Every Ethical Hacker must abide by a few basic commandments. If not, bad things can happen. I've seen these commandments ignored of forgotten when planning or executing Ethical Hacking tests. The results weren't positive.
Working Ethically
The word Ethical in this context can be defined as working with high professional morals and principles. Whether you're performing Ethical Hacking tests against your own systems or for someone who has hired you, everything you do as an Ethical Hacker must be aboveboard and must support the company's goals. No hidden agendas are allowed!
Trustworthiness is the ultimate tenet. The misuse of information is absolutely forbidden. That's what the bad guys do.
Respective Privacy
Treat the information you gather with the utmost respect. All information you obtain during your testing - from Web-application log files to clear-text passwords - must be kept private. Don't use this information to snoop info confidential corporate information or private lives. If you sense that someone should know there's a problem, consider sharing that information with the appropriate manager.
Tip :- Involve others in your process. This is a "watch the watcher" system that can build trust and support your Ethical Hacking projects.
Not Crashing Your Systems
One of the biggest mistakes I've seen when people try to hack their own systems is inadvertently crashing their systems. The main reason for this is poor planning. These testers have not read the documentation or misunderstand the usage and power of the security tools and techniques.
You can easily create DoS conditions on your systems when testing. Running too many tests too quickly on a system causes many system lockups. I know because I've done this! Don't rush things and assume that a network or specific host can handle the beating that networks scanners and vulnerability assessment tools can dish out.
Many security assessment tools can control how many tests are performed on a system at the same time. These tools are especially handy if you need to run the tests on production systems during regular business hours.
You can even create an account or system lockout condition by social engineering someone into changing password, not realizing that doing so might create a system lockout condition.
What Hackers Knows
- Phishing
- anonymity
- SQL Injection
- Hex Editing
- Key logger
2. Anonymity - Anonymity is the state when nobody knows who you are on the Internet.
This State is used by Hackers Worldwide to perform their activities so that no one can trace them.
3. SQL Injection - SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
4. Hex Editing - A hex editor (or binary file editor or byte editor) is a type of computer program that allows for manipulation of the fundamental binary data that constitutes a computer file. The name 'hex' comes from 'hexadecimal': a standard numerical format for representing binary data. A typical computer file occupies multiple areas on the platter(s) of a disk drive, whose contents are combined to form the file. Hex editors that are designed to parse and edit sector data from the physical segments of floppy or hard disks are sometimes called sector editors or disk editors.
5. Key logger - A key logger is a type of surveillance software (considered to be either software or spyware) that has the capability to record every keystroke you make to a log file, usually encrypted. A key logger recorder can record instant messages, e-mail, and any information you type at any time using your keyboard.
No comments:
Post a Comment