Monday, 2 January 2017

Ethical Hacking, What is it and what are the different categories


Reference: Ethical Hacking and Penetration with Kali Linux



What is Ethical hacking?


Ethical hacking is a technique to find out the vulnerabilities on the network and systems and recommend how to protect them. The techniques that you learn on this book are purely white hacking techniques to find the holes and risks on the networks and systems.


These techniques must not be used on any production network without having a formal approval from the management team. Using these techniques without having an approval can be illegal and can cause serious damage to others properties.



Types of Ethical hacking

There are multiple types of Ethical hacking but usually they can be categorized as below


White box
When we have full knowledge of the network and the also the systems on the network. The attacker can be an old employee, a relative, vendor or a contractor who has a complete understanding of the infrastructure, software and hardware used within the destined company.


Black box
When we have no knowledge of the infrastructure and try to penetrate without any information. On this type of attack, usually the first step of these type of attacks is to gather enough information about the company, infrastructure and systems. Once all the required information obtained next step is to find the vulnerabilities and try to exploit them.

Vulnerability assessment
This is purely assessing the vulnerabilities on the network and analysing them. This is usually a safe work and won’t have any effect on operation. Most of the times the techniques in this category are not illegal but it is always safe to inform people prior to doing that as there could be some complications.


Penetration testing
This is a type of attack that we try to take over the control of the system or a device. With the techniques in this category there is a high risk of potential interruption to the operation of a device or network. Using these techniques without having a formal approval and commitment from the destined company is illegal.


What are the responsibilities of an Ethical Hacker?


As an Ethical hacker you have a clear responsibly about how you use your knowledge and techniques. It is also very important to understand what the expectations from an Ethical hacker are and what you should consider when assessing the security of a customer’s organization.


Below are a couple of important things you must consider as an Ethical hacker:

  • Must use your knowledge and tools only for legal purposes 
  • Only hack to identify security issues with the goal of defence 
  • Always seek management approval before starting any test 
  • Create a test plan with the exact parameters and goals of test and get the management approval for that plan 
  • Don’t forget, your job is to help strengthen network and nothing else! 






No comments:

Post a Comment