Question

Penetration testing is also known as ethical hacking. Distinguish white, grey and black hat hackers, from the professional, ethical hacker. In your answer state the extent to which ethical hackers might be the same as or different to white hat hackers.

present an introduction (or background) about the case study ;

include at least two ethical theories to support your answer (2 x 5 marks);

Include examples of professional Codes of Ethics to support your answer ;

present a conclusion that briefly outlines your point of view ; and

ensure that your essay is well written and structured .

Answer 1

Ethical hacking is a way of analysing the data security structure and provide the security systems to fix the weak points.

Some of the IT professionals are penetrate security system to fix the weak points. These hackers are called white hat hackers or ethical hackers.

The white hat hackers, grey hat hackers and black hat hackers from the professional of ethical hacker as follows:

Black Hat Hacker:

• A Person or a group of people trying to find the computer security vulnerabilities and exploit them for personal financial gain or other malicious reasons, they are called the Black Hat Hacker.
• The Black Hat Hackers are criminal hackers from white hat and grey hat hackers.
• The Black Hat Hackers can cause more damage on any computers. They can hack the organizations computers also.
• The Black Hat Hackers steal the information from the computers. The information is related to the employee information or financial information. The collecting of information is from individual computers or from large organizations.
• The Black Hat Hackers can alter the computer system configuration such as implanting malwares.

White Hat Hacker:

• The White Hat Hackers are also called as ethical hackers. The White Hat Hackers only seek vulnerabilities or exploits, if they are legally permitted.
• A white hat hacker is an individual who uses hacking skills to identify the security vulnerabilities in hardware, software and networks.
• The White Hat Hackers are security specialists, they use the hacking techniques to identify the security flaws that black hat hackers may exploit.

Grey Hat Hacker:

• The Grey Hat Hackers are fall in between the white hat hackers and black hat hackers on the moral spectrum.
• There are flexible about the rules to operate the system.
• The Grey Hat Hackers will improve the system security and network security.
• The Grey Hat Hackers exploits the security weakness in the computer system.

Introduction about the case study:

The Ethical hacking is a way of analysing the organisation data security structure. It includes the services such as,
• Application Testing
• Local Network Testing
• Wireless Security

Many business organisations are facing problem with the cyber-crimes. The organisation are faced with the challenge of dealing with complex security requirements. Some of the business organisations are better prepared in the case of cyber-attacks. Many organisations are hiring the professionals help to secure their networks.

The two ethical theories are as follows:

i)

The white hat hackers are the counterpart of a black hat. They use the same techniques to test and bypass the system security. They do not take the advantages of any vulnerability found. They provide the action and give the advice to the organisation about the system security and helps to improve the overall security.

In the case of computer security, the ethical hackers are used some of the tools and techniques to security the organisation. They would neither damage the target systems nor steal the information. They just check the target systems and send the report about the vulnerabilities they found and give the instructions how to avoid them.

They may do their research on open source software, as well as on software or systems that they own or that they have been authorized to investigate, including products and services that
operate bug bounty programs.

ii)

The ethical hacking needs to be planned for any IT or security projects. The planning is most important for any amount of testing even a simple password cracking test.

The social engineering and denial of service attacks are dangerous, this may lead to the loss of data integrity, loss of data and bad publicity.

Many security assignment tools are focus on specific tests but no one tool can test for everything.

Examples of professional codes of ethics:

The organization nature and characteristics are required to understand and ensure to know them before performing any ethical hacking. This information helps handle the sensitive and confidential information.

The transparency with the client is important to ensure that the client knows what is going on and data is safe and protected.

Analyse the sensitive and confidential information, ensure do not violate laws and rules. Take care to handle personal information and financial or proprietary information.

Conclusion:

The security of the organisation is analysing and testing from time to time. So, the business structure or an organisation structure changing and updating data by day. The environment comprising of security, policies and changing technologies involving complex interactions and interoperations.