Introduction to Ethical Hacking

Most people think “hacker” means a darkened room, several monitors ablaze with green text scrolling across the screen, and a negative character furiously typing some code on a keyboard trying to crack or steal something. Unfortunately, that is somewhat true, and a lot of people purposely participate in these activities. Whether it’s for a noble or bad purpose, hacking remains the same. Using a specialized set of tools and techniques to bypass computer security allows someone to hack into a system, or computer, or network. The very first know event of hacking had taken place in 1960 at MIT and after that the term “Hacker” came into existence. Let’s know some more about “ethical hacking”

Malicious hacker is known as “cracker“, uses those skills, tools, and techniques either for their personal gain or for destructive purposes. Crackers act as hired agents to destroy or damage corporate or government reputation or, in some cases they act on their own for their own purposes.

An ethical hacker is the one who uses same set of tools and techniques a criminal might use, with customer’s approval and support, to secure a system or network. Ethical hackers are the employed by the customers to find the weakness in a computer, or system, or network to strengthen and improve the information security.

Advantages

In some of the given scenarios ethical hacking is quite useful like:

1. To perform penetration testing to strengthen computer and network security
2. To put adequate preventive measures for the prevention of security breaches
3. To recover lost information, especially when you have forgotten your password
4. To create such a system, computer, or network that prevent malicious hackers from gaining access

Disadvantages

Hacking can be dangerous too if is performed with wrong intention for personal benefits or destructive purposes. It can cause:

1. Privacy breach
2. Denial of service attacks
3. Massive security breach
4. Malicious attempts on the system
5. Breach in confidentiality, integrity, and availability of information

Purpose behind hacking

There could be number of reasons behind the hacking attempts. Here is the list of some known reasons behind the hacking activities:

1. Money extortion
2. System security testing
3. To break policy compliance
4. Stealing some important information
5. Damage a system, or computer, or network

Classification of hackers

Hackers are classified into 3 categories:

1. White hats:
   White hat hackers are the “ethical hackers” hired by the customers for the specified goal of testing and improvement in security of a system, or computer, or network. White hat hackers are respected don’t use their skills and knowledge for their own purposes. They always ask for permission or consent to perform any hacking activity.
2. Black hats:
   Whereas the black hat hackers are known as “crackers“, which illegally use their skills, tools, and techniques for either malicious intent or personal gain. They always try to steal, or destroy data, or deny access to resources (DoS attack). They do not require any permission or consent to perform any hacking activity.
3. Gray hats:
   This one is the very weird category of hackers and are blend of both white hats and black hats, basically there are two subsets of gray hat hackers – those who are curious about tools and techniques of hacking, and the other one feels like their duty to find out flaws in the system and notify its owner about these.

So, if you want to be an ethical hacker, you must work within the confines of an agreement between you and your client/customer. In general, ethical hacker first meet his client and sign a contract. This contract not only defines the permission and authorization given but also confidentiality and scope of the agreement. Ethical hacker must also need to sign a Non-Disclosure agreement according to which, he will not disclose any information found during the test and improvement phase.

To become an ethical hacker, there are two processes that you need to know:

1. How to setup and perform a legal penetration testing
2. How proceed through actual hack