Tuesday, April 5, 2011

hacking & ethics !!!

WHST IS HACKING ?????

Hacking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.)

Hacking is a felony in the United States and most other countries. When it is done by request and under a contract between an ethical hacker and an organization, it's OK. The key difference is that the ethical hacker has authorization to probe the target.

We work with IBM Consulting and its customers to design and execute thorough evaluations of their computer and network security. Depending on the evaluation they request (ranging from Web server probes to all-out attacks), we gather as much information as we can about the target from publicly available sources. As we learn more about the target, its subsidiaries and network connectivity, we begin to probe for weaknesses.

Examples of weaknesses include poor configuration of Web servers, old or unpatched software, disabled security controls, and poorly chosen or default passwords. As we find and exploit vulnerabilities, we document if and how we gained access, as well as if anyone at the organization noticed. (In nearly all the cases, the Information Syhstems department is not informed of these planned attacks.) Then we work with the customer to address the issues we've discovered.

The number of really gifted hackers in the world is very small, but there are lots of wannabes.... When we do an ethical hack, we could be holding the keys to that company once we gain access. It's too great a risk for our customers to be put in a compromising position. With access to so many systems and so much information, the temptation for a former hacker could be too great -- like a kid in an unattended candy store.

THE ETHICAL HACKER!!

An Ethical Hacker is one name given to a Penetration Tester. An ethical hacker is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. Illegal hacking (i.e.; gaining unauthorized access to computer systems) is a crime in most countries, but penetration testing done by request of the owner of the targeted system(s) or network(s) is not.

A Certified Ethical Hacker has obtained a certification in how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a hacker.

The exam code for C|EH is 312-50. The certification is in Version 7 as of 14th March 2011.

The EC-Council offers another certification, known as Certified Network Defense Architect (C|NDA). This certification is designed for United States Government Agencies, and is available only to members of selected agencies. Other than the name, the content of the course is exactly the same.
While some tenets of hacker ethic were described in other texts like Computer Lib/Dream Machines (1974) by Theodor Nelson, Levy appears to have been the first to document and historicize both the philosophy and the founders of the philosophy.

Levy explains that MIT housed an early IBM 704 computer inside the Electronic Accounting Machinery (EAM) room in 1959. This room became the staging grounds for early hackers as MIT students from the Tech Model Railroad Club stole inside the EAM room after hours to attempt programming the 30 tonne, 9-foot-tall (2.7 m) computer.

The boys defined a hack as a project undertaken or a product built not solely to fulfil some constructive goal, but with some wild pleasure taken in mere involvement.[1] The term “hack” arose from MIT lingo as the word had long been used to describe college pranks that MIT students would regularly devise.

The Hacker Ethic was a “new way of life, with a philosophy, an ethic and a dream”. However, the elements of the Hacker Ethic were not openly debated and discussed, rather they were accepted and silently agreed upon.[2]

Free and open source software is the descendant of the hacker ethics that Levy described. The hackers who hold true to this hacker ethics—especially the Hands-On Imperative—are usually supporters of free software and/or open source software. This is because free and open source software allows hackers to access the code used to create the software to improve or reuse it. In effect the free and open source software movements embody all of the hacker ethics.[citation needed] However, Levy's hacker ethic also has often been quoted out of context and misunderstood to refer to hacking as in breaking into computers, and so many sources incorrectly imply that it is describing the ideals of white-hat hackers. What Levy is talking about, however, does not have anything to do with computer security.

BY : D.Chaitanya kumar (ee09b084)

No comments:

Post a Comment