The
security and hacking term are merely an introduction to computer security
terminology, but they are excellent starting point to help you prepare for
learning more about computer security. Additional terms will be introduced
throughout the text and listed in the Glossary.
The
computer security takes its vocabulary from both the professional security
community & the hacker community. As we explore these terms, you will see
that there is a great deal of overlap. However, most hacker terminology is
concerned with the activity (phreaking) or the person performing the activity
(sneaker). In contrast, security professionals’ terminology describes defensive
barrier devices, procedures & policies. This is quite logical because
hacking is an offensive activity centered around attackers and attack
methodologies, whereas security is a defensive activity concerning itself with
defensive barriers and procedure.
People
There
are many titles used for those individuals who set their web sites on breaching
computer security systems. We describe some of the most common names. These are
the terms that we will use throughout this text.
Hackers
You
probably have heard the term hacker used in movies and news broadcasts. Most
people use it to describe any person who breaks in to a system. In the hacking
community, however, a hacker is an expert on a particular system or systems who
wants to learn more about the system. Hackers feel that looking at a system’s
flaws in the best way to learn about that system. i.e someone well-versed in
Windows O/S who works to understand that system by learning its weaknesses and
flaw would be a hacker.
This
process does indeed often mean seeing whether a flaw can be exploited to gain
access to a system. This “exploiting” part of the process is where hackers
differentiate themselves into the groups.
Ø White hat hackers, upon finding vulnerability in a
system, will report the vulnerability to the vendor of that system. If they
discovered some flaw in Red Had Linuxtm, they would then e-mail the Red Hat
company (probably anonymously) & explain exactly what the flaw is and how
it was exploited.
Ø Black hat Hackers are the people normally depicted
in the media. Once they gain access to a system, their goal is to cause some
type of harms. They might steal data, erase files or deface web sites. Black
hat hackers are sometimes referred to crackers.
Ø Gray hat hackers, are typically law-abiding
citizens, but in some cases will venture into illegal activities. They may do
so for a wide variety of reasons. Commonly, gray hat hackers conduct illegal activities
for reasons they feel are ethical, such as hacking into a system belonging to a
corporation that the hackers feels is engaged in unethical activities.
Regardless
of how hackers view themselves, intruding on any system without permission is
illegal. This means that, technically speaking, all hackers, regardless of the
color of the metaphorical hat they may wear, are in violation of the law.
However, many people feel that white hat hackers actually perform a service by
finding flaws and informing vendors before those flaws are exploited by less
ethically inclined individuals.
Script Kiddies
So
what is term for someone who calls themselves a hacker, but lacks the
expertise? The most common term for this sort of person is Script kiddy
(Glossary of hacker terminology). The name come from the fact that the Internet
is full of utilities and script that one can download to perform some hacking
tasks. Someone who downloads such a tool without really understanding the
target system would be considered a script kiddy.
Ethical Hackers:
Sneakers
when and why would someone give permission to another party to hack his system?
The most common answer is in order to assess vulnerabilities of their systems.
This employee, commonly called a sneaker, legally breaks into a system in order
to access security deficiencies. This started in a movie in 90’s about this
subject. There are consultants who perform work of this type and you can even
find firms that specialize in this very activities as more and more companies
or forms are soliciting these services to assess their vulnerabilities.
Anyone
hired to assess the system vulnerabilities should be both technically proficient
and ethical. It is best to run a criminal background check and avoid those
people with problem pasts. These are plenty of legitimate security
professionals available who know and understand hacker skills, but have never
committed security crimes. If you take the argument that hiring convicted
hackers means hiring talented people in question is not conclusion, you would
surmise that, obviously, the person in question is not as a good a hacker as
they would like to think because they were caught. Most importantly, giving a
person with a criminal background access to your systems is on par with hiring
a person with multiple DWI convictions to be your driver. In both cases, you
are inviting problems and perhaps assuming significant civil liabilities.
Also,
some review of their qualifications is clearly in order. Just as there are
people who claim to be highly skilled hackers but are not, there are those who
will claim to be skilled sneakers who lack the skills truly needed. You would
not want to inadvertently hire a script kiddy who thinks she is a sneaker. Such
a person might then pronounce you system to be sound, when in fact it was
simply a lack of skills that prevented the script kiddy from successfully
breaching your security.