Tuesday, December 25, 2012

Ethical Hacking


By Raul Bernardino
Introduction:
Today global communication has become an easy to communicate and become a complex to control. Moreover, it has become a huge issue on data migration whereas without any boarder. Nobodies know exactly known with whom they are connected. Either, they are connected to the right and wrong infrastructure or a person. Nobodies can guaranty, that their networks and systems are most secure than the others.

Ethical hacking is a science of the computing security in which is to test the vulnerability of his/her networks or standalone personal computer (PC). The technical person will be closing all open ports or plug all other systems holes before the bad person is trying get into system and attack the networks or the individual PCs.
Several ethical hacking whereas sometimes are hard to define. Either, they are still in an ethical corridor or they are in the hacker parts. There are several types of ethical hacking that can be explained the differences between ethical hacking and hackers.

Moreover, before we talk about the ethical hacking issues, there are several fundamental elements, that we need to know. They are: the important issue of the security in the system, several elements of the security, to see phases of the hacking, etc.

Why should we talk about the importance of the security? It is because, in today technologies are intending to be an easy for the users to be used, the technology and the complexity of the network in which we have no ideas whereas the level of the security, either it is secured or not. There is a triangle model (annex: picture 1) in which can explain about the three component of the technology. They are functionality, security, and easy to use. If the technology is focusing on “easy to use” then there would be less functionality and security. Same as if the technology is focusing on the functionality, there would be less secure and more complex of the using the technology and so on so for. 

The elements of the security are: the data integrity, the confidentiality of the information, authenticity, and availability of the data. (Annex: picture 2)

Additionally hacking phases are: starting from recognizing, scanning, gain the access, maintain the access, and clear the track.  (Annex: picture 3)

“White hat cracking”: This is a first type of ethical hacking in which is involving a security test to the network system or standalone PC with an agreement upfront or with the signed contract arrangement. This is ensured the scope of testing produce, a report, and recommendation.

“Grey hat cracking”: This is a second type of ethical hacking in which without establishing an agreement upfront before he or she is assessing the target system environment and possible to identify the vulnerability of the system. Additionally, they will be reporting or informing the facts to the system administrator or network administrator to know the status. This type sometime can be become white or black hat.

“Black hat cracking”: This is a third type of ethical hacking in which is involving to access the systems. Anyone can determine that black hat is immoral. However, it is depending on the target. If black hat is after gain the access he/she is intend delete some information or controlling the information then it should categorize as crime. The black hat has more knowledge on how to cracking a systems and find the possibility to prevent hacker then he or she doing a good job. The black hat is also able or have the ability to make counter-attack of phishing on server, spam, etc.

“Hacktivism”:  This is another type of the cracking or hacking; however, this one has higher level of purpose of cracking the system. For instance, it has political agenda behind the attack. The cracker is sending a message to target attack that they are able to do so.

“Is it possible to crack systems and still be ethical? Support your position”.
My answer would be two: Yes, if the crackers are in the corridor of white hat, grey hat with the condition of reporting to the target, and black hat with ability to counter-attack the phishing and plug all holes.
No if the crackers like grey hat is not informing the issues finding to the target and back hat use his/her ability to delete some information on the target or control the target. Whatever is the reason to gain unauthorized access is crime.

Conclusion:  As a computing professional, we have to have a responsibility in every activities of hacking. In this sense, either you are a white hat, grey hat, or black hat it does not a matter.
Annex:

Picture 1: Triangle from Module 01 v 6.1 of CEH P.12


Picture 2: Element of Security from Module 01 v 6.1 of CEH P.11


Picture 3: Phases of hacking from Module 01 v 6.1 of CEH P.14

Reference list:
·     Adams, A.A. & McCrindle, R.J. (2008) Pandora’s box: Social and professional issues of the information age. West Sussex, England: John Wiley & Sons, Ltd. Ch 11, P. 366-369

·        Hacking For Dummies: Ch 1 - Intro to Ethical Hacking  [on-line]. Available from: http://www.ethicalhacker.net/content/view/21/2/  (Accessed date: February 12, 2011)

·        Crack System [on-line]. Available from:  http://www.brainmass.com/homework-help/computer-science/other/297377  (Accessed date: February 12, 2011)

·        Introduction to Ethical Hacking [on-line]. Available from:  http://media.techtarget.com/searchNetworking/downloads/hacking_for_dummies.pdf  (Accessed date: February 12, 2011)

·        The Ethics of Vulnerability Research [on-line]. Available from: http://www.schneier.com/blog/archives/2008/05/the_ethics_of_v.html  (Accessed date: February 12, 2011)

 

 

1 comment:

  1. Lucky Timor-Leste Has constitution to protect its citizen privacy's:

    Section 36
    (Right to honour and privacy)
    Every individual has the right to honour, good name and reputation, protection of his or
    her public image and privacy of his or her personal and family life.

    Section 37
    (Inviolability of home and correspondence)

    1. Any person's home and the privacy of his or her correspondence and other means of
    private communication are inviolable, except in cases provided for by law as a result
    of criminal proceedings.

    2. A person's home shall not be entered against his or her will, except under the written
    order of a competent judicial authority and in the cases and manner prescribed by
    law.

    3. Entry into any person's home at night against his or her will is clearly prohibited,
    except in case of serious threat to life or physical integrity of somebody inside the
    home.

    Section 38
    (Protection of personal data)

    1. Every citizen has the right to access personal data stored in a computer system or
    entered into mechanical or manual records regarding him or her, and he or she shall
    have the right to demand the purpose of such data.

    2. The law shall determine the concept of personal data, as well as the conditions
    applicable to the processing thereof.

    3. The processing of personal data on private life, political and philosophical
    convictions, religious faith, party or trade union membership and ethnical origin,
    without the consent of the interested person, is prohibited.

    ReplyDelete