From Wikipedia, the free encyclopedia White hat (computer security)
White hat (computer security)
This article is part of a series on ercises, as well as other tests that were outright attacks
upon the system that might damage its integrity. Clearly,
Computer security hacking their audience wanted to know both results. There are
History several other now unclassified reports that describe ethi-
cal hacking activities within the U.S. military.[4] The idea
Phreaking, Cryptovirology to bring this tactic of ethical hacking to assess security of
Hacker ethic systems was formulated by Dan Farmer and Wietse Ven-
ema. With the goal of raising the overall level of security
hat,
Hacker Manifesto, Black hat, Grey hat, White hat
on the Internet and intranets, they proceeded to describe
Black Hat Briefings, DEF CON
how they were able to gather enough information about
Cybercrime their targets to have been able to compromise security if
they had chosen to do so. They provided several specific
Computer crime, Crimeware, List of convicted com-
examples of how this information could be gathered and
puter criminals, Script kiddie
exploited to gain control of the target, and how such an
Hacking tools attack could be prevented. They gathered up all the tools
Vulnerability, Exploit, Payload that they had used during their work, packaged them in
a single, easy-to-use application, and gave it away to any-
Malware one who chose to download it. Their program, called Se-
Rootkit, Backdoor, Trojan horse, Virus, Worm, Spy- curity Analysis Tool for Auditing Networks, or SATAN,
ware, Botnet, Keystroke logging, Antivirus software, was met with a great amount of media attention around
Firewall, HIDS the world.[4]
Computer security
Computer insecurity, Application security, Network
Tactics
security While penetration testing concentrates on attacking
software and computer systems from the start – scanning
The term "white hat in Internet slang refers to an eth-
white hat" ports, examining known defects and patch installations,
ical hacker, or a computer security expert, who special- for example – ethical hacking, which will likely include
izes in penetration testing and in other testing method- such things, is under no such limitations. A full blown
ologies to ensure the security of an organization’s infor- ethical hack might include emailing staff to ask for pass-
mation systems.[1] Ethical hacking is a term coined by word details, rummaging through executive’s dustbins
IBM meant to imply a broader category than just pen- or even breaking and entering – all, of course, with the
etration testing.[2] White-hat hackers are also called knowledge and consent of the targets. To try to replicate
"sneakers",[3] red teams, or tiger teams.[4] some of the destructive techniques a real attack might
employ, ethical hackers arrange for cloned test systems,
History or organize a hack late at night while systems are less
critical.[2]
One of the first instances of an ethical hack being used Some other methods of carrying out these include:
was a “security evaluation” conducted by the United • DoS attacks
States Air Force of the Multics operating systems for "po- • Social engineering tactics
tential use as a two-level (secret/top secret) system." • Security scanners such as:
Their evaluation found that while Multics was "signifi- • W3af
cantly better than other conventional systems," it also • Nessus
had "... vulnerabilities in hardware security, software se- • Frameworks such as:
curity, and procedural security" that could be uncovered • Metasploit
with "a relatively low level of effort." The authors per- Such methods identify and exploit known vulnerabilities,
formed their tests under a guideline of realism, so that and attempt to evade security to gain entry into secured
their results would accurately represent the kinds of ac- areas.
cess that an intruder could potentially achieve. They per-
formed tests that were simple information-gathering ex-
1
From Wikipedia, the free encyclopedia White hat (computer security)
Legality See also
Struan Robertson, legal director at Pinsent Masons LLP, • Black hat • Hacker ethic
and editor of OUT-LAW.com, says “Broadly speaking, if • Computer hacking • IT risk
the access to a system is authorized, the hacking is ethi- • Exploit (computer • Metasploit
cal and legal. If it isn’t, there’s an offence under the Com- security) • Penetration test
puter Misuse Act. The unauthorized access offence cov- • Grey hat • Vulnerability
ers everything from guessing the password, to accessing • Hacker (computer (computing)
someone’s webmail account, to cracking the security of a security) • Wireless & RFID
bank. The maximum penalty for unauthorized access to Identity Theft
a computer is two years in prison and a fine. There are
higher penalties – up to 10 years in prison – when the
hacker also modifies data”, Unauthorized access even to References
expose vulnerabilities for the benefit of many is not le- [1] What is white hat? - a definition from Whatis.com
gal, says Robertson. “There’s no defense in our hacking [2] ^ Knight, William (16). "License to Hack".
laws that your behavior is for the greater good. Even if InfoSecurity 6 (6): 38–41. http://www.infosecurity-
it’s what you believe.”[2] magazine.com/view/4611/license-to-hack-ethical-
hacking/.
Employment [3]
[4]
^ What is a White Hat?
^ Palmer, C.C. (2001). "Ethical Hacking". IBM
The United States National Security Agency offers certi- Systems Journal 40 (3): 769. http://pdf.textfiles.com/
fications such as the CNSS 4011. Such a certification cov- security/palmer.pdf.
ers orderly, ethical hacking techniques and team-man-
agement. Aggressor teams are called "pink" teams. De-
fender teams are called "yellow" teams.[3] External links
• Ethical Hacking
Retrieved from "http://en.wikipedia.org/w/index.php?title=White_hat_(computer_security)&oldid=467507992"
Categories:
• Hacking (computer security)
This page was last modified on 24 December 2011 at 15:26. Text is available under the Creative Commons Attribution-
ShareAlike License; additional terms may apply. See Terms of use for details. Wikipedia® is a registered trademark of
the Wikimedia Foundation, Inc., a non-profit organization.Contact us
Privacy policy About Wikipedia Disclaimers
2