Hacking, which has been a part of computing for over 50 years, is a very broad discipline, which covers a wide range of topics. The first reported hacking was in 1960 at MIT and the term ‘Hacker’ was used.
For non-geeks, here is a short introduction. Computer software consists of computer programs, which give instructions on how the hardware should perform certain tasks. These softwares are often prepared by programmers, who have full access to the entire programs. The programs are then sold to users with strict rules or protocols by which they are accessible only to certain authorized persons (usually with passwords) for reasons of security. Theoretically, nobody except these authorized persons have access to use these.
How can others obtain unauthorized access?
1. The original programmers, who have prepared the source code, and have invariably provided their own entry points trap-doors and passwords.
2. Earlier users who are no longer authorized users, but whose passwords have not been deleted.
3. Other unscrupulous persons who wish to access the system for ulterior motives.
4. Since there is so much activity and business run by computers, and most computers are connected by the Internet, they are open to be accessed by various persons via the internet.
5. Computers are also prone to attack by malicious software (mal-ware) and virus attacks, which leaves them open to attack by hackers and mal-ware. These ‘virus infections’ and ‘worms’ are introduced by persons who wish to hack into the system and steal information or make entire systems crash or destroy the entire data stored.
Just as virus attacks in computers are prevented by anti-virus software like MacAfee, etc. companies protect themselves from hacking by employing ethical hackers. EC Council defines an ethical hacker as ‘an individual who is usually employed with an organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a malicious hacker.’
It refers to the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious users.
It is also known as penetration testing, intrusion testing, or red teaming. It requires them look at client network as potential malicious attackers, then devise the right safeguards to protect clients from attacks. |
So why are ethical hackers needed?
1. They are needed to identify and seal all possible points of access by hackers, which could be individuals or sophisticated software, including ‘worms’.
2. In simple language, an ethical hacker thinks and works like an unethical hacker to find and exploit vulnerabilities and weaknesses in various systems, and how they can be breached.
3. Then he devises methods to protect the vulnerable points by erecting firewalls, stronger passwords, frequently changing passwords, using iris scans or fingerprints in addition to passwords, encryption, and so on.
4 They also need to prevent ingress (entry) by the original programmers who created the software and by persons who are no longer authorized to log into the system.
5. They may also suggest VPN (Virtual Private Network), a secure tunnel between a computer and destinations visited on the internet. It uses a VPN server, which can be located anywhere in the world, and provides privacy. VPN will do the work to prevent someone snooping your browsing history, or spying on you. VPN will make you browsing from the server geo-location not your computer’s location so we will remain anonymous.
With most personal data being available today over the Internet for a price, Data Privacy is a serious concern; hackers can easily buy your personal data and steal your data using your passwords for other sites (since most people have the same weak passwords for different applications and rarely change passwords). They will educate users on how to choose difficult passwords, where to record or not record the passwords, and how frequently you need to change passwords.