Ethical hacking and ethical hacker are terms used to describe hacking performed by a company or individual to help identify potential threats on a computer or network. An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers. This information is then used by the organization to improve the system security, to minimize or eliminate any potential attacks.
What constitutes ethical hacking?
For hacking to be deemed ethical, the hacker must obey the following rules:
- Expressed (often written) permission to probe the network and attempt to identify potential security risks.
- You respect the individual's or company's privacy.
- You close out your work, not leaving anything open for you or someone else to exploit at a later time.
- You let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software or hardware, if not already known by the company.
To protect you legally in a court of law, you must have a written and signed permission/contract for the assets you are probing, testing, and/or hacking.
The term "ethical hacker" has received criticism at times from people who say that there is no such thing as an "ethical" hacker. Hacking is hacking, no matter how you look at it and those who do the hacking are commonly referred to as computer criminals or cyber criminals. However, the work that ethical hackers do for organizations has helped improve system security and can be said to be quite effective and successful.
Individuals interested in becoming an ethical hacker can work towards a certification to become a Certified Ethical Hacker, or CEH. This certification is provided by the International Council of EC-Council (E-Commerce Consultants). The exam itself costs about $500 to take and consists of 125 multiple-choice questions in version 8 of the test (version 7 consisted of 150 multiple choice questions). Before taking a CEH class or exam, you'll need to know computer security issues and terms.