Hacking
When someone heard a word “Hacking “ or “ Hacker ” they automatically thinks that hacker is a guy or hacking is a technique used to harm peoples by stealing there information like bank information phone addresses etc.
This is totally a wrong opinion that people had set on their minds. Hacking is one of the most important and demanding field in IT. As everyone knows that there are both types of good and bad people in every society, fields and communities. Same like others fields this field also contain bad and good persons. Good persons are called “Ethical hackers “or “White Hat Hackers “. Bad persons are called “Black Hat Hackers “.
It depends on individual that whiter he will become a white hat or a black hat hacker. But now a days everyone must have a little bit knowledge about hacking techniques and tools so he/she might can defend itself against hackers.
In past in emerging days of computer and IT. People are unaware by such hacking attacks and due to blackness of knowledge they cannot defend themselves. Following high losses are recorded in different fields caused by hackers:
· Supply chain management $11,000
· E-commerce $10,000
· Customer service $3,700
· ATM/POS/EFT $3,500
· Financial management $1,500
· Human capital management $1,000
· Messaging $1,000
· Infrastructure $700
Dual Nature of Hacking Tools:
The tools used by both type of hackers are same but they use for their own purposes. A lot of people do not understand and put them all in bad category. The ethical hackers go through the same processes and procedures as unethical hackers, so it only makes sense that they use the same basic toolset. It would not be useful to prove that attackers could get through the security barriers with Tool A if attackers do not use Tool A. The ethical hacker has to know what the bad guys are using, know the new exploits that are out in the underground, and continually keep her skills and knowledgebase up to date. This is because the odds are against the company and against the security professional. The reason is that the security professional has to identify and address all of the vulnerabilities in an environment. The attacker only has to be really good at one or two exploits, or really lucky. A comparison can be made to the U.S. Homeland Security responsibilities.
How Are These Tools Used for Good Instead of Evil?
These tools depend on user whether the user use it for good or evil .Here is the example of the right usage of hacking tools as used to examine the security of the organization:
The same security staff need to make sure that their firewall and router configurations will actually provide the protection level that the company requires. They could read the manuals, make the configuration changes, implement ACLs (access control lists), and then go and get some coffee. Or they could implement the configurations and then run tests against these settings to see if they are allowing malicious traffic into what they thought had controlled access. These tests often require the use of hacking tools. The tools carry out different types of attacks, which allow the team to see how the perimeter devices will react in certain circumstances. Nothing should be trusted until it is tested. In an amazing number of cases, a company seemingly does everything correctly when it comes to their infrastructure security. They implement policies and procedures, roll out firewalls, IDSs, and antivirus software, have all of their employees attend security awareness training, and continually patch their systems. It is unfortunate that these companies put forth all the right effort and funds only to end up on CNN as the latest victim who had all of their customers’ credit card numbers stolen and posted on the Internet. This can happen because they did not carry out the necessary vulnerability and penetration tests. Every company should decide whether their internal employees will learn and maintain their skills in vulnerability and penetration testing, or if an outside consulting service will be used, and then ensure that testing is carried out in a continual scheduled manner.
