• Choose a category
• All
• Classic-Fiction

Become an Ethical Hacker

Ethical hackers who stay a step ahead of malicious hackers must be computer systems experts who are very knowledgeable about computer programming, networking and operating systems. In-depth knowledge about highly targeted platforms (such as Windows, Unix, and Linux) is also a requirement. Patience, persistence, and immense perseverance are important qualities that many hackers possess because of the length of time and level of concentration required for most attacks/compromises to pay off.

Most ethical hackers are knowledgeable about security areas and related issues but don't necessarily have a strong command of the countermeasure that can prevent attacks. The following chapters of this book will address both the vulnerabilities and the countermeasures to prevent certain types of attacks.

What Is Vulnerability Research?

Vulnerability research is the process of discovering vulnerabilities and design weaknesses that could lead to an attack on a system. Several websites and tools exist to aid the ethical hacker in maintaining a current list of vulnerabilities and possible exploits for their systems or networks. It's essential that a systems administrator keep current on the latest viruses, Trojans, and other common exploits in order to adequately protect their systems and network. Also, by becoming familiar with the newest threats, an administrator can learn how to detect, prevent, and recover from an attack.

Describing the Ways to Conduct

Ethical Hacking

Ethical hacking is usually conducted in a structured and organized manner, usually as part of a penetration test or security audit. The depth and breadth of the systems and applications to be tested are usually determined by the needs and concerns of the client. Many ethical hackers are members of a tiger team.

The following steps are a framework for performing a security audit of an organization:

1. Talk to the client, and discuss the needs to be addressed during the testing.

2. Prepare and sign nondisclosure agreement (NDA) documents with the client.

3. Organize an ethical hacking team, and prepare a schedule for testing.

4. Conduct the test.

Creating a Security Evaluation Plan

Many ethical hackers acting in the role of security professionals use their skills to perform security evaluations or penetration tests. These tests and evaluations have three phases, generally ordered as follows:

The Preparation phase involves a formal agreement between the ethical hacker and the organization. This agreement should include the full scope of the test, the types of attacks (inside or outside) to be used, and the testing types: white, black, or grey box. (These types are defined later, in the section "Testing Types.")

5. Analyze the results of the testing, and prepare a report.

6. Present the report to the client.

In-depth penetration testing and security auditing information is discussed in EC-Council's Licensed Penetration Tester (LPT) certification.

During the Conduct Security Evaluation phase, the tests are conducted, after which the tester prepares a formal report of vulnerabilities and other findings. The findings are presented to the organization in the Conclusion phase along with any recommendations to improve security.

Types of Ethical Hacks

Ethical hackers can use many different methods to breach an organization's security during a simulated attack or penetration test. The most common methods follow:

Remote network A remote network hack attempts to simulate an intruder launching an attack over the Internet. The ethical hacker tries to break or find a vulnerability in the outside defenses of the network, such as firewall, proxy, or router vulnerabilities.

Remote dial-up network A remote dial-up network hack tries to simulate an intruder launching an attack against the client's modem pools. War dialing is the process of repetitive dialing to find an open system and is an example of such an attack.

Local network A local network hack simulates someone with physical access gaining additional