© The Author(s), under exclusive license to APress Media, LLC, part of Springer Nature 2021
A. SheikhCertified Ethical Hacker (CEH) Preparation Guidehttps://doi.org/10.1007/978-1-4842-7258-9_1

1. Introduction to Ethical Hacking

Ahmed Sheikh1  
Miami, FL, USA

In this chapter, you will learn about the five phases of ethical hacking and the different types of hacker attacks.

By the end of this chapter, you will be able to
  • Identify the five phases of ethical hacking.

  • Identify the different types of hacker attacks.

Ethical Hacking

Companies employ ethical hackers to do what illegal hackers do: exploit vulnerabilities. Ethical hackers also go by the names of security testers or penetration testers . In this chapter, you will take a look at the skills required to protect a network from an attack. You will focus on the key points listed below as you progress through each chapter.

Throughout the book, assume that there is upper management buy-in on the fact that the organization’s information assets need to be secured. Also assume that upper management has put the proper security policies in place in support of their recognized need for security.
  • Information: Assets of information must be secured.

  • Assumptions: Assume that the upper management recognizes the need for security and that there is a security policy in place that defines how objects can interact in a security domain.

  • Challenge: Your task is to prevent exploits of the infrastructure by being mindful of those who can use a similar infrastructure for their own motives.

  • Solution: Employ an ethical hacker with a malicious hacker’s capabilities.


It is necessary to keep in mind that vulnerability is a weakness that can be manipulated while a threat is an action or occurrence that can jeopardize security. Consider how identified weaknesses can have an effect on security. Think about the following:
  • Weakness in a target owing to analytical, design, operation, or organizational failures

  • Information system weakness due to system security procedures, infrastructure design, or controls that can be exploited

  • Weakness, design error, or implementation error leading to an unexpected event that compromises device, network, application, or protocol security


The “target of evaluation” is the name given to the asset that is being protected. This can be an IT system, a product, or a component. An attack is a deliberate action taken against a target to affect the confidentiality, integrity, availability, or authenticity of the system. Attacks can be active or passive and can be initiated from within or outside the organization. The various types of attacks to be aware of include the following:
  • Active attacks alter a target system to affect privacy, credibility, and accessibility.

  • Passive attacks breach the confidentiality of the data of a system without impacting the system’s state.

  • Inside attacks are launched by an authorized user from inside a network.

  • Outside attacks are conducted by an attacker without network authorization.

Security vs. Functionality and Ease of Use

Security is a trade-off between functionality and ease of use. Many products are designed to work out of the box, so to speak. With default configurations and software enabled, security suffers. Figure 1-1 demonstrates the relationship between security, functionality, and ease of use. Moving towards security often means moving away from functionality and ease of use. New products entering market often are a balance between functionality and ease of use, thus having less security for users.
Figure 1-1

Security, functionality, and ease of use

Phases of an Attack

Security breaches exploit and take advantage of vulnerability. Exposure is the loss due to an exploit. Once exposed, the attacker collects confidential information and covers their tracks. Take a brief introductory look at the phases of an attack, provided below. Future chapters will provide a more in-depth discussion.
  • Reconnaissance: In the reconnaissance phase, which is the planning phase, an attacker gathers as much information as possible about the target. Plain old research may be the first activity in this phase. The attacker can then move on to other reconnaissance methods such as dumpster diving or scanning. Consider the types of reconnaissance methods: passive (where the attacker does not interact with the system directly such as social engineering or dumpster diving) or active (which involves the attacker using tools to directly interact with the system). The latter could include using tools to detect open ports, router locations, network mapping, and operating system details.

  • Scanning: During the scanning phase, the attacker tries to identify specific vulnerabilities. Vulnerability scanners are the most widely used tools. Port scanners are used to recognize listening ports that provide clues to the types of services that are running.

    Scanning is a logical extension of the reconnaissance phase, but it involves more in-depth probing, which is considered an extension of active reconnaissance.

  • Gaining access: Gaining access is usually the goal of an attacker. However, keep in mind that this is not always the case. A denial-of-service attack, for example, causes a resource to be unavailable, and it is not necessary for an attacker to gain access to that resource in order to be successful. There are several factors affecting whether or not an attacker can successfully gain access, such as target system architecture and configuration, skill level, or the level of access gained.

  • Maintaining access: Once an attacker has successfully gained access, they need to maintain access through installing a backdoor or a rootkit. So as not to be detected, the attacker also removes any evidence of their breech by changing the log files, for example.

    An organization may employ an intrusion detection system (IDS) or a honeypot to detect potential intruders.

  • Covering tracks: Be aware that an attacker will erase all evidence of their presence. Tools such as Netcat or other trojans can be used to erase the evidence from log files. Other options include steganography, hiding data in other data, and tunneling (which carries one protocol in another).

Types of Hacker Attacks

There are several ways that an attacker can gain access to an organization’s network by exploiting the vulnerabilities they find. These attacks can be broken down into four categories.
  • Operating system: Increased features amplify complexity.

  • Application level: For application developers, security is not always a priority.

  • Shrink-wrap code: Free libraries and code approved from other sources are used by developers.

  • Misconfiguration: Build an effective configuration, removing all unnecessary applications and services.


Hacktivism is a term that combines hacker with activism. To promote awareness of a political or social agenda, a hacktivist uses hacking. Government entities and multinational companies are among the targets. The following are examples of hacker class types associated with hacktivism:
  • Black hats employ computer skills for illicit motives.

  • White hats utilize their strength for defensive purposes.

  • Gray hats believe in complete disclosure.

  • Suicide hackers are eager to become martyrs for their objective.

Ethical Hackers

Ethical hackers are employed for threat evaluation and security. It is important to note that an ethical hacker has the consent of the organization that hired them. Ethical hackers use the same techniques and tools as attackers. Ethical hackers must possess the following skills: thorough knowledge of both software and hardware, a good understanding of networking and programming, and knowledge of installing and managing several operating systems.

Ethical hackers search for answers to three fundamental questions:
  • What would an attacker see on a target?

  • How does an attacker use this information?

  • Are the attempts of the attackers on the target being recognized?

Vulnerability Research

Since attackers are using research to find exploits, this is important for the good guys as well. There are always new products being introduced, and you must keep up with the latest technologies.

There are also numerous hacking websites that you can monitor for information. Two excellent sites to visit are the United States Computer Emergency Readiness Team (www.us-cert.gov/) and the National Vulnerability Database (https://nvd.nist.gov/).

Ethical Hacking Assignment

When you are tasked with an ethical hacking assignment, it is important to keep the following steps in mind:
  1. 1.

    You begin with an initial meeting with the client to provide an overview and prepare a nondisclosure agreement.

  2. 2.

    The nondisclosure agreement puts in writing that the ethical hacker has the full consent of the client.

  3. 3.

    You then create a team and prepare the testing schedule. When conducting the test, one of two approaches can be taken: black or white box testing. With black box testing, the tester has no prior knowledge or information about the system. White box testing is just the opposite: the tester has advance knowledge of the system. For example, the tester is told about the network topology and provided a network diagram showing all of the company’s routers, switches, firewalls, and instruction detection systems (IDS).

  4. 4.

    Once the testing is complete, you analyze the results and prepare a report to be delivered to the client.


Computer Crime

Computer crime can be accomplished with the use of a computer or by targeting a computer. It is important to be mindful of the laws enacted and to be in compliance as an ethical hacker. To learn more, review the Cyber Security Enhancement Act (http://beta.congress.gov/bill/113th-congress/house-bill/756).


In this chapter, you were introduced to ethical hacking, hacktivism, and the different types of hackers and hacker attacks. You now know the five phases of an attack and have a foundational understanding of vulnerability research and associated tools. You can describe the different ways an ethical hacker can test a target network. Lastly, you understand the various categories of crime and the importance of knowing laws in the field to maintain compliance.


..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.