Hacking is the art of exploiting computers to get access to otherwise unauthorised information. Now that the world is using IT systems to gather, store and manipulate important information there is also a need to make sure that data is secure. However, no system is without its problems. Holes are often present within security systems which, if exploited, allow hackers to gain access to this otherwise restricted information. This WikiBook aims to give you the information required to think like hackers, so as to be able to secure your systems and keep your information safe.
Hacking and security is a constantly updated and fast moving sector of the computing industry and, as such, it is vital that you are up to date with all the details (including the latest exploits, patches and more).
It is important that hackers also follow the hackers Ethics
t is important that hackers follow The Hacker Ethic in the same way that it is important that police follow their code of conduct. An abuse of skill within the hacking world causing harm to others. Remember: It is almost impossible to gain respect at the expense of others.
The Original Ethic
Back when computers just started to reach universities and students had access to open systems, curious users began to show a certain disregard for the rules. These users would enter areas of the system without authorization, gaining access to privileged resources. With no Internet and no copies of Hacking Exposed or Security Warrior to assist them, they had to figure out how to enter the systems on their own.Although these young students represented the first hackers, they had no malicious intent; they simply wanted knowledge, information, a deeper understanding of the systems which they had access to. To justify and eventually distinguish their efforts, the hacking community developed The Hacker Ethic as a core part of their subculture. The Hacker Ethic states two basic principles:
- Do no damage.
- Make no one pay for your actions.
Unfortunately this mantra does not provide a fully effective cover for your actions. Even disregarding the legal ramifications, such as the Computer Fraud and Abuse Act of 1986, your actions will have devastating unintentional consequences if not carefully controlled. Robert Morris created the Morris Worm to gauge the size of the Internet harmlessly; unfortunately, it loaded down the systems it infected due to exponential re-infection, causing tens of millions of dollars of financial damage. You must always remember to carefully consider the short and long term impact of your actions on any system.
Today's Ethic
Today we need to add one more rule to The Hacker Ethic, a rule that we should have added long ago. The Morris Worm illustrates why this rule exists, even beyond legality.- Always get permission ahead of time.
You always have authorization to hack into servers you own; likewise, if you participate in a Capture the Flag game or as Red Cell in a Red vs Blue competition, you implicitly have the right to hack into whatever you can get your hands on. In all other cases, you need to ask the owners of the machines for authorization; you can even ask them to pay for it, selling your services as penetration tests and giving them a comprehensive outline of their network's vulnerabilities and proper mitigation steps to improve their security. As long as you have permission ahead of time, and you remember the first two rules of The Hacker Ethic, you can do as you please with the network and the affected machines.
No comments:
Post a Comment