Ethical Hacking
Ethical Hacking
We, humans, are highly tech-savvy in today's times with the extensive use of the internet and modern technologies there is a massive challenge in protecting all our digital data such as the net banking information account credentials and medical reports to name a few have you heard about the deadly one cry ransomware attack the attack happened in May 2017 in Asia and then it spread across the world within a day more than 230,000 computers were infected across 150 countries the one equal crypto worm encrypted the data and locked the users out of their systems for decryption of the data the users were asked for a ransom of 300 to 600 dollars in Bitcoin the users who use the unsupported version of Microsoft Windows and those who hadn't installed the security updates of April 2017 were targeted in this attack the one a cry.
The attack took a toll on every sector top-tier organizations like Itachi Nissan and FedEx had to put their businesses on hold as their systems were effective - now this is what you call a cyber attack to prevent such attacks cybersecurity is implemented we can define cybersecurity as the practice of protecting networks programs computer systems in their components from unauthorized digital attacks these illegal attacks are often referred to as hacking refers to exploiting weaknesses in a computer network to obtain unauthorized access to information.
A hacker is a person who tries to hack into computer systems this is a misconception that hacking is always wrong some hackers work with different motives.
Let's have a look at three different types of hackers
- Blackhat hackers are individuals who illegally hack into a system for monetary gain on the contrary.
- Greyhat hacker as the name suggests the color gray is a blend of both white and black these hackers discover vulnerabilities in a system and report it to the system' owner which is a good act but they do this without seeking the owner's approval sometimes gray hat hackers also ask for money in return for the spotted vulnerabilities.
- Whitehat hackers who exploit the vulnerabilities in a system by hacking into it with permission to defend the organization this form of hacking is legal and ethical hence they are also often referred to as ethical hackers in addition to these hackers.
StoryTime: Let us know more about the hacking that is legal and valid ethical hacking through an interesting story, dan runs a trading company he does online training with the money his customers and best everything was going well and Dan's business was booming until a hacker decided to hack the company's servers the hackers stole the credentials of various trading accounts he asked for a lump-sum ransom in exchange for the stolen credentials Dan took the hackers words lightly and didn't pay the hacker as a result, the hacker withdrew money from various customers accounts and Dan was liable to pay back the customers Dan lost a lot of money and also the trust of his customers after this incident, Dan gave a lot of thought as to what could have gone wrong with the security infrastructure in his the company he wished there was someone from his company who could have run a test attack to see how vulnerable systems were before the hacker penetrated into the network this was when he realized he needed an employee who thinks like a hacker and identifies the vulnerabilities in his network before an outsider does do this job he hired an ethical hacker John John was a skilled professional who worked precisely like a hacker in no time he spotted several vulnerabilities in Dan's organization and closed all the loopholes hiring an ethical hacker helped Dan protect his customers from further attacks in the future this, in turn, increased thecompany's productivity and guarded the company's reputation so now you know hacking is not always bad John in this scenario exposed the vulnerabilities in the existing network and such hacking is known as ethical hacking.
Ethical hacking is distributed into six different phases. Let us look at these phases step by step with
respect to Al John our ethical hacker will act before launching an attack.
- The first step John takes is to gather all the necessary information about the organization's system that he intends to attack this step is called reconnaissance. He uses tools like the map and H ping for this purpose.
- John then tries to spot the vulnerabilities if any in the target system using tools like in map and expose this is the scanning.
- The phase now that he has located the vulnerabilities he then tries to exploit them this step is known as gaining access.
- After John makes his way through the organization's networks he tries to maintain his access for future attacks by installing backdoors in the target system the Metasploit tool helps him this phase is called maintaining access.
- John is a brilliant hacker, hence he tries his best not to leave any evidence of his attack this is the fifth phase clearing tracks
- In the last phase that is reported, John documents a summary of his entire attack the vulnerabilities he spotted the tools he used, and the success rate of the attack looking into the report Dan is now able to take a call and see how to protect his organization from any external cyberattacks.
Don't you all think John is an asset to any organization if you want to become an ethical hacker like John then there are a few skills that you need to acquire first and foremost you need to have a good knowledge of operating environments such as Windows Linux UNIX and Macintosh you must have reasonably good knowledge of programming languages such as HTML PHP Python SQL and JavaScript. Networking is the basis of ethical hacking hence you should be good at it, ethical hackers should be well aware of security laws so that they don't misuse their skills finally you must have a global certification on ethical hacking to successfully bag a position of an ethical like John.
Thank you guys for being with me till the end of the blog. See you in the next blog stay blessed.
JazakALLAH!
Comments
Post a Comment