White hat (computer security

)
From Wikipedia, the free encyclopedia
(Redirected from Ethical hacking)

This article is part of a series on

Computer security hacking

History

Phreaking, Cryptovirology

Hacker ethic

Hacker Manifesto, Black hat, Grey hat,White hat, Black Hat Briefings, DEF CON

Cybercrime

Computer crime, Crimeware,List of convicted computer criminals,Script kiddie

Hacking tools

Vulnerability, Exploit, Payload

Malware

Rootkit, Backdoor, Trojan horse, Virus,Worm, Spyware, Botnet, Keystroke logging,Antivirus software, Firewall, HIDS

Computer security

Computer insecurity, Application security,Network security 

v

. With the goal of raising the overall level of security on theInternet and intranets.[1] Ethical hacking is a term coined by IBM meant to imply a broader category than just penetration testing." Their evaluation found that while Multics was "significantly better than other conventional systems. so that their results would accurately represent the kinds of access that an intruder could potentially achieve. They performed tests that were simple information-gathering exercises.[4] Contents [hide] 1 History 2 Tactics 3 Legality 4 Employment 5 See also 6 References 7 External links [edit]History One of the first instances of an ethical hack being used was a ³security evaluation´ conducted by the United States Air Force of the Multics operating systems for "potential use as a two-level (secret/top secret) system. they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so.S. easy-to-use application.." The authors performed their tests under a guideline of realism. They provided several specific examples of how this information could be gathered and exploited to gain control of the target. packaged them in a single. Clearly. their audience wanted to know both results. vulnerabilities in hardware security.[4] The idea to bring this tactic of ethical hacking to assess security of systems was formulated by Dan Farmer and Wietse Venema. and how such an attack could be prevented. software security. They gathered up all the tools that they had used during their work. military. who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. or a computer security expert. and procedural security" that could be uncovered with "a relatively low level of effort." it also had ". as well as other tests that were outright attacks upon the system that might damage its integrity. There are several other now unclassified reports that describe ethical hacking activities within the U.[3] red teams.[2] Whitehat hackers are also called "sneakers". and gave it away to anyone . d  e The term "white hat" in Internet slang refers to an ethical hacker. or tiger teams.

to accessing someone¶s webmail account. ³There¶s no defense in our hacking laws that your behavior is for the greater good. or SATAN. Unauthorized access even to expose vulnerabilities for the benefit of many is not legal. legal director at Pinsent Masons LLP. and attempt to evade security to gain entry into secured areas. The maximum penalty for unauthorized access to a computer is two years in prison and a fine. to cracking the security of a bank.[4] [edit] Tactics While penetration testing concentrates on attacking software and computer systems from the start ± scanning ports. with the knowledge and consent of the targets. There are higher penalties ± up to 10 years in prison ± when the hacker also modifies data´. ethical hackers arrange for cloned test systems. Their program. examining known defects and patch installations. there¶s an offence under the Computer Misuse Act. If it isn¶t. A full blown ethical hack might include emailing staff to ask for password details. or organize a hack late at night while systems are less critical. Even if it¶s what you believe. To try to replicate some of the destructive techniques a real attack might employ. [2] Some other methods of carrying out these include:    DoS attacks Social engineering tactics Security scanners such as:    W3af Nessus Frameworks such as:  Metasploit Such methods identify and exploit known vulnerabilities.who chose to download it. says Robertson. if the access to a system is authorized. is under no such limitations.´[2] . for example ± ethical hacking. was met with a great amount of media attention around the world.com. called Security Analysis Tool for Auditing Networks. and editor of OUT-LAW. which will likely include such things. the hacking is ethical and legal. of course. The unauthorized access offence covers everything from guessing the password. rummaging through executive¶s dustbins or even breaking and entering ± all. says ³Broadly speaking. [edit]Legality Struan Robertson.