Ethical Hacking – A Complete Guide

Ethical hacking is the science of testing your computers and networks for security vulnerabilities and plugging the loopholes you find before guys with malicious intentions get a chance to exploit them.

Ethical, for the sake of professional security testing techniques covered in this article, has been used to mean conforming to accepted professional standards of conduct. All the tests included in this text require obtaining written permission from the owner(s) of the system.

Defining Hacker

Traditionally, a hacker is someone who likes to tinker with electronic systems, software, or computers. Hackers enjoy learning and exploring new techniques on how to maneuver through a system. They are often passionate about discovering new ways to exploit vulnerabilities.

Recently, the term hacker has taken a new meaning: An individual who maliciously breaks into a network or computer system for personal gain. Hackers are, therefore, cybercriminals or crackers with ill intentions. They aim to steal valuable information, modify stored data, or delete data and code to frustrate their targets.

Many hackers strive to compromise any system that they think is highly vulnerable. Others prefer well-protected systems as it increases their ranking and status in the hacker community.

Ethical Hacking

Ethical hacking protects against hacker shenanigans. Ethical hackers possess the mindsets, skills, and tools of a hacker – and they can be trusted. Ethical hackers break into systems as a security test for the laid cyber-defense infrastructure. Penetration tests carried out on a system are legal and are only performed with the target’s permission.

Ethical hacking, also known as white-hat hacking, aims at exploring loopholes that a black-hat hacker could target. The intent is to provide the ultimate protection for a system by exploiting vulnerabilities from a malicious hacker’s viewpoint. It is a proactive risk management approach that provides for ongoing security enhancements of your system. An ethical hacker MUST, therefore, thinks as the bad-guy hacker does.

Why do you need to hack your systems?

With the rapid development in technology, there will come a time when nearly every system will be compromised to a certain degree. Therefore, there is a need to possess hacker skills to see how vulnerable and exposed your systems are. These skills will also help you to provide security for your system beyond known common vulnerabilities.

Virtual private networks (VPNs), firewalls, and encryption can provide a false sense of security. These systems only protect against high-level vulnerabilities such as traffic and viruses but do not affect hacker activity. Therefore, to provide extra security for your systems, you need to self-hack to identify and eliminate vulnerabilities before back-hats exploit them to compromise your system. This is the only certified way of hardening your security infrastructure.

You can’t protect your system from every threat unless you unplug your entire system and keep it out of reach from anyone. But it would be best if you strived to know how hackers could navigate through security systems and how to counter their activities. Ethical hackers should grow knowledge-wise, directly proportional to the rate at which black-hats expand their know-how.

Your overall goal as an ethical hacker should be as follows.

  • Use nondestructive hacking methods.
  • Identify and prove to the system owner that vulnerabilities exist.
  • Eliminate the loopholes and enhance the system’s security.

Understanding the threats to a system

it is crucial to understand the specific threats and attacks against your system as it guides how to pen-test your network security. For instance, a weak SQL Server administration password, a server hosted on a wireless network, and a default windows OS configuration may not be significant security concerns separately. However, an attempt to exploit all three vulnerabilities at once maybe lead to serious mayhem. Below is a shortlist of some of the well-known attacks that your system may experience.

  1. Network-infrastructure attacks

Hackers can quickly attack network infrastructure since they can remotely access them through the internet. Below are some of the network infrastructure attacks.

  • Exploiting an insecure 802.11b wireless configuration to piggyback onto a network.
  • Denial of service attacks by sending multiple requests to a network
  • Exploiting weaknesses in NetBIOS and TCP/IP or any other network transport mechanism with vulnerabilities.
  • Using a rogue modem attached to a computer behind a firewall to connect into a network.

  1. Nontechnical attacks

The human factor is the most significant vulnerability within any network or computer infrastructure. People can be easily manipulated. Generally, human beings are trusting in nature, and this can be exploited by hackers who lure the target to get information for malicious purposes. This type of attack or threat is referred to as a social-engineering exploit.

Another effective means of attacks are physical. They include hackers forcefully breaking in their way into computer storerooms or isolated areas with sensitive and valuable information.

Dumpster diving is also another common type of physical attack. It involves hackers rummaging through dumpsters and trash cans for valuable information, network diagrams, intellectual property, and so on.

  1. Application Attacks

Applications are a rich haven of vulnerabilities and are a target for hackers. In the last few years, web applications and e-mail server software have been one of the main attack surfaces.

  • Applications such as Simple Mail Transfer Protocol (SMTP) and Hypertext Transfer Protocol, which allow for full access from the internet due to ill-configured firewalls, are frequently attacked by hackers.
  • Junk e-mails or spam may contain malware and wreck your system’s storage space.
  • Malicious software can clog networks and can take a system down. These include Trojan horses, spyware, viruses, and worms.

Ethical hacking helps reveal the vulnerabilities in your system and expose the possible attacks against your system.

  1. Operating-system attacks

Operating systems can be found in every computer, which makes it a suitable platform to launch attacks. Hackers prefer hacking OSs due to several well-known vulnerabilities that can be easily attacked. Occasionally operating systems such as BSD UNIX or Novell NetWare get compromised as they have had out-of-box security vulnerabilities. Linux and windows have well-known vulnerabilities that are widely attacked.

Some of the attacks on operating systems include.

  • Breaking security of file-system
  • Attacking default authentication systems
  • Cracking encryption and password systems
  • Exploiting specific weaknesses within protocol implementation

Ethical Hacking Commandments

An ethical vulnerability hunt must be based on a few commandments. If not, undesirable results and consequences may arise. I have personally witnessed some of these commands being ignored during the execution of pen-tests, and I can assure you that the results are never positive.

Uphold Privacy

Let confidentiality and respect prevail in the course of executing your test. All information collected for the test must be treated with utmost privacy, from clear-text files to web-application log files. Do not use the obtained credentials to gain access to private lives or administrative platforms of corporates. If there is a need to access certain accounts, it’s more appropriate to share the information or seek permission from the account holder or manager. Ethical hacking is a “watch the watcher” process. Therefore it involves relevant persons to build trust and gain support as you execute your hacking project.

Working ethically

Hack with professionalism. As ethical hackers, we must have firm principles based on upright moral values. Ensure that your strategies and tools used are in line with the company’s security policy. Whether performing a penetration test for a personal computer or on an organization’s system, your executions should be aboveboard and support the given system’s security policy and goals. No malicious intentions are allowed.

For a good-guy hacker, trustworthiness is the ultimate tenet.  This is what differentiates you from the blackhats. How you handle sensitive information after being granted access to a computer system defines what category of hacker you are. Bad-guy hacker misuses vital data and exploits identified loopholes within the system while good-guy hacker works for the good of the system.

Not crushing your systems.

One of the main challenges most people face while hacking their systems is the risk of inadvertently crushing the system. Some hackers make this mistake due to poor planning on how to execute their tests. Before intruding into any system, proper planning is needed. Planning should encompass 90% of the process, while execution should encompass just 10%. Take ample time to read through the documentation. Understand the usage and power of the security tools and techniques you intend to use.

Running several tests at the same time may lead to a DoS condition on your system when testing. Performing many tests simultaneously can cause system lockups. I have experienced this situation firsthand. Trust me that it is frustrating to lock yourself out of your system. Do not assume that a specific host or network can handle the beating that vulnerability tools and network scanners can dish out. Be patient, know the capacity of your target system, and don’t rush things.

Most security assessment tools can adequately regulate the number of tests carried out on a system simultaneously. This regulation is vital, especially if you plan to run tests during working hours or on production systems that are always functioning.

Ethical Hacking Process

The ethical hacking process should be well-planned before execution, just like any other IT or security project. There should be a firm basis for the process where strategic and tactical issues are outlined and agreed upon. Planning is elementary for all levels of tests and should be included as part of the hacking process. It should come before any implementation. It is necessary for any test, from a simple password-cracking test to a sophisticated pen test on a web application. Below is a brief look into the five major steps that compose ethical hacking.

1. Formulating your plan

Let decision-makers know what you are doing. Inform them of your plans as this may help in obtaining sponsorship for the project.  Approval for ethical hacking is elemental, and you need someone to back you up if something goes haywire. Otherwise, there may be severe legal implications.

You need a comprehensive plan, not voluminous testing procedures. Your plan should be detailed and precise. A typical plan may include;

  • What systems are to be tested
  • Anticipated risks
  • Schedule for the tests
  • Methodology to use for every task
  • Your level of know-how about the systems before running the tests.
  • Response plan to identified vulnerabilities
  • The specific deliverables such as reports entailing countermeasures to be deployed for the given vulnerabilities deployed

I recommend that you always begin your tests with the most vulnerable systems. For example, you may start with social engineering attacks or test computer passwords before digging deep into more sophisticated systems.

Also, remember to have a contingency plan in case things go awry. What if you take down a web application while trying to assess it? This can cause a denial of service and, in return, a lowered employee productivity or system performance. In extreme situations, a mistake may cause loss of data, loss of data integrity, bad publicity, or even the entire system’s collapse.

2. Selecting tools

It is nearly impossible to accomplish any task without the right tools in place. But having all the right tools does not guarantee that you’ll find all the vulnerabilities. Identify technical and personal limitations as several security assessment tools could incorrectly identify vulnerabilities. Some tools may generate false positives, while others may miss vulnerabilities. For instance, weaknesses are often overlooked when performing a physical-security assessment or social-engineering assessment.

Always ensure that you are using the right tool for the right task.

  • For simple test such as the cracking-password test, you can use John the Ripper, pwdump or LC4
  • For more advanced analysis such as web application tests, a more sophisticated web application assessment tool such as WebInspect will be more appropriate.

Hackers often misunderstand the capability and functionality of certain hacking tools, leading to negative results. Therefore, ensure that you familiarize yourself with these complex tools before you start using them. You can achieve this by;

  1. Reading online help with your tool.
  2. Going through the user’s manual guide for your given commercial tool
  3. Formal classroom training from the security tool vendor

3. Executing the plan

Time and patience are key elements for a successful ethical hacking execution. Be extremely careful while hacking your system as the bad-guy hackers are always on the lookout for knowing what’s going on within their cyber niche or space.

It is impossible and impractical to ensure the total absence of hackers on your system before you commence your activity. Therefore, your role is to ensure that you remain as silent and private as possible. Storing or transmitting your test results may cause havoc if the wrong person accesses the results. You must keep such critical data safe by password-protecting and encrypting.

Plan execution is more of a reconnaissance mission. It would be best if you aimed at harnessing as much information as possible. Start from a broad perspective and narrow down your focus on your organization or system.

  1. Start by getting adequate background information about your organization, your network system names, and IP addresses.
  2. Narrow down your scope. Pin-point the specific systems you are targeting.
  3. Narrow your focus more, concentrate on a specific test, and execute scans and other detailed tests.
  4. If you are convinced enough after the pre-survey, perform attacks.

4. Evaluating results

Assess your results to get more in-depth know-how on what you uncovered. This is where to exercise your knowledge of cybersecurity. Analyzing the results and correlating the specific vulnerabilities discovered is a skill, and it gets better with experience. If properly done, you will have a perfect understanding of your system, better than average hackers, and as good as any other competent IT expert would.

Share your findings with the relevant stakeholders to assure them that their effort and money are well spent.

5. Moving on

After getting your results, proceed to the implementation of appropriate countermeasures mechanisms recommended from the findings.

Conclusion

New security vulnerabilities continually appear. Technological advancements are becoming more diverse and complex. Security vulnerabilities and hacker exploits are uncovered daily. You are always going to uncover new ones!

Security tests should be treated as a snapshot of your system’s security posture. It should detail out your degree of security at that given time. This is because the security landscape can change anytime, and especially after adding a computer system into your network, a software upgrade, or after applying a patch. Make the pen-test a proactive process. Let it be part of your security policy for you to counter costly cyberattacks.

Joseph Ochieng

Joseph Ochieng

Joseph Ochieng’was born and raised in Kisumu, Kenya. He studied civil engineering as first degree and later on pursued bachelors in information technology from the technical university of Kenya. His educational background has given him the broad base from which to approach topics such as cybersecurity, civil and structural engineering. When he is not reading or writing about the various loopholes in cyber defense, the he is probably doing structural design or watching la Casa de Papel . You can connect with Joseph via twitter @engodundo or email him via [email protected] for email about new article releases”