Ethical Hacking Paper 4am1n

Ethical hacking Abstract The purpose of this research paper is to discuss the Teaching Ethical Hacking. As the use of the internet increased the need of computer security also increase due to hackers. The knowledge of Ethical Hacking is also become essential for the security of the website, webserver, organization server, government companies and even individual internet . Internet should be reliable and secure. In this research paper I discuss about the teaching Ethical Hacking and its issues, some people are against its teaching and some are in its favor, I also conduct a questionnaire and try to find why people do not want that Ethical Hacking be taught as a course. Functionalities and responsibilities of ethical hacker and his limitation while he or she doing the testing of the system. In the end I give the conclusion, which critically analyzes the research paper.

1.0 Introduction Development in computer changes whole world and bring uncountable good things for human like E-Commerce, collaborative computing, email easy access to information, advertising, name of a few. But the problem is that computer also has some dark sides as every new technology did in past. This is known as hacking. But the original meaning of hacking is “to do the computer programming at depth level” the term hacker was used for the people who have very deep knowledge of computer programming, but later this word started using in different meanings. The new meaning of

Hacker is a person who enter in someone website or in company server or someone Personal computer to stole or destroy the information. There are many kind of hacker who hacking like some people do it just for fun, game or as a challenge and they really don’t have any interest to stole or destroy the useful information. Some people did it to stole information or delete the useful information. So the need there is need for computer security so that we can safe and use this technology and don’t let it to go down due to this reason. For computer security we started to search some way to get rid of this then the Ethical Hacking with many other methods come in mind to stop hacking. Ethical Hacking is phenomena trough which we call some to hack our computer or web site or server in order to remove those whole so that after this there should no threat later or at least threat in this concern. Then question arise who will do Ethical Hacking for us. Did we train some professional for this purpose if not then what should we teach to those ethical hackers. Is it right to teach someone hacking for the purpose to stop hacking, ho! Isn’t it interesting? Education in Microchip millennium is really difficult art as well as very interesting too. You have to teach people bad thing for good purposes. No gentleman likes word “hacker” with his or her name, but I don’t think anyone dislike word “ethical hacker” with his or name. Teaching Ethical Hacking is as important as the computer itself because one day people start hating internet due to hacking and to stop hacker from hacking we should educate people in this regard beside other techniques.

I divide my research paper into three main section first section is all about the teaching Ethical Hacking and try to give the answer of some question e.g. what is ethical hacking, why we do Ethical Hacking, what are the benefits and flaws of teaching Ethical. Hacking, what should be taught in this course and methodologies to teach Ethical Hacking? In second section I try to explain who ethical hacker is, what does he or she do, what are their boundaries and responsibilities? And in the last section I give the conclusion of this research paper. 2.0

Ethical Hacking

Ethical Hacking is same phenomena as hacking but it will do for the safety of you are company web server or website or a software. It is a method or mechanism to stop hacker from hacking by removing the hole from a system or from a website or from a server so that no hacker can inter in a system or in a website or in a server by using those hole. Ethical Hacking is done in the end product development when product is developed and ready to use. To check the security level of the product and if they are some problem then for removing those from the developed product we do Ethical Hacking. So that when final product is inter in market it should have very less question regarding to the security point of view. Ethical Hacking should be a part of every software product development like planning deg etc. Ethical hacker use same techniques to hack software or website or server as the original hacker do but not for destructive purposes. They try find out the hole in developed product and told to the responsible people of the organization about those holes and also suggest how to remove those holes from the system. As computer machinery grows, the individual, companies, and the big organization want to use it because no big company can survive without offering these

services to its customer and vendor. But these Government organizations, companies and even individual remain under threat to be hacked. Big companies use internet for different purpose but they are always remain under threat that someone may break into their web server, implant software that will spread organization top secret data to the open internet and read their emails. Even individual are worried about their data like credit card number etc. they are not assure of internet security.

Should Ethical Hacking Taught As career Course 2.1

Company has so tight security and still they are hacked and they do not know anything more in this regard to stop hacking. Most of the company hire best security available to safe there domain, but still they were hacked. Sometimes it happened due to company less knowledge of its system. What can be the best solution of this problem is that we train student and professional to save themselves and other world from hackers. It is the responsibility of true computer professional to secure the company web server, software or a Government organization from hacker. For this purpose we should have a profession which is known as ethical hacker same as software engineer or network engineer. These ethical hackers should be trained in universities. This problem was possible to get a tooth and nail response and it did when I asked some of my fellow who are doing M.Sc software engineering and Networks System about their views on introducing a profession in Ethical Hacking. Some of them are against and arguing that if Universities trained students for Ethical Hacking and if he or she did not get a job then he or she might go against the cause. But most of them are in favor by saying if we trained people like this they will help a lot to get rid of hacker. I am giving the point of view of only two my friends. I am very thankful to my friends and other who give their precious time for my

question and give the answer of my question and there important point of view regarding to ethical hacking.

•

Sumit chowdhary, currently student of software engineering in the University of Delhi. He said Ethical Hacking should not be taught as a career course. Teaching Ethical Hacking will produce more people who can do hacking and if the trained students do not get a desire able job then, they use their skill for negative purpose and this create more problems for computer industries.

•

Rahul Gupta a certified Cisco teacher and currently doing M.Sc Network System from the University of Sunderland responded my question of should Ethical Hacking taught as a course or not, in following thoughts that Ethical Hacking should be taught as a profession. We can prevent hacking by simply using the hacker techniques and it is easier and less costly then from the company useful information or individual information such as credit card number.

•

I believe that if there are very strict criteria for this type of education or training then the skilful Ethical Hacker will not go astray and definitely helps organization and individual to safe there data from the hackers. This will develop and increase the interest of people on the computer technology.

Teaching Material for Ethical Hackers

•

• • • •

• • • • •

Should know how to handle virus and worms Should have the basic knowledge of cryptography Should have the basic knowledge of Should know how to perform system hacking Should have the knowledge of physical infrastructure hacking Should have the primary knowledge of social engineering Should know to how to do sacking of web servers Should have the basic knowledge of web application weakness Should have the knowledge of web based breaking procedure Should have the basic knowledge of SQL injection Should know how to hack Linux Should have the knowledge of IP hacking Should have the knowledge of application hacking

As everyone knows that there isn’t any boundary of any knowledge exist but still an Ethical Hacker should at least have the knowledge of above mention things. So when someone is going to deg a course for Ethical hacking should keep the above mention thing in mind for a better course design for ethical hackers.

2.2

The basic knowledge that an Ethical Hacker should have about different field, is as following: • • • •

Should have basic knowledge of ethical and permissible issues Should have primary level knowledge of session hijacking Should know about hacking wireless networks Should be good in sniff ring

Teaching Methodology to Teach Ethical Hacking 2.3

As I write earlier that Ethical Hacking should be taught as a professional course. So we can use common way of teaching to teach Ethical Hacking. As technologies came into existence new ways of teaching also came into being. As earlier there is no concept of distance teaching or no one knew about teaching through internet but with the invention of internet now many student started getting their lectures through internet. Ethical Hacking is also been

taught through internet as well as on campus. Off campus (learning through distance) and on campus both have their advantages and limitations.

•

Whether we are teaching Ethical Hacking on campus or off campus the purpose goal of teaching is same though they are quite different way of teaching. On campus teaching is more suitable for regular student and gives a real environment of study. Students have supplementary chances to learn more during on campus study. They also have the opportunity to learn the behaviour of other students that help him a lot to gain experience of behaviour.

•

On the other hand off campus student get the almost same teaching without any geographical and time zone constraints. They are part time student and cannot afford to complete their studies as a regular student. Whatever the situation is teaching methodologies almost same with a very little difference. Some of the methodologies to teaching Ethical Hacking can be depicted as below, •

•

An exam should be conducted on the Ethical Hacking.

•

Interviews Student should be asked to take interviews from different organization. A questionnaire should be developed to cover the different aspect of the Ethical Hacking. The results should be considered by using statistical inferences. The report should be given to the teacher of their analysis.

•

Multimedia Student must be given the audio and video visuals in them hacking issues should be depicted. Student should be asked to how they can counteract the circumstances.

•

Chats Students of different Universities should be interacted via internet that what they think about Ethical Hacking issues. It can be done through hippocampus mechanism, where MUD (multi dimension) and MOO (object oriented multi ) is used.

Conferences Lecturers of different Universities and professional of different organization should be asked to give their point of view on Ethical Hacking.

•

Discussion Groups Students should be divided into small groups and they should be asked to give there points of view in favor or against the Ethical Hacking.

Use of Case Study A fictitious Ethical Hacking topic must be given to the students to discuss. They are divided into groups, and then they should be asked to give their understanding for that situation.

Exams

Written Essay •

Students should be asked to submit an essay or a report on the different aspects of the Ethical Hacking.

Book Reports Student should be provided with the material from different book regarding

•

to Ethical Hacking for the critical understanding. •

•

Role Playing Students must be asked to personify the different act in the CASE study. The students that are viewing them in the class rooms will give them the points on the basis of there anti pacifist act. There many more methodologies that we can use to teach effectively Ethical Hacking.

3.0 Ethical

Hacker

Ethical hacker should be an honest and trusted person because he or she knows the secret of the system most of the time when they do hacking for security purposes and it is in his or her responsibility that not use the information of the system for destructive purpose. An ethical hacker is just like a code tester or like a developer, code tester check the code standards and developer develop the software while Ethical Hacker check the security of software as a hacking point of view and then suggest how to remove those hole from the system. Ethical Hacker should a part of software development team. Ethical Hacker is just an employer or a contracted person to check the security of the system. They have the written permission to check the network but they have some limitation to check network. They should have a written authority letter which clearly describe that they can perform testing as well as their boundaries within that system.

Main Functions of Ethical Hacker 3.1

When an ethical hacker evaluates the security of system seeks the three basic answers:

•

What he want to get from target system Does anyone have the knowledge of hacker’s attack on target system What a hacker do after getting the information from the target system

These three question have their important you cannot say that this question more important than the other. Hacker may spent to hack a system during this he or she may attacks the system several times so if someone have the knowledge of this thing then hacking can be stopped. Before starting the evaluation of the system he or she may ask some question to client like what he or she want to safe, what the factor against he or she trying to safe, how much money and how much time she or he can expend for this cause. The answer of same question varies from customer to customer and from field to field. But the most of the answer you found from the client may be not sufficient for ethical hacker so it is the responsibility of ethical hacker to properly guide the customer about its security that he or she must do to safe his or her system. Ethical hacker may also need some more information about the company like the employer names and there designation, networks information, data flow information and about the organizations with whom business is run most of the time. Because many time attacker use the alternative path to attack the system.

Type of Test That an Ethical Hacker Performed 3.2

There are many kind of method or function or test that an Ethical Hacker can be performed while testing the security of the system. But the more basic testing functions or tests are as followings: • •

Testing of local network Testing of remote network

•

Social engineering test

After doing all these test ethical hacker should produce a final report which describe what he or she found in the system during the evaluation. Where are the holes which can be used for attack and how those holes can be removed from the system? This final report is very sensitive and should be handled with care. A hacker can easily use it for hacking and a competitor can use it for company intelligence. Most of the time ethical was asked this question that if the organization did all the suggested action, is it free from these threats. But unfortunately, the answer cannot be yes because people are working in organization and they make mistakes and organization had to pay for their mistake in the form of hacking. Ethical hacking is another tool for security, and if you have the security it does not mean now you’re secure. It is not a magic potion. So what should these firms do then? I think Time to time auditing, alert interference recognition, good system istration performance and computer security knowledge are all very important part of a firm’s or company’s security system. A single failure in any of the above mention thing may lead to a serious harm. Every new technology always has its benefit along with some disadvantages. But these disadvantages always overcome with the age of time. Every organization should be alert all the time for these types of attack and have the second line of defence to handle them.

4.0 Conclusion To test the security and the other functionalities of product is not new. But in the early stages of Internet no one know about Ethical Hacking even about hacking, but with the age of time people are more concern about the security of their data, especially due to hackers. Ethical Hacking is just a security system or tool for security to safe your data it is not an ultimate solution of problem. You can not sit relax against the hacker after using

this tool. To teach more people about hacking you produce more people who are eligible to stop hacker from hacking and they will give more ideas and solution to stop hacking. Time to time assessment, prepared interference recognition, good system istration performance and computer safety knowledge are all very vital part of a firm’s or company’s security system. Failure in any of above may cast to the company or to the organization in the form of tangible or intangible loss. Its may include revenue, top secret or any thing that is very special for particular organization. Ethical hacker can only help the to the better understanding of their security system, but its up to the organization that he palace its guards in right palace.

5.0 References 1. E. S. Raymond, The New Hacker’s Dictionary, MIT Press, Cambridge, MA (1991). 2. S. Garfinkel, Database Nation, O’Reilly & Associates, Cambridge, MA (2000). 3. The first use of the term “ethical hackers” appears to have been in an interview with John Patrick of IBM by Gary Anthens that appeared in a June 1995 issue of ComputerWorld. 4. P. A. Karger and R. R. Schell, Multics Security Evaluation: Vulnerability Analysis, ESD-TR-74-193, Vol. II, Headquarters Electronic Systems Division, Hanscom Air Force Base, MA (June 1974). 5. S. M. Goheen and R. S. Fiske, OS/360 Computer Security Penetration Exercise, WP-4467, The MITRE Corporation, Bedford, MA (October 16, 1972). 6. R. P. Abbott, J. S. Chen, J. E. Donnelly, W. L. Konigsford, and S. T. Tokubo, Security Analysis and Enhancements of Computer

Operating Systems, NBSIR 76-1041, National Bureau of Standards, Washington, DC (April 1976). 7. W. M. Inglis, Security Problems in the WWMCCS GCOS System, t Technical Activity Operating System Technical Bulletin 730S-12, Defense Communications Agency (August 2, 1973). 8. D. Farmer andW.Z. Venema, “Improving the Security of Your Site by Breaking into It,” originally posted to Usenet (December 1993); it has since been updated and is now availableftp://ftp.porcupine.org/pub/security/in dex.html#documents. 9. See http://www.faqs.org/usenet/. 10. Who can really determine who said something first on the Internet? 11.See http://www.cs.ruu.nl/certuu/satan.html. 12. This strategy is based on the ideal of raising the security of the whole Internet by giving security software away. Thus, no one will have any excuse not to take action to improve security. 13. S. Garfinkel and E. Spafford, Practical Unix Security, First Edition, O’Reilly & Associates, Cambridge, MA (1996). 14. For a collection of previously hacked Web sites, see http://www.2600.com/hacked_pages/ or http://defaced.alldes.de. Be forewarned, however, that some of the hacked pages may contain pornographic images.

(Sanjay Kumar/[email protected])

15. In 1965, Intel cofounder Gordon Moore was preparing a speech and made a memorable observation. When he started to graph data about the growth in memory chip

performance, he realized there was a striking trend. Each new chip contained roughly twice as much capacity as its predecessor, and each chip was released within 18–24 months of the previous chip. In subsequent years, the pace slowed down a bit, but data density has doubled approximately every 18 months.