It is debatable, if hacking can be ethical or not, the term “Hacking” over time has been associated with destructive activity.
These are some of the terms used in the context of hacking which provides better clarity, Hacker is somebody who enjoys learning hacking for a defensive purpose; an ethical hacker is the security professional who exercises his skills for a defensive purpose. The term Cracker refers to a person who uses his hacking skills for destructive purpose.
The ethical question here is in regard to the physical activity of hacking which is sometimes hard to differentiate from cracking. The main difference being, Ethical hacker just identifies vulnerabilities and does not exploit them unlike a cracker.
Ethical hacking is the process adopted by ethical hackers to discover the vulnerabilities existing in information systems operating environments.
With the growth of internet, computer security has become a major concern for business. Organizations need ethical hackers who can think like a cracker to simulate a real life hacking scenario; they make use of same tools and techniques of that of crackers without damaging / compromising the sensitive information thereby maintaining the integrity and confidentiality of the organization.
Ethical hacker should have excellent programming and networking skills. They evaluate the security of target and update the organization regarding the discovered vulnerabilities along with recommendations to mitigate them.
Five Phases of Ethical Hacking
Initially, “Hacking” meant having extraordinary skills to break into the system. However today there are lots of automated freeware tools available on internet making it possible for anybody having the desire to hack succeed in breaking into the system.
These are the 5 phases every hacker must know.
1. Reconnaissance
Reconnaissance is the preparatory phase where an attacker gathers information about the target system prior to launching the attack. This phase might also involve network scanning either internal or external without any authorization.
One of the ways for gathering information during this phase may involve “Social engineering”. A social engineer is a person who smooth-talks and persuades people to reveal personal / sensitive information such as passwords, security policies etc. Social engineering is one of the easiest ways to hack as it requires no technical skills and one of the hardest forms of attack to defend against as humans are the weakest link in the security chain. All security measures taken care by the organization goes in vain when the employees get “social engineered”. Detecting social engineering attacks are difficult, as there is no tool to detect such attempts, in most of the cases victim themselves are not aware having revealed sensitive information. “Rebecca” and “Jessica” are the common terms used, which refer to people who are easy target for social engineering attacks such as a receptionist or a support executive.
“Dumpster diving” is another way of gathering information. It is the process of looking for discarded sensitive information in an organization thrash. It is one of the effective ways of gathering information as it may provide attackers with even more sensitive information such as username, password, ATM slip, social security number, Bank statements.
It is important that an organization has appropriate policies in place to protect their assets and also provide proper guidance to employees on the same.
Reconnaissance technique can be classified into active and passive reconnaissance. In passive reconnaissance, the attacker does not interact with the system directly but uses social engineering or dumpster diving as a mean to gather information. Where as in a active reconnaissance, the attacker makes use of tools for port scanning, network scanning to get the details of the application, operating system etc. Often reconnaissance phase overlaps with the scanning phase.
2. Scanning
Scanning precedes the actual attack and is one of the important phase of information gathering where in the attacker gathers information about the targets IP address, operating system, system architecture, services running in the system in order to find various ways to intrude into targets system. The strategy to launch the attack is based on the gathered information. The risk of an organization is considered high in the scanning phase as it enables access to the network.
Different types of scanning are;
- Port Scanning: Procedure for identifying the open ports and the services running on the target system.
- Network Scanning: Procedure for identifying IP addresses, active hosts on a network either to attack them or as a network security assessment.
- Vulnerability Scanning: Automates method to identify the known vulnerabilities present in the system and the network.
Some of the important tools used during this phase are Nmap which is used for port scanning; it also offers a variety of advanced features such as remote OS detection.
Nessus is a vulnerability scanner which detects the local flaws, uninstalled patches and weakness in network hosts. Nessus has a security vulnerability database which is updated on a daily basis. It carries out development of security checks for recent security holes.
3. Gaining Access
This is one of the most important phases for an attack as this is where the actual attack is planted. Therefore the business risk is highest in this phase. Although not a mandatory phase as an attacker need not always gain access to cause damage like in denial of service attacks.
The main aim in this phase is to obtain elevated privileges such as system privilege to execute commands to access sensitive information.
4. Maintaining Access
Once the attacker gains access into the system or the network, he tries to retain his “ownership” on the compromised system and periodically attack it. Typically in this phase the attacker tries to install Key loggers to capture the keyboard strokes, sniffers to capture network traffic, rootkits at the kernel level to gain super user access and Trojan horse to gain repeated backdoor access, also download the password files to access the system at a later time. Once the Trojans are in place, the attacker can assume to have gained total control of the system.
During this phase the attackers might even harden the system against other attackers by fixing the vulnerability which allowed them to access the system or the network.
5. Clearing Tracks
This is where the attacker tries to cover the evidence of his activities for various reasons like maintaining access or legal actions. During this phase the attacker deletes the system logs preventing the system administrator from monitoring the unusual activity, Rootkits are installed as they are effective in covering tracks and also because in some cases they disable logging. Other techniques like Steganography which is used to hide the data in a image or a file, are made used by the attacker in order to cover tracks