An ethical hacker (also known as a white hat hacker) is the ultimate security professional. Ethical hackers know how to find and exploit vulnerabilities and weaknesses in various systems—just like a malicious hacker (or a black hat hacker). In fact, they both use the same skills; however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to break in.
An ethical hacker’s role is similar to that of a penetration tester, but it involves broader duties. They break into systems legally and ethically. This is the primary difference between ethical hackers and real hackers—the legality.
Apart from testing duties, ethical hackers are associated with other responsibilities. The main idea is to replicate a malicious hacker at work and instead of exploiting the vulnerabilities for malicious purposes, seek countermeasures to shore up the system’s defenses. An ethical hacker might employ all or some of these strategies to penetrate a system:
- Scanning ports and seeking vulnerabilities: An ethical hacker uses port scanning tools like Nmap or Nessus to scan one’s own systems and find open ports. The vulnerabilities with each of the ports can be studied and remedial measures can be taken.
- An ethical hacker will examine patch installations and make sure that they cannot be exploited.
- The ethical hacker may engage in social engineering concepts like dumpster diving—rummaging through trash bins for passwords, charts, sticky notes, or anything with crucial information that can be used to generate an attack.