An Ethical Hacker, also known as a whitehat hacker, or simply a whitehat, is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems. Nowadays, certiﬁed ethical hackers are among the most sought after information security employees in large organizations such as Wipro, Infosys, IBM, Airtel and Reliance among others.
Ethical hacking refers to the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers. Ethical hacking is also known as penetration testing, intrusion testing, or red teaming. An ethical hacker is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems. By conducting penetration tests, an ethical hacker looks to answer the following four basic questions:
1. What information/locations/systems can an attacker gain access?
2. What can an attacker see on the target?
3. What can an attacker do with available information?
4. Does anyone at the target system notice the attempts?
The Ethical Hacking Process:
10 Commandments of Ethical Hacking:
1. Thou shalt set thy goals
An ethical hacker should set simple goals, such as finding unauthorized wireless access points or obtaining information from a wired network system. In any case, the goals should be articulate and well communicated.
2. Thou shalt plan thy work, lest thou go off course
Ethical hackers are bound by constraints. Consequently, it is important to develop a strategy plan which should include identifying the networks to test, specifying the testing interval, specifying the testing process, and obtaining approval of the plan.
3. Thou shalt obtain permission
Written permission is required and should state that an ethical hacker is authorized to perform a test according to the plan. It should also say that the organization will provide legal and organizational support in case criminally charges or lawsuits arise. This is conditional on staying within the bounds of the approved plan.
4. Thou shalt work ethically
An ethical hacker is bound to confidentiality and non-disclosure of information they may uncover. Ethical hackers must also be compliant with their organization's governance and local laws. An ethical hack must not be performed when the company policy or the law for that matter, explicitly forbids it.
5. Thou shalt keep records
Patience and thoroughness are attributes of a good ethical hacker. A hallmark of ethical hacker professionalism is keeping adequate records to support findings. The date and details regarding each test, whether or not they were successful, should be logged and recorded and a duplicate copy of the log book should be kept.
6. Thou shalt respect the privacy of others
An ethical hacker must not abuse their authority. Ethical hackers must snoop into confidential corporate records or private lives. The information that is uncovered should be treated with the same care one would give to their own personal information.
7. Thou shalt do no harm
The actions of an ethical hacker may have unplanned repercussions. It is easy to get caught up in the work and cause a denial of service or trample on someone else's rights. It is important to stick to the original plan.
8. Thou shalt use a scientific process
The work of an ethical hacker should adopt an empirical method. An empirical method will help set quantifiable goals, develop consistent and repeatable tests, and provide tests that are valid in the future.
9. Thou shalt not covet thy neighbour's tools
Ethical hackers will always discover new tools to help them get their job done. Tools are abundant on the Internet and more are coming out all the time. The temptation to grab them all is fierce. Although it is possible to use all of the tools that are available, it is recommended that an ethical hacker choose one and stick with it.
10. Thou shalt report all thy findings
Ethical hackers should plan to report any high-risk vulnerabilities discovered during testing as soon as they are found. Reports are one way for the organization to determine the completeness and thoroughness of the work of an ethical hacker and provides a means for peers to review methodologies, findings, analysis, and conclusions.
Organizations may have a wide variety of computer systems and it is essential for any ethical hacker to have expertise in operating systems, as well as network hardware platforms. It is also fundamental that an ethical hacker posses a solid foundation of the principles of information security