The use of hacking can be very beneficial as a means of identifying weaknesses in computer security. Nowadays, numerous companies and governments use this technique to assess the level of security of their systems and determine if any valuable information is at risk of being accessed unlawfully. Ethical hackers are employed to identify potential threats on a single computer or a whole network of computers. The found potential exploits are later patched thus decreasing the chance of a breach in the system and increasing its overall security and reliability.
In the context of computer security, a hacker is someone who seeks and exploits weaknesses in a computer network or a computer system. Hackers may be motivated by a number of reasons ranging from protest to profit. An ethical hacker is a computer expert who attacks the security of a certain system on behalf of its owners seeking for potential vulnerabilities a malicious hacker could abuse. To test system security, ethical hackers use the same techniques as their less principled counterparts but report problems instead of taking advantage of them. Such hackers are sometimes called “white hat” hacker whereas malicious hackers go by the name “black hat” (Rouse, 2007). These terms represent an analogy coming from old Western movies where the good guy wore a white hat and the bad guy wore a black one.
There are more than a few techniques which could be used to test a system’s security level. While penetration testing concentrates on attacking computer and software systems using a set of penetration techniques, ethical hacking, which will likely include such things, is under no such restrictions. A full-scale ethical hack (Knight, 2009) might include emailing staff to ask for password details, going through employees’ rubbish or even breaking and entering. All these would, however, take place with the explicit consent of the target. To try to replicate some of the destructive methods a real attack might employ, ethical hackers arrange for cloned test systems or organise a hack late at night while systems are less critical. This is a main difference between the approaches taken by white hat and black hat hackers. A malicious hacker would, in this instance, target the live system at its peak usage time with the aim to cause as much damage as possible.
One of the first instances of an ethical hack technique being used was a security evaluation conducted by the United States Air Force of the Multics ("Multiplexed Information and Computing Service") operating system for "potential use as a two-level (secret/top secret) system." (Palmer, 2001). Their evaluation found that while Multics was "significantly better than other conventional systems," it also had "vulnerabilities in hardware security, software security and procedural security" that could be uncovered with a relatively low level of effort. The Air Force performed the tests under a guideline of realism, so that the experiment results would...