Ethical
hacking
Abstract
The purpose of this research paper is to discuss
the Teaching Ethical Hacking. As the use of
the internet increased the need of computer
security also increase due to hackers. The
knowledge of Ethical Hacking is also become
essential for the security of the website, web-
server, organization server, government
companies and even individual internet user.
Internet should be reliable and secure. In this
research paper I discuss about the teaching
Ethical Hacking and its issues, some people
are against its teaching and some are in its
favor, I also conduct a questionnaire and try to
find why people do not want that Ethical
Hacking be taught as a course. Functionalities
and responsibilities of ethical hacker and his
limitation while he or she doing the testing of
the system. In the end I give the conclusion,
which critically analyzes the research paper.
1.0 Introduction
Development in computer changes whole
world and bring uncountable good things for
human like E-Commerce, collaborative
computing, email easy access to information,
advertising, name of a few.
But the problem is that computer also has
some dark sides as every new technology did
in past. This is known as hacking. But the
original meaning of hacking is “to do the
computer programming at depth level” the
term hacker was used for the people who have
very deep knowledge of computer
programming, but later this word started using
in different meanings. The new meaning of
Hacker is a person who enter in someone
website or in company server or someone
Personal computer to stole or destroy the
information. There are many kind of hacker
who hacking like some people do it just for
fun, game or as a challenge and they really
don’t have any interest to stole or destroy the
useful information. Some people did it to stole
information or delete the useful information.
So the need there is need for computer security
so that we can safe and use this technology
and don’t let it to go down due to this reason.
For computer security we started to search
some way to get rid of this then the Ethical
Hacking with many other methods come in
mind to stop hacking. Ethical Hacking is
phenomena trough which we call some to hack
our computer or web site or server in order to
remove those whole so that after this there
should no threat later or at least threat in this
concern.
Then question arise who will do Ethical
Hacking for us. Did we train some
professional for this purpose if not then what
should we teach to those ethical hackers. Is it
right to teach someone hacking for the purpose
to stop hacking, ho! Isn’t it interesting?
Education in Microchip millennium is really
difficult art as well as very interesting too.
You have to teach people bad thing for good
purposes. No gentleman likes word “hacker”
with his or her name, but I don’t think anyone
dislike word “ethical hacker” with his or name.
Teaching Ethical Hacking is as important as
the computer itself because one day people
start hating internet due to hacking and to stop
hacker from hacking we should educate people
in this regard beside other techniques.
I divide my research paper into three main
section first section is all about the teaching
Ethical Hacking and try to give the answer of
some question e.g. what is ethical hacking,
why we do Ethical Hacking, what are the
benefits and flaws of teaching Ethical.
Hacking, what should be taught in this course
and methodologies to teach Ethical Hacking?
In second section I try to explain who ethical
hacker is, what does he or she do, what are
their boundaries and responsibilities? And in
the last section I give the conclusion of this
research paper.
2.0 Ethical Hacking
Ethical Hacking is same phenomena as
hacking but it will do for the safety of you are
company web server or website or a software.
It is a method or mechanism to stop hacker
from hacking by removing the hole from a
system or from a website or from a server so
that no hacker can inter in a system or in a
website or in a server by using those hole.
Ethical Hacking is done in the end product
development when product is developed and
ready to use. To check the security level of the
product and if they are some problem then for
removing those from the developed product
we do Ethical Hacking. So that when final
product is inter in market it should have very
less question regarding to the security point of
view. Ethical Hacking should be a part of
every software product development like
planning designing etc.
Ethical hacker use same techniques to hack
software or website or server as the original
hacker do but not for destructive purposes.
They try find out the hole in developed
product and told to the responsible people of
the organization about those holes and also
suggest how to remove those holes from the
system. As computer machinery grows, the
individual, companies, and the big
organization want to use it because no big
company can survive without offering these
services to its customer and vendor. But these
Government organizations, companies and
even individual remain under threat to be
hacked. Big companies use internet for
different purpose but they are always remain
under threat that someone may break into their
web server, implant software that will spread
organization top secret data to the open
internet and read their emails. Even individual
are worried about their data like credit card
number etc. they are not assure of internet
security.
2.1Should Ethical Hacking Taught
As career Course
Company has so tight security and still they
are hacked and they do not know anything
more in this regard to stop hacking. Most of
the company hire best security available to
safe there domain, but still they were hacked.
Sometimes it happened due to company less
knowledge of its system. What can be the best
solution of this problem is that we train student
and professional to save themselves and other
world from hackers. It is the responsibility of
true computer professional to secure the
company web server, software or a
Government organization from hacker. For
this purpose we should have a profession
which is known as ethical hacker same as
software engineer or network engineer. These
ethical hackers should be trained in
universities. This problem was possible to get
a tooth and nail response and it did when I
asked some of my fellow who are doing M.Sc
software engineering and Networks System
about their views on introducing a profession
in Ethical Hacking. Some of them are against
and arguing that if Universities trained
students for Ethical Hacking and if he or she
did not get a job then he or she might go
against the cause. But most of them are in
favor by saying if we trained people like this
they will help a lot to get rid of hacker. I am
giving the point of view of only two my
friends. I am very thankful to my friends and
other who give their precious time for my
question and give the answer of my question
and there important point of view regarding to
ethical hacking.
Sumit chowdhary, currently student of
software engineering in the University of
Delhi. He said Ethical Hacking should not be
taught as a career course. Teaching Ethical
Hacking will produce more people who can do
hacking and if the trained students do not get a
desire able job then, they use their skill for
negative purpose and this create more
problems for computer industries.
Rahul Gupta a certified Cisco teacher and
currently doing M.Sc Network System from
the University of Sunderland responded my
question of should Ethical Hacking taught as a
course or not, in following thoughts that
Ethical Hacking should be taught as a
profession. We can prevent hacking by simply
using the hacker techniques and it is easier and
less costly then from the company useful
information or individual information such as
credit card number.
I believe that if there are very strict criteria for
this type of education or training then the
skilful Ethical Hacker will not go astray and
definitely helps organization and individual to
safe there data from the hackers. This will
develop and increase the interest of people on
the computer technology.
Teaching Material for Ethical
2.2
Hackers
The basic knowledge that an Ethical Hacker
should have about different field, is as
following:
• Should have basic knowledge of
ethical and permissible issues
• Should have primary level knowledge
of session hijacking
• Should know about hacking wireless
networks
• Should be good in sniff ring
• Should know how to handle virus and
worms
• Should have the basic knowledge of
cryptography
• Should have the basic knowledge of
account
• Should know how to perform system
hacking
• Should have the knowledge of
physical infrastructure hacking
• Should have the primary knowledge of
social engineering
• Should know to how to do sacking of
web servers
• Should have the basic knowledge of
web application weakness
• Should have the knowledge of web
based password breaking procedure
• Should have the basic knowledge of
SQL injection
• Should know how to hack Linux
• Should have the knowledge of IP
hacking
• Should have the knowledge of
application hacking
As everyone knows that there isn’t any
boundary of any knowledge exist but still an
Ethical Hacker should at least have the
knowledge of above mention things. So when
someone is going to designing a course for
Ethical hacking should keep the above
mention thing in mind for a better course
design for ethical hackers.
2.3Teaching Methodology to Teach
Ethical Hacking
As I write earlier that Ethical Hacking should
be taught as a professional course. So we can
use common way of teaching to teach Ethical
Hacking. As technologies came into existence
new ways of teaching also came into being. As
earlier there is no concept of distance teaching
or no one knew about teaching through
internet but with the invention of internet now
many student started getting their lectures
through internet. Ethical Hacking is also been
taught through internet as well as on campus.
Off campus (learning through distance) and on
campus both have their advantages and
limitations.
Whether we are teaching Ethical Hacking on
campus or off campus the purpose goal of
teaching is same though they are quite
different way of teaching. On campus teaching
is more suitable for regular student and gives a
real environment of study. Students have
supplementary chances to learn more during
on campus study. They also have the
opportunity to learn the behaviour of other
students that help him a lot to gain experience
of behaviour.
On the other hand off campus student get the
almost same teaching without any
geographical and time zone constraints. They
are part time student and cannot afford to
complete their studies as a regular student.
Whatever the situation is teaching
methodologies almost same with a very little
difference. Some of the methodologies to
teaching Ethical Hacking can be depicted as
below,
• Use of Case Study
A fictitious Ethical Hacking topic
must be given to the students to
discuss. They are divided into groups,
and then they should be asked to give
their understanding for that situation.
• Conferences
Lecturers of different Universities and
professional of different organization
should be asked to give their point of
view on Ethical Hacking.
• Written Essay
Students should be asked to submit an
essay or a report on the different
aspects of the Ethical Hacking.
• Exams
An exam should be conducted on the
Ethical Hacking.
• Discussion Groups
Students should be divided into small
groups and they should be asked to
give there points of view in favor or
against the Ethical Hacking.
• Interviews
Student should be asked to take
interviews from different organization.
A questionnaire should be developed
to cover the different aspect of the
Ethical Hacking. The results should be
considered by using statistical
inferences. The report should be given
to the teacher of their analysis.
• Multimedia
Student must be given the audio and
video visuals in them hacking issues
should be depicted. Student should be
asked to how they can counteract the
circumstances.
• Chats
Students of different Universities
should be interacted via internet that
what they think about Ethical Hacking
issues. It can be done through
hippocampus mechanism, where
MUD (multi user dimension) and
MOO (object oriented multi user) is
used.
• Book Reports
Student should be provided with the
material from different book regarding
 to Ethical Hacking for the critical
understanding.
• Role Playing
Students must be asked to personify
the different act in the CASE study.
The students that are viewing them in
the class rooms will give them the
points on the basis of there anti
pacifist act.
There many more methodologies that
we can use to teach effectively Ethical
Hacking.
3.0 Ethical Hacker
Ethical hacker should be an honest and trusted
person because he or she knows the secret of
the system most of the time when they do
hacking for security purposes and it is in his or
her responsibility that not use the information
of the system for destructive purpose. An
ethical hacker is just like a code tester or like a
developer, code tester check the code
standards and developer develop the software
while Ethical Hacker check the security of
software as a hacking point of view and then
suggest how to remove those hole from the
system. Ethical Hacker should a part of
software development team. Ethical Hacker is
just an employer or a contracted person to
check the security of the system. They have
the written permission to check the network
but they have some limitation to check
network. They should have a written authority
letter which clearly describe that they can
perform testing as well as their boundaries
within that system.
3.1Main Functions of Ethical
Hacker
When an ethical hacker evaluates the security
of system seeks the three basic answers:
• What he want to get from target
system
• Does anyone have the knowledge of
hacker’s attack on target system
• What a hacker do after getting the
information from the target system
These three question have their important you
cannot say that this question more important
than the other. Hacker may spent to hack a
system during this he or she may attacks the
system several times so if someone have the
knowledge of this thing then hacking can be
stopped.
Before starting the evaluation of the system he
or she may ask some question to client like
what he or she want to safe, what the factor
against he or she trying to safe, how much
money and how much time she or he can
expend for this cause. The answer of same
question varies from customer to customer and
from field to field. But the most of the answer
you found from the client may be not
sufficient for ethical hacker so it is the
responsibility of ethical hacker to properly
guide the customer about its security that he or
she must do to safe his or her system. Ethical
hacker may also need some more information
about the company like the employer names
and there designation, networks information,
data flow information and about the
organizations with whom business is run most
of the time. Because many time attacker use
the alternative path to attack the system.
Type of Test That an Ethical
3.2
Hacker Performed
There are many kind of method or function or
test that an Ethical Hacker can be performed
while testing the security of the system. But
the more basic testing functions or tests are as
followings:
• Testing of local network
• Testing of remote network
 • Social engineering test
After doing all these test ethical hacker should
produce a final report which describe what he
or she found in the system during the
evaluation. Where are the holes which can be
used for attack and how those holes can be
removed from the system? This final report is
very sensitive and should be handled with
care. A hacker can easily use it for hacking
and a competitor can use it for company
intelligence. Most of the time ethical was
asked this question that if the organization did
all the suggested action, is it free from these
threats. But unfortunately, the answer cannot
be yes because people are working in
organization and they make mistakes and
organization had to pay for their mistake in the
form of hacking. Ethical hacking is another
tool for security, and if you have the security it
does not mean now you’re secure. It is not a
magic potion. So what should these firms do
then? I think Time to time auditing, alert
interference recognition, good system
administration performance and computer
security knowledge are all very important part
of a firm’s or company’s security system. A
single failure in any of the above mention
thing may lead to a serious harm. Every new
technology always has its benefit along with
some disadvantages. But these disadvantages
always overcome with the passage of time.
Every organization should be alert all the time
for these types of attack and have the second
line of defence to handle them.
4.0 Conclusion
To test the security and the other
functionalities of product is not new. But in
the early stages of Internet no one know about
Ethical Hacking even about hacking, but with
the passage of time people are more concern
about the security of their data, especially due
to hackers. Ethical Hacking is just a security
system or tool for security to safe your data it
is not an ultimate solution of problem. You
can not sit relax against the hacker after using
this tool. To teach more people about hacking
you produce more people who are eligible to
stop hacker from hacking and they will give
more ideas and solution to stop hacking. Time
to time assessment, prepared interference
recognition, good system administration
performance and computer safety knowledge
are all very vital part of a firm’s or company’s
security system. Failure in any of above may
cast to the company or to the organization in
the form of tangible or intangible loss. Its may
include revenue, top secret or any thing that is
very special for particular organization. Ethical
hacker can only help the user to the better
understanding of their security system, but its
up to the organization that he palace its guards
in right palace.
5.0 References
1. E. S. Raymond, The New Hacker’s
Dictionary, MIT Press, Cambridge, MA
(1991).
2. S. Garfinkel, Database Nation, O’Reilly &
Associates, Cambridge, MA (2000).
3. The first use of the term “ethical hackers”
appears to have been in an interview with John
Patrick of IBM by Gary Anthens that appeared
in a June 1995 issue of ComputerWorld.
4. P. A. Karger and R. R. Schell, Multics
Security Evaluation:
Vulnerability Analysis, ESD-TR-74-193, Vol.
II, Headquarters
Electronic Systems Division, Hanscom Air
Force Base, MA (June 1974).
5. S. M. Goheen and R. S. Fiske, OS/360
Computer Security Penetration
Exercise, WP-4467, The MITRE Corporation,
Bedford, MA (October 16, 1972).
6. R. P. Abbott, J. S. Chen, J. E. Donnelly, W.
L. Konigsford, and S. T. Tokubo, Security
Analysis and Enhancements of Computer
Operating Systems, NBSIR 76-1041, National performance, he realized there was a striking
Bureau of Standards, Washington, DC (April trend. Each new chip contained roughly twice
1976). as much capacity as its predecessor, and
7. W. M. Inglis, Security Problems in the each chip was released within 18–24 months
WWMCCS GCOS System, Joint Technical of the previous chip. In subsequent years, the
Support Activity Operating System Technical pace slowed down a bit, but data density has
Bulletin 730S-12, Defense Communications doubled approximately every 18 months.
Agency (August 2, 1973).
8. D. Farmer andW.Z. Venema, “Improving
the Security of Your Site by Breaking into It,”
originally posted to Usenet (December
1993); it has since been updated and is now
availableftp://ftp.porcupine.org/pub/security/in
dex.html#documents.

9. See http://www.faqs.org/usenet/.

10. Who can really determine who said

something first on the Internet?

11.See http://www.cs.ruu.nl/cert-
uu/satan.html.

12. This strategy is based on the ideal of

raising the security of the whole Internet by
giving security software away. Thus, no one
will have any excuse not to take action to
improve security.

13. S. Garfinkel and E. Spafford, Practical

Unix Security, First Edition, O’Reilly &
Associates, Cambridge, MA (1996).

14. For a collection of previously hacked Web

sites, see http://www.2600.com/hacked_pages/
or http://defaced.alldes.de. Be forewarned,
however, that some of the hacked pages may
contain pornographic images.

(Sanjay Kumar/sanjayjindal888@gmail.com)
15. In 1965, Intel cofounder Gordon Moore
was preparing a speech and made a memorable
observation. When he started to graph data
about the growth in memory chip