White Hats
White hats are the good guys,
the ethical hackers who use their hacking skills for defensive purposes.
White-hat hackers are usually security professionals with knowledge of
hacking and the hacker toolset and who use this knowledge to locate
weaknesses and implement countermeasures. White-hat hackers are prime
candidates for the exam. White hats are those who hack with permission
from the data owner. It is critical to get permission prior to beginning
any hacking activity. This is what makes a security professional a
white hat versus a malicious hacker who cannot be trusted.
Black Hats
Black hats are the bad guys: the malicious hackers or crackers who use
their skills for illegal or malicious purposes. They break into or
otherwise violate the system integrity of remote systems, with malicious
intent. Having gained unauthorized access, black-hat hackers destroy
vital data, deny legitimate users service, and just cause problems for
their targets. Black-hat hackers and crackers can easily be
differentiated from white-hat hackers because their actions are
malicious. This is the traditional definition of a hacker and what most
people consider a hacker to be.
Gray Hats
Gray hats are hackers who may
work offensively or defensively, depending on the situation. This is the
dividing line between hacker and cracker. Gray-hat hackers may just be
interested in hacking tools and technologies and are not malicious black
hats. Gray hats are self-proclaimed ethical hackers, who are interested
in hacker tools mostly from a curiosity standpoint. They may want to
highlight security problems in a system or educate victims so they
secure their systems properly. These hackers are doing their “victims” a
favor. For instance, if a weakness is discovered in a service offered
by an investment bank, the hacker is doing the bank a favor by giving
the bank a chance to rectify the vulnerability. From a more
controversial point of view, some people consider the act of hacking
itself to be unethical, like breaking and entering. But the belief that
“ethical” hacking excludes destruction at least moderates the behavior
of people who see themselves as “benign” hackers. According to this
view, it may be one of the highest forms of “hackerly” courtesy to break
into a system and then explain to the system operator exactly how it
was done and how the hole can be plugged; the hacker is acting as an
unpaid—and unsolicited—tiger team (a group that conducts security audits
for hire). This approach has gotten many ethical hackers in legal
trouble. Make sure you know the law and your legal liabilities when
engaging in ethical hacking activity. Many self-proclaimed ethical
hackers are trying to break into the security field as consultants. Most
companies don’t look favorably on someone who appears on their doorstep
with confidential data and offers to “fix” the security holes “for a
price.” Responses range from “thank you for this information, we’ll fix
the problem” to calling the police to arrest the self-proclaimed ethical
hacker. The difference between white hats and gray hats is that
permission word. Although gray hats might have good intentions, without
the correct permission they can no longer be considered ethical. Now
that you understand the types of hackers, let’s look at what hackers do.
This may seem simple—they hack into computer systems—but sometimes it’s
not that simple or nebulous. There is a process that should be followed
and information that needs to be documented.
No comments:
Post a Comment