But the problem is that computer also has some dark sides as every new technology did in past. This is known as hacking. But the original meaning of hacking is ďto do the computer programming at depth levelĒ the term hacker was used for the people who have very deep knowledge of computer programming, but later this word started using in different meanings. The new meaning of hacker is a person who inter in someone web site or in company server or someone personal computer to stole or destroy the information. There are many kind of hacker who hacking like some people do it just for fun, game or as a challenge and they really donít have any interest to stole or destroy the useful information. Some people did it to stole information or delete the useful information. So the need there is need for computer security so that we can safe and use this technology and donít let it to go down due to this reason. For computer security we started to search some way to get rid of this then the Ethical Hacking with many other methods come in mind to stop hacking. Ethical Hacking is phenomena trough witch we call some to hack our computer or web site or server in order to remove those whole so that after this there should no threat later or at least threat in this concern.
Then question arise who will do Ethical Hacking for us. Did we train some professional for this purpose if not then what should we teach to those ethical hackers. Is it right to teach someone hacking for the purpose to stop hacking, ho! Isnít it interesting? Education in Microchip millennium is really difficult art as well as very interesting too. You have to teach people bad thing for good purposes. No gentleman likes word ďhackerĒ with his or her name, but I donít think anyone dislike word ďethical hackerĒ with his or name. Teaching Ethical Hacking is as important as the computer itself because one day people start hating internet due to hacking and to stop hacker from hacking we should educate people in this regard beside other techniques.
I divide my research paper into three main section first section is all about the teaching Ethical Hacking and try to give the answer of some question e.g. what is ethical hacking, why we do Ethical Hacking, what are the benefits and flaws of teaching Ethical Hacking,what should be taught in this course, and methodologies to teach Ethical Hacking. In second section I try to explain who ethical hacker is, what does he or she do, what are their boundaries and responsibilities? And in the last section I give the conclusion of this research paper.
2.0 Ethical Hacking
Ethical Hacking is same phenomena as hacking but it will do for the safety of you are company web server or website or a software. It is a method or mechanism to stop hacker from hacking by removing the hole from a system or from a website or from a server so that no hacker can inter in a system or in a website or in a server by using those hole. Ethical Hacking is done in the end product development when product is developed and ready to use. To check the security level of the product and if they are some problem then for removing those from the developed product we do Ethical Hacking. So that when final product is inter in market it should have very less question regarding to the security point of view. Ethical Hacking should be a part of every software product development like planning designing etc.
Ethical hacker use same techniques to hack software or website or server as the original hacker do but not for destructive purposes. They try find out the hole in developed product and told to the responsible people of the organization about those holes and also suggest how to remove those holes from the system. As computer machinery grows, the individual, companies, and the big organization want to use it because no big company can survive without offering these services to its customer and vendor. But these Government organizations, companies and even individual remain under threat to be hacked. Big companies use internet for different purpose but they are always remain under threat that some one may break into their web server, implant software that will spread organization top secret data to the open internet and read their emails. Even individual are worried about their data like credit card number etc. they are not assure of internet security.
2.1 Should Ethical Hacking Taught As career Course
Company has so tight security and still they are hacked and they do not know any thing more in this regard to stop hacking. Most of the company hire best security available to safe there domain, but still they were hacked. Some times it happened due to company less knowledge of its system. What can be the best solution of this problem is that we train student and professional to save themselves and other world from hackers. It is the responsibility of true computer professional to secure the company web server, software or a Government organization from hacker. For this purpose we should have a profession which is known as ethical hacker same as software engineer or network engineer. These ethical hackers should be trained in universities. This problem was possible to get a tooth and nail response and it did when I asked some of my fellow who are doing M.Sc software engineering and Networks System about their views on introducing a profession in Ethical Hacking. Some of them are against and arguing that if Universities trained students for Ethical Hacking and if he or she did not get a job then he or she might go against the cause. But most of them are in favor by saying if we trained people like this they will help a lot to get rid of hacker. I am giving the point of view of only two students. I am very thankful to these student and other who give there precious time for my question and give the answer of my question and there important point of view regarding to ethical hacking.
Syed Shahab Hyder, currently student of software engineering in the University of Sunderland. He said Ethical Hacking should not be taught as a career course. Teaching Ethical Hacking will produce more people who can do hacking and if the trained students do not get a desire able job then, they use their skill for negative purpose and this create more problems for computer industries.
Rauf Khan a certified Cisco teacher and currently doing M.Sc Network System from the University of Sunderland responded my question of should Ethical Hacking taught as a course or not, in following thoughts that Ethical Hacking should be taught as a profession. We can prevent hacking by simply using the hacker techniques and it is easier and less costly then from the company useful information or individual information such as credit card number.
I believe that if there are very strict criteria for this type of education or training then the skillful Ethical Hacker will not go astray and definitely helps organization and individual to safe there data from the hackers. This will develop and increase the interest of people on the computer technology.
2.2 Teaching Material for Ethical Hackers
The basic knowledge that an Ethical Hacker should have about different field, is as following:
- Should have basic knowledge of ethical and permissible issues
- Should have primary level knowledge of session hijacking
- Should know about hacking wireless networks
- Should be good in sniffering
- Should know how to handle virus and worms
- Should have the basic knowledge of cryptography
- Should have the basic knowledge of account
- Should know how to perform system hacking
- Should have the knowledge of physical infrastructure hacking
- Should have the primary knowledge of social engineering
- Should know to how to do sacking of web servers
- Should have the basic knowledge of web application weakness
- Should have the knowledge of web based password breaking procedure
- Should have the basic knowledge of SQL injection
- Should know how to hack Linux
- Should have the knowledge of IP hacking
- Should have the knowledge of application hacking
As every one knows that there isnít any boundary of any knowledge exist but still an Ethical Hacker should at least have the knowledge of above mention things. So when some one is going to designing a course for Ethical hacking should keep the above mention thing in mind for a better course design for ethical hackers.
2.3 Teaching Methodology to Teach Ethical Hacking
As I write earlier that Ethical Hacking should be taught as a professional course. So we can use common way of teaching to teach Ethical Hacking. As technologies came into existence new ways of teaching also came into being. As earlier there is no concept of distance teaching or no one knew about teaching through internet but with the invention of internet now many student started getting their lectures through internet. Ethical Hacking is also been taught through internet as well as on campus. Off campus (learning through distance) and on campus both have there advantages and limitations.
Whether we are teaching Ethical Hacking on campus or off campus the purpose goal of teaching is same though they are quite different way of teaching. On campus teaching is more suiteable for regular student and gives a real environment of study. Students have supplementary chances to learn more during on campus study. They also have the opportunity to learn the behavior of other students that help him a lot to gain experience of behavior.
On the other hand off campus student get the almost same teaching without any geographical and time zone constraints. They are part time student and cannot afford to complete there studies as a regular student. What ever the situation is teaching methodologies almost same with a very little difference. Some of the methodologies to teaching Ethical Hacking can be depicted as below,
- Use of Case Study
A fictitious Ethical Hacking topic must be given to the students to discuss. They are divided into groups, and then they should be asked to give their understanding for that situation.
Lecturers of different Universities and professional of different organization should be asked to give their point of view on Ethical Hacking.
- Written Essay
Students should be asked to submit an essay or a report on the different aspects of the Ethical Hacking.
An exam should be conducted on the Ethical Hacking.
- Discussion Groups
Students should be divided into small groups and they should be asked to give there points of view in favor or against the Ethical Hacking.
Student should be asked to take interviews from different organization. A questionnaire should be developed to cover the different aspect of the Ethical Hacking. The results should be considered by using statistical inferences. The report should be given to the teacher of their analysis.
Student must be given the audio and video visuals in them hacking issues should be depicted. Student should be asked to how they can counteract the circumstances.
Students of different Universities should be interacted via internet that what they think about Ethical Hacking issues. It can be done through hippocampus mechanism, where MUD (multi user dimension) and MOO (object oriented multi user) is used.
- Book Reports
Student should be provided with the material from different book regarding to Ethical Hacking for the critical understanding.
- Role Playing
Students must be asked to personify the different act in the CASE study. The students that are viewing them in the class rooms will give them the points on the basis of there anti pacifist act.
There many more methodologies that we can use to teach effectively Ethical Hacking.
3.0 Ethical Hacker
Ethical hacker should be an honest and trusted person because he or she knows the secret of the system most of the time when they do hacking for security purposes and it is in his or her responsibility that not use the information of the system for destructive purpose. An ethical hacker is just like a code tester or like a developer, code tester check the code standards and developer develop the software while Ethical Hacker check the security of software as a hacking point of view and then suggest how to remove those hole from the system. Ethical Hacker should a part of software development team. Ethical Hacker is just an employer or a contracted person to check the security of the system. They have the written permission to check the network but they have some limitation to check network. They should have a written authority letter which clearly describe that they can perform testing as well as their boundaries within that system.
3.1 Main Functions of Ethical Hacker
When an ethical hacker evaluate the security of system seeks the three basic answer
- What he want to get from target system
- Does any one have the knowledge of hackerís attack on target system
- What a hacker do after getting the information from the target system
These three question have there important you cannot say that this question more important than the other. Hacker may spent to hack a system during this he or she may attacks the system several times so if some one have the knowledge of this thing then hacking can be stopped.
Before starting the evaluation of the system he or she may ask some question to client like what he or she want to safe, what the factor against he or she trying to safe, how much money and how much time she or he can expend for this cause. The answer of same question varies from customer to customer and from field to field. But the most of the answer you found from the client may be not sufficient for ethical hacker so it is the responsibility of ethical hacker to properly guide the customer about its security that he or she must do to safe his or her system. Ethical hacker may also need some more information about the company like the employer names and there designation, networks information, data flow information and about the organizations with whom business is run most of the time. Because many time attacker use the alternative path to attack the system.
3.2 Type of Test That an Ethical Hacker Performed
There are many kind of method or function or test that an Ethical Hacker can be performed while testing the security of the system. But the more basic testing functions or tests are as followings:
- Testing of local network
- Testing of remote network
- Social engineering test
- Physical entry test
After doing all these test ethical hacker should produce a final report which describe what he or she found in the system during the evaluation. Where are the holes which can be used for attack and how those holes can be removed from the system? This final report is very sensitive and should be handled with care. A hacker can easily use it for hacking and a competitor can use it for company intelligence. Most of the time ethical was asked this question that if the organization did all the suggested action, is it free from these threats. But unfortunately, the answer cannot be yes because people are working in organization and they make mistakes and organization had to pay for their mistake in the form of hacking. Ethical hacking is another tool for security, and if you have the security it does not mean now youíre secure. It is not a magic potion. So what should these firms do then? I think Time to time auditing, alert interference recognition, good system administration performance and computer security knowledge are all very important part of a firmís or companyís security system. A single failure in any of the above mention thing may lead to a serious harm. Every new technology always has its benefit along with some disadvantages. But these disadvantages always overcome with the passage of time. Every organization should be alert all the time for these types of attack and have the second line of defense to handle them.
To test the security and the other functionalities of product is not new. But in the early stages of Internet no one know about Ethical Hacking even about hacking, but with the passage of time people are more concern about the security of their data, especially due to hackers. Ethical Hacking is just a security system or tool for security to safe your data it is not an ultimate solution of problem. You can not sit relax against the hacker after using this tool. To teach more people about hacking you produce more people who are eligible to stop hacker from hacking and they will give more ideas and solution to stop hacking. Time to time assessment, prepared interference recognition, good system administration performance and computer safety knowledge are all very vital part of a firmís or companyís security system. Failure in any of above may cast to the company or to the organization in the form of tangible or intangible loss. Its may include revenue, top secret or any thing that is very special for particular organization. Ethical hacker can only help the user to the better understanding of their security system, but its up to the organization that he palace its guards in right palace.