Thursday, 12 December 2013

White Hat Hackers (Continuation of previous Article)
A white hat hacker is a computer security specialist who breaks into protected systems and networks to test and asses their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers(known as black hat hackers) can detect and exploit them. Although the methods used are similar, if not identical, to those employed by malicious hackers, white hat hackers have permission to employ them against the organization that has hired them.
Ethical hackers—which are more popularly known as white hats, white hat hackers, sneakers, or even white knights—are information and cyber security specialists who are well-versed in system examination, penetration testing, and many other network analysis approaches that guarantee the safety and integrity of many a company's information system. The sneakers appellation in particular refers to white hats who are actually employed by companies or organizations as network security professionals of sorts.

In fact, the National Security Agency (NSA) offers certifications to these hackers such as the CNS 4011, which covers professional and principled hacking techniques and team management. On that note, an entire group of these experts are referred to by the CNS 4011 as red teams or tiger teams if they're acting as aggressors or invaders, and as blue teams if they're acting as defenders or patch makers.
These network security researchers and specialists may use a multitude of approaches in order to implement their different penetration or system integrity tests, which may include hacking tools, social engineering tactics, and attempts to avoid standard security measures in order to obtain access to supposedly secured areas for the sake of finding weaknesses in a given safeguarding scheme.

What's more, a white hat mainly breaches security for good-intentioned and non-malicious ends; for example, white hats are usually assigned by a company or vendor in order to test the strength of its security system. These are the type of hackers that enjoy the never-ending pursuit of knowledge and improving the overall capabilities of applications and operating systems by picking them apart and putting them back together again. The white hat's talent in penetrating systems and bypassing security protocols are mostly used for the betterment of these very programs and databases, so they usually end up becoming legitimate professionals or consultants in the cyber or IT security industry. In fact, the word "hacker" used to include ethical hackers in its definition until pop culture popularized the infamous image of malicious hacker invaders as the only true "hackers". Of course, a hacker may not be someone involved with data or network security at all, which just goes to show how complicated and all-encompassing the term truly is.

A hacker's stance on proper disclosure of security vulnerabilities further disambiguates him from being a black hat, white hat, or grey hat as well. More to the point, a white hat is willing to create and publish exploits to demonstrate how critical a flaw is, which will in turn force the vendor to work with him in order to correct the security hole instead of letting it languish until an enterprising black hat actually bothers to take advantage of it. The ethical hacker's ultimate objective is to make systems safer, even to the point of "blackmailing" a developer to release a patch through the possibility of public disclosure.


Denial-of-service attack
In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers. This technique has now seen extensive use in certain games, used by server owners, or disgruntled competitors on games. Increasingly, DoS attacks have also been used as a form of resistance. DoS they say is a tool for registering dissent. Richard Stallman has stated that DoS is a form of 'Internet Street Protests’.[1] The term is generally used relating to computer networks, but is not limited to this field; for example, it is also used in reference to CPU resource management.[2]
One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
Denial-of-service attacks are considered violations of the Internet Architecture Board's Internet proper use policy, and also violate the acceptable use policies of virtually all Internet service providers. They also commonly constitute violations of the laws of individual nations.

Social engineering (security)

Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
The term "social engineering" as an act of psychological manipulation is also associated with the social sciences, but its usage has caught on among computer and information security professionals.[1]
White hat bias is a phrase coined by public health researchers David Allison and Mark Cope to describe “bias leading to the distortion of information in the service of what may be perceived to be righteous ends”.[1]
This initial paper contrasted the treatment of research on the effects of nutritively-sweetened beverages and breastfeeding on obesity. They contrasted evidence which implicated these behaviors as risk and protective factors (respectively), comparing the treatment given to evidence for each conclusion. Their analyses confirmed that papers reporting null effects of soft drinks or breast-feeding on obesity were cited significantly less often than expected, and, when cited, were interpreted in ways that mislead readers about the underlying finding. Positive papers were cited more frequently than expected. For instance, of 207 citations of two papers finding no effects of sugared soft drink consumption on obesity, the majority of citations (84 and 66%) were misleadingly positive. Allison and Cope explained this bias in terms of "righteous zeal, indignation toward certain aspects of industry", and other factors.
                                                                                 Faculty Name: BharatiSali
MCA Department

                                                                        Brindavan College of MBA/MCA,Bangalore

No comments:

Post a Comment