Wikipedia - Benutzerbeiträge [de]

White hat

2015-03-13T12:42:37Z

176.126.231.210:

{{Computer hacking}}

The term "'''white hat'''" in [[Internet slang]] refers to an ethical [[computer hacker]], or a [[computer security]] expert, who specializes in [[penetration testing]] and in other testing methodologies to ensure the security of an organization's [[information systems]].<ref>{{cite web|url=http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci550882,00.html |title=What is white hat? - a definition from Whatis.com |publisher=Searchsecurity.techtarget.com |date= |accessdate=2012-06-06}}</ref> [[Hacker ethic|Ethical hacking]] is a term coined by [[IBM]] meant to imply a broader category than just penetration testing.<ref name=Knight>{{cite journal|last=Knight|first=William|title=License to Hack|journal=InfoSecurity|date=16 October 2009|volume=6|issue=6|pages=38–41|url=http://www.infosecurity-magazine.com/view/4611/license-to-hack-ethical-hacking/|doi=10.1016/s1742-6847(09)70019-9}}</ref>
White-hat hackers may also work in teams called "[[hacker (computer security)|sneakers]]",<ref name= Secpoint>{{cite web|url=http://www.secpoint.com/What-is-a-White-Hat.html |title=What is a White Hat? |publisher=Secpoint.com |date=2012-03-20 |accessdate=2012-06-06}}</ref> [[red team]]s, or [[tiger team]]s,<ref name=Palmer>{{cite journal|last=Palmer|first=C.C.|title=Ethical Hacking|journal=IBM Systems Journal|year=2001|volume=40|issue=3|page=769|url=http://pdf.textfiles.com/security/palmer.pdf|doi=10.1147/sj.403.0769}}</ref>[[WhiteHat Adda]].<ref>WhieHat Adda - The Programmer's Point</ref>

==History==
One of the first instances of an ethical hack being used was a "security evaluation" conducted by the United States Air Force of the Multics operating systems for "potential use as a two-level (secret/top secret) system." Their evaluation found that while Multics was "significantly better than other conventional systems,"{{citation needed|date=May 2013}} it also had "... vulnerabilities in hardware security, software security and procedural security"{{citation needed|date=May 2013}} that could be uncovered with "a relatively low level of effort."{{citation needed|date=May 2013}} The authors performed their tests under a guideline of realism, so that their results would accurately represent the kinds of access that an intruder could potentially achieve. They performed tests that were simple information-gathering exercises, as well as other tests that were outright attacks upon the system that might damage its integrity. Clearly, their audience wanted to know both results. There are several other now unclassified reports that describe ethical hacking activities within the U.S. military.<ref name=Palmer /> The idea to bring this tactic of ethical hacking to assess security of systems was formulated by [[Dan Farmer]] and [[Wietse Venema]]. With the goal of raising the overall level of security on the [[Internet]] and [[intranets]], they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so. They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. They gathered up all the tools that they had used during their work, packaged them in a single, easy-to-use application, and gave it away to anyone who chose to download it. Their program, called [[Security Administrator Tool for Analyzing Networks]], or SATAN, was met with a great amount of media attention around the world in 1992.<ref name= Palmer />

==Tactics==
While penetration testing concentrates on attacking software and computer systems from the start – scanning ports, examining known defects and patch installations, for example – ethical hacking, which will likely include such things, is under no limitations when asked for by stake holders in the company. A full blown ethical hack might include emailing staff to ask for password details, rummaging through executive’s dustbins and usually breaking and entering – all, of course, with NO knowledge and consent of the targets. ONLY the owners, CEO's and Board Members (stake holders) whom asked for such a security review of this magnitude are aware. A complete understanding, and sometimes if allowed by those stake holders, a complete non-understanding of the hack attempt is allowed to test penetration points. To try to replicate some of the destructive techniques a real attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late at night while systems are less critical.<ref name= Knight /> In most recent cases these hacks perpetuate for the long term con, (days, if not weeks, of long term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software in a public area, as if someone lost the small drive and an unsuspecting employee found it and took it.

Some other methods of carrying out these include:

* [[Denial-of-service attack|DoS attack]]s
* [[Social engineering (security)|Social engineering]] tactics
* Security scanners such as:
** [[W3af]]
** [[Nessus (software)|Nessus]]
** Nexpose
* Frameworks such as:
** [[Metasploit]]

Such methods identify and [[Exploit (computer security)|exploit]] known [[Vulnerability (computing)|vulnerabilities]], and attempt to evade security to gain entry into secured areas. They are able to do this by hiding software and system 'back-doors' that could be used as a link to the information or access the non-ethical hacker, also known as 'black-hat' or 'grey-hat', may want to reach.

==Legality in the UK==
how do I get my period dad? Struan Robertson, legal director at Pinsent Masons LLP, and editor of [[OUT-LAW|OUT-LAW.com]], says "Broadly speaking, if the access to a system is authorized, the hacking is ethical and legal. If it isn't, there's an offence under the [[Computer Misuse Act]]. The unauthorized access offence covers everything from guessing the password, to accessing someone's webmail account, to cracking the security of a bank. The maximum penalty for unauthorized access to a computer is two years in prison and a fine. There are higher penalties – up to 10 years in prison – when the hacker also modifies data". Unauthorized access even to expose vulnerabilities for the benefit of many is not legal, says Robertson. "There's no defense in our hacking laws that your behavior is for the greater good. Even if it's what you believe."<ref name=Knight />

==Employment==
The United States [[National Security Agency]] offers certifications such as the CNSS 4011. Such a certification covers orderly, ethical hacking techniques and team-management. Aggressor teams are called "red" teams. Defender teams are called "blue" teams.<ref name=Secpoint />
{{globalize/Eng|date=June 2011}}



===List of prominent white hat hackers===
* [[Eric Corley]]
* [[Przemysław Frasunek]]
* [[Raphael Gray]]
* [[Barnaby Jack]]
* [[Kevin Mitnick]]
* [[Robert Tappan Morris]]
* [[Kevin Poulsen]]

==See also==
* [[Certified Ethical Hacker]]
* [[:Category:Computer hacking|Computer hacking]] (category)
* [[IT risk]]
* [[Wireless identity theft]]

==References==
{{reflist}}

{{DEFAULTSORT:White Hat (Computer Security)}}
[[Category:Hacking (computer security)]]

[[ja:ハッカー#類語]]

White hat

2015-03-13T12:41:32Z

176.126.231.210:

{{Computer hacking}}

The term "'''white hat'''" in [[Internet slang]] refers to an ethical [[computer hacker]], or a [[computer security]] expert, who specializes in [[penetration testing]] and in other testing methodologies to ensure the security of an organization's [[information systems]].<ref>{{cite web|url=http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci550882,00.html |title=What is white hat? - a definition from Whatis.com |publisher=Searchsecurity.techtarget.com |date= |accessdate=2012-06-06}}</ref> [[Hacker ethic|Ethical hacking]] is a term coined by [[IBM]] meant to imply a broader category than just penetration testing.<ref name=Knight>{{cite journal|last=Knight|first=William|title=License to Hack|journal=InfoSecurity|date=16 October 2009|volume=6|issue=6|pages=38–41|url=http://www.infosecurity-magazine.com/view/4611/license-to-hack-ethical-hacking/|doi=10.1016/s1742-6847(09)70019-9}}</ref>
White-hat hackers may also work in teams called "[[hacker (computer security)|sneakers]]",<ref name= Secpoint>{{cite web|url=http://www.secpoint.com/What-is-a-White-Hat.html |title=What is a White Hat? |publisher=Secpoint.com |date=2012-03-20 |accessdate=2012-06-06}}</ref> [[red team]]s, or [[tiger team]]s,<ref name=Palmer>{{cite journal|last=Palmer|first=C.C.|title=Ethical Hacking|journal=IBM Systems Journal|year=2001|volume=40|issue=3|page=769|url=http://pdf.textfiles.com/security/palmer.pdf|doi=10.1147/sj.403.0769}}</ref>[[WhiteHat Adda]].<ref>WhieHat Adda - The Programmer's Point</ref>

==History==
One of the first instances of an ethical hack being used was a "security evaluation" conducted by the United States Air Force of the Multics operating systems for "potential use as a two-level (secret/top secret) system." Their evaluation found that while Multics was "significantly better than other conventional systems,"{{citation needed|date=May 2013}} it also had "... vulnerabilities in hardware security, software security and procedural security"{{citation needed|date=May 2013}} that could be uncovered with "a relatively low level of effort."{{citation needed|date=May 2013}} The authors performed their tests under a guideline of realism, so that their results would accurately represent the kinds of access that an intruder could potentially achieve. They performed tests that were simple information-gathering exercises, as well as other tests that were outright attacks upon the system that might damage its integrity. Clearly, their audience wanted to know both results. There are several other now unclassified reports that describe ethical hacking activities within the U.S. military.<ref name=Palmer /> The idea to bring this tactic of ethical hacking to assess security of systems was formulated by [[Dan Farmer]] and [[Wietse Venema]]. With the goal of raising the overall level of security on the [[Internet]] and [[intranets]], they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so. They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. They gathered up all the tools that they had used during their work, packaged them in a single, easy-to-use application, and gave it away to anyone who chose to download it. Their program, called [[Security Administrator Tool for Analyzing Networks]], or SATAN, was met with a great amount of media attention around the world in 1992.<ref name= Palmer />

==Tactics==
While penetration testing concentrates on attacking software and computer systems from the start – scanning ports, examining known defects and patch installations, for example – ethical hacking, which will likely include such things, is under no limitations when asked for by stake holders in the company. A full blown ethical hack might include emailing staff to ask for password details, rummaging through executive’s dustbins and usually breaking and entering – all, of course, with NO knowledge and consent of the targets. ONLY the owners, CEO's and Board Members (stake holders) whom asked for such a security review of this magnitude are aware. A complete understanding, and sometimes if allowed by those stake holders, a complete non-understanding of the hack attempt is allowed to test penetration points. To try to replicate some of the destructive techniques a real attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late at night while systems are less critical.<ref name= Knight /> In most recent cases these hacks perpetuate for the long term con, (days, if not weeks, of long term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software in a public area, as if someone lost the small drive and an unsuspecting employee found it and took it.

Some other methods of carrying out these include:

* [[Denial-of-service attack|DoS attack]]s
* [[Social engineering (security)|Social engineering]] tactics
* Security scanners such as:
** [[W3af]]
** [[Nessus (software)|Nessus]]
** Nexpose
* Frameworks such as:
** [[Metasploit]]

Such methods identify and [[Exploit (computer security)|exploit]] known [[Vulnerability (computing)|vulnerabilities]], and attempt to evade security to gain entry into secured areas. They are able to do this by hiding software and system 'back-doors' that could be used as a link to the information or access the non-ethical hacker, also known as 'black-hat' or 'grey-hat', may want to reach.

==Legality in the UK==
Louis is a gay idiotStruan Robertson, legal director at Pinsent Masons LLP, and editor of [[OUT-LAW|OUT-LAW.com]], says "Broadly speaking, if the access to a system is authorized, the hacking is ethical and legal. If it isn't, there's an offence under the [[Computer Misuse Act]]. The unauthorized access offence covers everything from guessing the password, to accessing someone's webmail account, to cracking the security of a bank. The maximum penalty for unauthorized access to a computer is two years in prison and a fine. There are higher penalties – up to 10 years in prison – when the hacker also modifies data". Unauthorized access even to expose vulnerabilities for the benefit of many is not legal, says Robertson. "There's no defense in our hacking laws that your behavior is for the greater good. Even if it's what you believe."<ref name=Knight />

==Employment==
The United States [[National Security Agency]] offers certifications such as the CNSS 4011. Such a certification covers orderly, ethical hacking techniques and team-management. Aggressor teams are called "red" teams. Defender teams are called "blue" teams.<ref name=Secpoint />
{{globalize/Eng|date=June 2011}}



===List of prominent white hat hackers===
* [[Eric Corley]]
* [[Przemysław Frasunek]]
* [[Raphael Gray]]
* [[Barnaby Jack]]
* [[Kevin Mitnick]]
* [[Robert Tappan Morris]]
* [[Kevin Poulsen]]

==See also==
* [[Certified Ethical Hacker]]
* [[:Category:Computer hacking|Computer hacking]] (category)
* [[IT risk]]
* [[Wireless identity theft]]

==References==
{{reflist}}

{{DEFAULTSORT:White Hat (Computer Security)}}
[[Category:Hacking (computer security)]]

[[ja:ハッカー#類語]]

White hat

2015-03-04T10:41:48Z

176.126.231.210:

{{Computer hacking}}

The term "'''white hat'''" in [[Internet slang]] refers to an ethical [[computer hacker]], or a [[computer security]] expert, who specializes in [[penetration testing]] and in other testing methodologies to ensure the security of an organization's [[information systems]].<ref>{{cite web|url=http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci550882,00.html |title=What is white hat? - a definition from Whatis.com |publisher=Searchsecurity.techtarget.com |date= |accessdate=2012-06-06}}</ref> [[Hacker ethic|Ethical hacking]] is a term coined by [[IBM]] meant to imply a broader category than just penetration testing.<ref name=Knight>{{cite journal|last=Knight|first=William|title=License to Hack|journal=InfoSecurity|date=16 October 2009|volume=6|issue=6|pages=38–41|url=http://www.infosecurity-magazine.com/view/4611/license-to-hack-ethical-hacking/|doi=10.1016/s1742-6847(09)70019-9}}</ref>
White-hat hackers may also work in teams called "[[hacker (computer security)|sneakers]]",<ref name= Secpoint>{{cite web|url=http://www.secpoint.com/What-is-a-White-Hat.html |title=What is a White Hat? |publisher=Secpoint.com |date=2012-03-20 |accessdate=2012-06-06}}</ref> [[red team]]s, or [[tiger team]]s,<ref name=Palmer>{{cite journal|last=Palmer|first=C.C.|title=Ethical Hacking|journal=IBM Systems Journal|year=2001|volume=40|issue=3|page=769|url=http://pdf.textfiles.com/security/palmer.pdf|doi=10.1147/sj.403.0769}}</ref>[[WhiteHat Adda]].<ref>WhieHat Adda - The Programmer's Point</ref>

==History==
One of the first instances of an ethical hack being used was a "security evaluation" conducted by the United States Air Force of the Multics operating systems for "potential use as a two-level (secret/top secret) system." Their evaluation found that while Multics was "significantly better than other conventional systems,"{{citation needed|date=May 2013}} it also had "... vulnerabilities in hardware security, software security and procedural security"{{citation needed|date=May 2013}} that could be uncovered with "a relatively low level of effort."{{citation needed|date=May 2013}} The authors performed their tests under a guideline of realism, so that their results would accurately represent the kinds of access that an intruder could potentially achieve. They performed tests that were simple information-gathering exercises, as well as other tests that were outright attacks upon the system that might damage its integrity. Clearly, their audience wanted to know both results. There are several other now unclassified reports that describe ethical hacking activities within the U.S. military.<ref name=Palmer /> The idea to bring this tactic of ethical hacking to assess security of systems was formulated by [[Dan Farmer]] and [[Wietse Venema]]. With the goal of raising the overall level of security on the [[Internet]] and [[intranets]], they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so. They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. They gathered up all the tools that they had used during their work, packaged them in a single, easy-to-use application, and gave it away to anyone who chose to download it. Their program, called [[Security Administrator Tool for Analyzing Networks]], or SATAN, was met with a great amount of media attention around the world in 1992.<ref name= Palmer />

==Tactics==
While penetration testing concentrates on attacking software and computer systems from the start – scanning ports, examining known defects and patch installations, for example – ethical hacking, which will likely include such things, is under no limitations when asked for by stake holders in the company. A full blown ethical hack might include emailing staff to ask for password details, rummaging through executive’s dustbins and usually breaking and entering – all, of course, with NO knowledge and consent of the targets. ONLY the owners, CEO's and Board Members (stake holders) whom asked for such a security review of this magnitude are aware. A complete understanding, and sometimes if allowed by those stake holders, a complete non-understanding of the hack attempt is allowed to test penetration points. To try to replicate some of the destructive techniques a real attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late at night while systems are less critical.<ref name= Knight /> In most recent cases these hacks perpetuate for the long term con, (days, if not weeks, of long term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software in a public area, as if someone lost the small drive and an unsuspecting employee found it and took it.

Some other methods of carrying out these include:

* [[Denial-of-service attack|DoS attack]]s
* [[Social engineering (security)|Social engineering]] tactics
* Security scanners such as:
** [[W3af]]
** [[Nessus (software)|Nessus]]
** Nexpose
* Frameworks such as:
** [[Metasploit]]

Such methods identify and [[Exploit (computer security)|exploit]] known [[Vulnerability (computing)|vulnerabilities]], and attempt to evade security to gain entry into secured areas. They are able to do this by hiding software and system 'back-doors' that could be used as a link to the information or access the non-ethical hacker, also known as 'black-hat' or 'grey-hat', may want to reach.

==Legality in the UK==
Louis is a gay
Struan Robertson, legal director at Pinsent Masons LLP, and editor of [[OUT-LAW|OUT-LAW.com]], says "Broadly speaking, if the access to a system is authorized, the hacking is ethical and legal. If it isn't, there's an offence under the [[Computer Misuse Act]]. The unauthorized access offence covers everything from guessing the password, to accessing someone's webmail account, to cracking the security of a bank. The maximum penalty for unauthorized access to a computer is two years in prison and a fine. There are higher penalties – up to 10 years in prison – when the hacker also modifies data". Unauthorized access even to expose vulnerabilities for the benefit of many is not legal, says Robertson. "There's no defense in our hacking laws that your behavior is for the greater good. Even if it's what you believe."<ref name=Knight />

==Employment==
The United States [[National Security Agency]] offers certifications such as the CNSS 4011. Such a certification covers orderly, ethical hacking techniques and team-management. Aggressor teams are called "red" teams. Defender teams are called "blue" teams.<ref name=Secpoint />
{{globalize/Eng|date=June 2011}}



===List of prominent white hat hackers===
* [[Eric Corley]]
* [[Przemysław Frasunek]]
* [[Raphael Gray]]
* [[Barnaby Jack]]
* [[Kevin Mitnick]]
* [[Robert Tappan Morris]]
* [[Kevin Poulsen]]

==See also==
* [[Certified Ethical Hacker]]
* [[:Category:Computer hacking|Computer hacking]] (category)
* [[IT risk]]
* [[Wireless identity theft]]

==References==
{{reflist}}

{{DEFAULTSORT:White Hat (Computer Security)}}
[[Category:Hacking (computer security)]]

[[ja:ハッカー#類語]]

White hat

2015-03-04T10:37:08Z

176.126.231.210:

{{Computer hacking}}

The term "'''white hat'''" in [[Internet slang]] refers to an ethical [[computer hacker]], or a [[computer security]] expert, who specializes in [[penetration testing]] and in other testing methodologies to ensure the security of an organization's [[information systems]].<ref>{{cite web|url=http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci550882,00.html |title=What is white hat? - a definition from Whatis.com |publisher=Searchsecurity.techtarget.com |date= |accessdate=2012-06-06}}</ref> [[Hacker ethic|Ethical hacking]] is a term coined by [[IBM]] meant to imply a broader category than just penetration testing.<ref name=Knight>{{cite journal|last=Knight|first=William|title=License to Hack|journal=InfoSecurity|date=16 October 2009|volume=6|issue=6|pages=38–41|url=http://www.infosecurity-magazine.com/view/4611/license-to-hack-ethical-hacking/|doi=10.1016/s1742-6847(09)70019-9}}</ref>
White-hat hackers may also work in teams called "[[hacker (computer security)|sneakers]]",<ref name= Secpoint>{{cite web|url=http://www.secpoint.com/What-is-a-White-Hat.html |title=What is a White Hat? |publisher=Secpoint.com |date=2012-03-20 |accessdate=2012-06-06}}</ref> [[red team]]s, or [[tiger team]]s,<ref name=Palmer>{{cite journal|last=Palmer|first=C.C.|title=Ethical Hacking|journal=IBM Systems Journal|year=2001|volume=40|issue=3|page=769|url=http://pdf.textfiles.com/security/palmer.pdf|doi=10.1147/sj.403.0769}}</ref>[[WhiteHat Adda]].<ref>WhieHat Adda - The Programmer's Point</ref>

==History==
One of the first instances of an ethical hack being used was a "security evaluation" conducted by the United States Air Force of the Multics operating systems for "potential use as a two-level (secret/top secret) system." Their evaluation found that while Multics was "significantly better than other conventional systems,"{{citation needed|date=May 2013}} it also had "... vulnerabilities in hardware security, software security and procedural security"{{citation needed|date=May 2013}} that could be uncovered with "a relatively low level of effort."{{citation needed|date=May 2013}} The authors performed their tests under a guideline of realism, so that their results would accurately represent the kinds of access that an intruder could potentially achieve. They performed tests that were simple information-gathering exercises, as well as other tests that were outright attacks upon the system that might damage its integrity. Clearly, their audience wanted to know both results. There are several other now unclassified reports that describe ethical hacking activities within the U.S. military.<ref name=Palmer /> The idea to bring this tactic of ethical hacking to assess security of systems was formulated by [[Dan Farmer]] and [[Wietse Venema]]. With the goal of raising the overall level of security on the [[Internet]] and [[intranets]], they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so. They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. They gathered up all the tools that they had used during their work, packaged them in a single, easy-to-use application, and gave it away to anyone who chose to download it. Their program, called [[Security Administrator Tool for Analyzing Networks]], or SATAN, was met with a great amount of media attention around the world in 1992.<ref name= Palmer />

==Tactics==
While penetration testing concentrates on attacking software and computer systems from the start – scanning ports, examining known defects and patch installations, for example – ethical hacking, which will likely include such things, is under no limitations when asked for by stake holders in the company. A full blown ethical hack might include emailing staff to ask for password details, rummaging through executive’s dustbins and usually breaking and entering – all, of course, with NO knowledge and consent of the targets. ONLY the owners, CEO's and Board Members (stake holders) whom asked for such a security review of this magnitude are aware. A complete understanding, and sometimes if allowed by those stake holders, a complete non-understanding of the hack attempt is allowed to test penetration points. To try to replicate some of the destructive techniques a real attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late at night while systems are less critical.<ref name= Knight /> In most recent cases these hacks perpetuate for the long term con, (days, if not weeks, of long term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software in a public area, as if someone lost the small drive and an unsuspecting employee found it and took it.

Some other methods of carrying out these include:

* [[Denial-of-service attack|DoS attack]]s
* [[Social engineering (security)|Social engineering]] tactics
* Security scanners such as:
** [[W3af]]
** [[Nessus (software)|Nessus]]
** Nexpose
* Frameworks such as:
** [[Metasploit]]

Such methods identify and [[Exploit (computer security)|exploit]] known [[Vulnerability (computing)|vulnerabilities]], and attempt to evade security to gain entry into secured areas. They are able to do this by hiding software and system 'back-doors' that could be used as a link to the information or access the non-ethical hacker, also known as 'black-hat' or 'grey-hat', may want to reach.

==Legality in the UK==
I believe Louis is gay, he told me and he also said joe touched him.
The United States [[National Security Agency]] offers certifications such as the CNSS 4011. Such a certification covers orderly, ethical hacking techniques />

==Employment==
The United States [[National Security Agency]] offers certifications such as the CNSS 4011. Such a certification covers orderly, ethical hacking techniques and team-management. Aggressor teams are called "red" teams. Defender teams are called "blue" teams.<ref name=Secpoint />
{{globalize/Eng|date=June 2011}}



===List of prominent white hat hackers===
* [[Eric Corley]]
* [[Przemysław Frasunek]]
* [[Raphael Gray]]
* [[Barnaby Jack]]
* [[Kevin Mitnick]]
* [[Robert Tappan Morris]]
* [[Kevin Poulsen]]

==See also==
* [[Certified Ethical Hacker]]
* [[:Category:Computer hacking|Computer hacking]] (category)
* [[IT risk]]
* [[Wireless identity theft]]

==References==
{{reflist}}

{{DEFAULTSORT:White Hat (Computer Security)}}
[[Category:Hacking (computer security)]]

[[ja:ハッカー#類語]]

White hat

2015-03-04T10:35:33Z

176.126.231.210:

{{Computer hacking}}

The term "'''white hat'''" in [[Internet slang]] refers to an ethical [[computer hacker]], or a [[computer security]] expert, who specializes in [[penetration testing]] and in other testing methodologies to ensure the security of an organization's [[information systems]].<ref>{{cite web|url=http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci550882,00.html |title=What is white hat? - a definition from Whatis.com |publisher=Searchsecurity.techtarget.com |date= |accessdate=2012-06-06}}</ref> [[Hacker ethic|Ethical hacking]] is a term coined by [[IBM]] meant to imply a broader category than just penetration testing.<ref name=Knight>{{cite journal|last=Knight|first=William|title=License to Hack|journal=InfoSecurity|date=16 October 2009|volume=6|issue=6|pages=38–41|url=http://www.infosecurity-magazine.com/view/4611/license-to-hack-ethical-hacking/|doi=10.1016/s1742-6847(09)70019-9}}</ref>
White-hat hackers may also work in teams called "[[hacker (computer security)|sneakers]]",<ref name= Secpoint>{{cite web|url=http://www.secpoint.com/What-is-a-White-Hat.html |title=What is a White Hat? |publisher=Secpoint.com |date=2012-03-20 |accessdate=2012-06-06}}</ref> [[red team]]s, or [[tiger team]]s,<ref name=Palmer>{{cite journal|last=Palmer|first=C.C.|title=Ethical Hacking|journal=IBM Systems Journal|year=2001|volume=40|issue=3|page=769|url=http://pdf.textfiles.com/security/palmer.pdf|doi=10.1147/sj.403.0769}}</ref>[[WhiteHat Adda]].<ref>WhieHat Adda - The Programmer's Point</ref>

==History==
One of the first instances of an ethical hack being used was a "security evaluation" conducted by the United States Air Force of the Multics operating systems for "potential use as a two-level (secret/top secret) system." Their evaluation found that while Multics was "significantly better than other conventional systems,"{{citation needed|date=May 2013}} it also had "... vulnerabilities in hardware security, software security and procedural security"{{citation needed|date=May 2013}} that could be uncovered with "a relatively low level of effort."{{citation needed|date=May 2013}} The authors performed their tests under a guideline of realism, so that their results would accurately represent the kinds of access that an intruder could potentially achieve. They performed tests that were simple information-gathering exercises, as well as other tests that were outright attacks upon the system that might damage its integrity. Clearly, their audience wanted to know both results. There are several other now unclassified reports that describe ethical hacking activities within the U.S. military.<ref name=Palmer /> The idea to bring this tactic of ethical hacking to assess security of systems was formulated by [[Dan Farmer]] and [[Wietse Venema]]. With the goal of raising the overall level of security on the [[Internet]] and [[intranets]], they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so. They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. They gathered up all the tools that they had used during their work, packaged them in a single, easy-to-use application, and gave it away to anyone who chose to download it. Their program, called [[Security Administrator Tool for Analyzing Networks]], or SATAN, was met with a great amount of media attention around the world in 1992.<ref name= Palmer />

==Tactics==
While penetration testing concentrates on attacking software and computer systems from the start – scanning ports, examining known defects and patch installations, for example – ethical hacking, which will likely include such things, is under no limitations when asked for by stake holders in the company. A full blown ethical hack might include emailing staff to ask for password details, rummaging through executive’s dustbins and usually breaking and entering – all, of course, with NO knowledge and consent of the targets. ONLY the owners, CEO's and Board Members (stake holders) whom asked for such a security review of this magnitude are aware. A complete understanding, and sometimes if allowed by those stake holders, a complete non-understanding of the hack attempt is allowed to test penetration points. To try to replicate some of the destructive techniques a real attack might employ, ethical hackers may arrange for cloned test systems, or organize a hack late at night while systems are less critical.<ref name= Knight /> In most recent cases these hacks perpetuate for the long term con, (days, if not weeks, of long term human infiltration into an organization). Some examples include leaving USB/flash key drives with hidden auto-start software in a public area, as if someone lost the small drive and an unsuspecting employee found it and took it.

Some other methods of carrying out these include:

* [[Denial-of-service attack|DoS attack]]s
* [[Social engineering (security)|Social engineering]] tactics
* Security scanners such as:
** [[W3af]]
** [[Nessus (software)|Nessus]]
** Nexpose
* Frameworks such as:
** [[Metasploit]]

Such methods identify and [[Exploit (computer security)|exploit]] known [[Vulnerability (computing)|vulnerabilities]], and attempt to evade security to gain entry into secured areas. They are able to do this by hiding software and system 'back-doors' that could be used as a link to the information or access the non-ethical hacker, also known as 'black-hat' or 'grey-hat', may want to reach.

==Legality in the UK==
The leagity in this is none and Louis is gay btw
The United States [[National Security Agency]] offers certifications such as the CNSS 4011. Such a certification covers orderly, ethical hacking techniques />

==Employment==
The United States [[National Security Agency]] offers certifications such as the CNSS 4011. Such a certification covers orderly, ethical hacking techniques and team-management. Aggressor teams are called "red" teams. Defender teams are called "blue" teams.<ref name=Secpoint />
{{globalize/Eng|date=June 2011}}



===List of prominent white hat hackers===
* [[Eric Corley]]
* [[Przemysław Frasunek]]
* [[Raphael Gray]]
* [[Barnaby Jack]]
* [[Kevin Mitnick]]
* [[Robert Tappan Morris]]
* [[Kevin Poulsen]]

==See also==
* [[Certified Ethical Hacker]]
* [[:Category:Computer hacking|Computer hacking]] (category)
* [[IT risk]]
* [[Wireless identity theft]]

==References==
{{reflist}}

{{DEFAULTSORT:White Hat (Computer Security)}}
[[Category:Hacking (computer security)]]

[[ja:ハッカー#類語]]