IndexRole of HackersHacking and Hacking PhasesSurvey:Investigate:Need for HackingTypes of HackersMalware ThreatsEthical Hacking ProcessEthical Hacking DevicesPrevent ReconnaissancePrevent Active ReconnaissancePrevent Passive ReconnaissanceConclusion: References: Information security is a major issue in today's information-based economy. We need to protect our data from hackers. Hacking is a process of exploiting system weaknesses and gaining unapproved access to system data and resources. When companies connect their systems and computers, despite having numerous security configurations, the risk of security issues such as data loss, security breaches, and malicious attacks increases. The goal of this article is to describe the types of ethical hackers, the need for ethical hacking, the steps of the security test plan, and the implementation of measures to reduce vulnerability to unauthorized access or corruption of information. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an Original Essay Information security is designed to protect the confidentiality, integrity, and availability of system data from those with malicious intentions. The increased use of the Internet has given rise to many things such as Twitter, LinkedIn, Snapchat, Instagram, Weibo, QZone, online shopping and information distribution which invite hackers to exploit personal information. So, the need of ethical hacking is to protect the system from destruction caused by hackers. Role of Hacker I am the computer programmer who has knowledge of computer programming and has enough information about the system he is going to hack. Hacking and Hacking StagesHacking means the process of unauthorized intervention in a computer or network. To target a specific machine for hacking you need to follow five steps. Survey: This is the first step where the hacker collects information about the object. Investigation: This step involves exploring the information collected during the survey phase and using it to inspect the object. Hackers can use the automated tools during the investigation phase which includes Unicornscan, NMap, Angry IP Scan, Nikto and Aircrack. Inbound Access: Actual hacking attacks are performed at this stage. This way the hacker can exploit the vulnerabilities revealed during the probing and investigation phase. Maintain access: By using malware such as rootkits, backdoors, and Trojans, hackers maintain access gained for future exploitation. Track Cover: In this stage, hackers cover their tracks and tracks to avoid detection.Need for HackingAfter the terrorist attack on September 11, 2001, the need for IT professionals arose. These people are hired by companies to identify security flaws and then advise on how to fix them. Types of Hackers Hackers are different creatures and they are of seven types: Script Kiddie: These hackers are not interested in hacking. They simply copy the code and use it for a virus. A common script kiddie attack is the denial of service attack. White Hat: These hackers are professionals. They help remove vulnerabilities from the system and perform security checks of the security test plan. Black Hat: These people are crackers who damage the system by gaining unauthorized access to a resource. Gray Hat: These hackers are between good and bad hackers and may decide to reform and become a good hacker. Green Hat: They worryof hacking and become full-fledged hackers. Red Hat: These are the vigilantes of the hacker world. They close by loading viruses, DOS and accessing the computer to destroy it. Blue Hat: These are security professionals invited by companies to explore software vulnerabilities before launching it. Malware Threats Malware is any software intentionally designed to harm your computer network or server. Malware causes damage after being implanted or introduced in some way into the target computer and can take the form of executable code, scripts, active content and other software. Malware is of the following types: Worms: Worms have the ability to self-replicate to spread to other computers. Viruses: Viruses are the most infectious type of malware. It self-replicates by copying itself to another program.Trojan: the Trojan virus is designed to spy on the access file of the victim's computer and extract sensitive data.Spyware: is software that collects information about people or organizations without their knowledge and which could send this information to another individual. Rootkit: is a fraudulent computer program that provides continuous, privileged access to your computer while actively hiding its presence. This could take complete control of a system. It is difficult to spot.Ethical Hacking ProcessThe ethical hacking process requires prior planning of imperative and skillful issues. This is important for tests such as login testing, web application testing, physical penetration testing, network service testing. The security setup plan includes the following steps: Establish the test objective Select the test environment Define the test scope Determine the test restrictions Determine the test window details Obtain login credentials Obtain approval of Stakeholders Devices for Ethical Hackers Nmap: is a Network Mapper to verify network and operating system security for local and remote hosts. It is useful for being fast and providing thorough results with thorough security investigations. Wireshark: is a network packet analyzer. A network packet analyzer will attempt to capture, filter and inspect network packets and try to view the data packet in as much detail as possible. It is an excellent debugging tool if we are developing a network application. Nessus: is a scanner that looks for network attack vulnerabilities and misconfigurations. It deals with software defects, missing patches, malware and misconfigurations on a variety of operating systems, devices and applications. IronWASP: This is another great tool. It is free and cross-platform open source, perfect for those who need to control their own web servers and public applications. BurpSuit: It is an advanced platform to support entire web application testing. It is a collection of tools bundled together that in turn help exploit security vulnerabilities. Ettercap: This is the most useful tool for man in the middle and network sniffing attacks. Sniffing includes the acquisition and interpretation of data within a network packet over the TCP/IP protocol.QualisGuard: This Software as a Service vulnerability management tool designed for scanning, mapping and identifying malware on the website.Aircrack: This tool fixes vulnerabilities for wireless connections and tests for card and driver capabilities. Preventing Reconnaissance Defense strategies for each network will vary. It is useful for every organization to prevent information from coming from an attacker. Preventing Active Reconnaissance Active reconnaissance can be limited by implementing network defenses.