Hacking Your System Before Others Do It
Saved under News, Opinion, Technology
Please follow & like us :)
Some Hollywood movies have focused their plot on cyber-crime. The story will revolve around someone hacking into the computer system of an organisation and there will be another trying to counter the attack for the greater good. This is what can be described as ethical hacking.
An ethical hacker is a computer and networking expert who attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could exploit.
Ethical hacking is a positive form of information security. It is also known as penetration testing, intrusion testing or red teaming.
Express permission
The first use of ethical hacking occurred in the 1970s when the US government used groups of experts called ‘red team’ to hack down its own computer system.
It has become a sizable sub-industry within the information security market.
An ethical hacker is sometimes called a legal or white hat hacker and the opposite, a black hat, a term that comes from the cowboy movies where the bad guy wore a black hat.
It is important to note that for hacking to be considered ethical, the hacker must obtain express permission from the owner to probe their network and identify potential risks.
Felix Kitaka, a computer programmer, says ethical hacker is a term that is normally frowned upon by some security professionals who see it as a contradiction and prefer the term, penetration tester.
“Many company websites can find themselves victim to malicious hackers and this usually puts their content at risk. When creating a website or a computer system, it is very important to test how penetrable it would be in case a malicious person went in and put the content at risk,” he explains.
Identify gaps
Ronald Eyit, a network administrator at World Vision, says it is very beneficial for organisations to engage security assessment of the production environment by carrying out tasks such network systems penetration tester.
It is because this identifies weaknesses in the network systems in place and a security expert can advise or propose intervention methods.
He adds that it also helps to identify gaps in the team that management can act upon, for instance hire a security consultant to handle the identified gaps or send the current staff for further training.
Techtarget.com best describes the method used by ethical hackers to penetrate a system and bypass its defence.
By submitting your e-mail address, you agree you receive e-mails with relevant topic offers.
Evaluate security
However, unlike their less principled counterparts (black hat hackers), rather than taking advantage of any vulnerabilities found, they document them and provide actionable advice on how to fix them so the organisation can improve its overall security.
Kitaka explains the purpose of ethical hacking is to evaluate the security of a network or system’s infrastructure.
It entails finding and attempting to exploit any vulnerability to determine whether unauthorised access or other malicious activities are possible.
A paper published by SANS Institute on penetration testing, Assessing Your Overall Security Before Attackers Do, vulnerabilities tend to be found in poor or improper systems configuration, known and unknown hardware or software flaws and operational weakness in process of technical counter-measures.
It is also advises that before commissioning an organisation or individual to penetrate your system, it is considered best practice you read their service level and code of conduct agreements.
This covers how testing will be carried out, and how the results will be handled, as they are likely to contain sensitive information about how the system tested.
Useful way
Eyit points out that everyone can be hacked; schools, hospitals, banks. So, it depends on the motive of the hacker.
“Someone can hack to prove or show that they can or to prove that you are vulnerable; another may hack to smear a campaign especially if it is a business rival,” he adds.
A successful test does not mean the network is 100 per cent secure, but it should be able to withstand automated attacks and unskilled hackers.
The goal of penetration testing is to find flaws in network applications and operating platforms that could be exploited by attackers or simply cause business interruption of sorts.
Regular penetration testing can be a useful way to determine with a higher degree of certainty that flaws do exist.
However in order to effectively find these issues before attackers, the testing routine you put together needs to be focused on consistent repeatable testing.
