Buzz
Today, cybercriminals don't need to leave the safety of their surroundings anymore. They can achieve their goals with just a few clicks and a strong Internet connection. To counter this trend, we need Ethical Hackers who understand Ethical Hacking.
What is Ethical Hacking?
Continue reading the article below by Mytour to explore what Ethical Hacking is all about.
1. What is Ethical Hacking?
Ethical Hacking, also known as Penetration Testing, is the act of infiltrating a system or network with the user's consent.
Its purpose is to assess the security of an organization by exploiting vulnerabilities in a manner similar to how attackers might exploit them. Then, documenting the attack procedures to prevent potential future attacks. Ethical Hacking (or Penetration Testing) can be classified into 3 types:
+, Black box (black-box testing):
Testers are not provided with any details related to the network or network infrastructure.
+, Grey box (grey-box testing):
Testers are provided with details about the systems to be tested, but these details are limited.
+, White Box (white-box testing):
Testers performing this are also considered Ethical Hackers. They have full awareness of the details of the infrastructure being tested.
In most cases, Ethical Hackers utilize similar methods and tools as attackers, but with authorization. The ultimate goal is to enhance security and protect the system from malicious user attacks.
During the process, Ethical Hackers may attempt to gather as much information about the target system as possible to devise better infiltration strategies. This method is also known as Footprinting.
There are 2 types of Footprinting:
+, Active: involves establishing direct connections with the target to gather information, for example, using tools like Nmap to scan the target.
+, Passive: involves gathering information about the target without establishing direct connections. It includes collecting data from social networks, public websites, ... .
2. Stages of Ethical Hacking
The stages of Ethical Hacking include:
- Information Gathering
The initial stage of Ethical Hacking is information gathering. The collected information pertains to 3 groups:
- Network
- Servers (hosts)
- Involved individuals.
Ethical hackers with moral integrity may also leverage Social Engineering techniques to infiltrate end-user systems and gather information about the organization's computing environment. However, they refrain from employing coercive tactics or other efforts to intimidate users.
- Scanning
This stage includes:
+, Port Scanning: scanning the target to find information such as open ports, live systems, and other services running on servers.
+, Vulnerability Scanning: this process is primarily conducted through automated tools to check for vulnerabilities or weaknesses that could be exploited.
+, Network Mapping: creating a map provides reliable hacking directions, including discovering network architecture, server information, and drawing a network diagram with available data.
+, Gaining Access: this stage is where the attacker manages to gain system access. The next step involves elevating the attacker's privileges to Admin rights so they can install applications used to modify or hide data.
+, Maintaining Access: continuously maintaining access to the target until the planned mission is concluded.
The role of Ethical Hackers in the cybersecurity world is crucial as adversaries will try to uncover various traces and vulnerabilities to illegally access user data.
The article above from Mytour just answered your question about what Ethical Hacking is, hoping it has provided you with an overview of Ethical Hacking and how to protect your computer from malware, trojans, and more.
Additionally, if you have any doubts or questions that need answering, you can leave your comments below the article.
