Group 23 Task 2: Hacking

Group 23
NAVEEN VANAM
BHANU ANANTHUNI
PHANI ANNAM

Ethical Hacking:
'HACKER': A person who enjoys learning the details of computer systems and how to stretch their capabilities--as opposed to most users of computers, who prefer to learn only the minimum amount necessary.”
Taken From: Ethical Hacking, Palmer, C.C., IBM Systems Journal 2001, ISSN: 00188670 on 10-08-09.

What is ethical hacking:
Hackers want to be able to take advantage of the Internet for electronic commerce, advertising, information distribution and access, and other pursuits, but they are worried about the possibility of being "hacked".
Taken From: Ethical Hacking, Palmer, C.C., IBM Systems Journal 2001, ISSN: 00188670 on 10-08-09.

Who are ethical hackers?
Ethical hackers typically have very strong programming and computer networking skills and have been in the computer and networking business for several years. They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., UNIX (**) or Windows NT (**)) used on target systems. These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors.
Taken From: Ethical Hacking, Palmer, C.C., IBM Systems Journal 2001, ISSN: 00188670 on 10-08-09.

What do ethical Hackers do?
An ethical hacker's evaluation of a system's security seeks answers to three basic questions:
• What can an intruder see on the target systems?
• What can an intruder do with that information?
• Does anyone at the target notice the intruder's attempts or successes?
The discussion begins with the client's answers to questions similar to those posed by Garfinkel and Spafford:
1. What are you trying to protect?
2. What are you trying to protect against?
3. How much time, effort, and money are you willing to expend to obtain adequate protection?
Taken From: Ethical Hacking, Palmer, C.C., IBM Systems Journal 2001, ISSN: 00188670 on 10-08-09.

THE ETHICAL HACK ITSELF:
Once the contractual agreement is in place, the testing may begin as defined in the agreement. It should be noted that the testing itself poses some risk to the client, since a criminal hacker monitoring the transmissions of the ethical hackers could learn the same information. The best approach to this dilemma is to maintain several addresses around the Internet from which the ethical hacker's transmissions will emanate, and to switch origin addresses often. Complete logs of the tests performed by the ethical hackers are always maintained, both for the final report and in the event that something unusual occurs. For example, an employee might want to try out some of the techniques for himself or herself. He or she might choose to test the company's systems, possibly annoying system administrators or even inadvertently hiding a real attack. The employee might also choose to test the systems of another organization, which is a felony in the United States when done without permission.
Taken From: Ethical Hacking, Palmer, C.C., IBM Systems Journal 2001, ISSN: 00188670 on 10-08-09.

Conclusion:
With the growth of the Internet, computer security has become a major concern for businesses and governments. As Roger Schell observed nearly 30 years ago, from a practical standpoint the security problem will remain as long as manufacturers remain committed to current system architectures, produced without a firm requirement for security. As long as there is support for ad hoc fixes and security packages for these inadequate designs and as long as the illusory results of penetration teams are accepted as demonstrations of a computer system security, proper security will not be a reality.