Scribd
Upload
22 views4 pages

Ethical Hacking: Importance and Techniques

The document discusses ethical hacking, which is the practice of identifying vulnerabilities in systems with the consent of the owner to prevent malicious attacks. It outlines the differences between ethical hackers, black-hat hackers, and gray-hat hackers, as well as the various phases and tools used in ethical hacking. The need for ethical hackers in organizations is emphasized to protect sensitive information from cyber threats.

Uploaded by

hk9102871
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views4 pages

Ethical Hacking: Importance and Techniques

The document discusses ethical hacking, which is the practice of identifying vulnerabilities in systems with the consent of the owner to prevent malicious attacks. It outlines the differences between ethical hackers, black-hat hackers, and gray-hat hackers, as well as the various phases and tools used in ethical hacking. The need for ethical hackers in organizations is emphasized to protect sensitive information from cyber threats.

Uploaded by

hk9102871
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

ETHICAL HACKING

AN IMPACT ON SOCIETY
Mansi Bhargava , Harsh Golhani , Nitish Thakur
Dept. of Artificial Intelligence & Machine Learning
Lakshmi Narain College of Technology & Science , Bhopal

Madhya Pradesh – India

ABSTRACT

Hacking is common process which results in the breaching of one’s privacy and confidential
information . Ethical Hacking is the way to find out the weakness and vulnerabilities in the system or
computer network . It is a way to describe the procedure of Hacking in an ethical way for any network
. Hacking is also known As unauthorized intrusion However hacking was not always perceived as theft
and used for productive causes . Such type of hacking that involves good intention is known as ethical
hacking .

Keywords:- Ethical Hacking, Hackers.

DEFINING ETHICAL HACKING


Ethical Hacking , as the name suggests a hacking which is Ethical. It is also called as penetration
testing. The Immense advancement of the internet exists to brought large amount of improvements
like electronic Commerce , Elcetronic Mail , Distance learning facilities , Electronic Banking calling
Disadvantages . The term hacking is divided into two types depending on the intention behind hacking
process. The two types are white-hat hacking and black-hat hacking. According to CDN, white-hat
hacking refers to ethical hacking which is performed with the target’s agreement to discover system’s
vulnerability from a hacker’s perspective. Such type of hacking is done to secure the system from
black-hat hackers who have malicious intentions of stealing and exploiting personal information.
Ethical hacking is legal since it is performed after acquiring the target’s consent. According to CDN,
the process of ethical hacking confirms the claim of multiple vendors about the security of their
products. The significance of ethical hacking is boundless since it comes in handy for protecting crucial
systems, networks, and accounts from data thieves by thinking exactly like them. It provides full
control to the information owner, detects system flaws, strengthens computer security, prevents system
attacks, and respects privacy with the advancement of technical systems and rapidly progressing
technology-oriented future, there is a dire need of ethical hacking. This paper will define ethical
hacking , difference between hackers and crackers , provide a list of phases of hacking , different types
hacker and there work .
ETHICAL HACKERS AND THEIR PURPOSE

The people who specialize in ethical hacking process are known as ethical hackers. They are the
professionals who hack into a system or network to locate possible faults, pitfalls, and
vulnerabilities that may be exploited by black-hat hackers or crackers (Babbar, Jain and Kang).
The skills and mindset of ethical hackers are equal to hackers with malicious intentions but they
can be trusted. Ethical hackers are certified and authorized for performing hacking on target
systems ("Certified Ethical Hacker - CEH Certification | EC-Council"). An ethical hacker has
legal permission to access target’s personal details and modify target system. The talents
possessed by an ethical hacker can be used to limit cyber crime. Along with the white-hat and
black-hat hackers, another category of hackers was also discovered who work in close affiliation
with ethical hackers yet face some social consequences. These hackers are known as gray-hat
hackers who hack technical and network systems for good causes like helping organizations to
fix security issues, but are unauthorized (Radziwill et al.). Gray-hat hackers implement ethical
hacking but their unauthorized approach leads to lack of social acceptance. Ethical hackers are
hired by agencies

Ethical hacking is learning the conception of hacking & applying them to secure any systems,
organization for any great cause. Fig.1 describes the levels for ethical hacking consisting of five
blocks :-
• Reconnaissance
• Maintaining Access
• Scanning & Enumeration
• Gaining Access
• Clearing Tracks

Figure.1- Ethical Hacking Steps

Reconnaissance
It is the set of procedures & technique used to gather information’s about the target
systems secretly. In this, the ethical hacker seeks to gather as more information as
possible about the target systems.

Maintaining Access
Once the intruder has got access to the targeted systems, he can take advantage of
both the systems & its resources & use the systems as a catapult pad for testing &
harming othersystem, or can retain the low profile & continue to exploit the systems
without the genuine user knowing every acts.

Scanning & Enumeration


The 2nd step of the penetration testing & ethical hacking is the enumeration and
scanning. Scanning is the common technique that pen tester uses to find the open
door. Scanning is worn to determine the weaknesses of the service that operate on
the port. They need to figure out the operating systems included, live host, firewalls,
services, intrusion detection, perimeter equipment, routing & general networks
topology (physical network layout) that are parts of the targets organization during
this phase. Enumeration is the main priority network attack. Enumeration is a
producer by actively connecting to it to collect information about the target machine
.

Gaining Access
Once the observation is finished & every weakness are tested, the hackers then attempts with the
helps of some tools & techniques to gain access. This essentially focuses on the retrieval of the
password. Either bypass techniques (like using konboot) or password cracking the techniques
that can be used for this by hacker.

Clearing Tracks

For several purposes such as avoiding detection & further penalizing for intrusion, an offender
will destroy confirmation of his activities and existence. Eliminating evidence that is often
referred to the ' clearing tracks ' is the requirement for every intruder who needs to remain
anonymous and prevent detect back. Usually this steps begins by delete the adulterate logins or
all other possible errors messages generated from the attack process on the victim system.

TOOLS USED IN ETHICAL HACKING


1. Tools for Reconnaissance:
Google, Whois Lookup and NSLookup.

2. Tools for Scanning: Ping:


Tracert, Nmap, Zenmap, Nikto WebsiteVulnerability Scanner, Netcraf t.

3. Tools for Gaining Access:


John the Ripper, Wireshark, KonBoot, pwdump7, Aircrack, Fluxion, Cain and Abel.

4. Tools that are used for the Maintaining Access:


Metasploit Penetration Testing Software, Beast, Cain & Abel.

5. Tools for Clearing Tracks:


Metasploit Penetration Testing Software, OS Forensics

NEED OF ETHICAL HACKERS IN THE INDUSTRY


As every organization has its own confidential information which can be hacked by
the malicious hackers or can be damaged by them therefore in order to protect that
information the organizations heir ethical hackers and allow them to hack their own
systems ethically any Now starting with some hacking attacks performed by the
hackers over the internet with the help of linux system.
Linux operating system just like the windows and Mac. An operating system is an
interface between the user and the computer hardware. Unlike Microsoft Windows
and Mac operating systems the Linux are the open source operating systems as it is
distributed under open source license. It is more secure than the windows and has
very less number of viruses known which will harm Linux OS. Further in this paper
the attacks are performed on the Kali Linux Operating System.
Kali Linux Operating system is a Linux distribution which is mainly used for
penetration testing and security auditing. Kali Linux contains various tools for
computer forensics, penetration testing, reverse engineering etc. Kali Linux is
developed by “Offensive Security”. The kali Linux Security Attack like 1. Phishing
2. Denial of Services (DOS) 3. Man in the middle attack 4. Wi-Fi

Common questions

Powered by AI

Tools like Metasploit and Cain & Abel help maintain access by managing the system's access points and potentially exploiting additional vulnerabilities for continued analysis. Ethical considerations involve ensuring that maintaining access does not compromise user privacy or lead to unauthorized data exploration. Ethical hackers must avoid unnecessary system modifications and must have precise permissions covering all actions taken .

Ethical hacking can be integrated by conducting regular penetration tests to identify and mitigate emerging threats proactively. Organizations can employ ethical hackers to continuously monitor and adapt security measures, ensuring that defenses evolve alongside threat landscapes. Collaboration with ethical hackers allows for a comprehensive understanding of potential system vulnerabilities, thereby enhancing the overall robustness of the organization's cybersecurity strategy to address both current and future threats .

Certification and legal authorization are crucial because they ensure ethical hackers operate within a recognized framework that guarantees their actions are legal and systematic, minimizing risks for both the hacker and the organization. Certifications like Certified Ethical Hacker (CEH) validate the skills and knowledge necessary to execute hacking tasks responsibly. Legal authorization reinforces trust between ethical hackers and organizations, ensuring that the hacking process benefits the organization without legal issues .

Open-source operating systems like Linux, particularly Kali Linux, offer advantages for ethical hacking due to their customizable nature and wide array of security tools tailored for penetration testing and security auditing. These systems are more secure with fewer known viruses compared to other operating systems, providing a robust environment for ethical hackers to test and strengthen security measures without the interference of malware .

Ethical hackers operate with explicit consent from organizations and aim to strengthen security by exposing vulnerabilities in a controlled manner. In contrast, gray-hat hackers might also discover vulnerabilities with good intentions but without authorization. Therefore, organizations are more likely to employ ethical hackers due to their adherence to legal processes, whereas gray-hat hackers, despite their good intentions, might face legal repercussions due to unauthorized access .

Ethical hackers prevent cybercrime by identifying system vulnerabilities before malicious hackers can exploit them. They simulate potential attacks to test the robustness of an organization's security measures, ensuring systems are patched and secure. By thinking like a hacker, ethical hackers can anticipate and prevent unauthorized data breaches, protecting sensitive information from being accessed by cybercriminals .

Ethical hacking is instrumental in testing the security claims of vendors. By simulating potential attacks, ethical hackers can validate whether a vendor's security measures are effective against real-world threats. This scrutiny helps organizations make informed decisions about deploying or continuing to use a product based on reliable security assessments, thereby ensuring that claims are not merely theoretical .

Although gray-hat hackers often aim to help by identifying security weaknesses, their unauthorized activities can lead to legal issues, privacy violations, and distrust among organizations. Unauthorized hacks, even when intended to be helpful, can compromise sensitive data and violate the law, resulting in negative repercussions for individuals and entities involved, despite the benign intentions .

The primary steps in ethical hacking are Reconnaissance, Scanning & Enumeration, Gaining Access, Maintaining Access, and Clearing Tracks. Reconnaissance involves gathering information about the target system to identify potential vulnerabilities. Scanning & Enumeration determine the live hosts and open ports. Gaining Access uses identified vulnerabilities to infiltrate systems. Maintaining Access involves ensuring continued access to the system for exploit analysis. Clearing Tracks involves deleting logs to conceal hacking activities and avoid detection .

Ethical hacking differs from malicious hacking mainly in terms of the intentions and permissions involved. Ethical hacking is conducted with the target's consent and aims to identify vulnerabilities to secure systems, whereas malicious hacking is unauthorized and intends harm or theft of information. In practical scenarios, ethical hackers operate under legal frameworks, often adhering to a structured process like penetration testing, while malicious hackers exploit system weaknesses for personal gain or disruption .

You might also like