Tuesday, June 4, 2019
Issues In Ethical Hacking And Penetration Testing Information Technology Essay
Issues In Ethical Hacking And Penetration Testing schooling Technology EssayIn this fast growing backup world the growth of breeding Technology is sky-scraping. knowledge is a tune asset, in that respectfore it is exertionually measurable to protect the Business Intelligence and the confidential nurture. It whitethorn protect its availability, privacy and integrity. Information Security is more than protecting data processor data security it is the process of protecting the intellectual property of an nerve which engages with Network Security.The availability of access to stored breeding onserverdatabases has increased to a great extent. Most of the companies store their business and individual information on their computer than ever before. M any(prenominal) businesses ar exclusively stand on information stored in their data centers. Personal staff details, client lists, salaries, bank account details, trade, sales information and more signifi bottom of the inningtly their research and development secret recipe or marketing strategies may all be stored on a database. If they lack this information, it would directly affect the business operations. Therefore powerful Information security systems needed to be executed to protect this information.The biggest threat to businesses may be the people who make a alimentation from stoppleingor breaching through information security systems. By exploitation their technological skills, they be brave enough to break into computer system and access secured information. galley slaves git even turn your home computer into a bomb (Randy Jefferies, 2005). Firewalls, which atomic number 18 intended to prevent access to a computer network, john be considerably bypassed by ablack hat namely a hacker with the good tools and skills. The breach finish result a heavy neediness of of the essence(p) information, or a virus could be planted and delete all secured information as an intruder.So that is why In formation Security Professionals plays a abundant role in this Business Industry, because of this, there is an important position for respectable hackers, who can defend and protect the organization against cybercriminals and even they be capable of crafty their accept system for the stressing purposes .When the question arise that, is hacking actually bad? Or is it possiblethat there atomic number 18 times when hacking can be seen as good? Before speak toingthese scenarios, the term hackers and ethics needs to be defined. So this is where honourable hacker bob ups in.Ethical Hacking and Penetration TestingEthical Hacking can be defined as hacking a network or a system to seek and test vulnerabilities that a hacker could exploit and take advantage of the system. This implies, doing it for the overture of the firm. This process is do to secure and defend the system from cybercriminals known as black hats with a licitly authorized way. The people who involve in honourab le hacking are called as white hats who are superiorly trained security experts. Most of the firms pursue one these White Hats to protect their information systems whilst some firms hires.The information processing system crime is where the computer isthe place of the crime and the criminal activities can range fromfraud, theft, and forgery. Businesses who try to approach the problem ready independent computer security professionals who render to breakinto the computer systems and penetrate as mentioned above. Both of these people, crackers andprofessionals are estimable hackers, but they put on different ethics. Negative observation of hacking, When is hacking bad? In recent news, a certain hacker who claims to beknown as Gwerdna hacked into a Mac computer, He even made comments onhow easy it was for him to hack into the security and he has stated to break into that library machine he solely took 10 minutes. (Micheal Harvey, 2006).The term Ethical Hacking can be addressed as perspicacity testing. This is a method of evaluating the network or computer system by simulating an attack from a venomous source, a White Hat Hacker but act as a Black Hat Hacker (Wikipedia, 2010). These good hackers use these methods which can be identified and clarified as malicious softwares namely Buffer Overflow, Logic Bomb, Parasite, Sniffer, Spoof, Trojan Horse, Virus, Worms.Importance and Benefits of Ethical HackingAs mentioned above the reason for conducting an honest hack, plainly, is to extend information assets secure. One survey conducted by Rick Blum, stated that It (ethical hacking) is very important and helps save you money and reputation in the long run. (Rick Blum, 2009).Network testing is the most important type of ethical hack, because it is obvious the hacker can easily break the firewall and get into the network. So network should be highly secured.Thats a reason why it is considered as a very important fact for organization because of the rising cyber crime rates and the high growth of cyber criminals. Since computer technology has developed, the crime rates also increased. The intellectual hackers have made mass destructions and losses formany companies and they have ill-treatd their database and leaked information. Had exploited the brand image of most of the firms and damaged their trust on their clientele. Hackers have transferred millions of dollars without any awareness of the banks and their involvement. Even hacked into police de fragmentisements emergency help desks.For example a group of hackers called Vandals hacked the New York City Police Departments voice- mail system and replaced the usual civilized announcements with You have reached the New York City Police Department. For any real emergencies, dial 119.Anyone else were a little busy ripe now eating some donuts and having coffee. It continue You can fairish hold the line. Well get back to you.Were little slow, if you know what I mean. Thank You. The bogus me ssages continued for 12 hours before they were investigated and turn by ethical hackers (Donald Pimkins, 2000) more or less time ethical hacking will not reveal vulnerabilities of a network or a system. But there are a number of consequence take ins that can be derived from an ethical hacking process. The picture downstairs will travel by a clear idea of what are the benefits visible(prenominal) in this process and how it can be prioritized.Ref http//www.isaca.org/Images/journal/jrnlv2-06-red-teams-audit-tool-2.jpgThe size of the threat depends on the type of the business and how its fits with hackers motives. Therefore to prevent these kinds of retorts and threats in early firms employ ethical hackers.The term ethics will be clearly structured in the following paragraphs with the support of ethical principles, ethical issues, ethical dilemmas and ethical theories.Business EthicsAccording to the study Business ethics can be defined as a form of applied ethics that reckon eth ical principles and moral or ethical problems that occur in a business environment (Gwendolyn Cuizon, 2009). Many businesses have gained a bad reputation just by being in business. By not being stick to business ethics policy firms may fall in trouble, if a business is damaged by an ethical disaster it affects the bottom line which implies profit. It is agreed that IT systems are put in place to support the strategic planes of an organization which would be in lined with business ethics. So that is why organizations see ethics as, a bringing competitive edge to their business.In my point of view in business, the horizon view of stakeholders are different , they see theres whats illegal, whats legal but unethical, ethical but against company policy, not against policy but not in the clients best interests, and finally whats not really opposite to the clients best interests but isnt really going to benefit them moreover. Which can be understood by the below image.http//www.gryphonsha fer.com/blog/2008/08/business_ethics.pngEthical Principles and Ethical IssuesEthical principles can be defined as the foundation of ethical behavior. An ethical principle arrives from the social Context, from religious beliefs, and from ethical opening. These ethical principles can applied to computer technologies that have an impact on peoples daily lives where they interacts in political sympathies, in education, at work, at play ground and workout) (Penny Duquenoy, 2010)Some general ethical principles can be listed asRespecting othersConsider others as equalKeep promisesRespect the property of othersAct honestlyThe principles can be addressed as below which relevant to Information Systems professionals and related technologies officers.The Royal Academy of Engineering, in collaboration with Engineering Council (UK) and a number of the leading professional engineering institutions, has developed a Statement of Ethical Principles to which it believes all professional engineers an d Information Professionals should follow. Accuracy and Rigor Honesty and Integrity Respect for Life, Law and the popular Good Responsible Leadership Listening and Informing (Engineering Ethics, 2007)Ethical issues can be addressed as whatever threatens or breaks an ethical principle is an ethical issue. For example ethical principle Respect the property of othersEthical Issue Hack someones computer without their permission and steal information and destroy it by send a virus or a worm So by understanding this example an ethical issue can be clearly understood. And to prise these kinds of ethical issues in different perspectives ethical theories should be applied.Ethical TheoriesAs discussed above an ethical issue can be identified and evaluated by using ethical theories .These theories can be used as tools for making ethical decisions, and they may also helpful in providing a basis for critical thinking. An issue can be taken in different perspectives and formed opinions with helpful of ethical theories.There are two main ethical theories,KantianismConsequentialismKantianismThe Kants guess can be defined summarized without going in deep. Kant says that how we behave ethically comes from within us, and the things that we decide are good or bad are based on whether we could imagine everyone doing them. (Immanuel Kant)So for example, it would be logically conflicting to say that breaking a promise is good because if everyone broke their promises there would be a loss of trust in promises, and the whole nature of a promise would be lost. Therefore, he says, that certain things cannot be universalized which means they would not work if everyone did them, and those things are wrong.Examples are killing others, lying, thieving, breaking promises. Moreover, in Kants point of view, things that we view as wrong are essentially wrong that is, they are always wrong and there is neer any reason topographic point where they would be right. This conflicts directl y with the theory of consequentialism, which will be addressed next.ConsequentialismConsequentialism theory can be defined as, a theory which deals with consequences of actions rather than the actions themselves .So, and for example, it could be argued that stealing could sometimes be the right action to take provided the outcome is for the good. Theory says that a good outcome is that which brings the greatest benefit to the greatest number of people. Therefore stealing, for example, is a morally acceptable act if it brings greater benefit to the greatest number.For example, if a king has a warehouse replete of food when most of the people in the country are starving. In this instance stealing the food to distribute it to the starving people would be the right thing to do. So by this act a great number of people get benefited. So in this case according to consequentialism theory stealing is not bad while it fully contradicts with Kantians theory.Ethical DilemmasEthical dilemmas c an be addressed as moral dilemmas. An ethical dilemma is a situation where in moral principle or ethical obligations conflict in such a way as to make any possible proclamation to the dilemma morally intolerable. In other words, an ethical dilemma is any situation in which guiding moral principles cannot determine which course of action is right or wrong. Can simplified as you will have issue and you will have a solution which will leads you to an unethical way.(Lee Flamand, 2007).Ethical, Legal, Professional, Social and cultural Issues in Ethical HackingWhen we discuss about ethical hacking there are many issues which can be listed, which will arise in many circumstances. For evaluating these issues and come up with a good solution or opinions the above discussed, structured ethical principles and ethical theories can be taken off. This will obviously give a clear picture to the reader. In this study for further more analysis two important incidents will be assessed by me using t he both(prenominal)(prenominal) ethical theories.A Dutch hacker who copied patient files from a University of Washington medical center (and was not caught) said in an online interview that he did it to promote the systems vulnerability not to use the information. He disclosed portions of the files to a journalist after the medical center said that no patient files had been copied. (Sara Baase, A bounty of Fire, 2003.)If we critically evaluate the above scenario, it is obvious that the hacker has committed a cyber crime and he should be punished according to the Kantianism theory which tells some actions are always wrong. Even though the Dutch hacker didnt utilised the copied files he has break into the network and penetrated it. So its ethically wrong when we see in the perspective of Kants theory. But if we evaluate this using Consequentialism theory it will completely contradict with Kantianism theory. Though the hacker was not get caught he has came to an online interview t o announce that there is vulnerability in University of Washingtons medical centres network which can be easily attacked. So this good behavior of the hacker shows that he has came to this decision concerning about the progression of the patients. which direct the theory an action is good If the consequences bring greatest benefit to number of people .If he has published all the copied files through the internet the both parties will be get affected, the patients and the University. The files may contain confidential information of patients and which they never want to expose. So although this act can be identified as ethically improve whilst its legally wrong. Therefore by this action the Medical centre gets a chance to secure and defend their systems from future attacks.But a according to the statement A solution to an ethical issue can raise another issueAnonymous. May be this act is ethically correct according to the theory of Consequentialism. But what if the hacker found som e medical information about his friend? Which information is a kept secret? What if he tells him? What if the friends get to know that his confidential medical information has got leaked through the internet? These kinds of issues can arise which will sometimes take into an ethical dilemma.If we move to the next case which is,A 17 year old hacker know as YTcracker, who penetrated several government and military web sites (including those belongings to the Bureau of sphere Managements National Training Center, NASAs Goddard Space Flight Center and the Defense Contracts Audit Agency) said he routinely sends messages to government web site administrators insisting that they address vulnerabilities and adopt Unix or other more secure systems can be penetrated, but the messages largely go ignored. YTcracker said in his defacement of website he targeted systems the government would look at and take seriously and secure it. (Federal computer Week, 1999)Though this case is Similar to the above discussed one, it provides a different idea. The hacker who has penetrated all these sites called YTcracker has only one intention that is to alert and notify the government organizations to protect their valuable informations, Which can be easily breached and gained access. If critically evaluate this case according to the Kantianism theory. The act of YTcracker is ethically wrong as it threatens the ethical principles go beyond the theory.But according to the point of Consequentialism theory the act is ethical. Because the hacker hasnt done any damage to the government organizations using their web sites. He has only warned and notified them to make them more secured. So greater amount of people gets benefited, because there are most culture medium informations are available in government sites such as National Security, Military and NASA. So if the hacker leaks the information from their databases what will happen there are would be a huge problem for the US government.But both of these incidents are illegal according to the Computer use Act 1990 even they are ethical according to the theories. Because the hackers have offended unauthorized access to computer material (Misuse Act 1990)Ethical Concerns and Professional IssuesWhen implementing an ethical hack in an organization there are ethical issues which engages with information systems professionals can be addressed as,Ethical Hackers have to break the organizations security policy and procedures.Violating the code of conduct.Privacy of the employer and employees cabalistic Business strategy, Marketing Strategy and product recipe leakageIf we further analyze above ethical issues a question may arise, Does ethical hacking is ethical? Before address the issues, we are tend to find a solution for the above question so if, we evaluate the question by putting into Kantianism theory somehow its breaking the rules and regulation, braking the firms security policies and procedures, penetrating the code o f conduct. So this act of ethical hacking can cannot be ethical. Even though the professional hackers do it legally it can be unethical, According to Kants point of view.Considering with view point of consequentialism theory this process can be identified as ethically correct, because its all done for the betterment of the organization. So there is no way of criticizing it. Firms do these to seek the vulnerabilities and defend the entire network there should be a testing procedure. So this can be taken as that. In this point of view we can decide its all ethically correct, even though they break their own code of conduct.As information systems professionals point of view ethical hacking can be identified as a complete mess. Because they have to stick to a code of conduct. Then only they are professionals. But when they are being forced to violate these terms when they involve in penetration tests there are in trouble as professionals. Therefore as professionals who are expected to c omply with local laws, sometimes they may have to assess and evaluate ethical and legal issues against their personnel values.There can be privacy invasion takes place when they do a ethical hack. Most of the firms hire an ethical since they dont employ one. So when he penetrate their systems and network he can get whatever the information he needs from the organizations databases and networks. All confidential employee and partner documents and information can be seen. The ethical hacker is able to view all the weak points of the firewall. If the ethical hacker is not a professional he may attack the organization later when he needs. Or he will be a big threat. So these issues may arise. And even the secret marketing and business strategy of a leading company leaks the hacker can sell it for the competitors. So this would be a threat for some firms to conduct and penetrations test using anLegal Issues and LawsWhen considering about legal aspects, the issues which was discussed in t he above paragraphs can be brought up since it involves legal issues. Even though those incidents were ethical, its completely illegal, because it breaks the Computer Misuse Act 1990. This Act will be clearly discussed below,The Computer Misuse Act 1990TheComputer Misuse Act 1990is an Act of theUK Parliament. The Bill eventually became the Computer Misuse Act in August 1990.The Act introduced three new criminal offencesUnauthorized access to computer materialUnauthorized access to computer material with the intent to commit or facilitate commission of further offencesUnauthorized modification of computer material.(Statuelaw, 1990)What if an ethical hacker pretends to be an inside intruder? He who knows the entire network and secrets of a company. So he can easily damage and destroy the entire information system. When these situations occur according to the misuse act legal issues can be identified.For an example a disgruntled computer technician at Reuters in Hong Kong detonated log ic bombs at five investment-bank clients, causing 36 hours of downtime in networks providing market information crucial for trading. The banks switched immediately to alternative services and reported no significant effects on their work however, Reuters was deeply embarrass by the incident (Financial Times Limited, November 1996) so looking into these factors the organization should be fully aware of these kinds of threat which can be aroused.Sometimes Internal governing may force the ethical hacker to make huge losses for the firm. When they employ for and public company. There are so many people in a director board. So what if the ethical hacker gets an order from higher management to plant a logic bomb or do a parasite for important information of the firm and put the blame on another person. For the ethical hacker this job is not that much difficult. Even they may ask him to steal other companies confidential documents. This might cause legal issues which will entirely damage the firms reputation. These kinds of issues can arise without the awareness of the management.Social and heathenish ConcernsIt is agreed that in business ethics there are loads of issues as deeply addressed in above paragraphs and social and cultural issues can also identified as one of them. Social issues are about to impact on the society. IT depends on the societys reaction and behavior. According to the ethical principles firms should negotiate with the society. If an Information System of a Hospital or a School got hacked, there would be huge issues in the society. As their sensitive information contain on those Information Systems. Similarly this case may occur in a firm. So when an ethical hacker gets involved in this process he has to keep the trust on them if not the blame can be put on him by the society. So both parties get affected. The brand image can be get spoilt in the society when their informations get leaked out. They will lose the trust and faith on their emplo yer.And when the ethical hacking process gets leaked out there are chances of affecting the companys culture. If there is a culture there are certain values to be respected. And if this values get exploited by the penetration testers issues may arise. And when they design these IS system they should respect the values without harming it. For e.g. Pornography.ConclusionFrom the clearly structured study, it is understood ethical hacking consideration is crucial to maintaining a verifiable direct of information security. Even though there are lots of issues in certain aspects of Ethical hacking it is a critical component of our overall security programme which keeps the internal, contracted security.Ethical hacking is a necessity in order to protect company assets and stay close to the reality of unethical hacking. It ethical hacking is very important and helps save you money and reputation in the long run. Ethical Hacking is the best way to assess the network from an outsiders persp ective.To reduce the addressed issues above organizations can have their own ethical hacking team or hacker to prevent outside information leakage and to get rid of the fear of that.I think ethical hacking is a must have for any serious organization today in this fast moving business world. It should be a critical part of any proactive organization in todays global competitive market.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment