Well, was busy collecting material for this blog and couldn't complete as soon as I had thought. So, this blog's late by a week and I apologize. Of course, it doesn't make any difference to people like you, who visit this page only after me reminding you many times. Let's get to the topic.
The idea of ethical hacking techniques was first discussed outside the American military, by Farmer and Vienna. They assembled all the tools that they have used and made SATAN (Security Analysis Tool for Auditing Networks) which they placed on the internet for free download in 1990s. This SATAN tool checked the system vulnerabilities and advised the computer users about how to rectify the errors in system security.
The successful ethical hackers possess wide variety of skills. But the first and foremost thing about ethical hackers is that they have to be honest and trustworthy. This is because while testing the security of client system, they may get access to client's information that should be kept secret. Because of the sensitivity of the information, ethical hackers are provided with isolated labs for testing, secure local area network, strong cryptography, etc. Ethical hackers have strong programming and networking skills and they have more drive and patience than others. The work of the ethical hackers requires lot of time and persistence because crackers are known to be extremely patient and monitor systems for weeks to exploit even a single opportunity.
It's more important that ethical hackers know the techniques of criminal hackers to prevent their attacks. According to C.C. Palmer of IBM, the best ethical hacker candidates will have successfully published research papers or released popular open-source security software. Hiring of ex-hackers as ethical hackers is potentially dangerous for any company as the foremost trait required in an ethical hacker is
trust.
An ethical hacker's evaluation of system security seeks answers for 3 important questions.
1. What information can the intruder gain from the system?
2. What can he do with that information?
3. Can anyone notice if the intruder gains access to the system?
From the client's side, an ethical hacker would like to find answers to questions like... what information should be protected, from whom should that be protected and most importantly the time, effort and budget that the client can invest. Once the answers are found, the ethical hackers and the client sign an agreement commonly referred to as "get out of jail free card". This agreement protects the ethical hackers against possible prosecution. This agreement also contains the precise information of the network addresses and modem telephone nos of the client's system.
Once the target systems are identified, the agreement should also describe how they should be tested. Best one is a "no-hold-barred" approach (very well known to WWE viewers). In this, the ethical hackers can use any means to enter target system. If the systems are important to the client, then he should encourage this approach as the criminal hackers don't play by client's rules. The ethical hackers should be allowed to perform their actions even in regular working hours as this can give an accurate result about the security holes in the target systems.
More information about this topic will be discussed in the coming blogs. Hope the information was useful in someway or other... Adios amigos...
