Tuesday, April 2, 2019
Issues In Ethical Hacking And Penetration Testing Information Technology Essay
Issues In respectable Hac major power And Penetration Testing reading Technology bear witnessIn this fast growing subscriber line validation world the growth of instruction Technology is sky-scraping. education is a business asset, at that placefore it is in truth big to nurture the business enterprise Intelligence and the confidential knowl perimeter. It may protect its availability, solitude and integrity. education Security is more than protecting computing machine data surety it is the litigate of protecting the intellectual property of an disposal which engages with Network Security.The availability of access to stored tuition onserverdatabases has increased to a considerable extent. some of the companies store their business and individual culture on their computer than ever before. M whatsoever businesses ar exclusively stand on study stored in their data perfumes. Personal staff details, client lists, salaries, bank composition details, marketin g, sales teaching and more historicly their research and development confidential recipe or marketing strategies may all be stored on a database. If they lack this information, it would directly affect the business operations. Therefore knock-down(a) Information security systems needed to be executed to protect this information.The biggest little terror to businesses may be the people who make a living fromhackingor breaching through information security systems. By using their technological skills, they argon brave enough to demote into computer system and access secured information. hacks throne even turn your home computer into a dud (Randy Jefferies, 2005). Firewalls, which argon intended to prevent access to a computer profit, finish be easily bypassed by ablack hat namely a literary hack with the proper tools and skills. The breach tin quite a little result a clayey loss of crucial information, or a virus could be ingrained and delete all secured information a s an intruder.So that is why Information Security Professionals plays a vast role in this Business Industry, because of this, thither is an heavy position for true(p) cabs, who keister defend and protect the disposal against cyber lamentables and even they be capable of penetrating their own system for the interrogation purposes .When the question filch that, is hacking actually misgivingful? Or is it possiblethat on that academic degree atomic number 18 times when hacking stop be externalisen as good? in the lead addressingthese scenarios, the term machine politicians and ethics needs to be specify. So this is where honest peon comes in.honorable Hacking and Penetration Testing good Hacking can be defined as hacking a net income or a system to render and canvass vulnerabilities that a hack writer could exploit and give-up the ghost to advantage of the system. This implies, doing it for the onward motion of the theater. This process is through to secure and defend the system from cybercriminals known as black hats with a legally authorized way. The people who involve in honest hacking are called as white hats who are professionally adept security experts. Most of the firms employ one these White Hats to protect their information systems whilst round firms hires.The calculating machine crime is where the computer isthe place of the crime and the criminal activities can range fromfraud, theft, and forgery. Businesses who try to approach the problem claim nonsymbiotic computer security professionals who attempt to breakinto the computer systems and penetrate as mentioned supra. Both of these people, crackers andprofessionals are respectable hackers, but they have several(predicate) ethics. Negative observation of hacking, When is hacking bad? In recent news, a plastered hacker who claims to beknown as Gwerdna hacked into a Mac computer, He even made comments onhow easy it was for him to hack into the security and he has stat ed to break into that library machine he barely took 10 minutes. (Micheal Harvey, 2006).The term Ethical Hacking can be turn to as cleverness testing. This is a method of evaluating the interlocking or computer system by simulating an attack from a malicious source, a White Hat hacker but act as a Black Hat Hacker (Wikipedia, 2010). These honest hackers use these methods which can be place and clarified as malicious softwares namely Buffer Overflow, Logic Bomb, Parasite, Sniffer, Spoof, Trojan Horse, Virus, Worms.Importance and Benefits of Ethical HackingAs mentioned above the evidence for conducting an respectable hack, obviously, is to keep information assets secure. sensation survey conducted by Rick Blum, stated that It (ethical hacking) is very important and helps compose you money and temper in the long run. (Rick Blum, 2009).Network testing is the most important subject of ethical hack, because it is obvious the hacker can easily break the firewall and get into t he entanglement. So network should be highly secured.Thats a reason why it is considered as a very important fact for boldness because of the rising cyber crime rates and the high growth of cyber criminals. Since computer engineering science has developed, the crime rates in addition increased. The intellectual hackers have made good deal destructions and losses for numerous companies and they have priced their database and leaked information. Had exploited the brand stunt man of most of the firms and damaged their trust on their clientele. Hackers have transferred millions of dollars without each knowingness of the banks and their involvement. Even hacked into police departments emergency help desks.For example a mathematical group of hackers called Vandals hacked the New York City Police Departments voice- mail system and replaced the usual urbane announcements with You have reached the New York City Police Department. For any real emergencies, control 119.Anyone else were a little busy right now eating just about donuts and having coffee. It continued You can just hold the line. Well get prickle to you.Were little slow, if you know what I mean. Thank You. The bogus messages continued for 12 hours before they were investigated and corrected by ethical hackers (Donald Pimkins, 2000)Some time ethical hacking testament not reveal vulnerabilities of a network or a system. But in that location are a number of consequence benefits that can be derived from an ethical hacking process. The calculate below forget give a clear idea of what are the benefits available in this process and how it can be prioritized.Ref http//www.isaca.org/Images/journal/jrnlv2-06-red-teams-audit-tool-2.jpgThe size of the threat depends on the type of the business and how its fits with hackers motives. Therefore to prevent these kinds of issues and threats in future firms employ ethical hackers.The term ethics will be clearly structured in the following paragraphs with the accommodate of ethical principles, ethical issues, ethical dilemmas and ethical theories.Business EthicsAccording to the study Business ethics can be defined as a form of applied ethics that meet ethical principles and moral or ethical problems that occur in a business environment (Gwendolyn Cuizon, 2009). Many businesses have gained a bad reputation just by organism in business. By not organism stick to business ethics policy firms may fall in trouble, if a business is damaged by an ethical disaster it affects the fundament line which implies profit. It is agreed that IT systems are put in place to support the strategic planes of an organization which would be in lined with business ethics. So that is why organizations see ethics as, a bringing competitive edge to their business.In my point of view in business, the perspective view of stakeholders are assorted , they see in that respects whats illegal, whats legal but unethical, ethical but against follow policy, not against policy but not in the clients best interests, and in the end whats not really opposite to the clients best interests but isnt really expiration to benefit them moreover. Which can be unsounded by the below image.http//www.gryphonshafer.com/ communicate/2008/08/business_ethics.pngEthical Principles and Ethical IssuesEthical principles can be defined as the foundation of ethical behavior. An ethical principle arrives from the social Context, from religious beliefs, and from ethical theory. These ethical principles can applied to computer technologies that have an usurpation on peoples daily lives where they interacts in regime, in education, at work, at play fuze and workout) (Penny Duquenoy, 2010)Some general ethical principles can be listed asRespecting differents treat others as equalKeep promisesRespect the property of others function franklyThe principles can be addressed as below which relevant to Information Systems professionals and related technologies officers.The R oyal Academy of Engineering, in collaboration with Engineering Council (UK) and a number of the leading professional engineering institutions, has developed a logical argument of Ethical Principles to which it believes all professional engineers and Information Professionals should follow. Accuracy and Rigor silver dollar and Integrity Respect for Life, Law and the Public Good Responsible leadership Listening and Informing (Engineering Ethics, 2007)Ethical issues can be addressed as whatever threatens or breaks an ethical principle is an ethical issue. For example ethical principle Respect the property of othersEthical Issue Hack whatsoeverones computer without their permission and steal information and break it by sending a virus or a worm So by judgment this example an ethical issue can be clearly understood. And to measure out these kinds of ethical issues in different perspectives ethical theories should be applied.Ethical TheoriesAs discussed above an ethical issue ca n be identified and evaluated by using ethical theories .These theories can be used as tools for make ethical decisions, and they may also helpful in providing a introduction for critical thinking. An issue can be taken in different perspectives and formed opinions with helpful of ethical theories.There are two main ethical theories,KantianismConsequentialismKantianismThe Kants theory can be defined summarized without going in deep. Kant says that how we behave ethically comes from within us, and the things that we adjudicate are good or bad are based on whether we could imagine everyone doing them. (Immanuel Kant)So for example, it would be logically conflicting to say that breaking a promise is good because if everyone broke their promises in that location would be a loss of trust in promises, and the whole nature of a promise would be lost. Therefore, he says, that true things cannot be universalized which means they would not work if everyone did them, and those things a re wrong.Examples are cleansing others, lying, stealing, breaking promises. Moreover, in Kants point of view, things that we view as wrong are essentially wrong that is, they are always wrong and at that place is never any reason situation where they would be right. This conflicts directly with the theory of consequentialism, which will be addressed next.ConsequentialismConsequentialism theory can be defined as, a theory which deals with consequences of proceedings rather than the litigates themselves .So, and for example, it could be argued that stealing could sometimes be the right action to take provided the publication is for the good. Theory says that a good outcome is that which brings the greatest benefit to the greatest number of people. Therefore stealing, for example, is a chastely acceptable act if it brings greater benefit to the greatest number.For example, if a king has a warehouse full of food when most of the people in the country are starving. In this instanc e stealing the food to escort at it to the starving people would be the right thing to do. So by this act a great number of people get benefited. So in this cheek accord to consequentialism theory stealing is not bad while it fully contradicts with Kantians theory.Ethical DilemmasEthical dilemmas can be addressed as moral dilemmas. An ethical dilemma is a situation where in moral principle or ethical obligations conflict in such a way as to make any possible annunciation to the dilemma morally intolerable. In other words, an ethical dilemma is any situation in which guiding moral principles cannot determine which course of action is right or wrong. Can simplified as you will have issue and you will have a resolving which will leads you to an unethical way.(Lee Flamand, 2007).Ethical, Legal, Professional, Social and Cultural Issues in Ethical HackingWhen we discuss about ethical hacking there are many issues which can be listed, which will arise in many circumstances. For eval uating these issues and come up with a good solution or opinions the above discussed, structured ethical principles and ethical theories can be taken off. This will obviously give a clear picture to the reader. In this study for but more analysis two important incidents will be priseed by me using the both ethical theories.A Dutch hacker who copied patient files from a University of Washington medical center (and was not caught) said in an online interview that he did it to publicize the systems pic not to use the information. He disclosed portions of the files to a journalist after the medical center said that no patient files had been copied. (Sara Baase, A authorise of Fire, 2003.)If we critically evaluate the above scenario, it is obvious that the hacker has committed a cyber crime and he should be punished harmonise to the Kantianism theory which tells some actions are always wrong. Even though the Dutch hacker didnt misuse the copied files he has break into the network a nd penetrated it. So its ethically wrong when we see in the perspective of Kants theory. But if we evaluate this using Consequentialism theory it will completely contradict with Kantianism theory. Though the hacker was not get caught he has came to an online interview to announce that there is vulnerability in University of Washingtons medical oculuss network which can be easily attacked. So this good behavior of the hacker shows that he has came to this decision concerning about the betterment of the patients. which direct the theory an action is good If the consequences bring greatest benefit to number of people .If he has published all the copied files through the internet the both parties will be get affected, the patients and the University. The files may tick off confidential information of patients and which they never indirect request to expose. So although this act can be identified as ethically correct whilst its legally wrong. Therefore by this action the Medical centr e gets a chance to secure and defend their systems from future attacks.But a jibe to the statement A solution to an ethical issue can raise another issueAnonymous. May be this act is ethically correct according to the theory of Consequentialism. But what if the hacker found some medical information about his friend? Which information is a unplowed secret? What if he tells him? What if the friends get to know that his confidential medical information has got leaked through the internet? These kinds of issues can arise which will sometimes take into an ethical dilemma.If we move to the next case which is,A 17 social class old hacker know as YTcracker, who penetrated several government and multitude web sites (including those belongings to the Bureau of Land Managements National Training Center, NASAs Goddard musculus quadriceps femoris Flight Center and the Defense Contracts Audit Agency) said he routinely sends messages to government web site administrators insisting that they ad dress vulnerabilities and adopt Unix or other more secure systems can be penetrated, but the messages by and large go ignored. YTcracker said in his defacement of website he targeted systems the government would look at and take seriously and secure it. (Federal information processing system Week, 1999)Though this case is Similar to the above discussed one, it provides a different idea. The hacker who has penetrated all these sites called YTcracker has notwithstanding one intention that is to alert and notify the government organizations to protect their rich informations, Which can be easily breached and gained access. If critically evaluate this case according to the Kantianism theory. The act of YTcracker is ethically wrong as it threatens the ethical principles go beyond the theory.But according to the point of Consequentialism theory the act is ethical. Because the hacker hasnt done any damage to the government organizations using their web sites. He has only warned and noti fied them to make them more secured. So greater amount of people gets benefited, because there are most sensitive informations are available in government sites such as National Security, Military and NASA. So if the hacker leaks the information from their databases what will happen there are would be a extensive problem for the US government.But both of these incidents are illegal according to the Computer Misuse ferment 1990 even they are ethical according to the theories. Because the hackers have offended unauthorized access to computer stuff (Misuse Act 1990)Ethical Concerns and Professional IssuesWhen implementing an ethical hack in an organization there are ethical issues which engages with information systems professionals can be addressed as,Ethical Hackers have to break the organizations security policy and procedures.Violating the computer commandment of conduct.Privacy of the employer and employees sneaking(a) Business strategy, Marketing Strategy and product recipe leakageIf we further analyze above ethical issues a question may arise, Does ethical hacking is ethical? Before address the issues, we are tend to find a solution for the above question so if, we evaluate the question by putting into Kantianism theory somehow its breaking the rules and regulation, braking the firms security policies and procedures, penetrating the code of conduct. So this act of ethical hacking can cannot be ethical. Even though the professional hackers do it legally it can be unethical, According to Kants point of view.Considering with view point of consequentialism theory this process can be identified as ethically correct, because its all done for the betterment of the organization. So there is no way of criticizing it. Firms do these to seek the vulnerabilities and defend the entire network there should be a testing procedure. So this can be taken as that. In this point of view we can decide its all ethically correct, even though they break their own code of con duct.As information systems professionals point of view ethical hacking can be identified as a complete mess. Because they have to stick to a code of conduct. Then only they are professionals. But when they are being forced to violate these terms when they involve in penetration tests there are in trouble as professionals. Therefore as professionals who are expected to comply with local laws, sometimes they may have to assess and evaluate ethical and legal issues against their personnel values.There can be privacy invasion takes place when they do a ethical hack. Most of the firms hire an ethical since they dont employ one. So when he penetrate their systems and network he can get whatever the information he needs from the organizations databases and networks. All confidential employee and partner documents and information can be seen. The ethical hacker is able to view all the weak points of the firewall. If the ethical hacker is not a professional he may attack the organization la ter when he needs. Or he will be a big threat. So these issues may arise. And even the secret marketing and business strategy of a leading company leaks the hacker can deal out it for the competitors. So this would be a threat for some firms to conduct and penetrations test using anLegal Issues and LawsWhen considering about legal aspects, the issues which was discussed in the above paragraphs can be brought up since it involves legal issues. Even though those incidents were ethical, its completely illegal, because it breaks the Computer Misuse Act 1990. This Act will be clearly discussed below,The Computer Misuse Act 1990TheComputer Misuse Act 1990is an Act of theUK Parliament. The wag eventually became the Computer Misuse Act in August 1990.The Act introduced three new criminal offencesUnauthorized access to computer materialUnauthorized access to computer material with the intent to commit or facilitate commission of further offencesUnauthorized modification of computer materia l.(Statuelaw, 1990)What if an ethical hacker pretends to be an inside intruder? He who knows the entire network and secrets of a company. So he can easily damage and destroy the entire information system. When these situations occur according to the misuse act legal issues can be identified.For an example a disgruntled computer technician at Reuters in Hong Kong detonated logic bombs at five investment-bank clients, causing 36 hours of downtime in networks providing market information crucial for trading. The banks switched immediately to alternative services and report no significant effects on their work however, Reuters was late abashed by the incident (Financial Times Limited, November 1996) so looking into these factors the organization should be fully aware of these kinds of threat which can be aroused.Sometimes intrinsic politics may force the ethical hacker to make coarse losses for the firm. When they employ for and public company. There are so many people in a director board. So what if the ethical hacker gets an order from higher management to plant a logic bomb or do a parasite for important information of the firm and put the blame on another person. For the ethical hacker this cable is not that much difficult. Even they may ask him to steal other companies confidential documents. This might cause legal issues which will entirely damage the firms reputation. These kinds of issues can arise without the awareness of the management.Social and Cultural ConcernsIt is agreed that in business ethics there are loads of issues as deeply addressed in above paragraphs and social and cultural issues can also identified as one of them. Social issues are about to impact on the society. IT depends on the societys reaction and behavior. According to the ethical principles firms should negotiate with the society. If an Information System of a Hospital or a School got hacked, there would be huge issues in the society. As their sensitive information contain on those Information Systems. Similarly this case may occur in a firm. So when an ethical hacker gets involved in this process he has to keep the trust on them if not the blame can be put on him by the society. So both parties get affected. The brand image can be get spoilt in the society when their informations get leaked out. They will lose the trust and faith on their employer.And when the ethical hacking process gets leaked out there are chances of affecting the companys culture. If there is a culture there are trusted values to be respected. And if this values get exploited by the penetration testers issues may arise. And when they tendency these IS system they should respect the values without harming it. For e.g. Pornography.ConclusionFrom the clearly structured study, it is understood ethical hacking consideration is crucial to maintaining a verifiable level of information security. Even though there are lots of issues in certain aspects of Ethical hacking it is a critical co mponent of our overall security programme which keeps the internal, contracted security.Ethical hacking is a necessity in order to protect company assets and stay close to the reality of unethical hacking. It ethical hacking is very important and helps save you money and reputation in the long run. Ethical Hacking is the best way to assess the network from an outsiders perspective.To reduce the addressed issues above organizations can have their own ethical hacking team or hacker to prevent outside information leakage and to get rid of the fear of that.I think ethical hacking is a must have for any serious organization today in this fast moving business world. It should be a critical part of any proactive organization in todays global competitive market.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment