Who’s an Ethical Hacker?

An ethical hacker (also known as a white hat hacker) is the ultimate security professional. Ethical hackers know how to find and exploit vulnerabilities and weaknesses in various systems—just like a malicious hacker (or a black hat hacker). In fact, they both use the same skills; however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to break in.

An ethical hacker’s role is similar to that of a penetration tester, but it involves broader duties. They break into systems legally and ethically. This is the primary difference between ethical hackers and real hackers—the legality.

According to the EC-Council, the ethical hacking definition is “an individual who is usually employed with an organisation and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a malicious hacker.”

The role of an ethical hacker is important since the bad guys will always be there, trying to find cracks, backdoors, and other secret ways to access data they shouldn’t. In fact, there’s even a professional certification for ethical hackers: the Certified Ethical Hacker (CEH).

What is Ethical Hacking?

Apart from testing duties, ethical hackers are associated with other responsibilities. The main idea is to replicate a malicious hacker at work and instead of exploiting the vulnerabilities for malicious purposes, seek countermeasures to shore up the system’s defences. An ethical hacker might employ all or some of these strategies to penetrate a system:

• Scanning ports and seeking vulnerabilities: An ethical hacker uses port scanning tools like Nmap or Nessus to scan one’s own systems and find open ports. The vulnerabilities with each of the ports can be studied and remedial measures can be taken.
• An ethical hacker will examine patch installations and make sure that they cannot be exploited.
• The ethical hacker may engage in social engineering concepts like dumpster diving—rummaging through trash bins for passwords, charts, sticky notes, or anything with crucial information that can be used to generate an attack. 
• An ethical hacker may also employ other social engineering techniques like shoulder surfing to gain access to crucial information or play the kindness card to trick employees to part with their passwords.
• An ethical hacker will attempt to evade IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems), honeypots, and firewalls.
• Sniffing networks, bypassing and cracking wireless encryption, and hijacking web servers and web applications.
• Ethical hackers may also handle issues related to laptop theft and employee fraud.
Detecting how well the organisation reacts to these and other tactics help test the strength of the security policy and security infrastructure. An ethical hacker attempts the same types of attacks as a malicious hacker would try—and then help organisations strengthen their defences.