Free Essay

Hacking Countermeasures & Tech., Lot2-Task1

In: Computers and Technology

Submitted By papichulo
Words 1397
Pages 6
21 Nov 2011

Defense Against Denial of Service (DoS) Attacks
A. University Network Diagram illustrates nature of DDoS attack in Red

Hacking

POWER 10 11

Cisco 2517

RS232
NMS IN BAND RESET

Speed

1

3

5

7

9

11

Link/Act

Speed

13

15

17

19

21

23

Link/Act

Speed

25

27

29

31

33

35

Link/Act

Speed

37

39

41

43

45

47

In Use Link/Act

Link/Act

In Use

Link/Act

Console 47

45

Pwr

Status

Up

RPSU Base

Down

Speed

2

4

6

8

10

12

Link/Act

Speed

14

16

18

20

22

24

Link/Act

Speed

26

28

30

32

34

36

Link/Act

Speed

38

40

42

44

46

48

Link/Act

46

48

BayStack 5 520-48T-PW R

Speed

1

3

5

7

9

11

Link/Act

Speed

13

15

17

19

21

23

Link/Act

Speed

25

27

29

31

33

35

Link/Act

Speed

37

39

41

43

45

47

In Use Link/Act

Link/Act

In Use

Link/Act

Console

45

47

Pwr

Status

Up

RPSU Base

Down

Speed

2

4

6

8

10

12

Link/Act

Speed

14

16

18

20

22

24

Link/Act

Speed

26

28

30

32

34

36

Link/Act

Speed

38

40

42

44

46

48

Link/Act

46

48

BayStack 5 520-48T-PW R

12

1

2

3

4

5

6

7

8

9

Speed

1

3

5

7

9

11

Link/Act

Speed

13

15

17

19

21

23

Link/Act

Speed

25

27

29

31

33

35

Link/Act

Speed

37

39

41

43

45

47

In Use Link/Act

Link/Act

In Use

Link/Act

Console 47
Speed

45

1

3

5

7

9

11

Link/Act

Speed

13

15

17

19

21

23

Link/Act

Speed

25

27

29

31

33

35

Link/Act

Speed

37

39

41

43

45

47

In Use Link/Act

Link/Act

In Use

Link/Act

Console 47

45

Pwr Pwr Status Up

Status

Up

RPSU Base RPSU Base Down

Down

Speed

2

4

6

8

10

12

Link/Act

Speed

14

16

18

20

22

24

Link/Act

Speed

26

28

30

32

34

36

Link/Act

Speed

38

40

42

44

46

48

Link/Act

46

48

Speed

BayStack 5 520-48T-PW R

2

4

6

8

10

12

Link/Act

Speed

14

16

18

20

22

24

Link/Act

Speed

26

28

30

32

34

36

Link/Act

Speed

38

40

42

44

46

48

Link/Act

46

48

BayStack 5 520-48T-PW R

P a g e | 1 By Thomas A. Groshong Sr LOT2_Task1.docx

21 Nov 2011

Defense Against Denial of Service (DoS) Attacks
B. Executive Summary: Measures to counter University Distributed Denial of Service (DDoS) attack.
A DDoS attack against the Universities Registration System Server (RSS) by infected computers (Bots) located in the University Computer Labs (see diagram) resulted in shutting down access to the RSS system. Orchestrated and controlled by a central controller these Bots established web connections (HTTP protocol) to the RSS using up all available bandwidth. Doing so prevented other users from accessing the Web site/server for legitimate traffic during the attack. This is considered a Consumption of Resources attack using up all the resources of RSS bandwidth. This summary will address measure to counter this type of DoS attack. (Specht, S. M., & Lee, R. B. (2004)) Measures to counter a DoS attack can be broken down into two types; In-Depth Defense and Countermeasures. Devices such as Routers and Proxy Firewalls are designed to protect against attacks from outside not inside the protective boundaries of the University’s network. The use of up-to-date antivirus software on all network computers, an Intrusion Detection and Prevention System (IDPS) to monitor network traffic, and a host-based IDPS (local computer firewall) are recommended. Training of computer users and Information Technology (IT) personnel that manage computer services on the University network is critical to counter such attacks. Disaster Recovery procedures and/or Checklists need to be created and followed by IT staff during the attack phase. Using the concept of In-Depth Defense includes the following; Principle of Least Privilege, Bandwidth Limitation, and Effective Patch Management (EPM). To reduce risk of attack the use of Microsoft’s Active Directory (AD) Rights Management (RM) to assign users the least amount of privileges necessary to operate on the network. This would prevent rogue (Virus or Trojan) software installations that could lead to Bot compromises and DDoS attacks. Limiting the bandwidth or setting bandwidth caps could help to reduce the effects of DDoS attacks by reducing the amount of data any single computer can use. Much like how Internet Service Providers (ISPs) limit the amount of traffic by any one customer to access the Internet. The use of automated patch management, Microsoft’s System Center Configuration Manager (SCCM) to keep computers properly updated and patched is essential. EPM reduces the risk of attacks by reducing the vulnerabilities due to know weaknesses in applications and Operating Systems (OSs). A centrally managed Host Based IDPS or Host Based Security System
P a g e | 2 By Thomas A. Groshong Sr LOT2_Task1.docx

Hacking

21 Nov 2011

Defense Against Denial of Service (DoS) Attacks
(HBSS) to audit and report on computer systems helps defend against known attacks. HBSS allows the management of local computer firewall configurations to identify and possibly shut down infected computers during an attack. The use of AD, SCCM, and HBSS combine to reduce the likelihood of an attack and provide valuable information during the attack and post-attack phases. Countermeasures to internal network DDoS attacks consist of detection, neutralization, prevention of additional attacks, deflection, and post-attack forensics. In the current network design an IDPS can alert network administrators of potential problem detection and block signature based (known) attacks to help in the mitigation process. Use of HBSS and Network IDPS allows administrators to shut down services during an attack to neutralize attacks. The capture of Traffic Patterns stored during DDoS attacks can be used for forensic analyzes post-attack. Load Balancing increases incoming traffic levels during peak hours of operations and during DDoS attacks. Proper configuration of load balancing of network devices, services, and servers will reduce effects of a DDoS attack. (Householder, A., Manion, A., Pesante, L., Weaver, G., & Thomas, R. (2001)) Documentation of these processes provides effective lessons learned and should be the basis of future response procedures. Identifying Bot computers as quickly as possible and removing them from the network is an effective response to DDoS attacks. Once removed from the network the Bot application can be removed from the computer. If removal is not possible or effective a baseline installation of the Operating System is required. With the use of InDepth Defense and Countermeasures DDoS damage can be significantly reduced. Defensive steps include; user account best practices, effective application patching process, current virus definitions usage, properly configured host-based firewall rules, active network scans for anomalies by IDPS are effective tools against DDoS. Identifying, shutting down, and preventing additional outbreaks of infected computers best practices must be documented. Education of Users and IT staff helps to reduce the root causes of DDoS attacks by reducing Bots infections. Tools such as AD, SCCM, and IDS used properly can help detect and formulate an effect defense against these attacks. In-Depth Defense and Countermeasures used together to formulate an effect process when dealing with DDoS attacks.

Hacking

P a g e | 3 By Thomas A. Groshong Sr LOT2_Task1.docx

21 Nov 2011

Defense Against Denial of Service (DoS) Attacks
C. References
DEFEATING DDOS ATTACKS. (2004). Retrieved from Cisco Systems website: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5879/ps6264/ps5888/prod_white _paper0900aecd8011e927.pdf

Hacking

Householder, A., Manion, A., Pesante, L., Weaver, G., & Thomas, R. (2001). Managing the Threat of Denial-of-Service Attacks. CERT Coordination Center, 543. Retrieved from http://www.cert.org/archive/pdf/Managing_DoS.pdf
Specht, S. M., & Lee, R. B. (2004). Distributed Denial of Service: Taxonomies of Attacks, Tools and Countermeasures. In Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems. 2004 International Workshop on Security in Parallel and Distributed Systems, (p. 543-550). Retrieved from http://palms.ee.princeton.edu/PALMSopen/DDoS Final PDCS Paper.pdf

P a g e | 4 By Thomas A. Groshong Sr LOT2_Task1.docx…...

Similar Documents

Premium Essay

Lot2 Task2

...Hacking Countermeasures & Techniques Distributed Denial of Service (DDoS) Best Practices Guide to Counter DDoS attacks: This Guide will cover Best Practices to counter DDoS attacks like the attack on the Universities Registration System Server (RSS) by infected computers (Bots). The attack by rogue software installed on computers located in University Computer Labs resulted in the shutting down web access to the RSS system. Coordinated by a central controller these Bots established web connections (HTTP protocol) to the RSS using up all available bandwidth. This prevented students from accessing the Web site/server for legitimate traffic during the attack. (Schifreen, R. (2006)) This is considered a Consumption of Resources attack using up all the resources of RSS bandwidth. (Specht, S. M., & Lee, R. B. (2004)) These best practices would help prevent and/or reduce the effects of such attacks. Industry best practices to counter DDoS attacks start with documentation that addresses procedures to be followed before, during, and after an attack. (Schifreen, R. (2006)) The establishment of a Security Incident Response Team (SIPT) trained to react to incidents reduces damage and duration of outages. Best practices include; training, network configuration, patch management, access control lists, encryption, intrusion detection, intrusion prevention, and traffic shaping. (Cunningham, B, Dykstra, T, Fuller, E, Gatford, C, Gold, A, Hoagberg, M, Hubbard, A, Little, C, Manzuik, S,...

Words: 1240 - Pages: 5

Premium Essay

Ethical Hacking

...Ethical Hacking – Is There Such A Thing? Alexander Nevermind Nelson Stewart, PhD CIS 324 December 9, 2011 ABSTRACT ------------------------------------------------- When someone hears the word hacker, many things come to mind. Bad, thief, terrorist, crook and unethical are some words that may be used to describe a hacker. The reputation of a hacker is well deserved as many company networks have been compromised with viruses and spyware causing untold millions in damage, the theft of sensitive consumer information such as Social Security numbers and financial data and the unauthorized access of classified government information. To combat these issues, many companies employ individuals called ethical hackers who, by their direction and supervision look for vulnerabilities in network systems. There are naysayers who bristle at the term “ethical hacker” saying that a hacker is a hacker but those who hold such views could be missing the point. These subjects will be discussed in detail later in the text. ------------------------------------------------- Is there such a thing as “Ethical Hacking?” Define ethical hacking and support an argument in favor or against the concept. Consider who might believe/use ethical hacking and discuss if hacking, even for the purpose of protecting human rights, is ethical. You should extend the paper beyond the topics suggested in the questions within the paper description. Ethical hacking does exist, in fact, companies...

Words: 904 - Pages: 4

Premium Essay

Hacking and Countermeasures

...1. What are the five steps of a hacking attack? Reconnaissance, network and system scanning, gaining access, maintaining access, and covering their tracks 4. What step in the hacking attack process identifies known vulnerabilities and exploits? The gaining access step is where the attacker identifies and exploits the open vulnerabilities in the network. 5. During the scanning step of the hacking attack process, you identified known software vulnerabilities in a Windows XP Professional workstation. List the name and number of the critical Microsoft vulnerabilities identified. What is vulnerability “MS08-067”? There were a total of 6 High Risk vulnerabilities found. 1 - MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (un-credentialed check) 2- MS05-027: Vulnerability in SMB Could Allow Remote Code Execution (896422) (un-credentialed check) 3 - MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution (921883) (un-credentialed check) 4 - MS09-001: Microsoft Windows SMB Vulnerabilities Remote Code Execution (958687) (un-credentialed check) 5 - MS06-035: Vulnerability in Server Service Could Allow Remote Code Execution (917159) (un-credentialed check) 6 – Says it is Nessus Scan information. MS08-067 is vulnerability in Server Service that Could Allow Remote Code Execution. 6. Which tool and application was used to exploit the identified vulnerability on the targeted Microsoft 2003 XP SP2......

Words: 315 - Pages: 2

Premium Essay

Lot2

...future internal attacks from occurring. This can be accomplished through a two pronged strategy, server side and client side software protection measures. On the client side we need to start using anti-virus software that will detect and remove hacking programs and keep it up to date. Second, on the server we need to install two programs. One, a program that will cache requests and feed it to the server at a rate that it can handle requests. Two, a program that will detect when too many requests are coming from a specific IP address and discard requests from that computer. This information can be logged and infected PC’s can be repaired. This is the most cost and time effective strategy. Free software is available that can handle the client side protection. Server side protection can be had at a fraction of the cost of new hardware. This will mitigate the current issues and other software based protection is available for other types of DoS attacks; which would be good to look into. The IT department will continue to monitor the situation and recommend if it is necessary to implement further hardware or software upgrades as the situation requires. Bibliography EC-COUNCIL. Ethical Hacking and Countermeasures: Threats and Defense Mechanisms. Delmar Thomson Learning, 9/22/2009. ....

Words: 589 - Pages: 3

Free Essay

Hacking

...Hacking Computers seem very complicated and very hard to learn, but, if given time a computer can be very useful and very fun. Computers have taken over our lives. People could not function without them, our electricity is run by computers, the government could not function without computers, and there are many others. Hackers are people who illegally gain access to, and sometimes tamper with, information in a computer system. Due to recent media coverage and corporate interest, hacker’s activities are now looked down on by society as criminals. Despite the growing trend of hacking, very little research has been done on the hacking world and its culture. The image of a computer hacker has grown from a harmless nerd into a vicious techno-criminal. In reality most hackers are not out to destroy the world. The hackers in today’s society are not just board teenagers. Various types of people commit computer crimes; the most familiar is being hacker. A hacker is a person who enjoys exploring the details of a programmable system and how to stretch their capabilities. Hackers may affair any type of dodging to access this information depending on what they intend on doing in the form. Computer hackers in today's world are becoming more intelligent. They are realizing that people are constantly developing more hack-proof systems. This presents the hackers with a bigger challenge and a bigger thrill. The government is realizing this and is working on making harsher laws to,......

Words: 876 - Pages: 4

Free Essay

Lot2 Task 1

...SUBDOMAIN 426.4 - HACKING Competency 426.4.4: Denial of Service (DoS) - The graduate identifies and implements countermeasures to protect against denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks using industry best practices. Scenario: You work for a large public university that utilizes a web-based registration and cashiering system that allows students to register for, pay for, and drop classes. Naturally, peak usage times are during registration season shortly before the start of a new quarter. The system has been in place for about a year and a half and has greatly reduced the workforce needed to staff the registration office during registration season; as a result of implementing the new system, over three-quarters of the registration staff were reassigned to other parts of the university. However, during registration for the most recent quarter, the web-based system suffered a crippling distributed denial-of-service (DDoS) attack that made the system unavailable for about 24 hours. The university’s network staff was certain that the attack did not initiate from an external network source since the university has a series of mechanisms in place to intercept such attacks. Further investigation revealed that the attack originated from the internal network. The network team discovered that a password sniffer application was somehow installed on a large portion of the computers in various university computer labs. The password......

Words: 572 - Pages: 3

Premium Essay

Lot2 Task 3

...SUBDOMAIN 426.4 - HACKING   Competencies: 426.4.2: Preattack Planning - The graduate evaluates techniques used in footprinting and implements industry best practices to protect against this type of information asset vulnerability. 426.4.3: System Hacking - The graduate evaluates various network system hacking counter-techniques. 426.4.5: Hacking Web Servers - The graduate identifies known web server vulnerabilities and demonstrates industry best practices to protect against this type of threat. 426.4.6: Web Application Vulnerabilities - The graduate identifies common web application vulnerabilities and uses industry best practices to protect against this type of threat.   Introduction:   Maintaining a proactive approach on security requires that an organization perform its own hacking footprinting to see how much information is available to potential hackers. Some organizations do this using internal staff; however, it is much more common to see organizations hire external security consultants to perform these types of security reviews. This allows a truly unbiased outsider to attempt to gather as much information as possible to formulate an attack.   Assume that you have been selected as the security consultant to perform a comprehensive security review for an organization of your choosing. Ensure that the organization that you select has a public website that you can access and at least one web application that you can use for this task. You will review the......

Words: 1868 - Pages: 8

Free Essay

Hacking

...HACKING Introduction • Hacking is unauthorized use of computer and network resources. • According to Computer Crime Research Center: “It is act of gaining access without legal authorization to computer or computer network.” • Traditionally hacking refers to the hobby/profession of working with computers. • But now a days it refers to breaking into computer systems. History • 1960s – MIT AI Lab – Ken Thompson invented UNIX – Positive Meaning • 1980s – Cyberspace coined – 414s arrested – Two hacker groups formed – 2600 published • 2001 – In one of the biggest denial-of-service attack, hackers launched attacks against eBay, Yahoo!, CNN.com., Amazon and others. • 2007 – Bank hit by “biggest ever” hack. Swedish Bank, Nordea recorded nearly $1 Million has been stolen in three months from 250 customer account. Types of hackers Knowledge based: • Coders • Admins • Script kiddies Legality based: • Black hat hacker • White hat hacker • Grey hat hacker Script Kiddies: – who use scripts or programs developed by others to attack computer systems and networks and deface websites.[ Phreak – Person who breaks into telecommunications systems to [commit] theft Cyber Punk – Recent mutation of … the hacker, cracker, and phreak White hat hacker who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. Black hat hacker A black hat is the villain or bad guy, especially in a......

Words: 383 - Pages: 2

Premium Essay

Lot2

...Brandon Moore LOT2 Task 1 09/14/2011 Diagram Below is a diagram which illustrates how the attack overwhelmed the Web Server. Executive Summary The attack performed on the network had the intention of making the online services provided to students unusable during a critical time of need for those systems. The attack was first performed by acquiring the Administrator password for the systems and using each system to perform a large quantity of requests for service to the web servers. By dissecting what occurred steps can be put in place to prevent such an attack in the future. This attack can be summarized in a few bullets: ← The attacker was allowed to install software without having Administrator rights ← The software used sniffed out the Administrator password either via the wire or possibly keystroke logging. ← Each client computer was able to send a large amount of HTTP requests to the web server. ← The web server accepted and processed each request. To begin with, it needs to be made mandatory that users on a machine cannot install new software to a machine. Instead, each machine should be preloaded with the tools that would be needed for a typical student to perform their work. In addition, the use of a file monitoring program, such as Tripwire, can be used to detect and notify if any changes have occurred to files or entire folders that shouldn't experience any changes. Next, if the software installed did...

Words: 724 - Pages: 3

Premium Essay

Ethical Hacking

...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are......

Words: 6103 - Pages: 25

Free Essay

Ddos-Lot2-Task1

...DDoS Attack Mitigation Username Online College Distributed Denial of Service (DDoS) attacks have been causing internet disruption for years. The types and frequency has evolved over time (The Growing Threat, 2012). Originally, multiple machines would ping a machine and take up its resources. Then attackers started to use the TCP handshake as an attack medium. They would request so many connections, that there would be none left for legitimate users. Now, the DDoS attacks are hitting at the application level. A DDoS attack at the application layer is very difficult to detect. The attack consumes less bandwidth than other DDoS attacks and the attack targets very specific protocols. Some protocols that they attack are HTTP, used for connecting to web pages, DNS, used for turning a web address to an IP address, and SMTP, used for email transfer (The Growing Threat, 2012). Since they use well known and frequently used protocols to exploit, these attacks easily bypass normal traffic inspectors. The protocols for web must be open on the firewall and IDS because if they weren’t, normal web traffic would not go through. This would make the internet useless for everyone. In order to mitigate this issue and still have connectivity, there are two things the University can do. First, the IT staff can deploy a Host-based Intrusion Prevention System (HIPS). This will be deployed to all of the University computers and centrally managed by a server in the data center. ......

Words: 727 - Pages: 3

Free Essay

Hacking

...Hacking: Understanding It All John Williams INF 103: Computer Literacy Thomas Hennefer June 14, 2010 Abstract As technology has grown, so has the dependence of society on its role in everyday life. Like many things, this dependence on technology comes at a risk. Hacking is the risk that members of society must face. Hackers can find any information they wish to acquire, which puts information, such as finances and personal, at great risk. In order to understand how to prevent hacking, one must first understand what is at risk to be hacked and the way in which the act is done. Technology has become a constant part of every day life. People now manage their bank accounts, pay bills, deal with highly confidential information, and even personal information online. All these aspects of technology in daily life are a temptation to others throughout the internet. Those who find themselves tempted perform the task of hacking, which leaves others and their personal information vulnerable. This paper will discuss society’s reliance of technology in all aspects of life; thereby, leaving personal information vulnerable. Also being discussed will be information hackers find tempting, the steps that some take to hack into systems allowing them access to normally unavailable information and the steps that can be used to help prevent hacking from occurring. Method In the task of preventing hackers from gaining access to information that could be harmful to the individual, you......

Words: 2876 - Pages: 12

Free Essay

Attack Methodology and Countermeasures

...Attack Methodology and Countermeasures Strayer University SEC420 Professor Gillen July 24, 2015 Attack Methodology and Countermeasures When most people hear the term “hacker” they think of an evil person committing crimes by hacking into their computers to steal, destroy and/or steal identities. This is so in some cases, but not all hackers are bad. Hackers are merely curious technically skilled individuals who gain unauthorized access to computers, networks of various companies, organizations and individuals. Good hackers are considered white hat hackers. They are the ones, who are hired to break into systems as a way of testing the vulnerabilities and security issues that may be present in the computer system. Consider this: company XYZ, a mid-sized corporation, is in the middle of satisfying their regulatory compliance needs.  The manager of security at the company has been tasked by the CIO (Chief Information Officer) to report on the company’s current security posture. If the manager decided to outsource an ethical or white hat hacker in attempt to test their security measures. Over the course of this document various things the third party hacker would need from the company, things he or she would provide to the company and some predictions for the tests. In order to exploit the targeted systems the initial steps to gain as much information as possible about the targets. In this case, the manager is the contact in which questions may be posed. The hacker......

Words: 1432 - Pages: 6

Premium Essay

Ethical Hacking

...26, 2014 Ethical Hacking Ethical hacking is used to describe hacking performed by a company or individual to help identify potential threats on a computer or network. An ethical hacker works passed the system security to detect the vulnerabilities or weak points of a company’s network. Then this type of information is used to improve the company’s network from the bad hackers who exploit the company in a destructive way. In 1960s, U.S military began testing their own IT systems, but when Dan Farmer a security expert from San Francisco and a security programmer at the Netherlands University of Eindhoven had posted the techniques they used to gather information to the Usenet, that could have compromised the security of a number of target networks(Langely). Their goal was to raise the overall level of security on the internet. Dan farmer and Eindhoven were elected to share their work freely on the internet for others to learn. Eventually, they gather up the work they used and developed a program called Security Analysis Tool for Auditing Networks (Langely). This tool is used to perform an audit of the vulnerabilities of the system and how to eliminate the problem. The concept of ethical hacking started emerging in 1993 (Langely). According to some, ethical hacking does not exist and they feel hacking is just hacking, no matter how you put it. Therefore the one that is doing the hacking is a computer criminal. This is not the case, so in order for hacking it to be......

Words: 589 - Pages: 3

Premium Essay

Hacking

...Danish Jamil et al. / International Journal of Engineering Science and Technology (IJEST) IS ETHICAL HACKING ETHICAL? DANISH JAMIL Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300,Pakistan mallick251@hotmail.com MUHAMMAD NUMAN ALI KHAN Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300,Pakistan mallick89@yahoo.co.uk Abstract : This paper explores the ethics behind ethical hacking and whether there are problems that lie with this new field of work. Since ethical hacking has been a controversial subject over the past few years, the question remains of the true intentions of ethical hackers. The paper also looks at ways in which future research could be looked into to help keep ethical hacking, ethical. Keywords— Ethical hacking, hacking, hackers, education and training, risk management, automated security I. INTRODUCTION Understanding the true intentions of the general public is quite a hard task these days, and it is even harder so, to understand the intentions of every single ethical hacker getting into vulnerable systems or networks. Technology is ever growing and we are encountering tools that are beneficial to the general public, but in the wrong hands can create great controversy, breaching our basic right to privacy, respect and freewill. The constant issues highlighted by the media......

Words: 3982 - Pages: 16