What is Ethical Hacking?
The word Ethical Hacking sounds contradicting, as how can hacking be ethical. But many have the misconception that hacking is bad and hackers are bad people.
Hackers are actually experts that help in solving issues and crackers are the ones on the dark side who make use of their knowledge in the negative way.
Ethical hackers have the skills of a cracker and use their skills positively and in a legal manner, thus known as Ethical hackers.
Ethical hacker are usually employed to do penetration testing or pen testing i.e. identifying security threats and vulnerabilities and thus suggest counter measures. Ethical hackers will use the skills for defending the systems from malicious hackers or crackers.
There are types of hackers in the industry namely:
- White Hat Hacker: Positive people or the good person / ethical hacker. They hack with having the data owner know about it. The main aim is to look for vulnerabilities and have them fixed.
- Black Hat Hacker: Negative people or the bad person / malicious hacker. They will hack without the knowledge of the owner with the intent to cause financial or some other loss like destroying information.
- Gray Hat Hacker: Mixed, depending on situation can be good or bad at times. You never know how they work and when they may act differently. They can also be initial black hat person who work as white hat
Information security comprises of these main elements:
Confidentiality: This means to have information confidential or no disclosed to unintended users.
Integrity: means avid the data being manipulated by someone in middle. This explains the trustworthiness of the data.
Authenticity: Only authenticated users should be able to access the resources. Use of digital certificates, bio metrics, etc is part of authenticity
Availability: Means to have access to a resource continuously and it should not get interrupted when required. For example you need to access a web server but if it is compromised and does not allow you to access it, you are being deprived of its availability.
Ethical Hacking Terminology
Threat: A condition or situation which is prone to being breached of security
Exploit: Taking advantage or capitalizing on a bug or vulnerability to seek elevated privileges or to attack the system for some Denial of Service etc.
Vulnerability: A defect or flaw found in the existing system which can be exploited.
Target of Evolution (ToE): The resource which is being targeted for the attack
Attack: After vulnerability is found, and to take undue advantage of it, an attack is made based on the weakness found due to the vulnerability in the system.
Hacktivism: When promoting some political agenda by hacking for example to deface some website etc is called Hacktivism.
Zero Day Attack: When an attack is made before a patch for the vulnerability is made by the developer.
Hack Value: The satisfaction factor, be it financial or emotional for the hacker he gets when he breaks down a system.
Ethical hacking is not a one step process; it needs to be done in phases.
Below are the phases of Ethical hacking:
- Gaining Access
- Maintaining Access
- Covering Tracks
- Reconnaissance: This is mainly the phase where information is gathered about a target.
If the target company or organization is not aware that information about it is being collected, this is known as Passive Reconnaissance or foot printing. Looking for employee details, IP address details, physical address all come under passive reconnaissance. If you are gathering information by somehow getting involved with the target, like pinging their network devices and probing which services are running etc, is called Active reconnaissance. By using Active foot printing or reconnaissance there are more chances of being traced as compared to passive foot printing.
- Scanning: Making use of the first phase information to further get more detail information about the network. The hacker may use some tools to scan or ping sweep the network and collect information. Using these they try and collect information about the Operating system, IP address or user account etc.
- Gaining Access: This builds on the earlier phase and it is this phase where more skills of hacking take place. The flaws, weakness of vulnerabilities found from the previous stages are now to be exploited and need to take access of the target system. Techniques like buffer overflow, DoS (Denial of Service), Session hijacking etc are used.
- Maintaining Access: Once you are into a target system with all the effort of previous stages or phases, the hacker would like to maintain access to the system rather than trying to figure out ways to compromise the target system every time. They would like to get into the target system on a future date or time and so have something like a backdoor, Trojan etc left on the target system so it can be accesses easily later.
- Covering Tracks: This is a very important phase where you are now wiping of your footsteps to be safe from being caught. They do not want to be tracked by the security team of the target organization. The logs files can be modified or deleted to make remove any traces of the hacker entering the system.
Attacks on the target can be like below:
- Operating System Attack: Based on the OS vulnerability try to attack.
- Application level Attack: Attack that is done on type of application and it drawbacks. Like phishing or session hijacking etc.
- Misconfiguration Attack: If the device is not configured correctly, if file permission not set properly, some open port left in the application etc.
- Shrink wrap code Attack: Code or script that was shared in OS for easy of task of System admin, that script if it has vulnerabilities, it can lead to the system being compromised.
Information Security Threats
There can be different types of threats for your data, namely:
- Natural Threats
- Natural disaster
- Physical Threats
- Physical intrusion
- Sabotage or espionage
- Physical damage to your system
- Human Threats
- Social Engineering
Further if we try to look deeper the Information Security threats can be on your Network, Host or Application.
Under each of these there can be different types of threats like :
|Information Gathering||Password attack||Information Disclosure|
|Sniffing||Backdoor Attack||Cryptography attack|
|Spoofing||Malware Attack||Authorization attacks|
|Session Hijacking||Physical Security||Authentication attacks|
|SQL Injection||Elevated privileges||Configuration management|
|ARP Poisoning||Target Foot printing||Data Input validation|
|Password cracking||DoS : Denial of Service||Buffer Overflow|
|DoS : Denial of Service||Unauthorized access||Phishing|
Necessity of Ethical Hacking
Organizations are in need of Ethical Hackers in order to prevent their network being compromised by some other hacker / cracker. This helps them save the organization secrets. Ethical hacker does proper tests on the Network and reports all the loop hole to the management and accordingly action is taken to prevent any attack to happen.
Incident Management Process
These are processes that are defined to identify prioritize, analyze and resolve any incident and to resolve or restore the system.
Benefits of Incident Management
- Service quality improvement
- Meet Service availability requirement
- Customer satisfaction improved
- Proactive problem resolving
- Help to deal with future incidents
The organization should have Security policies defined as per the standards. Based on these policies the compliance is done and which help the organization be secure from many of the attacks. There are different types of policies that can be implemented as:
User Account policy: Who can create users and with what permissions
Remote Access policy: Should the organization network be able to be accessed outside of office premises
Firewall management policy: how to configure the firewalls and monitor them for any attacks
Network connection policy: Who has authority to configure the network. The IP address details, network diagrams etc, can be shared with whom
Email Security: Email going out and coming in the organization should be managed.
Password policy: Each organization should force this policy so weak passwords are not used and chances of getting compromised are reduced.
Penetration Testing and Testing Types
Penetration Testing is the mechanism through which the Ethical hacker follows all the stages of hacking and tries to break into the organizations network or system. He basically simulates the complete attack like an outsider would perform. Based on the penetration test documentation is done and reports are shared to the management and measures are taken to avoid any security breaches.
Types of Testing
Black Box: Testing with no information about the network. You need to start finding everything the IP, ports etc no information is shared and it is the most difficult type of testing. This exactly simulates a situation like a hacker / cracker trying from outside to get into your network without any prior information about the network. As no information is available with the hacker for testing, this does take a lot of time to complete.
White Box: In this type of testing the hacker or pen tester has knowledge about the network infrastructure. Thus the phase of information gathering is bypassed and this method becomes quick and can directly focus on the main security aspects.
Gray Box: This is a mix of both types mentioned above some information is disclosed and some needs to found out by the tester. This way audit can be done to see if employees have access to servers, Internet or any restricted sites etc.
- Footprinting and Reconnaissance
- Scanning Networks
- Trojans and Backdoors
- Enumeration Hacking Phase
- Social Engineering