“This chapter is an excerpt from the 4th edition of ‘Hacking For Dummies’ by Kevin Beaver, published by John Wiley & Sons, January 2013, ISBN 978-1118380932. For more info please visit http://www.dummies.com/store/product/Hacking-For-Dummies-4th-Edition.productCd-1118380932.html“
Chapter 1: Introduction to Ethical Hacking
This book is about hacking ethically — the methodology of testing your computers and networks for security vulnerabilities and plugging the holes you find before the bad guys get a chance to exploit them.
Although ethical is an often overused and misunderstood word, Webster’s New World Dictionary defines ethical perfectly for the context of this book and the professional security testing techniques that I cover — that is, “conforming to the standards of conduct of a given profession or group.” IT and information security practitioners are obligated to perform the tests covered in this book aboveboard and only after permission has been obtained by the owner(s) of the systems. That’s why, in this book’s Introduction, you find a disclaimer. Use your power of choice wisely.
Most people have heard of hackers and malicious users. Many have even suffered the consequences of hackers’ criminal actions. So who are these
people? And why do you need to know about them? The next few sections give you the lowdown on these attackers.
In this book, I use the following terminology:
- Hackers (or external attackers) try to compromise computers and sensitive information for ill-gotten gains — usually from the outside — as unauthorized users. Hackers go for almost any system they think they can compromise. Some prefer prestigious, well-protected systems, but hacking into anyone’s system increases an attacker’s status in hacker circles.
- Malicious users (or internal attackers) try to compromise computers and sensitive information from the inside as authorized and “trusted” users. Malicious users go for systems they believe they can compromise for ill-gotten gains or revenge. Malicious attackers are, generally speaking, both hackers and malicious users. For the sake of simplicity, I refer to both as hackers and specify hacker or malicious user only when I need to drill down further into their tools, techniques, and ways of thinking.
- Ethical hackers (or good guys) hack systems to discover vulnerabilities to protect against unauthorized access, abuse, and misuse. Information security “researchers” typically fall into this category.
Hacker has two meanings:
- Traditionally, hackers like to tinker with software or electronic systems. Hackers enjoy exploring and learning how computer systems operate. They love discovering new ways to work — both mechanically and electronically.
- In recent years, hacker has taken on a new meaning — someone who maliciously breaks into systems for personal gain. Technically, these criminals are crackers (criminal hackers). Crackers break into, or crack, systems with malicious intent. The personal gain they seek could be fame, profit, and even revenge. They modify, delete, and steal critical information, often making other people miserable.
The good-guy (white hat) hackers don’t like being lumped in the same category as the bad-guy (black hat) hackers. (In case you’re curious, the white hat and black hat terms come from old Western TV shows in which the good guys wore white cowboy hats and the bad guys wore black cowboy hats.) Gray hat hackers are a little bit of both. Whatever the case, most people have a negative connotation for the word hacker.
Many malicious hackers claim that they don’t cause damage but instead help others for the greater good of society. Yeah, right. Malicious hackers are electronic miscreants and deserve the consequences of their actions. However, be careful not to confuse criminal hackers with security researchers.
Researchers not only hack aboveboard and develop the amazing tools that you get to use in your work, but they also take responsible steps to disclose their findings and publish their code.