随着数字世界的不断发展和快速进步,网络犯罪也在不断发展。犯罪分子,尤其是网络犯罪分子不再需要离开他们的舒适区来犯罪。他们只需点击几下鼠标和强大的互联网(Internet)连接即可达到预期的效果。为了对抗这种丑陋的趋势,需要道德黑客(Hackers)和对道德黑客的理解(Ethical Hacking)。
黑客(Hacking)是一门非常广泛的学科,涵盖了广泛的主题,例如,
阅读(Read):什么是黑帽、灰帽或白帽黑客?
道德黑客(Ethical Hacking)是什么意思
道德黑客也称为渗透测试(Penetration Testing)是在用户同意的情况下入侵/渗透系统或网络的行为。目的是通过以攻击者可以利用的方式利用漏洞来评估组织的安全性。从而记录攻击过程以防止将来发生此类情况。渗透(Penetration)测试可以进一步分为三种类型。
1]黑匣子(1] Black box)
没有向渗透测试人员提供有关网络或网络基础设施的任何详细信息。
2]灰盒(2] Grey box)
渗透测试人员对要测试的系统的详细信息有限。
3]白盒(3] White Box)
渗透测试员也被称为道德黑客。他知道要测试的基础设施的完整细节。
在大多数情况下,道德黑客使用与恶意黑客相同的方法和工具,但需要获得授权人的许可。整个演习的最终目标是提高安全性并保护系统免受恶意用户的攻击。
在演习过程中,有道德的黑客可能会尝试收集尽可能多的有关目标系统的信息,以找到渗透系统的方法。这种方法也称为足迹(Footprinting)。
有两种类型的足迹(Footprinting)-
- 主动(Active)–直接(Directly)与目标建立连接以收集信息。例如。使用Nmap工具扫描目标
- 被动(Passive)——在不建立直接连接的情况下收集(Collecting)有关目标的信息。它涉及从社交媒体、公共网站等收集信息。
道德黑客的不同阶段
道德黑客(Hacking)的不同阶段包括 -
1]侦察(1] Reconnaissance)
黑客攻击(Hacking)的第一步。这就像Footprinting,即信息收集阶段(Phase)。在这里,通常收集与三个组有关的信息。
- 网络
- 主持人
- 涉及的人。
道德黑客还依靠社会工程技术来影响最终用户并获取有关组织计算环境的信息。但是,他们不应诉诸邪恶做法,例如对员工进行人身威胁或其他类型的勒索访问或信息的尝试。
2]扫描(2] Scanning)
这个阶段包括——
- 端口扫描(Port scanning):扫描目标以获取开放端口、实时(Live)系统、主机上运行的各种服务等信息。
- 漏洞扫描(Vulnerability Scanning):主要通过自动化工具来检查可被利用的弱点或漏洞。
- 网络映射:(Network Mapping:)开发一张地图,作为黑客攻击的可靠指南。这包括查找网络拓扑、主机信息和使用可用信息绘制网络图。
- 获得访问权限:(Gaining Access:)此阶段是攻击者设法进入系统的阶段。下一步涉及将他的权限提升到管理员级别,以便他可以安装修改数据或隐藏数据所需的应用程序。
- 保持访问:(Maintaining Access:)继续访问目标,直到计划的任务完成。
道德黑客在网络安全中的作用很重要,因为坏人总是在那里,试图找到破解、后门和其他秘密方式来访问他们不应该访问的数据。
为了鼓励道德黑客的实践,道德黑客(Ethical Hacking)有一个很好的专业认证——认证道德黑客(CEH)(The Certified Ethical Hacker (CEH))。该认证涵盖了 270 多种攻击技术。它是来自领先认证机构之一的EC-Council的供应商中立认证。(EC-Council)
阅读下一篇(Read next):让黑客远离您的 Windows 计算机的提示(Tips to keep Hackers out of your Windows computer)。
What is the meaning of Ethical Hacking in cybersecurity
As the digital world continues to advance and make rapid progress, cybercrimes do as well. Criminals, particularly cybercriminals no longer need to leave their cоmfort zone to commit crimes. They achieve the desired results with just a few clicks of their mouse and a robust Internet connection. To combat this ugly trend, there’s a nеed fоr Ethiсal Hackers and an underѕtanding of Ethical Hacking.
Hacking is a very broad discipline and covers a wide range of topics like,
- Website Hacking
- Email Hacking
- Computer Hacking
- Ethical Hacking
- Etc.
Read: What is Black Hat, Grey Hat or White Hat Hacker?
What is the meaning of Ethical Hacking
Ethical Hacking also known as Penetration Testing is an act of intruding/penetrating system or networks with the user’s consent. The purpose is to evaluate the security of an organization by exploiting the vulnerabilities in a way the attackers could exploit them. Thereby documenting the procedure of attack to prevent such instances in the future. Penetration testing can further be classified into three types.
1] Black box
The penetration tester is not offered any details pertaining to the network, or infrastructure of the network.
2] Grey box
The penetration tester has limited details about the systems to be tested.
3] White Box
The penetration tester is also called as Ethical hacker. He is aware of the complete details of the infrastructure to be tested.
Ethical hackers in most cases, use the same methods and tools used by the malicious hackers but with the permission of the authorized person. The ultimate objective of the whole exercise is to improve the security and defend the systems from attacks by malicious users.
During the exercise, an ethical hacker may attempt to collect as much information as possible about the target system to find ways to penetrate the system. This method is also known as Footprinting.
There are two types of Footprinting–
- Active – Directly establishing a connection with the target to gather information. Eg. Using Nmap tool to scan the target
- Passive – Collecting information about the target without establishing a direct connection. It involves gathering information from social media, public websites, etc.
Different Phases of Ethical Hacking
The different stages of Ethical Hacking include-
1] Reconnaissance
The very first step of Hacking. It is like Footprinting, i.e., information gathering Phase. Here, usually, information related to three groups is collected.
- Network
- Host
- People involved.
Ethical hackers also rely on social engineering techniques to influence end users and obtain information about an organization’s computing environment. However, they should not resort to evil practices such as making physical threats to employees or other types of attempts to extort access or information.
2] Scanning
This phase involves-
- Port scanning: scanning the target for the information like open ports, Live systems, various services running on the host.
- Vulnerability Scanning: It is carried out mainly via automated tools to check for weaknesses or vulnerabilities which can be exploited.
- Network Mapping: Developing a map that serves as a reliable guide for hacking. This includes finding the topology of network, host information and drawing a network diagram with the available information.
- Gaining Access: This phase is where an attacker manages to get an entry into a system. The next step involves raising his privilege to administrator level so he can install an application he needs to modify data or hide data.
- Maintaining Access: Continuing to have access to the target until the task planned is finished.
The role of an Ethical Hacker in cybersecurity is important since the bad guys will always be there, trying to find cracks, backdoors, and other secret ways to access data they shouldn’t.
To encourage the practice of Ethical Hacking, there’s a good professional certification for ethical hackers – The Certified Ethical Hacker (CEH). This certification covers more than 270 attacks technologies. It is a vendor-neutral certification from the EC-Council, one of the leading certification bodies.
Read next: Tips to keep Hackers out of your Windows computer.