Who is ethical hacker and what are his role and responsibilities?

Ethical hackers are also known as white hat hackers are the individuals who break into systems legally and ethically. They penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit.

Ethical hacker is defined as “an individual who is usually employed with the organization and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods and techniques as a Hacker.”

What are the Roles of ethical hacker?

Apart from the regular pen tester duties, ethical hackers are associated with other responsibilities. The main idea is to replicate a “real hacker” at work and instead of exploiting the vulnerabilities for malicious purposes, seek countermeasures to seal it.

Ethical hacker has following responsibilities:

  •  An ethical hacker uses port scanning tools like Nmap, Nessus to scan one’s own systems and find open ports. The vulnerabilities with each of the ports can be studied and remedial measures can be taken.
  • The ethical hacker can engage in social engineering concept like ‘Dumpster diving’.
  • A ethical hacker will examine patch installations and make sure that they cannot be exploited.
  • An ethical hacker will see if he/she can evade IDS (Intrusion Detection systems), IPS (Intrusion Prevention systems), honeypots and firewalls. In addition to this, an ethical hacker can employ other strategies like sniffing networks, bypassing and cracking wireless encryption, and hijacking web servers and web applications.

An ethical hacker attacks the perimeter defenses as well as the social engineering aspects of an organization as a real hacker will do. Detecting how well the organization reacts to all of these tactics is proof of the strength of security policy and security infrastructure of the organization.

Responsibilities of an Ethical Hacker:

  • The ethical hacker should use the tools and knowledge only for legal purpose. In other words, the ethical hacker should not misuse knowledge for personal benefits.
  • The ethical hacker should be involved in “hacking” only to identify the security issues with a system and recommend solutions as a defense strategy.
  • The ethical hacker should possess management approval prior to “hacking” into a system. Even though the person is a certified professional ethical hacker, it does not give the person automatic rights to hack into a system without permission from the top management.
  • The ethical hacker should help strengthen the security network of an organization and not use the security information for his/her own advantage. It is a common human tendency to become curious and experiment with things but an ethical hacker cannot afford to take the security system of an organization lightly.
  • The ethical hacker should prepare a test plan with defined parameters, that is, to define the purpose of testing, the assumed outcome and potential solutions, and get this plan approved by the organization first before venturing further. Most importantly, the ethical hacker should show adherence to the approved plan and not digress from it.

Who should be an ethical hacker?

As with any profession, passion for the profession is one of the key aspects to success. This, combined with a good knowledge of networking and programming, will help a professional succeed in the ethical hacking field.

Where are they employed?

While the concept of “white hat hacking” is not entirely new, the profession of ethical hacking is growing by leaps and bounds since major corporations like Facebook and Apple, as well as law enforcement agencies are employing “white hat hackers” to seek vulnerabilities and seal them. Most of the organizations has a bug bounty program that rewards those who can find security vulnerabilities.

Share This: