Defining Ethical Hacking:
Ethical hackers must always act in a professional manner to differentiate themselves from malicious hackers. Gaining the trust of the client and taking all precautions to do no harm to their systems during a pen test are critical to being a professional. Another key component of ethical hacking is to always gain permission from the data owner prior to accessing the computer system. This is one of the ways ethical hackers can overcome the stereotype of hackers and gain the trust of clients.Division of Hackers:
White Hat : White-hat hackers are usually security professionals with knowledge of hacking and the hacker tool-set and who use this knowledge to locate weaknesses and implement countermeasures. White-hat hackers are prime candidates for the exam. White hats are those who hack with permission from the data owner.
Black Hat : They break into or otherwise violate the system integrity of remote systems, with malicious intent. Having gained unauthorized access, black-hat hackers destroy vital data, deny legitimate users service, and just cause problems for their targets.
Grey Hat : These hackers may just be interested in hacking tools and technologies and are not malicious black hats. Gray hats are self-proclaimed ethical hackers, who are interested in hacker tools mostly from a curiosity standpoint. They may want to highlight security problems in a system or educate victims so they secure their systems properly. These hackers are doing their “victims” a favor. For instance, if a weakness is discovered in a service offered by an investment bank, the hacker is doing the bank a favor by giving the bank a chance to rectify the vulnerability.
The difference between white hats and gray hats is that "permission" word.
Goals to Achieve :
Goal of a hacker is to exploit vulnerabilities in a system or network to find a weakness. To do so hackers follow many ways to get the control over systems.Live examples-1: Denial-Of-Service (DOS)
(DoS) attack, a hacker attacks the availability elements of systems and networks. Although a DoS attack can take many forms, the main purpose is to use up system resources or bandwidth. A flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to legitimate users of the system.
Information theft, A bit-flipping attack, MAC address spoofing etc...
Integrity: The second goal of network security is Integrity. Integrity aims at maintaining and assuring the accuracy and consistency of data and it makes sure that the information is accurate and reliable and is not changed by an unauthorized persons or external hackers.
Availability: The third goal of network security is Availability. Availability in network security is to make sure that the Data, Network Resources or Network Services are continuously available to the legitimate users. Availability ensures that Data, Network Resources or Network Services are available to the legitimate users when required.
Authenticity: The fourth goal of network security is Authenticity. Authenticity does not allow the unauthorized device from connecting to the network.
Tip: Goals to achieve ( Confidentiality, Integrity, Availability and Authenticity).
For more topics in-detail please follow below topics:
- Ethical Hackers skill set
- Ethical Hacking Terminology
- Phases of Ethical Hacking
- Identifying types of Hacking technologies
- Identifying types of Ethical Hacking
- Understanding Testing types
- How to be Ethical
- Cyber laws
