White
Hat Hackers (Continuation of previous Article)
A white
hat hacker is a computer security specialist who breaks into protected systems
and networks to test and asses their security. White hat
hackers use their skills to improve security by exposing
vulnerabilities before malicious hackers(known as black hat hackers) can detect and
exploit them. Although the methods used are similar, if not identical, to those
employed by malicious hackers, white hat hackers have permission to employ them
against the organization that has hired them.
Ethical hackers—which are more popularly known as white hats, white
hat hackers, sneakers, or even white knights—are information and cyber
security specialists who are well-versed in system examination,
penetration testing, and many other network analysis approaches that guarantee
the safety and integrity of many a company's information system. The sneakers
appellation in particular refers to white hats who are actually employed by
companies or organizations as network security professionals of sorts.
In fact, the National Security Agency (NSA) offers
certifications to these hackers such as the CNS 4011, which covers
professional and principled hacking techniques and team management. On that
note, an entire group of these experts are referred to by the CNS 4011 as red
teams or tiger teams if they're acting as aggressors or invaders, and as blue
teams if they're acting as defenders or patch makers.
These network security researchers and specialists may use a multitude
of approaches in order to implement their different penetration or
system integrity tests, which may include hacking tools, social engineering
tactics, and attempts to avoid standard security measures in order to obtain
access to supposedly secured areas for the sake of finding weaknesses in a
given safeguarding scheme.
What's more, a white hat mainly breaches security for good-intentioned
and non-malicious ends; for example, white hats are usually assigned by a
company or vendor in order to test the strength of its security system.
These are the type of hackers that enjoy the never-ending pursuit of knowledge
and improving the overall capabilities of applications and operating systems by
picking them apart and putting them back together again. The white hat's talent
in penetrating systems and bypassing security protocols are mostly used for the
betterment of these very programs and databases, so they usually end up
becoming legitimate professionals or consultants in the cyber or IT security
industry. In fact, the word "hacker" used to include ethical hackers
in its definition until pop culture popularized the infamous image of malicious
hacker invaders as the only true "hackers". Of course, a hacker may
not be someone involved with data or network security at all, which just goes
to show how complicated and all-encompassing the term truly is.
A hacker's stance on proper disclosure of security
vulnerabilities further disambiguates him from being a black hat, white
hat, or grey hat as well. More to the point, a white hat is willing
to create and publish exploits to demonstrate how critical a flaw is, which
will in turn force the vendor to work with him in order to correct the security
hole instead of letting it languish until an enterprising black hat actually
bothers to take advantage of it. The ethical hacker's ultimate objective is to
make systems safer, even to the point of "blackmailing" a developer
to release a patch through the possibility of public disclosure.
Tactics
Denial-of-service attack
In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource
unavailable to its intended users. Although the means to carry out, motives
for, and targets of a DoS attack may
vary, it generally consists of efforts to temporarily or indefinitely interrupt
or suspend services of a host connected to the Internet.
Perpetrators of DoS attacks typically target sites or services hosted on high-profile web
servers such as banks, credit
card payment gateways, and even root
name servers. This technique has now seen extensive use in certain games, used
by server owners, or disgruntled competitors on games. Increasingly, DoS
attacks have also been used as a form of resistance. DoS they say is a tool for
registering dissent. Richard Stallman has stated that DoS is a form of 'Internet Street Protests’.[1] The term is generally used relating to computer
networks,
but is not limited to this field; for example, it is also used in reference to CPU resource management.[2]
One common method of attack involves saturating the target
machine with external communications requests, so much so that it cannot
respond to legitimate traffic, or responds so slowly as to be rendered
essentially unavailable. Such attacks usually lead to a server
overload.
In general terms, DoS attacks are implemented by either forcing the targeted
computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or
obstructing the communication media between the intended users and the victim
so that they can no longer communicate adequately.
Denial-of-service attacks are considered violations of the Internet Architecture Board's Internet
proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute
violations of the laws of individual nations.
Social engineering (security)
Social engineering, in the context of information
security, refers to psychological manipulation of people into performing actions or divulging confidential
information. A type of confidence trick for the purpose of information gathering, fraud, or system access,
it differs from a traditional "con" in that it is often one of many
steps in a more complex fraud scheme.
The term "social engineering" as an act of psychological
manipulation is also associated with the social sciences, but its usage has
caught on among computer and information security professionals.[1]
White hat bias is a phrase coined by public health researchers David
Allison and Mark Cope to
describe “bias leading to the distortion of information in the service of what
may be perceived to be righteous ends”.[1]
This initial paper contrasted
the treatment of research on the effects of nutritively-sweetened beverages and breastfeeding on obesity. They contrasted evidence
which implicated these behaviors as risk and protective factors (respectively),
comparing the treatment given to evidence for each conclusion. Their analyses
confirmed that papers reporting null effects of soft drinks or breast-feeding
on obesity were cited significantly less often than expected, and, when cited,
were interpreted in ways that mislead readers about the underlying finding.
Positive papers were cited more frequently than expected. For instance, of
207 citations of two papers finding no effects of sugared soft drink
consumption on obesity, the majority of citations (84 and 66%) were misleadingly
positive. Allison and Cope explained this bias in terms of "righteous
zeal, indignation toward certain aspects of industry", and other factors.
Faculty Name: BharatiSali
Brindavan
College of MBA/MCA,Bangalore
No comments:
Post a Comment