White hat hacking and cybersecurity practices

White Hat

Ethical hacking is the act of having individuals who are professionals on how computer and networks systems work seek vulnerabilities and deficiencies in a network computer's security system so that they may know how and what other computer hackers can and cannot break into (Bishop 2007). This type of hacking is done so that companies themselves could know what information is more vulnerable than others, and how secure their security systems actually are. Ethical hackers attempt to break into data systems in a non-malicious way so that they may know how much others who do have bad intentions can access (Palmer 2001). The individual who conducts this ethical hacking is sometimes referred to as a "white hat" as opposed to a "black hat" which are both references from Western movies depicting the "good guy" and the "bad guy." In order for a network to be truly secure, it must be thoroughly examined through the perspective of an illegal hacker, and that is what an ethical hacker does (Caldwell 2011).

The objective of an ethical hacker is to test every type of vulnerability that a network system could have. In order to do this, ethical hackers need to first familiarize themselves with the entire network and its functionalities. An ethical hacker will need to hack into the network and break into their system as the first step in their ethical hacking process (Bishop 2007). After the break in is successful, the ethical hacker will then determine how the hacked information could potentially be used by those who want to do harm. As a final step in their ethical hacking process, they would determine whether the hacked system would alert those affected by the hacking, and in what way these hacking processes could be avoided in the future (Palmer 2001).

Legal issues that ethical hackers have to deal with can become a bit blurry when dealing with the issue of hacking. Hacking is illegal period. This act of hacking is punishable by federal law. Ethical hackers however, get away with it. It is an illegal process, but at the end of the day, it is something that is needed (Whitman 2011). Another legal issue that ethical hackers deal with is not only doing the actual hacking, but the fact that they are exposing themselves as hackers, which again, is an illegal thing to do (Knight 2009). Technical issues that ethical hackers face is with their access to such confidential information. They can potentially get into so many private files, that this technical issue can also be considered a legal one (Whitman 2011). Another technical issue that ethical hackers face is that once they get access into a network system, it is not so much about what information has been accessed by them, but more of making the network more secure so that other people with bad intentions will not be able to do the same that they were able to so successfully do (Caldwell 2011).

An ethical hacker could be of great assistance to law enforcement in capturing cyber criminals because ethical hackers are just like them. By being able to get into a secure system by hacking into it, they can identify with the criminals who do the same, but who have another illegal objective (Palmer 2001). They can set up ways for the cyber criminals to get caught and they can catch the cyber criminals themselves since they will know their way around the security system of the networks. Assisting law enforcement in setting traps and/or following someone who has already hacked into the system can actually be of great aid to these officials in catching and prosecuting cyber criminals who try to commit fraud, steal information, or sell people's information; there is so much that can be avoided if ethical hackers work hand in hand with law enforcement (Whitman 2011).

Although, as aforementioned, the act of hacking into any system is illegal within itself, there are training programs and certification courses in which a hacker can become an ethical one (Bishop 2007). First and foremost, before anything is done, a prospective ethical hacker needs to be screened for their background. Ethical hackers deal with a variety of information, most of which is confidential, and having complete trust that the disclosures of networks' vulnerabilities will not be exposed, is the number one qualification in a candidate (Caldwell 2011). In order to be a legitimate hacker and be employable by companies to test their penetration vulnerabilities, an ethical hacker must complete a series of courses that range from psychology and ethics, to network security and code. Once the necessary courses are completed, which can all vary according to the program a prospective ethical hacker enrolls themselves in, they then become certified by the International Council of E-Commerce Consultants (EC-Council). This guarantees that they are trained at getting into just about any system, if it is penetrable to begin with (Knight 2009).