Ethical Hacking

Mohanatheesan Theiventhiram
5 min readMay 28, 2021

Ethical hacking is a legal activity of circumventing system security in order to monitor potential data breaches and network risks. The company that owns the system or network permits such activities to be carried out in order to test the system’s defenses. Today, you can find Certified Ethical Hackers working with some of the finest and largest companies across industries like healthcare, financial, government, energy and much more.

Ethical hacking plays an essential role in checking for weaknesses and entry points in a network, infrastructure, and web application security. The ethical hacker, colloquially known as a white hat hacker, is typically a computer security expert specializing in pen testing, penetration testing, and other testing methodologies. A white hat hacker uses the same methods as a malicious hacker would use. The ethical hacker’s goal is to test the safety of an organization’s information systems to improve their security. Given the value of ethical hacking, especially considering the damage caused by a successful malicious hacking, there is increasing interest in deploying ethical hackers to combat today’s cyber threats.

Ethical hackers use their knowledge to secure and improve the technology of organizations. They provide an essential service to these organizations by looking for vulnerabilities that can lead to a security breach. An ethical hacker reports the identified vulnerabilities to the organization. Additionally, they provide remediation advice. In many cases, with the organization’s consent, the ethical hacker performs a re-test to ensure the vulnerabilities are fully resolved.

The Importance of Cybersecurity

Cybersecurity is important because it protects all categories of data from theft and damage. This includes sensitive data, personally identifiable information, protected health information, personal information, intellectual property, data, and governmental and industry information systems. Without a cybersecurity program, an organization cannot defend itself against data breach campaigns, making it an irresistible target for cybercriminals.

CIA in Cyber Security

The CIA triad represents the functions of information systems. The information system encompasses both of computer systems and the data.
The CIA security triad is comprised of three functions,
• Confidentiality
 A system’s ability to ensure that only the correct, authorized user/system/resource can view, access, change, or otherwise use data.
• Integrity
 A system’s ability to ensure that the system and information is accurate and correct.
• Availability
 A system’s ability to ensure that systems, information, and services are available the vast majority of time.

The goal of CIA triad pertaining to information security solutions especially applicable to business organizations. The CIA security triangle shows the fundamental goals that must be included in information security measures. The CIA triad serves as a tool or guide for securing information systems and networks and related technological assets.

Access Control

Access control is a fundamental component of data security that dictates who’s allowed to access and use company information and resources. It consists of two main component, those are authentication and authorization. Authentication is a technique used to verify that someone is who they claim to be. Authentication isn’t sufficient by itself to protect data. It needs an additional layer called authorization, which determines whether a user should be allowed to access the data or make the transaction they’re attempting. Authentication and authorization can be done by numerous methods nowadays like use of passwords, voice command, bio metrics scan, fingerprints etc. Access control can also be applied to limit physical access to campuses, buildings, rooms, and data centers.

Role of Machine Learning in Cyber Security

The role of Machine Learning is protecting people’s data in a digital. Machine Learning is capable of constantly analyzing immense amounts of data in order to detect any kind of malware or virus that could indicate a security breach, then adjusting to protect against them. Machine learning has become a vital technology for cybersecurity. Machine learning preemptively stamps out cyber threats and bolsters security infrastructure through pattern detection, real-time cybercrime mapping and thorough penetration testing. A subset of artificial intelligence, machine learning uses algorithms born of previous datasets and statistical analysis to make assumptions about a computer’s behavior.

Here are just some of the benefits Machine Learning offers cybersecurity for businesses and consumers,
• Thorough, hands-off system scanning for data breaches, malware, and more
• Endpoint protection through quick remediation
• Fast analysis of large amounts of data
• Adjustments without the need for expert input

These benefits of Machine Learning for business operations enhance the security of data with fast and effective monitoring and prevention of cybersecurity breaches. Without Machine Learning, cybersecurity programs take time to catch and resolve.

Threats of Computer-based Systems

A computer system threat is anything that leads to loss or corruption of data or physical damage to the hardware and/or infrastructure. Knowing how to identify computer security threats is the first step in protecting computer systems. Mainly most of the computer-based systems have following kinds of threats.
• Computer Virus
• Rogue security software
• Trojan horse
• Adware and spyware
• Computer worm
• DOS and DDOS attack
• Phishing
• Rootkit
• SQL Injection attack
• MIM attacks

It can seem a difficult task to keep track of all these threats, and the new ones that just keep emerging. Whether the media is creating a culture of fear out of being online and placing trust in leaving our information out for all to see, or whether the threats that wait in the dark corners of the Internet are truly serious and can happen to anyone, the best thing we can all do is to be prepared. There is no way to be completely sure that a system is impenetrable by cybersecurity threat. We need to ensure that our systems are secured as possible.

To protect against viruses, Trojans, worms, etc. an organization can use anti-virus software. In additional to the anti-virus software, an organization can also have control measures on the usage of external storage devices and visiting the website that is most likely to download unauthorized programs onto the user’s computer. Unauthorized access to computer system resources can be prevented by the use of authentication methods. The authentication methods can be, in the form of user ids and strong passwords, smart cards or biometric, etc.