A Closer Look At Ethical Hacking And Hackers(1).pdf

(83 KB) Pobierz
A Closer Look
Running head: A CLOSER LOOK AT ETHICAL HACKING AND HACKERS
1
A Closer Look at Ethical Hacking and Hackers
Marilyn Leathers
East Carolina University
ICTN 6865
A Closer Look
Abstract
2
Due to the advance technology of the Internet, the government, private industry and the everyday
computer user have fears of their data or private information being comprised by a criminal
hacker. C.C. Palmer (2001), who manages the Network Security and Cryptography department at
the IBM Thomas J. Watson Research Center writes, “they are afraid that some hacker will break
into their Web server and replace their logo with pornography, read their e-mail, steal their credit
card number from an on-line shopping site, or implant software that will secretly transmit their
organization’s secrets to the open Internet” (p. 1). This hacking is not only widespread, but is
being executed so flawlessly that the attackers compromise a system, steal everything of value
and completely erase their tracks within 20 minutes (EC-Council [ECC], p. 2). Because of
criminal hackers, ethical hacking is rapidly becoming an accepted business practice. This paper
will define ethical hacking, list some of the commonly use terms for attackers, provide a list of
the standard services offered via ethical hacking to combat attackers, discuss the three common
group of hackers and the top 10 most famous hackers, and finally discuss legal implications of
hacking.
A Closer Look
A Closer Look at Ethical Hacking and Hackers
3
One of the most significant current discussions in the information technology community
is ethical hacking. The topic of discussion varies from “why is ethical hacking so popular” to
“can hacking be ethical”.
Why is ethical hacking so popular? Author James Tiller (2004), a security services
expert, states his opinion of why ethical hacking is so popular as “Several reasons can be
attributed to the frenzy we’re seeing, but for me one seems to stand out. Based on hundreds of
conversations with companies throughout the United States and most of Europe, many feel they
are practicing sound security and have tamed the beast. Now all that is left for them is to test
what was implemented and apply a patch or two”(p. 10).
Can hacking be ethical? According to author Kimberly Graves (2007), the answer is
“Yes! Ethical hackers are usually security professionals or network penetration testers who use
their hacking skills and toolsets for defensive and protective purposes”(p. 7).
Ethical Hacking Defined
What is ethical hacking? Ethical hacking is the controversial practice of employing the
tools and tactics of hackers to test the security precautions protecting a network (Livermore,
2007, p.1). Ethical hacking is also called “penetration testing” and “intrusion testing” or “red
teaming,” a term used when the U.S. government began hacking its own systems in the 1970s. In
the 1980s, telecommunications companies – a frequent target of budding cybervandals who
could gain street credibility by messing with the local phone company – began using ethical
hacking as well. Banks caught on in the 1990s, and later in that decade, most e-commerce firms
depended on ethical hacking as a critical security measure, since a single interruption or intrusion
A Closer Look
4
could cause massive financial problems (Coffin, 2003, p.1). Consequently, a company main goal
in hiring ethical hackers is to test for vulnerabilities and mitigate them or defend against them.
Who Are the Attackers?
Ethical hackers are up against several individuals in the battle to secure the network. The
following list presents some of the more commonly used terms for these attackers (Immortal,
2008):
Phreakers
– The original hackers. These individuals hacked telecommunication and PBX
systems to explore the capabilities and make free phone calls. Their activities include
physical theft, stolen calling cards, access to telecommunication services, reprogramming
of telecommunications equipment, and compromising userids and passwords to gain
unauthorized use of facilities, such as phone systems and voice mail.
Script/Click Kiddies
– A term used to describe often younger attackers who use widely
available freeware vulnerability assessment tools and hacking tools that are designed for
attacking purposes only. These attackers typically do not have any programming or
hacking skills and, given the technique used by most of these tools, can be defended
against with the proper security controls and risk mitigation strategies.
Disgruntled employee
– Employees who have lost respect and integrity for the employer.
These individuals might or might not have more skills than the script kiddies. Many
times, their rage and anger blind them. They rank as a potentially high risk because they
have insider status, especially if access rights and privileges were provided or managed
by the individual.
Whackers
– Whackers are typically newbie who focus their limited skills and abilities on
attacking wireless LANs and WANs.
A Closer Look
Software Cracker/Hacker
– Individuals who have skills in reverse engineering software
programs and, in particular, licensing registration keys used by software vendors when
installing software onto workstations or servers. Although many individuals are eager to
5
partake of their services, anyone who downloads programs with cracked registration keys
are breaking the law and can be a greater potential risk and subject to malicious code and
malicious software threats that might have been injected into the code.
Cyber-Terrorists/Cyber-Criminals
– An increasing category of threat that can be used to
describe individuals or groups of individuals who are typically funded to conduct
clandestine or espionage activities on governments, corporations, and individuals in an
unlawful manner. These individuals are typically engaged in sponsored acts of
defacement; DoS/DDoS attacks identify theft, financial theft, or worse, compromising
critical infrastructures in countries, such as nuclear power plants, electric plants, water
plants, and so on.
System Cracker/Hacker –
Elite hackers who have specific expertise in attacking
vulnerabilities of systems and networks by targeting operating systems. These individuals
get the most attention and media coverage because of the globally affected viruses,
worms, and Trojans that are created by System Crackers/Hackers. System
Cracker/Hackers perform interactive probing activities to exploit security defects and
security flaws in network operating systems and protocols (p.10).
Standard Services Offered to Combat the Attackers
Because of the onslaught of hacker attacks, companies offer ethical hacking services to
combat the attackers. Bill Coffin (2003), in his article
IT takes a thief: Ethical hackers test your
defenses,
points out that “what goes into ethical hacking depends on the range of services

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin