Ethical hacking means using the informatics and security knowledge to perform tests on particular networks so as to find their vulnerabilities, report them and then take the needed measures to improve it´s security. These tests are called pen tests or penetration tests. While performing them, security professionals try multiple ways to enter the net to steal sensitive information.

Penetration tests emerged as a necessary response to the first attacks or non authorized intrusions to  certain organizations which brought important money and reputation losses.

The ethical hacking implies performing multiple penetration attempts to a determined network or system, in a planned manner, using several methodologies so as  to evaluate the vulnerabilities that could be the gaps for an non-authorized intrusion or cyber-attack.

The ethical hackers are also known as white hat hackers who provide their services to companies or organizations. They analyze if their network is prepared to face a sophisticated attack done from outside (an external intruder) or from inside by an internal attacker with connection to the net seeking to enter to non authorized information.  There are different information access levels in most organizations or companies, and a low privileged employee for instance, does not have and should not have access to sensitive or financial data.

During the penetration tests, both Internet and the private net of the company are analyzed. Exposed applications, servers, ports, access routes and passwords are evaluated. Simultaneously the wireless net and it´s configuration are evaluated, traffic and passwords sniffing is performed trying to penetrate and brake the cypher. Modems, VPN and organizational website are checked to.  In some cases, these tests include social engineering. This involves discretely working with the personnel trying to find out if they could be cheated or tempted to provide passwords or access to the network to an outsider.

Even though people tend to associate the words hacking and hacker with illegal activities, ethical hacking is a recognized and demanded professional activity. There is even a professional certification for Certified Ethical Hacker which is provided by the International Council of E-Commerce Consultants (or EC- Council).

Some computer professionals object and reject the terms ethical hacker  since they find it contradictory considering the popular misconception that associates the word hacker with a computer criminal. But nowadays these terms and practices keep growing and even the US government requires the EC Council certification of  Certified Ethical Hacker for some jobs.

In conclusion, ethical hacking is a professional technique applied to several scenarios, and it implies the detection of security weaknesses  so as to work on improving the security and avoid any undesired penetration.

You can follow any responses to this entry through the RSS 2.0 feed.