These two Case Studies come from a National Center on Case Studies. I think that a case study approach is very useful in applying knowledge and this is what makes….
Ethical hacking is an emerging tools used by most of the organizations for testing network security. The security risks and vulnerabilities in a network can be recognized with the help of ethical hacking. This research completely concentrates on ethical hacking, problems that may occur while hacking process is in progress and various ethical hacking tools available for organizations. Information is the important source for any organizations while executing business operations. Organizations and government agencies have to adopt ethical hacking tools in order secure important documents and sensitive information (Harold F.
Tipton and Micki Krause, 2004).
Ethical hacker professionals have to be hired in order to test the networks effectively. Ethical hackers perform security measure on behalf of the organization owners. In order to bring out the ethical hacking efforts perfectly a proper plan must be executed. Ethical hacking has the ability to suggest proper security tools that can avoid attacks on the networks. Hacking tools can be used for email systems, data bases and voice over internet protocol applications in order to make communications securely.
Ethical hacking can also be known as penetration testing which can be used for networks, applications and operating systems (Jeff Forristal and Julie Traxler, 2001). Using hacking tools is a best method for identifying the attacks before it effect the entire organization. Ethical hackers are nothing but authorized users for the sensitive information or networks of an organization. Using hacking techniques for handling employees in organization and for solving critical judicial cases is not a crime. An ethical hacker use same tools and actions as performed by normal hacker.
The main aspect in ethical hacking is that target permission is essential for performing hacking on the information. Ethical hacking can be used while performing security audits in the organization (Kevin Beaver, 2010). Thus, ethical hacking can help in testing the networks by finding out various vulnerabilities. In ethical hacking, a user will get permission to access the important data.
Aims and Objectives Aim To investigate the importance of ethical hacking and its implementation in organizations Objectives * Finding the importance of ethical hacking tools * Understanding the ethical hacking process Implementing ethical hacking tools in an organization Purpose of Study The main of this research is to recognize ethical hacking tools that can be used in organizations and government agencies. Testing the networks is essential in order to maintain security for the organizational information. The difficulties in networks have to be recognized by the security professional so that they can be solved before effecting the organization operations (James S. Tiller, 2005). This research also focuses on carrying out the ethical hacking tools in a particular organization.
The advantages of using ethical hacking in business firms can be evaluated by this study. Ethical hacking tools can be implemented in various fields of applications. Various security professionals can be efficient in ethical hacking tools by undergoing a training process. Another major intension of this research is to identify the importance of ethical hacking professionals in providing security to the networks. (Nina Godbole, 2008). Thus, this research entirely focuses on ethical hacking tools which can be implemented for testing the networks.
Research Context This research on ethical hacking can be very useful to many organizations as it can provide clear idea about hacking tools. Security professionals and normal users have to be trained well in order to use hacking tools. The importance of ethical hacking while solving many judicial cases can be identified with the help of this research. Management of an organization can be benefited largely through implementing hacking tools. Hacking tools implementation process can be understood with the help of this research (Ronald L.
Krutz and Russell Dean Vines, 2007). Network security or data security engineers in organization will come to know about new ethical hacking methods and techniques that are available in the present market by concentrating on this research. The concepts in this study provide knowledge related to security improvements. Business users can hack the data in order to use it for the purpose of evaluating a correct process. Management has to take precautionary measures while allowing the professional to hack ethically because data may be misused (Rajat Khare, 2006).
Scholars who concerned with information security can take the help of this study for attaining the knowledge on hacking systems. Many organizations are encouraging ethical hacking professionals in order to control their business operations effectively. Email systems, data bases and communication applications can avoid or identify attacks by adopting the hacking tools. Malicious attacks on the information or software can be prevented by implementing this research while using ethical hacking tools.
The organizations that concerned with security in networks have to use ethical hacking tools (Greg Meyer and Steven Casco, 2002). Hence from the above discussion it can be understood that, business firms, investigating agencies, government systems and web users can make use of this research to achieve the important information in authorized manner. Chapter 2:Literature Review Ethical Hacking and its importance The word hacking is defined as an illegal use of the other’s computer system or the network resources. Hacker is the term which is formerly meant for the skillful programmer.
This is mostly found in the countries like United States and many other countries. The word hacker refers to the names of the persons who enjoys the work in learning the details of the computer systems and stretch the capabilities from the system (Rajat Khare, 2006). The system of hacking describes the fast improvement in the new programs that make the codes for the providing a better security to the system with more efficiency. The word cracker also belongs to the same field it make use of the hacking skills for the unlawful purposes like email id, intruding into other’s system.
Hacking is of different types such as back door hacking, viruses and worms, Trojan horses, Denial of Services, anarchists, crackers, kiddies and ethical hacking (Kevin Beaver, 2010). In the types of hacking system one of the most common hacking is ethical hacking. This is defined as the services that provides the securities for the customer’s networks, information assets and identifies the vulnerabilities to maintain the reputation of the corporate sectors before it exploit the company. This type of the hacking system provides the high securities to the customer’s methodologies and techniques to yield high qualities of infrastructures.
The ethical hacking system includes some of the service like: * Application Testing * War Dialing * Network Testing * Wireless Security * System Hardening Application Testing This is an uncover design or the logic flaws which result in the compromising with the unauthorized accessing of the systems, networks, applications or the information regarding the systems. This application testing is used for investigating and identifying the extent and the criticality of the problems exposure to the thick client (Java) and thin client (web browsers) applications.
This application testing includes the services like client-side application testing and web application testing’s (Joel Scambray, Mike Shema and Caleb Sima, 2006). The client-side application testing is the process of developing the software that is used for the measuring the integrated security into the client software constituents. In this system this testing application is based on the gathering of the information by observer using the reverse engineering system. War Dialing This is one of the services that are provided by ethical hacking.
War dialing is a method of dialing a modem number to identify open modem connection that supplies access in a remote way to a network for targeting a particular system (Kimberly Graves, 2007). This word is originated from the day the when the internet has come into the existence in most of the companies. This follows the method of scanning to find the strength of the network connection. The tools of War dialing work on the concept that organizations do not pay attention to dial-in ports like they do towards the firewalls. Network Testing
The networking testing services of the ethical hacking provides the information on the exposures of the network, services, and solutions on the convergence, protocols and system devices including the virtual private network technologies. This testing process includes a number of constitutes in external and internal devices. It also analyzes the applications of the voice over Internet protocol within the environment of the organization (Greg Meyer and Steven Casco, 2002). The main goal of the network testing application is to make obvious demonstration of the political effects on its development.
By making use of this application into the organization, it provides a complete enlightenment to the work for determining the result in the organization. Wireless Security Wireless security services measures the security in the available architecture to provide a guidelines to ensure the system integrity and accessibility of the resources. The working of wireless security is based on the three phases. In the first phase of the operation it identifies the activeness of the wireless networks (Cyrus Peikari and Seth Fogie, 2003).
The team of the ethical hacking demonstrates the exposure to the attackers with the space in the wireless network. In the seconds phase of this system it implements a normal users to evaluate the measures of the security that secures the infrastructures of the organization to control the accessing of the devices. During the third phase the team will try to utilize the discovered threats to gain access on other networks. This provides the security in wireless local area network, virtual private network, intrusion detection system and wireless public key infrastructure.
System Hardening The system hardening stresses on the network vicinity. Security is the prime factor that determines the level of integrity of the information and resources used in the computing. Effective deployment of the security controls unauthorized, accidental disruption if resources in information technology (Kevin Beaver and Peter T. Davis, 2005). The system hardening assessment is complemented in three phases. The ethical hacking team will analyze the network to identify the loop holes in security updates and other frequent security defects.
Scanning of the remote access devices is done for finding out the vulnerabilities. The configuration vulnerabilities and missing security updates are determined in the initial phase. In the second step the host operating system is examined to determine the services available for remote users and their level of impact. All the TCP/IP services and also the Telnet, FTP, Send-mail, DNS and others are tested (James S. Tiller, 2005). The packet fragmenting and loose source routing are used in an attempt to bypass filtering routers and firewalls.
The last phase is complicated as the team uses the information gathered from the first two steps to mine the weaknesses and threats that were identified to gain access to the host system. Before the start of the three steps the boundaries for actions and events are determined. Hence from the above context it can be stated that ethical hacking is a methodology that is used for gathering the information on the hacker. The ethical hacker is the expert who is hired by an organization to solve the problems related to hacking in their network and computer system.
Need for Ethical Hacking The process of employing someone to hack ones company is ethical hacking. Ethical hacking is one of the tools that are used to judge the security programs of the organizations. It is also referred as penetrating testing, red teaming, intrusion testing, vulnerability and even security judgments. Each one these has different meanings in different countries. Hacking is also described as new development of the existing programs, software and code. It makes them better and more efficient (James S. Tiller, 2005).
Ethical hacker can know the details of computer while hacking and become the security professional. It involves in foot-printing, scanning, tacking all the secured information. Ethical means a philosophy with morality. Hackers hack systems to detect dangerous, unauthorized access and misuse (Shon Harris, Allen Harper, Chris Eagle and Jonathan Ness, 2007). Threat and vulnerability are the two dangers the hacker has to face. The hacking report must be confidential as it should face the organizations security risks. If this goes wrong in any way the organization results in fatal, penalties and loss.
For example: computer crime is done by misuse of their hacking skills. The need to hack is for catching the thief. Ethical hacking is the correct method to make your computers work properly (Kevin Beaver, 2010). Ethical hacker needs higher level skills compared to penetration testing. Penetration testing is same as ethical hacking but the hacker uses the penetrating tools and tests the security danger. Ethical hacking is known as “White Hat” in some of the literature. It tests both the security and protective issues whereas penetrating test mainly leads with the security issues (Asoke K. Talukder and Manish Chaitanya, 2008).
Some of the websites and companies offer the training, but they cannot be created they are self-made. Various types of testing need different types of software’s and tools. Game freaks use hacking technology in order to win the game. Hackers will discover many ways to hack like trial and error method, operating systems, online and determining the threats. Ethical hacking is done by hackers on behalf of the owners, and in normal hacking they use their skills for personal use (Debra Littlejohn Shinder and Micheal Cross, 2008).
Cyber terrorism includes common hacking techniques such like viruses, email bombs and natural disasters. Thus ethical hacking is done by hackers on owner’s request. Mainly this is seen in corporate companies and organizations. Ethical hacking techniques are used for game cheat codes, hacking accounts and other for good result. Majorly used for fight against cyber terrorism and to take preventive action on hackers Types of ethical hackings Ethical hackers use various methods for breaking the security system in the organizations in the period of cyber attack.
Various types of ethical hacks are: Remote Network: This process in especially utilized to recognize the attacks that are causing among the internet. Usually the ethical hacker always tries to identify the default and proxy information in the networks some of then are firewalls, proxy etc. Remote dial up network: Remote dial up network hack identify and try to protest from the attack that is causing among the client modern pool. For finding the open system the organizations will make use of the method called war dialing for the representative dialing.
Open system is one of the examples for this type of attacks. Local Network: local network hack is the process which is used to access the illegal information by making use of someone with physical access gaining through the local network. To start on this procedure the ethical hacker should ready to access the local network directly. Stolen Equipment: By making use of the stolen equipment hack it is easy to identify the information of the thefts such as the laptops etc. the information secured by the owner of the laptop can be identified (Kimberly graves, 2007).
Information like username, password and the security settings that are in the equipment are encoded by stealing the laptop. Social engineering: A social engineering attack is the process which is used to check the reliability of the organization; this can be done by making use of the telecommunication or face to face communication by collecting the data which can be used in the attacks (Bryan Foss and Merlin Stone, 2002). This method is especially utilized to know the security information that is used in the organizations.
Physical Entry: This Physical entry organization is used in the organizations to control the attacks that are obtained through the physical premises (Ronald l. Krutz and russel dean Vines, 2007). By using the physical entire the ethical hacker can increase and can produce virus and other Trojans directly onto the network. Application network: the logic flaws present in the applications may result to the illegal access of the network and even in the application and the information that is provided in the applications.
Network testing: In this process it mainly observes the unsafe data that is present in the internal and the external network, not only in the particular network also in the devices and including the virtual private network technologies Wireless network testing: In this process the wireless network reduces the network liability to the attacker by using the radio access to the given wireless network space. Code review: This process will observe the source code which is in the part of the verification system and will recognize the strengths and the weakness of the modules that are in the software.
War dialing: it simply identifies the default information that is observed in the modem which is very dangerous to the corporate organizations. Techniques and tools required for ethical hacking Ethical hacker needs to understand how to find the network range and subnet mask of the target system. IP addresses are used to locate, scan and connect the target systems. Ethical hacker also should find out the geographical location of target system.
This can be done by tracing the messages that are sent to destination and the tools used are traceroute, Visual route and NeoTrace to identify the route the target (Kimberly Graves, 2007). Ethical hacking should use right tools or else task accomplishment of task effectively is difficult. Many security assessment tools will produce false positive and negative or may they even miss susceptibility to attacks. In case of tests in case of physical security assessments they miss weakness. In order for ethical hacking specific tools have to be used for the task chosen.
The easier the ethical hacking will become if many tools are used. The right tool must be used at right place. The characteristics in tools for ethical hacking is it should have sufficient document, detailed reports should be there on the discovered attacks regarding their fixing and explosion, Updates and support. The general tools used for ethical hacking in case to find passwords are cracking tools such as LC4, John the Ripper and pwdump (Bragg, Mark Phodes Ousley and Keith Strassberg, 2004).
The general tools like port scanner like SuperScan cannot be used to crack passwords. The Web-assessment tools such as Whisker or WebInspect tools are used for analysis of Web applications in depth. Whereas network analyzer tools such as ethereal cannot give good results. While using the tools for any particular task it is better to get feedback from the simple Google searches such as SecurityFocus. com, SearchSecurity. com and Itsecurity. com will give nice feedback from the other security experts which makes ethical hacking easy and to select the right tool.
Some of the commercial, freeware and open source security tools are Nmap (Network Mapper), Etherpeek, SuperScan, QualysGuard, WebInspect and LC4, LANguard Network Security Scanner, Network Stumbler and ToneLoc. The capabilities of many security and hacking tools are often misunderstood, such as SATAN (Security Administrator Tool for Analyzing Networks) and Nmap. The other popular tools used in ethical hacking are Internet scanner, Ethreal, Nessus, Nikto, Kismet and THC-Scan (Kevin Beaver, 2007).
Cain and able is a ethical tool used for recovery of windows UNIX problems. This is only password recovery tool handles an enormous variety of tasks. It can recover the password by sniffing the network, cracking the encrypted passwords using Dictionary and Cryptanalysis, recording VoIP conversations, decoding scrambled passwords, revealing the password boxes, uncovering cached passwords and analyzing routing protocols. Ethereal is a fantastic open source tool used as network protocol for UNIX and Windows.
It allows examining the data which is present in disk or file and can capture the data. This is also known as Wire shark. It has many powerful features which have very rich display filter language and ability to view the TCP session. Another cracking tool Aircrack is the fastest available cracking tool (John Hyuk Park, Hsiao-Hwa Chen and Mohammed Atiquzzaman, 2009). Thus proper tools and techniques has to be used for better hacking and it will be easier by using more and more tools required.