Ethical Hacking of Systems
In the current world, the trend taken by technology is very much impacting to the extent that at times it becomes detrimental to both the operators and dependants. In fact, if care is not taken, then at this pace security with regards to information may not be guaranteed. Due to the rise in the level of fraud in the computers, it is of essence that stakeholders come up with counter measures. This is the reason there need to exist a system hacker that is allowed and is operational under the law. This kind of hacking is limited to that done with or to an organization so that potential threats might be eliminated. With such new trends, the subject of hacking, though important, is becoming very broad and complex, warranting further and sharing of results.
Ethical hackers normally attempt to use their skills to bypass security of the systems so that the weak points of the system can be identified. Later, the identified weak points are then used so that improvement of the organizational system can be enhanced. In cases where hacking is allowed, this is normally the trend and motive of a system hacker, in which case it is done as a duty. According to findings presented in Web Hacking, ethical hacking constitutes the following:
- The privacy of the company must be respected by the hackers in the process of them carrying out their duty.
- Identify the security threats once permission has been granted by the relevant authority.
- Work must be closed so that no one can access the information including the hacker himself.
- The vulnerabilities found in the software must be communicated to the manufacturer for improvement.
In the recent past, the term ethical hacking has been criticized all over as it is assumed that such term like ethical should not exist since the whole duty, whether ethical or not, is null. In fact, certain studies like that by Shema reports that the process remains the same and thus no need to term it ethical. On the contrary, the work that has been done by the ethical hackers to companies and organizations are great and hence needs to be commended. Therefore, it has proved that it is right to have such hackers who are certified and thus takes responsibility in case of any mistake made by them.
The methods used or, rather, the techniques which are used in the bypass of a system are the same. Upon identification of vulnerability, then actionable advice may be given on how to fit the problem hence improving the organization at large. In the process of hacking, there is need for a plan to be formulated. To me, I would propose the following process: The firstly step will be the identification of the kind of system to be hacked. The priority is given to the most critical within the organization to the most vulnerable. It calls on the ethical hackers to conduct a thorough study of the organization being aimed and planning a cause of action. Such kind of data can be obtained from the organization itself. In some case, social engineering attacks can be done before the whole system is drilled down.
Next, there is need to evaluate the likelihood of any form of risk that would result by hacking the system of the organization. In this process, I would check on how to handle the social engineering or DOS attacks carefully so that what is performed is perfect and their impacts to the organization can be evaluated at the same time
Moreover, I will have to ensure that there will be a determination of the time frame over which the whole process will be done. In fact, time is of essence and for successful outcome; there must be need for time to be evaluated well. When well calculated, it will help me remain out of the background and never to be identified. I would also commit myself to doing the operation within the shortest time possible so that it might not be identified before the whole process is complete. The approach, which is the set for this case, is unlimited attack and it is this that enables security tests to be done and a plan of action to be taken.
In addition, it is good to note that the hackers need only basic information of the system. It is this information that helps the attackers in understanding how the system is protected and the tests to be done to the system. Afterwards, the action will be taken depending on the vulnerability of the system as identified. There is no retreat once the process is on since it has to be carried out to the end. What follows is the reporting to the rightful authorities; report on the action and the possible measures to be implemented.
Hurdles in Hacking
The buffers overflow and execute the remote codes and eventually hack a system through the command shell that is given out. This shell is called the meterpreter prompt and it is what is keyed into the CPU then it executes the process required. It works than the normal code which is always malicious in nature. The DEP, in this case, is designed to execute codes in a specific part of the memory and in the executable area. It is such data information that gives strict protection against any operation. It makes it difficult to identify the part of storage of the code.
The SQL injection is an example of this. Here, commands of the SQL are entered and such kinds of commands are then sent to the CPU of a system. This is complicated and to overcome required vast skill in the information and the various storage locations in the system, the initial study of the organization is what might help. Such understanding of the organization may require that confidential information be derived from the organization’s employees or any other party in there. This, however, should be skillfully done so that any suspicion might not be noticed.
Despite the fact that this strategy is ingenious, and in most cases makes the hacking work tedious, it does not make the whole process impossible. The solution is finding a buffer which is not executing in the executable area of the computer memory. This address obtained can then be used to access the remote code to be used. In fact, DEP and ASLR are the attempts that keeps off hackers, whether ethical or not, from the remote systems. No system can be protected by these two to the extent that it cannot be hacked whatsoever, what is required is just time and the skills for this.
In conclusion, hacking can be done to any system and there is not even one that can be impossible. DEP and ASLR just make the process tiresome in a way but in the end of everything, it will be done. In the process of meeting such barriers, determination would be my drive so that success comes my way to prevent such kind of fraud from happening. It is, therefore, important that all these be identified early enough before the operations proceeds much that hacking such systems might be easier and successful without much struggle.