Ethical Hacking Terminology

             Ethical Hacking Terminology

Being able to understand and define terminology is an important part of an ethical hacker

This terminology is how security professionals acting as ethical hackers communicate.

Threat :An environment or situation that could lead to a potential breach of security.

Ethical hackers look for and prioritize threats when performing a security analysis.

Malicious hackers and their use of software and hacking techniques are themselves threats

to an organization’s information security.

Exploit : A piece of software or technology that takes advantage of a bug, glitch, or vulnerability,

leading to unauthorized access, privilege escalation, or denial of service on a

computer system. Malicious hackers are looking for exploits in computer systems to open

the door to an initial attack. Most exploits are small strings of computer code that, when

executed on a system, expose vulnerability. Experienced hackers create their own exploits,

but it is not necessary to have any programming skills to be an ethical hacker as many

hacking software programs have ready-made exploits that can be launched against a computer

system or network. An exploit is a defined way to breach the security of an IT system

through a vulnerability.

Vulnerability : The existence of a software flaw, logic design, or implementation error that

can lead to an unexpected and undesirable event executing bad or damaging instructions to

the system. Exploit code is written to target a vulnerability and cause a fault in the system

in order to retrieve valuable data. 

Target of Evaluation (TOE): A system, program, or network that is the subject of a

security analysis or attack. Ethical hackers are usually concerned with high-value TOEs,

systems that contain sensitive information such as account numbers, passwords, Social

Security numbers, or other confidential data. It is the goal of the ethical hacker to test

hacking tools against the high-value TOEs to determine the vulnerabilities and patch them

to protect against exploits and exposure of sensitive data.

Attack : An attack occurs when a system is compromised based on a vulnerability. Many

attacks are perpetuated via an exploit. Ethical hackers use tools to find systems that may be

vulnerable to an exploit because of the operating system, network configuration, or applications

installed on the systems, and to prevent an attack.

There are two primary methods of delivering exploits to computer systems:-

Remote : The exploit is sent over a network and exploits security vulnerabilities without

any prior access to the vulnerable system. Hacking attacks against corporate computer

systems or networks initiated from the outside world are considered remote. Most people

think of this type of attack when they hear the term hacker, but in reality most attacks are

in the next category.

Local The exploit is delivered directly to the computer system or network, which requires

prior access to the vulnerable system to increase privileges. Information security policies

should be created in such a way that only those who need access to information should be

allowed access and they should have the lowest level of access to perform their job function.

This can be accomplished by privilege escalation

or weak security safeguards.

Find Us In FACEBOOK: ANON HACKSOCIETY