Beruflich Dokumente
Kultur Dokumente
Ô
INTRODUCTION
Ethical hacking ,also known as penetration testing or
white-hat hacking, involves the same tools, tricks,
and techniques that hackers use, but with one major
difference that Ethical hacking is legal. Ethical
hacking performed with the target¶s permission. The
intent of ethical hacking is to discover vulnerabilities
from a hacker¶s viewpoint so systems can be better
secured. It¶s part of an overall information risk
management program that allows for ongoing
security improvements.
ECURITY
ecurity is the condition of being protected against danger
or loss. In the general sense, security is a concept similar
to safety. In the case of networks the security is also
called the information security. Information security
means protecting information and information systems
from unauthorized access, use, disclosure, disruption,
modification, or destruction. Usually the security is
described in terms of CIA triads.
ÈCONFIDENTIALITY
ÈINTEGRITY
ÈAVAILABILITY
CONFIDENTIALITY
Confidentiality is the property of preventin disclosure of
information to unauthorized individuals or systems.
This implies that the particular data should be seen only
by the authorized personals. Those persons who is a
passive person should not see those data.
For example in the case of a credit card
transaction, the authorized person should see the credit
card numbers and he should see that data. Nobody
others should see that number because they may use it
for some other activities. Thus the confidentiality is very
important. Confidentiality is necessary for maintaining
the privacy of the people whose personal information a
system holds.
INTEGRITY
Integrity means that data cannot be modified without
authorization. This means that the data seen by the
authorized persons should be correct or the data should
maintain the property of integrity. With out that integrity the
data is of no use.
Integrity is violated when a computer virus infects a
computer, when an employee is able to modify his own
salary in a payroll database, when an unauthorized user
vandalizes a web site, when someone is able to cast a very
large number of votes in an online poll, and so on. In such
cases the data is modified and then we can say that there is
a breach in the security.
AVAILABILITY
For any information system to serve its purpose, the
information must be available when it is needed.
Consider the case in which the data should have
integrity and confidentiality. For achieving both these
goals easily we can make those data off line. But then
the data is not available for the user or it is not
available. Hence the data is of no use even if it have all
the other characteristics. This means that the computing
systems used to store and process the information, the
security controls used to protect it, and the
communication channels used to access it must be
functioning correctly.
NEED FOR ECURITY
Computer security is required because most
organizations can be damaged by hostile software or
intruders. There may be several forms of damage
which are obviously interrelated which are produced
by the intruders. These include:
Ɣ lose of confidential data
Ɣ damage or destruction of data
Ɣ damage or destruction of computer system
Ɣ loss of reputation of a company
HACKING
A hacker is a person who is interested in a particular
subject and have an immense knowledge on that subject.
In the world of computers a hacker is a person intensely
interested in the arcane and recondite workings of any
computer operating system. Most often, hackers are
programmers with advance knowledge of operating
systems and programming languages.
Eric Raymond, compiler of ³The New Hacker's
Dictionary´, defines a hacker as a clever programmer.
A "good hack" is a clever solution to a programming
problem and "hacking" is the act of doing it.
Raymond lists five possible characteristics that
qualify one as a hacker, which we paraphrase here:
Ɣ A person who enjoys learning details of a
programming language or system
Ɣ A person who enjoys actually doing the
programming rather than just theorizing about it
Ɣ A person capable of appreciating someone else's
hacking
Ɣ A person who picks up programming quickly
:A person who is an expert at a particular
programming language or system
TYPE OF HACKER
Hackers can be broadly classified on the basis of why
they are hacking system or why the are indulging
hacking. There are mainly three types of hacker on this
basis
Èi
È
È
Ɣ i
Ɣ
Ɣ ocial Engineering
The best and the most common method used to crack the
password is social engineering. In this technique the
hacker will come in direct contact with the user through a
phone call or some way and directly ask for the password
by doing some fraud.
ȳhttp://netsecurity.about.com´
ȳhttp://researchweb.watson.ibm.com´
ȳhttp://www.eccouncil.org´
ȳhttp://www.ethicalhacker.net´
ȳhttp://www.infosecinstitute.com´
ȳhttp://searchsecurity.techtarget.com´
``