If you are an ethical hacker, these ten commandments of ethical hacking ensure that you believe in the doctrine of ethical hacking.
Commandment 1: Set your own goals
While experimenting with the security of a wireless network, you should be able to answer the following three questions –
- What information can the intruder first access at the target point?
- How can it benefit the intruder?
- Is there any dedicated person assigned to monitor the intruder’s attempts?
Initially, set a goal of finding unauthorized wireless access points or the crucial points of information on the network where the intruders try to reach. The purpose should be defined, documented, and communicated to the management.
Commandment 2: Plan your work
It is essential to plan your tasks as you may be short of resources. An ethical hacker has to work in defined constraints of time, budget, people, etc. Set a step-by-step process before you begin testing and consider taking the approval on the budget from the management.
Draft a plan step-wise as follows –
- Identify the systems and networks that you intend to test.
- Define the timeline for each testing.
- Explain the testing process.
- Share the plan with the stakeholders.
- Obtain approval on the plan from the stakeholders.
Commandment 3: Always obtain permission
The act of obtaining permission differentiates an ethical hacker from a cybercriminal. An ethical hacking, when performed without asking permission, will be held responsible in the court of law. Before you begin the hacking, take permission in writing from the management, seeking support in all aspects of the law. It means that when ethical hacking is performed within the agreed constraints, the ethical hacker will gain support from the management.
Commandment 4: Work ethically
The term ‘ethical’ in this context refers to working professionally in absolute good conscience. As an ethical hacker, you must behave in accordance with the approved plan. You must maintain confidentiality and adhere to the non-disclosure of information, and that includes the results. The test results or the learnings during the entire hacking process is sensitive information which should not be leaked to anybody. You must ensure that you are compliant with the organization’s policies and the governing laws under which the company is regulated.
Commandment 5: Maintain a record of ethical hacking
Ethical hacking is a dedicated effort, and you may have to spend long hours over a keyboard in a darkened room. This may demand off hours of work, often. To ensure that you are on the right path, you must continuously record all your findings and attempts.
Keeping an adequate record of your work is a hallmark of professionalism. You should –
- Record and maintain a log of the work performed.
- Update the log as and when required.
- Keep a duplicate log too.
- Every document should be appropriately dated.
Commandment 6: Respect others privacy
Respecting and protecting the privacy of other’s information is the foremost principle of ethical hacking. The information that you obtain during the hacking process would include confidential data like passwords, which shall be kept private. Behave responsibly while dealing with other’s data. Treat the information with the same ethnicity and confidentiality as you treat yours.
Commandment 7: Resist the urge
It is easy to get caught in the gratifying task of ethical hacking. When you succeed in your attempts, you may get the urge to try more. There may be a possibility of causing an outage of some sort or trampling other’s rights. Usually, ethical hackers use the tools without a proper understanding of their implications, forgetting that an attack may create a denial of service. A good understanding of the nature of tools is important to put them in use.
Commandment 8: Adopt a scientific process
To have greater acceptance of your work, adopt an empirical method based on the following attributes:
- Plan quantifiable goals –
Goals help measure achievements. Always have goals that are measurable like associating with broken encryption keys from an internal server. The goals should be quantifiable in terms of time or quantity.
- Ensure consistency in the result –
When there is a variation in the outcome of the test, you need to have an explanation for the gap, or else the tests are considered invalid. The tests shall always give the same result even if performed by others in the respective pattern. When a test is replicable with no variations, it shows confidence in your work.
- Attend persistent problem –
When the test results are correct, the organization encourages you with extended support. By attending to the issues that are persistent or permanent and not temporary, the management will receive test results with more enthusiasm.
Commandment 9: Restrict when collecting the tools
There are ample wireless hacking tools available online which may tempt you to grab them all as and when the new ones are released. Surprisingly, the larger the number of tools you possess, you more you will discover. Due to rampant growth in cyberattacks, many free tools can be sought online, and if you have time and budget, then you can gain access to a larger collection. It is a fascinating hobby of ethical hackers which may get fierce. Instead, pick one tool and practice extensively with it.
Commandment 10: Report all your findings
Ethical hacking may not be a day’s task, lest, it may extend a week or more. It is important to provide a report of your progress on a daily or weekly basis. When the management receives updates, they show confidence in you. Your report on findings should be shared with all the authorized personnel, including stakeholders. Also, report high-risk vulnerabilities immediately whenever identified before they are discovered by the unauthorized intruders.
The report that you prepare serves as a reference to your findings, analysis, and your conclusions to your peers who can review whenever required. It determines the veracity of your work and conveys the completion of your work. If your report is unjustly criticized, you can get defend by ensuring that it adheres to the ten commandments of ethical hacking.
Do you want to be an ethical hacker? Get a recognized certification on ethical hacking from EC-Council. We offer Certified Ethical Hacker (C|EH) program, which is the most desired information security program that any cybersecurity professional would desire to have. The course covers 340 attack methodologies that are commonly used by hackers and is backed by the 20 of the most current security domains any individual would ever want to know. You will learn the five phases of ethical hacking namely, reconnaissance, gaining access, enumeration, maintaining access, and covering your tracks. C|EH will immerse you completely in the mindset of a criminal attacker so that you can act and defend against the future attacks.