Ethical Hacking rides a fine line on the internet. This is my problem with the whole "ethical hacking" description: At any point, a regular hacker could turn face and just say he's doing it to probe for exploits and security holes, and it would be very hard to know if he were telling the truth or not. An ethical hacker is only ethical up to the point where he makes the decision to do something malicious or not.
Companies hire security experts to audit and probe their systems, and they aren't called "Ethical Hackers". They're called Information Security Consultants.
The people who learn how to hack so they can test and probe their own systems aren't ethical hackers either, they're reverse-engineers. They study and disassemble systems for the sole purpose of understanding how it works, so they can implement things which will make the process more efficient or secure.
So is there any place for this term "Ethical Hacker"? There seems to be, in fact there's an official certification out there for anyone who wants to be recognized as one: EC-Council - Certified Ethical Hacker
I feel like maybe there wasn't enough interest in the previously mentioned job titles, so to appeal to the masses, they decided to throw in the word "Hacker" to attract more interest in the same field of study. I still feel like companies would shy away from the applicant with a Hacking certification, versus the one with an IT Security / Network Infrastructure certification, even though they may hold the same education and foundation regarding exploits within any given environment.
Anyway I chose this book over the Certified Ethical Hacking book because it seems to be more broad, and offer more updated concepts and scenarios that can be applied to any operating system. There is still alot to learn, even though most of the concepts and methods in this book have been used for decades:
I have been out of the loop for a long time. I got out of the scene because of some fears of being caught or targeted myself, but ever since this whole "Ethical Hacking" concept has appeared, I have felt the need to revisit security issues. It makes me feel like anyone can throw the word "Ethical" in front of something that could be considered illegal or controversial, and it would make it alright.
This makes me feel like hackers who may have been hiding in the shadows are now able to be a little less careful, and even outright public about what they're doing.
My goal here is to explain to you that just because the book says it's Ethical, doesn't mean it is. These tips, tricks, and "procedures" are the same ones people have been using for years. There is no difference between the methods presented in this book, and the methods people have been using to bring down banks, steal credit cards, steal passwords, and the same methods which brought on identity theft and other hot topics in the IT world.
As I said earlier, even if you use these methods ethically, there are already terms, and job titles which exist, which define these methods (IT Security Analyst, IT Security Consultant, Hacker, Cracker, etc.) Ethical Hacking does not have a place in the online world, it is just something to hide behind in case you get caught.
I will post another update after I go through the book, and let you know if it addresses any specific ways that an Ethical Hacker might be different than an IT Security Consultant.
In the meantime, you don't have to know how to hack to secure your own system. Get a good, popular firewall (software & physical hardware). Get a good virus scanner. Use MalwareBytes. Change your passwords frequently (Obviously people have many passwords, in this case you may need a password manager.)
Don't forget, none of these security measures will matter if your system is compromised, if someone gains access to your password manager or is able to install a keylogger even in a window of 3 minutes, your whole system and all passwords are compromised.
You also need to ensure that all of these programs are updated regularly, with the newest virus definitions. If you are running a Windows operating system, use Security Essentials and update it as frequently as possible.
No comments:
Post a Comment