Chapter 1

Introduction

Ethical hacking is an emerging tools used by most of the organizations for testing
network security. The security risks and vulnerabilities in a network can be recognized
with the help of ethical hacking. This research completely concentrates on ethical
hacking, problems that may occur while hacking process is in progress and various
ethical hacking tools available for organizations. Information is the important source for
any organizations while executing business operations. Organizations and government
agencies have to adopt ethical hacking tools in order secure important documents and
sensitive information (Harold F. Tipton and Micki Krause, 2004). Ethical hacker
professionals have to be hired in order to test the networks effectively. Ethical hackers
perform security measure on behalf of the organization owners. In order to bring out
the ethical hacking efforts perfectly a proper plan must be executed. Ethical hacking has
the ability to suggest proper security tools that can avoid attacks on the networks.
Hacking tools can be used for email systems, data bases and voice over internet
protocol applications in order to make communications securely. Ethical hacking can
also be known as penetration testing which can be used for networks, applications and
operating systems (Jeff Forristal and Julie Traxler, 2001). Using hacking tools is a best
method for identifying the attacks before it effect the entire organization. Ethical
hackers are nothing but authorized users for the sensitive information or networks of an
organization. Using hacking techniques for handling employees in organization and for
solving critical judicial cases is not a crime. An ethical hacker use same tools and actions
as performed by normal hacker. The main aspect in ethical hacking is that target
permission is essential for performing hacking on the information. Ethical hacking can
be used while performing security audits in the organization (Kevin Beaver, 2010). Thus,
ethical hacking can help in testing the networks by finding out various vulnerabilities. In
ethical hacking, a user will get permission to access the important data.

Aims and Objectives

Aim

To investigate the importance of ethical hacking and its implementation in organizations

Objectives

 Finding the importance of ethical hacking tools

 Understanding the ethical hacking process
  Implementing ethical hacking tools in an organization

Purpose of Study

The main of this research is to recognize ethical hacking tools that can be used in
organizations and government agencies. Testing the networks is essential in order to
maintain security for the organizational information. The difficulties in networks have to
be recognized by the security professional so that they can be solved before effecting
the organization operations (James S. Tiller, 2005). This research also focuses on carrying
out the ethical hacking tools in a particular organization. The advantages of using
ethical hacking in business firms can be evaluated by this study. Ethical hacking tools
can be implemented in various fields of applications. Various security professionals can
be efficient in ethical hacking tools by undergoing a training process. Another major
intension of this research is to identify the importance of ethical hacking professionals in
providing security to the networks. (Nina Godbole, 2008). Thus, this research entirely
focuses on ethical hacking tools which can be implemented for testing the networks.

Research Context

This research on ethical hacking can be very useful to many organizations as it can
provide clear idea about hacking tools. Security professionals and normal users have to
be trained well in order to use hacking tools. The importance of ethical hacking while
solving many judicial cases can be identified with the help of this research. Management
of an organization can be benefited largely through implementing hacking tools.
Hacking tools implementation process can be understood with the help of this research
(Ronald L. Krutz and Russell Dean Vines, 2007). Network security or data security
engineers in organization will come to know about new ethical hacking methods and
techniques that are available in the present market by concentrating on this research.
The concepts in this study provide knowledge related to security improvements.
Business users can hack the data in order to use it for the purpose of evaluating a
correct process. Management has to take precautionary measures while allowing the
professional to hack ethically because data may be misused (Rajat Khare, 2006). Scholars
who concerned with information security can take the help of this study for attaining the
knowledge on hacking systems. Many organizations are encouraging ethical hacking
professionals in order to control their business operations effectively. Email systems,
data bases and communication applications can avoid or identify attacks by adopting
the hacking tools. Malicious attacks on the information or software can be prevented by
implementing this research while using ethical hacking tools. The organizations that
concerned with security in networks have to use ethical hacking tools (Greg Meyer and
Steven Casco, 2002). Hence from the above discussion it can be understood that,
business firms, investigating agencies, government systems and web users can make use
of this research to achieve the important information in authorized manner.

Chapter 2: Literature Review

Ethical Hacking and its importance

The word hacking is defined as an illegal use of the other’s computer system or the
network resources. Hacker is the term which is formerly meant for the skillful
programmer. This is mostly found in the countries like United States and many other
countries. The word hacker refers to the names of the persons who enjoys the work in
learning the details of the computer systems and stretch the capabilities from the
system (Rajat Khare, 2006). The system of hacking describes the fast improvement in the
new programs that make the codes for the providing a better security to the system
with more efficiency. The word cracker also belongs to the same field it make use of the
hacking skills for the unlawful purposes like email id, intruding into other’s system.
Hacking is of different types such as back door hacking, viruses and worms, Trojan
horses, Denial of Services, anarchists, crackers, kiddies and ethical hacking (Kevin Beaver,
2010). In the types of hacking system one of the most common hacking is ethical
hacking. This is defined as the services that provides the securities for the customer’s
networks, information assets and identifies the vulnerabilities to maintain the reputation
of the corporate sectors before it exploit the company. This type of the hacking system
provides the high securities to the customer’s methodologies and techniques to yield
high qualities of infrastructures. The ethical hacking system includes some of the service
like:

 Application Testing
 War Dialing
 Network Testing
 Wireless Security
 System Hardening

Application Testing

This is an uncover design or the logic flaws which result in the compromising with the
unauthorized accessing of the systems, networks, applications or the information
regarding the systems. This application testing is used for investigating and identifying
the extent and the criticality of the problems exposure to the thick client (Java) and thin
client (web browsers) applications. This application testing includes the services like
client-side application testing and web application testing’s (Joel Scambray, Mike Shema
and Caleb Sima, 2006). The client-side application testing is the process of developing
the software that is used for the measuring the integrated security into the client
software constituents. In this system this testing application is based on the gathering of
the information by observer using the reverse engineering system.

War Dialing

This is one of the services that are provided by ethical hacking. War dialing is a method
of dialing a modem number to identify open modem connection that supplies access in
a remote way to a network for targeting a particular system (Kimberly Graves, 2007).
This word is originated from the day the when the internet has come into the existence
in most of the companies. This follows the method of scanning to find the strength of
the network connection. The tools of War dialing work on the concept that
organizations do not pay attention to dial-in ports like they do towards the firewalls.

Network Testing

The networking testing services of the ethical hacking provides the information on the
exposures of the network, services, and solutions on the convergence, protocols and
system devices including the virtual private network technologies. This testing process
includes a number of constitutes in external and internal devices. It also analyzes the
applications of the voice over Internet protocol within the environment of the
organization (Greg Meyer and Steven Casco, 2002). The main goal of the network
testing application is to make obvious demonstration of the political effects on its
development. By making use of this application into the organization, it provides a
complete enlightenment to the work for determining the result in the organization.

Wireless Security

Wireless security services measures the security in the available architecture to provide a
guidelines to ensure the system integrity and accessibility of the resources. The working
of wireless security is based on the three phases. In the first phase of the operation it
identifies the activeness of the wireless networks (Cyrus Peikari and Seth Fogie, 2003).
The team of the ethical hacking demonstrates the exposure to the attackers with the
space in the wireless network. In the seconds phase of this system it implements a
normal users to evaluate the measures of the security that secures the infrastructures of
the organization to control the accessing of the devices. During the third phase the
team will try to utilize the discovered threats to gain access on other networks. This
provides the security in wireless local area network, virtual private network, intrusion
detection system and wireless public key infrastructure.
System Hardening

The system hardening stresses on the network vicinity. Security is the prime factor that
determines the level of integrity of the information and resources used in the
computing. Effective deployment of the security controls unauthorized, accidental
disruption if resources in information technology (Kevin Beaver and Peter T. Davis,
2005). The system hardening assessment is complemented in three phases. The ethical
hacking team will analyze the network to identify the loop holes in security updates and
other frequent security defects. Scanning of the remote access devices is done for
finding out the vulnerabilities. The configuration vulnerabilities and missing security
updates are determined in the initial phase. In the second step the host operating
system is examined to determine the services available for remote users and their level
of impact. All the TCP/IP services and also the Telnet, FTP, Send-mail, DNS and others
are tested (James S. Tiller, 2005). The packet fragmenting and loose source routing are
used in an attempt to bypass filtering routers and firewalls. The last phase is
complicated as the team uses the information gathered from the first two steps to mine
the weaknesses and threats that were identified to gain access to the host system.
Before the start of the three steps the boundaries for actions and events are determined.
Hence from the above context it can be stated that ethical hacking is a methodology
that is used for gathering the information on the hacker. The ethical hacker is the expert
who is hired by an organization to solve the problems related to hacking in their
network and computer system.

Need for Ethical Hacking

The process of employing someone to hack ones company is ethical hacking. Ethical
hacking is one of the tools that are used to judge the security programs of the
organizations. It is also referred as penetrating testing, red teaming, intrusion testing,
vulnerability and even security judgments. Each one these has different meanings in
different countries. Hacking is also described as new development of the existing
programs, software and code. It makes them better and more efficient (James S. Tiller,
2005). Ethical hacker can know the details of computer while hacking and become the
security professional. It involves in foot-printing, scanning, tacking all the secured
information. Ethical means a philosophy with morality. Hackers hack systems to detect
dangerous, unauthorized access and misuse (Shon Harris, Allen Harper, Chris Eagle and
Jonathan Ness, 2007). Threat and vulnerability are the two dangers the hacker has to
face. The hacking report must be confidential as it should face the organizations security
risks. If this goes wrong in any way the organization results in fatal, penalties and loss.
For example: computer crime is done by misuse of their hacking skills. The need to hack
is for catching the thief. Ethical hacking is the correct method to make your computers
work properly (Kevin Beaver, 2010). Ethical hacker needs higher level skills compared to
penetration testing. Penetration testing is same as ethical hacking but the hacker uses
the penetrating tools and tests the security danger. Ethical hacking is known as “White
Hat” in some of the literature. It tests both the security and protective issues whereas
penetrating test mainly leads with the security issues (Asoke K. Talukder and Manish
Chaitanya, 2008). Some of the websites and companies offer the training, but they
cannot be created they are self-made. Various types of testing need different types of
software’s and tools. Game freaks use hacking technology in order to win the game.
Hackers will discover many ways to hack like trial and error method, operating systems,
online and determining the threats. Ethical hacking is done by hackers on behalf of the
owners, and in normal hacking they use their skills for personal use (Debra Littlejohn
Shinder and Micheal Cross, 2008). Cyber terrorism includes common hacking techniques
such like viruses, email bombs and natural disasters. Thus ethical hacking is done by
hackers on owner’s request. Mainly this is seen in corporate companies and
organizations. Ethical hacking techniques are used for game cheat codes, hacking
accounts and other for good result. Majorly used for fight against cyber terrorism and to
take preventive action on hackers

Types of ethical hackings

Ethical hackers use various methods for breaking the security system in the
organizations in the period of cyber attack. Various types of ethical hacks are:

 Remote Network: This process in especially utilized to recognize the attacks that
are causing among the internet. Usually the ethical hacker always tries to identify
the default and proxy information in the networks some of then are firewalls,
proxy etc.
 Remote dial up network: Remote dial up network hack identify and try to protest
from the attack that is causing among the client modern pool. For finding the
open system the organizations will make use of the method called war dialing for
the representative dialing. Open system is one of the examples for this type of
attacks.
 Local Network: local network hack is the process which is used to access the
illegal information by making use of someone with physical access gaining
through the local network. To start on this procedure the ethical hacker should
ready to access the local network directly.
 Stolen Equipment: By making use of the stolen equipment hack it is easy to
identify the information of the thefts such as the laptops etc. the information
secured by the owner of the laptop can be identified (Kimberly graves, 2007).
 Information like username, password and the security settings that are in the
equipment are encoded by stealing the laptop.
 Social engineering: A social engineering attack is the process which is used to
check the reliability of the organization; this can be done by making use of the
telecommunication or face to face communication by collecting the data which
can be used in the attacks (Bryan Foss and Merlin Stone, 2002). This method is
especially utilized to know the security information that is used in the
organizations.
 Physical Entry: This Physical entry organization is used in the organizations to
control the attacks that are obtained through the physical premises (Ronald l.
Krutz and russel dean Vines, 2007). By using the physical entire the ethical hacker
can increase and can produce virus and other Trojans directly onto the network.
 Application network: the logic flaws present in the applications may result to the
illegal access of the network and even in the application and the information that
is provided in the applications.
 Network testing: In this process it mainly observes the unsafe data that is present
in the internal and the external network, not only in the particular network also in
the devices and including the virtual private network technologies
 Wireless network testing: In this process the wireless network reduces the
network liability to the attacker by using the radio access to the given wireless
network space.
 Code review: This process will observe the source code which is in the part of the
verification system and will recognize the strengths and the weakness of the
modules that are in the software.
 War dialing: it simply identifies the default information that is observed in the
modem which is very dangerous to the corporate organizations.

Techniques and tools required for ethical hacking

Ethical hacker needs to understand how to find the network range and subnet mask of
the target system. IP addresses are used to locate, scan and connect the target systems.
Ethical hacker also should find out the geographical location of target system. This can
be done by tracing the messages that are sent to destination and the tools used are
traceroute, Visual route and NeoTrace to identify the route the target (Kimberly Graves,
2007). Ethical hacking should use right tools or else task accomplishment of task
effectively is difficult. Many security assessment tools will produce false positive and
negative or may they even miss susceptibility to attacks. In case of tests in case of
physical security assessments they miss weakness. In order for ethical hacking specific
tools have to be used for the task chosen. The easier the ethical hacking will become if
many tools are used. The right tool must be used at right place. The characteristics in
tools for ethical hacking is it should have sufficient document, detailed reports should
be there on the discovered attacks regarding their fixing and explosion, Updates and
support. The general tools used for ethical hacking in case to find passwords are
cracking tools such as LC4, John the Ripper and pwdump (Bragg, Mark Phodes Ousley
and Keith Strassberg, 2004). The general tools like port scanner like SuperScan cannot
be used to crack passwords. The Web-assessment tools such as Whisker or WebInspect
tools are used for analysis of Web applications in depth. Whereas network analyzer tools
such as ethereal cannot give good results. While using the tools for any particular task it
is better to get feedback from the simple Google searches such as SecurityFocus.com,
SearchSecurity.com and Itsecurity.com will give nice feedback from the other security
experts which makes ethical hacking easy and to select the right tool. Some of the
commercial, freeware and open source security tools are Nmap (Network Mapper),
Etherpeek, SuperScan, QualysGuard, WebInspect and LC4, LANguard Network Security
Scanner, Network Stumbler and ToneLoc. The capabilities of many security and hacking
tools are often misunderstood, such as SATAN (Security Administrator Tool for
Analyzing Networks) and Nmap. The other popular tools used in ethical hacking are
Internet scanner, Ethreal, Nessus, Nikto, Kismet and THC-Scan (Kevin Beaver, 2007). Cain
and able is a ethical tool used for recovery of windows UNIX problems. This is only
password recovery tool handles an enormous variety of tasks. It can recover the
password by sniffing the network, cracking the encrypted passwords using Dictionary
and Cryptanalysis, recording VoIP conversations, decoding scrambled passwords,
revealing the password boxes, uncovering cached passwords and analyzing routing
protocols. Ethereal is a fantastic open source tool used as network protocol for UNIX
and Windows. It allows examining the data which is present in disk or file and can
capture the data. This is also known as Wire shark. It has many powerful features which
have very rich display filter language and ability to view the TCP session. Another
cracking tool Aircrack is the fastest available cracking tool (John Hyuk Park, Hsiao-Hwa
Chen and Mohammed Atiquzzaman, 2009). Thus proper tools and techniques has to be
used for better hacking and it will be easier by using more and more tools required.

Hacking operating system

Linux is the operating system which is most useful software that supports and will be
helpful to identify the passwords and uses in detecting interruption there are many
software tools are utilized for the hacking and security tools are used for the Linux. The
tools which are using in this are not harmful tools this is especially used to protect.

John the ripper: John the ripper is nothing but password hacking software technique
which is usually used to develop for the UNIX operating system. This the most
significant process which is used for password testing as it joins all password crackers
into single package and the auto detects password hash types which involves the
customizable cracker (Ryan, David R. Mirza Ahmad, 2002). It can be run among the
different encrypted password methods which involves various crypt password hash
forms where usually found on the different UNIX operating systems that is based on the
DES, MD5 etc, Kerberos AFS and windows like XP, 200etc.Generally passwords are
placed in the LDAP and other tools. Various types of components are used to expand
the capability and for involving the MD4 related password hashes. The other one is the
NMAP; Nmap is the used to protect the network. It is especially used to identify the
network related services on the computer network by generating the map of the
network. Nmap is having the ability to identify the services on the computer network
instead of this it never advertises its service detection protocol (James turnbull, 2005).
However the Nmap can collect many details regarding the remote computers. This will
involve the operating system, and uptimes etc are the software products that are used
to execute the service, and are used to involve on the local area networks and also on
the dealer of the remote network card. Nmap can be run on the linux. Linux is the most
important operating system and the windows are the second most important operating
system. The other operating system used is Nessus, this software is used to scan the
virus. The main aim of this software is used to identify the virus on the tested system
such as; the virus will permit the data on to the network (Mark Carey, Russ Rogers, Paul
Criscuolo and mike Petruzzi, 2008). Default passwords are utilized on the network
accounts. This software is also called as the external tool which is used to launch the
attack. By making use of the mangled packets rejection of the service among the TCP/IP
can be done. Nessus the best software used to scan the virus. Many organizations
through out the world are using this software. The check Rootkit is the normal program
which helps the administrator to check their system for the known rootkits ( James
Turnbull, 2005). This program is the shell script by using the LINUX tools similar to the
strings and the grep commands to seek out to carry out the core programs for the
signatures with the executed process status command to look for inconsistency. This
program alternatively use own commands to run. This tool will permit check rootkit to
get confident the commands upon which it depend a bit more.

Applications and resources

Ethical hacking is nothing but the one which performs the hacks as security tests for
their systems. Ethical hacking can be used in many applications in case of web
applications which are often beaten down. This generally includes Hypertext Transfer
Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) applications are most
frequently attacked because most of the firewalls and other security are things has
complete access to these programs from the Internet. Malicious software includes
viruses and Trojan horses which take down the system. Spam is a junk e-mail which
causes violent and needless disturbance on system and storage space and carry the
virus, so ethical hacking helps to reveal such attacks against in computer systems and
provides the security of the system. The main application of this is to provide the
security on wireless infrastructure which is the main purpose of present business
organization (BT, 2008). Ethical hacking has become main stream in organizations which
are wishing to test their intellectual and technical courage against the underworld.
Ethical hacking plays important role in providing security. Resources are the computer
related services that performs the tasks on behalf of user. In Ethical hacking the
resources are the core services, objects code etc (James Tiller S, 2005). The ethical
hacking has advantages of gaining access to an organizations network and information
systems. This provides the security in the area of Information technology called as
Infosec. This provides security to the high level attacks such as viruses and traffic trough
a firewall. This has been providing the security for various applications which are even
bypassing the firewalls, Intrusion-detection systems and antivirus software. This includes
hacking specific applications including coverage of e-mails systems, instant messaging
and VOIP (voice over IP). The resources i.e. devices, systems, and applications that are
generally used while performing the hacking process are Routers, Firewalls, Network
infrastructure as a whole, wireless access points and bridges, web application and
database servers, E-mail and file servers, workstations, laptops and tablet PCs, Mobile
devices, client and server operating systems, client and server applications (Kevin Beaver,
2007). Ethical hacking tests both the safety and the security issues of the programs
(Ashoke Talukder K and Manish Chaitanya, 2008). Hence from the above context it can
be stated as the ethical hacking is important in the present scenario as providing
security is very important now a day. This is very important in web applications as the
hacking can be easily done in this case.

Problems

Ethical hacking is the backbone of network security. The basic problems with this is
trustworthiness of the Ethical hacker because let’s take an example if a person has been
appointed to do Ethical hacking, to provide security for the bank financial issues if the
person is not trust to believe this is not safe as the person only considered as thief.
Sometimes the big organizations face any problem like there passwords has been hack,
this case hiring professionals is very expensive and the organization need to spend a lot
on this (Ethical Hacking, 2009). Ethical hacking is just the security to the problem it is not
the ultimate solution to it. Ethical hacking report must be kept confidential because they
highlight the organizations security risks and attacks. If this document has been falls into
the wrong hand the result would be very disastrous for the organization, the main
drawback here is the entire information of the organization will be in hands of wrong
person and which leads to the loss of the company (Kimberly Graves, 2007). Ethical
hacking generally involves breaking down the computer applications and by collecting
specific information from the target the ethical hacker can successful to access the
information and can reveal it. This results in that highly sensitive information about the
targets security capabilities is collected and maintained far away from the owner’s
control. If this information fall into wrong hands results in real attack on the company
and another problem is if the information is leaked to the public or stockholders, the
business will be in risk, which results in all types of disasters, including negative
character by media, loss of customers and legal consequences (James Tiller S, 2005).
Ethical hacking use tools while it performing the activity, if the methods and tools are
used incorrectly they cause damage (Dr. Bruce Hartly V, 2003). Hence from the above
context it can be stated as Ethical hacking provides security but behind that it provides
the disadvantages like the Ethical hacker should be trusted by the organization or
business and in case sometimes highly professionals may cost the organization very
much so that company has to provide from the unplanned budget and if it goes into the
wrong persons hand the business will be in danger and loss of the organization will
takes place.

Chapter 3: Research Methodology of Hacking

Data types:

Data type is defined as the format of a data storage which is used to store different set
of values. It tells about which type of data to be stored and where to be stored. Data is
stored in computer memory. There are two types of data. They are primary data and
secondary data. Both primary and secondary data illustrates the gathering of
information and to satisfy the goals of business. Primary data is nothing but it is the
data which is collected newly and for the first time. The primary data is original. It is the
fresh data and is never gathered before. Secondary data is the data which is collected by
others (Norman Blaikie, 2009). The data is collected from newspapers, magazines and
journals. Secondary data is gathered before primary data since it is time consuming.
Data is gathered newly in case of primary data so it takes much time. Secondary data
consumes less time. Primary data is used in ethical hacking since the data gathered in
this type of data is very efficient. Ethical hacking is used legally for the official purposes.
Since primary data is unique and is not compared with any one, it is used in the process
of ethical hacking (Rajat Khare, 2006) Hence from the above context it can be said that
data types are useful in the ethical hacking.

Case study:
According to media and people the word hacking denotes misuse and collapse of
computers. They describe it as unfair method of solving the problem. In the view of
ethical hackers the word hacking refers to creative. One of the organization namely
Amazon, it is not proposed to point out the lesser features but deals with tricks for
working the company efficiently. Hackers and developers will create new characteristics
for Amazon. They bring out the creative thinking and innovative ideas by their work in
company (Paul Bausch, 2003). Mainly the ethical hacking is the good way to improve the
existing methods and qualities. Many organizations follow these because one can know
the administrative password of employees, can reach the behaviour of them and
working performance. Employee performance and his project carryout can be studied
through ethical hacking. These hackings look easy for them since they are engaged with
the security firms to protect the Amazon fields. Not only in Amazon in each and every
org