly ethical hackers have to know the tactics and resources that criminal hackers have in order to have an added advantage. For example: Anybody can gain skills to steal, pick locks, jack cars, and commit different criminal activities, so it is the job of law enforcement agencies to learn what game these criminals are playing and have to stop them. Similarly anyone can gain access to tools required to conduct criminal hacking activities, but it is the job of the ethical hackers to learn about these techniques and protect their client’s computer systems. An ethical hacker is there to answer three important questions, these include what criminal hackers can obtain from their target’s computer, what the unethical hacker do with the information and resources obtained from their target’s system and whether the target has identified or has any clue about the successful or failed attempts made by the criminal hacker (JUSTIN PIERCE 2006). All of these questions are of utmost importance but the third question holds the greatest importance as if the criminal hacker identifies that his attempts cannot be notice by the user then he will continue trying to get into the system and eventually break through its vulnerable security system (PAULA ROBERTS 2002). Clients of ethical hackers have to provide a lot of answers to the questions asked by ethical hackers, three main questions from this list are: what does the client want the ethical hacker to protect, why does the client want to protect those resources and the amount of financial resources as well as efforts and time the client is read to invest to gain a system that is secured from criminal hackers. Clients might experience difficulty in answering these questions and they even try not to provide all the information to ethical hackers, but they have to trust ethical hackers in order to get a positive outcome. Clients have to prove idea clear and precise information, they should avoid providing an overview; instead they have to provide point to point detailed information such as complete addresses of customers and employees. The consequences of an attack can damage even the best running organizations. Customers tend to trust the companies they are trading with and they want full support from these companies at all times (PALMER 2001). To safeguard goodwill as well as safeguard the damage that can be done to the smooth flow of the revenue of the organization. Conclusion The method of saving and securing and making things better through breaking into it is not new. Automobile companies test their cars all the time by using the method of crash testing and even while learning martial arts, the professionals in the same team mates fight against each other to get an idea of how the opponent needs to be tackles. But all the efforts being made by ethical hackers are not themselves cannot solve the problem of criminal hacking because the system creators need to take the security aspect of systems very seriously while designing and creating systems. On the other hand users and ethical hackers can continue to perform the duty of continuously checking their systems for vulnerabilities and weaknesses in the system and implementing and creating tools to keep the systems secure from the possible threat of intrusion done by a hacker who only aims at damaging the users. Referencing COFFIN, B. (2003). It takes a thief: ethical hackers test your defenses. Risk Management Magazine. PALMER, C. C. (2001). Ethical hacking. IBM Systems Journal. 40, 769. PAULA ROBERTS, & JENNY WEBBER. (2002).Virtuous Hackers: developing ethical sensitivity in a community of practice. Australasian Journal of Information Systems; Vol 9, No 2 (2002). Australian Computer Society.  JUSTIN PIERCE, ASHLEY JONES, & MATTHEW WARREN. (2006). Penetration Testing Professional Ethics: a conceptual model and taxonomy. Australasian Journal of Information Systems; Vol 13, No 2 (2006). Australian Computer Society. http://dl.acs.org.au/index.php/ajis/article/view/52. FARSOLE, A. A., KASHIKAR, A. G., & ZUNZUNWALA, A. (2010). Ethical Hacking. International Journal of Computer Applications. 1, 14-20. (2001). 'Ethical' hacking. Network Security. 2001. (2012). Ethical hacking group emerges. New Scientist. 22. (2005). Ethical hacking - challenging and lucrative.COMPUTER WEEKLY. 44-45. Read More