Ethical Hacking - Part 1

Ethical Hacking - Part 1

Many people develop an interest in Ethical Hacking, but do you know what ethical hacking means? For understanding ethical hacking, you should first understand the meaning of the word ‘ethical’. ‘Ethical’ is a word derived from the word ‘ethics’ which means the moral code (set of rules). And ethical hacking means hacking while following a set of moral codes. Ethical Hacking involves an authorized attempt to gain unauthorized access to a computer system, application, or data. Carrying out an ethical hack involves duplicating the strategies and actions of malicious attackers. This practice helps to identify security vulnerabilities which can then be resolved before a malicious attacker has the opportunity to exploit them.

Before starting ethical hacking, let’s first learn the types of hackers, types of system attacks, and cyber laws. And then we will begin with some important networks and networking concepts in our next blog.

TYPES OF HACKERS

Hackers can be categorized mainly into 3 types according to their work:

1. White Hat Hacker: It is the type of hacker that does every work legally. If he wants to test a server then he will get the written permission of the server’s owner, and only after getting the permission will he start testing. After testing he gives an honest review of the server and reports all the vulnerabilities. Basically, it follows all the ethics and moral code of a hacker to do good for his company and secure its servers.

2. Black Hat Hacker: They are also called bad hackers as they only do illegal stuff. They find the vulnerabilities of a system to either crash it or hack into the system to extract data and sell it for their own benefit. Any illegal stuff that can be done by hacking is always done by these black hat hackers.

3. Grey Hat Hacker: By now you must have already guessed by the name grey hat that there is a mixture of both black and white hat hackers. And so are they. They are a mix who sometimes secure the systems and sometimes they crash the system or steal and sell the data for their own benefit.

TYPES OF SYSTEM ATTACKS

There are 4 types of basic system attacks. These are:

1. Operating System Attack: If we use the vulnerabilities of an operating system to hack a system then that attack is called the operating system attack. For example, there are some vulnerabilities in Windows like null account and this vulnerability can be used for hacking.

2. Misconfiguration Attack: Whenever we download software, application, or operating system, it comes with some predefined settings. If those settings have a problem, then it is known as misconfiguration. And these misconfigurations can be used for hacking the system. For example, when you buy a new router, it has the default ID and password as admin and admin respectively. So, if we don’t change these credentials, then they can be considered misconfigurations and they can be used for hacking.

3. Application-Level Attack: While using an application, if there is a vulnerability because of the developer or there is a problem because of the developer and various attacks can be used like SQL Injection or Cross-Site Scripting, then the attack is known as an application-level attack.

4. Shrink Wrap Code Attack: In the above applications, if someone reports to the application developer or the system owner about the vulnerabilities and problems, but still the updates or patches haven’t been released, and in the meantime, another hacker hacks the application or system then that attack falls in the shrink-wrap code attack.

CYBER LAWS

There are some important cyber laws that you should know about, which are as follows.

• The Patents (Amendment) Act, 1999

• Trade Marks Act, 1999

• The Copyright Act, 1957

• Information Technology Act, 2000

These are some laws that you should follow to maintain your ethics, to maintain your morality as an ethical hacker. After all, ethics are the most important thing for a hacker to become an ethical hacker. Now let’s conclude the blog with these cyber laws and we will continue with the networking in the next blog.