What is ethical hacking?

In an ethical hacking, a computer and network professional attacks a security system on behalf of its owners seeking vulnerabilities that a malicious hacker can exploit. Ethical hacking is also known as “penetration testing”, “intrusion testing” and “red teaming”. A person who is associated with ethical hacking is sometimes called a white hat. Ethical hackers apply the same methodologies as their less ethical counterparts, but report the network weaknesses to the network owners, rather than take advantage of such weaknesses.

An ethical hacker is a person who can be trusted and generally employed with an organization to carry out an effort to create hole or penetrate in networks and/or computer systems using the same methods as the regular hacker used. The distinguishing characteristic of an ethical hacker is that he or she is expressly authorized to investigate the target. A certified ethical hacker is a capable professional who identifies and knows how to look for the weaknesses and vulnerabilities in target systems and he makes use of knowledge and tools similar to that of a malicious hacker.

The Goals Of The Ethical Hacker?

The ethical hacker is there to assist the organization in taking preventive measures against malicious attacks, by attacking the system, but remaining within legal limits. The extensive growth of the Internet has given rise to e-commerce, easy access to vast stores, electronic mail, new opportunities for advertising and information distribution, etc, but these technological improvements have encouraged criminal hackers. Governments, major companies and citizens all over the world are concerned that any hacker can break into their web server and reinstate their insignia with pornography, or have access to their e-mails, steal their credit card number from an on-line shopping site or place software which will secretly transmit their secrets to the Internet. An ethical hacker can help to overcome these problems.

The Ethical Hacker Should Be Trusted?

When, the ethical hackers identify a weakness in the client’s security, the criminal hacker will be more likely to utilize that vulnerability. This is particularly disturbing as the activities of the ethical hackers may hide criminal hacking. It is always advisable to maintain numerous addresses around the Internet from which the ethical hacker’s transmissions will originate and to control origin addresses regularly. Also, the total logs of the tests performed by the ethical hackers are constantly preserved for the final report. Furthermore, in serious cases, additional intrusion monitoring software can be installed at the target to make sure that all the tests are coming from the ethical hacker's machines.
The Ethical Hacker frequently holds the “keys to the company,” and hence must be trusted to exercise rigid control upon any information about a target that could be misunderstood. To understand the information collected at the time of an evaluation requires tough security measures to be taken such as limited-access labs with physical security protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to hold paper documentation from clients, strong cryptography to protect electronic results, and isolated networks for testing to ensure the security of the systems being employed by the ethical hackers themselves. Usually, ethical hackers have strong programming and computer networking skills and have been in the computer and networking business for some years and are skilled at installing and maintaining systems that use the recent accepted operating systems used on target systems.


  Syaf The Geek

April 25, 2007 at 10:39 PM

If you've ever had the certificate, you can make tons of money with it. Ethical Hacking is one hot topics these days. But the certificate is so expensive :(


May 19, 2010 at 5:29 PM

Hey thanks a lot for sharing such a nice article on Ethical Hacking,Really a very nice and detailed review on Ethical Hacking which is very useful for the beginners.Your analysis on Ethical Hacking is Awesome.

By the way for more information on Professional Training and Certification for Ethical Hacking check this link: http://www.eccouncil.org/certification/certified_ethical_hacker.aspx