Ethical Hacking and Penetration Testing: Security Measures Report

Verified

Added on 2022/08/12

AI Summary

This report provides a comprehensive overview of ethical hacking and penetration testing. It begins by outlining the methodologies used in hacking, including footprinting, scanning, enumeration, system hacking, privilege escalation, covering tracks, and planting backdoors. The report then details the five phases of hacking: reconnaissance, scanning, gaining access, maintaining access, and clearing tracks. It explores the scope of ethical hacking, emphasizing its role in risk assessment and security auditing, and highlights the importance of defining the scope of work. The report also addresses the ethics of ethical hacking, emphasizing the responsibilities and limitations of ethical hackers and the need for a strong code of ethics to protect sensitive information. Furthermore, it discusses the importance of adding layers of security, such as firewalls, antivirus software, complex passwords, and VPNs, to prevent unauthorized access. Finally, the report examines the relationship between security, functionality, and ease-of-use, also known as the CIA triangle, and how these factors impact system security and vulnerability to hacking.

Running head: ETHICAL HACKING AND PENETRATION TESTING
ETHICAL HACKING AND PENETRATION TESTING
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1ETHICAL HACKING AND PENETRATION TESTING
Discussions
Hacking Methodology and Phases
The methodology of hacking is used in order hack a system (Cuzme-Rodríguez et
al.,2018). The methodologies are as follows:
 Footprinting: the procedure of utilising passive techniques in order to gain information
about the target system’
 Scanning: The procedure of taking the information that is retrieved from the phase of
footprinting
 Enumeration: The procedure of obtaining more detailed information from the information
that is retrieved during the phase of scanning.
 System hacking: The procedure of planning and performing the attack based on the
information obtained
 Escalation of privilege: The procedure of getting privileges those are granted to the
accounts those are higher privileged.
 Covering tracks: The procedure of removing any kind of evidence of the presence of
attacker in a system.
 Planting backdoors: The procedure of protecting unauthorized access to a system those
are remote.
There are five phases of hacking (Jordan, 2017). The five phases include the following:
 Reconnaissance: This is the first phase of hacking.
 Scanning: This is the second phase of hacking and three kinds of scanning are involved
 Gaining of access: In this stage the attacker gets in to the system
 Maintaining the access: The hacker can maintain the access or leave the system after
hacking

2ETHICAL HACKING AND PENETRATION TESTING
 Clearing the tracks: This is the clearing of evidence of the hacking by the hacker
Scope in Ethical Hacking
Ethical hacking is an essential component of the assessment of risk, auditing and
many more. Ethical hacking is utilised as penetration testing in order to recognise the
weaknesses, risks to take safeguard against the attacks (Saha et al.,2019). The scope is
established while planning the penetration testing that involves deciding and documenting list
of the particular aims of the ethical hacking and many more. Scope is mainly the
requirements that need to be accomplished and the actions that must be performed to do the
penetration testing.
The agreement of scope is important between an organization and an ethical hacker
because in the scope of work, the tasks and the goals are defined and the hacker needs to do
that. He cannot assess the sensitive information of the company or perform any illegal
activity.
Ethics in Ethical hacking
The conduct for the ethical hacking are mainly focused on the responsibilities, duties
and the limits of the ethical hackers when they are performing their job. The ethical hackers
must ensure that the network or the system of the client is appropriately assessed for the
issues of security and weaknesses (Thomas, Burmeister & Low, 2018). Due to the nature of
ethical hacking, the ethical hackers have to come crossways with the private and susceptible
information. In this matter, the code of ethics of ethical hacking should direct acts of the
ethical hackers in handling the information those are sensitive. The code of ethics should
focus on safeguarding network or the client system and the effectiveness of the hackers when
they are performing their job.
Adding layer of Security

3ETHICAL HACKING AND PENETRATION TESTING
An additional layer of security on the system of the organization can have a great
impact and it will stop the hackers from getting into the system. The work of the hackers is to
find the vulnerability of the system and then get into the system through that vulnerability.
The company can add an extra layer of security in order to stop the hackers (Jawa & Mishra,
2018). These security include the utilisation of firewalls, installation of antivirus and anti
spyware package, using very complicated passwords for the systems, the network must be
secured, using VPN so that the attackers cannot get the IP address and Using encryption.
These layers of security can have great impact on the security of the systems and it would be
able to stop the hackers from getting into the system.
Security, Functionality and Ease-Of-Use
The functionality, security and the ease-of-use triangle also known as the CIA triangle.
There is an inter dependence between the three entities. When the security maximizes, the
functionality and the ease-of-use reduces (Rahalkar, 2016). Any company must balance these
entities in order to arrive at a balanced system of information. The security level can be easily
defined by the power of three entities:
 Functionality: the set of characteristics those are offered by the system
 Ease-of-use: the components of GUI utilised in order to design for the usability
 Security: The restrictions those are imposed on accessing the system components
These three components have a great impact on hacking. The functionality and the
usability of the system must be lower to increase the security and the hackers cannot gain
entry to the system (Kearney, 2017). The hackers checks if the functionality and the usability
is more, then the security is less and then they can enter the system.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4ETHICAL HACKING AND PENETRATION TESTING
References
Cuzme-Rodríguez, F., León-Gudiño, M., Suárez-Zambrano, L., & Domínguez-Limaico, M.
(2018, November). Offensive Security: Ethical Hacking Methodology on the Web.
In Conference on Information Technologies and Communication of Ecuador (pp. 127-
140). Springer, Cham.
Jawa, A., & Mishra, A. (2018, April). An Evaluation of Prevent Hacking all the way through
Cyber Security. In International Journal of Technology and Computing (IJTC) (Vol.
4, No. 4 (April, 2018)). Techlive Solutions.
Jordan, T. (2017). A genealogy of hacking. Convergence, 23(5), 528-544.
Kearney, P. (2017). Building-in Cyber Security, Usability and Inter-Operability.
Rahalkar, S. A. (2016). Information Security Basics. In Certified Ethical Hacker (CEH)
Foundation Guide (pp. 85-95). Apress, Berkeley, CA.
Saha, S., Das, A., Kumar, A., Biswas, D., & Saha, S. (2019, August). Ethical Hacking:
Redefining Security in Information System. In International Ethical Hacking
Conference (pp. 203-218). Springer, Singapore.
Thomas, G., Burmeister, O., & Low, G. (2018). Issues of Implied Trust in Ethical
Hacking. ORBIT Journal, 2(1).