What is Ethical Hacking
Ethical hacking refers to the act of locating weaknesses and vulnerabilities of computer and information systems. By duplicating the intent and actions of malicious hackers. Ethical hacking is also known as penetration testing, intrusion testing, or red teaming. An ethical hacker is a professional security expert who applies their skills for the defensive purposes on the behalf of the owner(s) of the information system or an organization. because they are people who break into the system ethically and legally. ethical is defined as “an individual who is employed with a organization And can be trusted to undertake a network and information systems using the same methods and techniques. (which the normal hacker uses”.)
Hackers are of three types:
- white hat hacker: They are the hackers, who use their skills for defensive and security purpose.
- Black hat hacker: They are the hackers, who use their skills for the criminal activities.
- Grey hat hacker: They are the hackers, who mostly follow the law but sometimes cross the line and steps into the dark side of the internet.
The attacks used to hack systems:
- Denial of Service (DoS/DDoS). attack by flooding the system with useless traffic that is intended to push the system to collapses. Many DoS attacks exploit limitations in Transmission Control Protocol/Internet Protocol (TCP/IP)protocols. A Distributed Denial of Service (DDoS) assault is an endeavor to make an online administration inaccessible by overpowering it with activity from different sources.
- Keylogger: a computer program that records each keystroke made by a computer user, particularly with a specific end goal to increase fake access to passwords and other secret data.
- Waterhole attack is a computer attack strategy in which the affected one is a specific group i-e organization or industry. In this attack, the hacker observes or seeks the websites which the group often uses or visits. Their goal is to infect the targeted user’s computer and gain access to the network at the target’s place.
- Fake WAP: hackers have become brilliant and they can extend a fake remote or wireless access point to get you connected. After you get associated or connected with this open WAP, the hacker can
then access all of your information effectively as your device will be associated with their system.
- Eavesdropping (Passive Attacks): Eavesdropping is the unauthorized real-time interception of a private communication. The objective of this attack or the hacker doing the attack. Is to pick up the data that is being transmitted in a message to pick up a edge on the other party.
- Phishing: Phishing is one of the most generally utilized hacking strategies as a part of the web world.
of the fact that there are numerous efforts to establish safety that now avoid phishing. Still hackers utilize this strategy to get your information. In this system, the hacker tries to track the destinations that the client visits the most. At that point, he makes a fake connection and makes the client click that connection which is just a spoof. Through this, infection or trojan can come into your system or the programmer can access your own points of interest.
Besides these technique’s there are several others also like virus and Trojan, clickjacking attacks, Cookie theft and Bait and Switch etc. techniques usually adopted by hackers.
So for ethical hacking, the ethical hacker must know these attacks and be able to stop these type of attacks.