Ethical hacking

In the last decade the Internet spread like no-one anticipated. A lot of information was moved to the Internet. Almost everything is being digitalized: information is being stored in various databases, services are being performed over the Internet, we’re even paying bills from our computer, etc. But in all this craze, we can ask ourselves one question: what about security?

With expansion of the Internet we gained a lot, but we also opened a door to intruders. Ethical hacker is a computer and network specialist, who with his knowledgetries to discover vulnerabilities in a system before the black hat hacker does. Ethical hacker is also called a white hat hacker. The term comes from old western movies, where the good cowboys wore white hat, and bad cowboys the black one. The difference between white and black hats is that the white hats use their knowledge to try to penetrate the system for the company to benefit from it by patching their systems, rather than using the information for personal use.

Usually a party or a company hires a certified ethical hacker – Certified Ethical Hacker, who does a penetration test for them. A penetration test consists of collecting data about the customer’s network, scanning the network for used applications, directly attacking identified applications, maintaining access and generating a report. The last phase, generating a report is the most important one, because that is the result of a penetration test and is what a company gets at the end, and by which the work of a penetration tester is evaluated. The company actually don’t even realize there are multiple phases of a penetration test, but only gets a report, which presents the work of a penetration tester.

To sum up, we can say that the difference between white and black hats is merely in the permit if if they have the permission to do the penetration test or not. We can also say, that white hats are in advantage, because they work in a security company, which pays for additional trainings to extend they knowledge, while the black hats have to learn everything by themselves. They also have access to resources, like various high tech devices, new technologies, etc. But white hats are also in disadvantage, because they have
restrictions when performing a penetration test, whereas black hats can do whatever they want. White hats are limited to the attacks specifically
mentioned in contract, so they can’t use all available attacks like black hats can, for example the DDOS attack. With that in mind, we don’t always report
back the realistic risk and destruction the black hats can cause. But we can make a pretty good estimation.

Posted by Dejan Lukanon20.11.2011