Introduction to Ethical Hacking 3

Know the Trade - Ethical Hacking and Penetration Testing

Want to learn more about the steps of ethical hacking?

Ethical Hacking Steps

Hackers can target many different platforms, operating systems, and hardware yet the methodology stays remarkably similar. The steps involved in hacking generally involve:

1. Footprinting

2. Scanning and Enumeration

3. System Hacking

4. Plant Rootkits and Backdoors

5. Covering Tracks

6. Expanding Influence

An ethical hacker needs skills in these steps and items such as sniffing, session hijacking, Trojans, fuzzing, and buffer overflows to name just a few.

Network Security and Ethical Hacking Testing

Ethical hacking is of utmost importance because of the vast amount of network traffic that is transmitted through the worlds LANs, MANs, WANs  everyday. It is not just external networks that are important but also internal network communications that needs to be checked regularly for lapses in security and potential breaches. Every organization must have controls in place to patch, update systems, and perform periodic vulnerability assessment scans. Today more and more organizations are creating positions for ethical hacking professionals to perform network testing and vulnerability assessment on a regular basis.

Penetration testing should be performed using network testing tools. These tools might include Nmap, Netcat, or even bootable Linux OS’s such as Backtrack. Such tools provide valuable information for the IT security professional such as:

* Assessing traffic sniffing and online password attacks that are occurring over the network.

* Analyzing points of vulnerability in the system is assessed to find out what areas needs to be protected from hackers and cyber criminals
* Performing ports scans, ping sweeps, and network probes are performed so that hackers are immediately identified

* Detecting malicious traffic such as ARP poisoning, TCP XMAS scans, UDP port scans and rouge DHCP server redirects

* Scanning for high order open ports assigned to Trojans and malware. These ports can include 31337 and 123456.

Periodic ethical hacking testing is very important in today’s environment where data is constantly exchanged through Internet connections that span the glob. Whether it is a simple email, downloading a file, or browsing the web, unless your network is patched, running antivirus, filtering spam and totally secure, you can never be sure of what will happen should such programs be executed inside your network. It is very easy for malicious hacker to invade your system and retrieve confidential data, if your network lacks adequate IT security or weak access controls your network could be vulnerable. Having a ethical hacking expert armed with the proper network security tools can help assess such problems and ensure that you are aware of vulnerable areas in your network infrastructure. By being aware of such vulnerabilities, you can take adequate steps to ensure that they are never brought down by intruders, hackers, and cyber criminals.

There are many network security testing programs that you can check out. These can be downloaded from the net. Just remember to get the permission of the network administrator before loading these programs on a company computer. Every hacking program has a set of functions that help you to test your network strength and also perform various analyses on network protocols. These tools are used by both the good and bad guys.

Network Security Testing and periodic penetration testing should be done on a regular basis as networks are never static. Adding new computer, expanding to different locations and adding new WAN routes can all introduce vulnerabilities and add risk. IT network security tools must be used to analyze such new vulnerabilities so that precautions can be taken to prevent unauthorized access to networks from external sources. Most of the tools you need are vailable online and can be downloaded in a couple of minutes for installation.

The Job of An Ethical Hacker

Security testing is the primary job of ethical hackers and those wanting to know the trade. These tests may be configured in such way that the ethical hackers have full knowledge, partial knowledge or no knowledge of the target of evaluation (TOE). The following pages contain resources to help you learn more. Each area is broken up into a specific aspect of the hacking event.

The best way to learn more about ethical hacking, perpetration testing and gain the skills needed to work in this field is to:

1. Learn how to program.

2. Get one of the open-source bootable Linux.

3. Learn to use the tools and basic Linux commands.

4. Learn how to use the World Wide Web and write scripts and HTML code.

5. Get certified

 

Ethical Hacking Notice

As a final note: Nothing contained on this site is intended to teach or encourage the use of security tools or methodologies for illegal or unethical purposes. Always act in a responsible manner. Make sure you have written permission from the proper individuals before you use any of the tools or techniques described within. Always obtain permission before installing any of these tools on a network.