Ethical hacking explained
阅读时间 3 分钟
While the public might see hackers as vicious criminals, many operate as law-abiding professionals, helping to keep us safe. This is what ethical hacking is all about. But what do ethical hackers do exactly? And how can you become one?
What is ethical hacking?
Ethical hacking (also called white-hat hacking) is the use of hacking techniques for good, legal reasons, usually with the permission of the hacking target.
For example, ethical hackers can try to gain unauthorized access to an organization’s systems in order to expose and report vulnerabilities. A company can then use this data to improve its security.
What do ethical hackers do?
Ethical hackers are cybersecurity experts who test their clients’ security by penetrating their systems and identifying vulnerabilities. This process is also called penetration testing. While unethical or black-hat hackers exploit systems for malicious reasons such as financial gain, terrorism, or other disruptions, ethical hackers use the same tools to help their targets (clients) to stay safe.
Back-hats and white-hats often use the same methods, so there are many cases of black to white hat conversion. Sometimes, the victims of black hatters even hire them later on as their cybersecurity experts.
Ethical hacking in five steps
Like black hats, ethical hackers go through a series of steps to carry out their work.
1. Reconnaissance
In this phase, a hacker gathers data about their target. The reconnaissance can be active or passive. Active is when a hacker directly communicates with the target to obtain info, while passive is when the hacker does this secretly or indirectly by using online searches or social media.
2. Scanning
The hacker analyses the data gathered during the reconnaissance phase and picks out the tools to hack the system.
There are three stages in this phase: pre-attack, port scanning/sniffing, and information extraction. In the pre-attack stage, a hacker looks for more specific data based on the information found in the reconnaissance phase. In the port scanning stage they scan for data with port and vulnerability scanners. The information extraction stage takes place when hackers collect details about the machines and operating systems they plan to attack.
3. Gaining access
This is the phase when actual hacking takes place. Here the hacker uses their tools and acquired data to access the system, gain the required privileges, and take it over.
4. Maintaining access
After penetrating the system, hackers try to maintain their access for future attacks and prevent a target from discovering their presence. They also employ various tools (e.g. trojans or other malicious files) to initiate further attacks.
5. Covering tracks
In this last phase hackers try to cover their tracks, so that security personnel or law-enforcement won’t find out about the attack.
How to learn ethical hacking
Put simply, you become an ethical hacker by doing ethical hacking. If you’re going down this road, you should follow the ethical hacker’s code of conduct. The code includes some key rules:
- Don’t disclose any confidential information;
- Always inform the relevant persons about the potential dangers;
- Be honest and transparent about your experience and competencies;
- Don’t use illegal software;
- Don’t engage in dodgy financial practices;
- Don’t associate with black-hatters.
There are also official courses and hacker certification programs, which can provide hackers with official certificates.
One of the most popular Certificated Ethical Hacker (CEH) exams is provided by the EC Council. But there are also other hacker-certifying organizations such as SANS GPEN, Offensive Security Certified Professional, Foundstone Ultimate Hacking, and more.
