Sunday, February 27, 2011

Final Thoughts on Ethical Hacking Class

I cannot believe this class has come and gone already, wow. I think the biggest take away for me is how much there is to learn to be successful in this field. Also to qualify my four topics just a little I will say that I get a feeling there are people who have a genuine innate ability to do this and summon the wisdom to act in a legal ethical way. The two are not mutually exclusive. There is a risk of going over to the dark side if you are not grounded in strong moral fabric.
Now having said all of that I will lead off with my first of four elements. The broad availability of hacking tools on the internet which are merely a few clicks away is stunning. Like guns these tools can inflict real harm if placed in the wrong hands. Yet they are out there just as any other piece of software. Unlike guns you cannot fire a gun halfway around the world in a few seconds. The interconnectedness which make the Network of Networks possible also forms a pipeline for the bullet flying around the world. Personally I do not own a gun but the analogy seemed to fit.
Secondly, the PC as a canvas upon which you can construct any workable configuration is truly amazing. I love the computer for its non-judgemental qualities. I say that as a person who struggled with the Linux OS and through all of my confusion and trials the PC never passed judgment. I can imagine a young person who might be socially ackward would benefit from that type of interface to lay out their passions. They would seek affirmation from some (thing or one) and a PC either works or it does not. If it does work that might be the encouragement a young person needs if they are not getting it from a parent.
Thirdly, the rules by which a computer operates are not simple but they are fair. If you learn the rules to a PC you can begin to ascribe more value to some and not others. A protocol is a standard which a majority of some group of people had a hand in crafting. People are not perfect and their standards were defined in my TECH 140 book as the least level of acceptance a PC could operate in. I say that implying that if a person has other better ideas the PC that is not judgmental will work with those parameters also. This is where the wiggle room for bugs and flaws and security holes is created. How can I adjust this just enough to get by but not caught. Spoofing as a more general principal.
Finally, the cat in the equation of a cat and mouse game. We are cats learning to hunt. That is why we are here now. I think we need to be able to think in a way that is similar to the hacker but not in an illegal way. We must never lose sight of the line. When we use Nessus or Wireshark we bad better have permission and cover our legal flanks. Our desire to find the hacker will undoubtedly take us in some bad places in our non-judgemental environment too. I would caution all of my classmates to always act as though you screen is being streamed live on your local news feed. Remember who's side you are on.
As far as how my perceptions might have been altered i will say that I need to realize that the bad guys have the same tools as I do and are fighting by little if any code of ethics. I will keep that in mind and hope that i can employ some psychological tricks of my own to help level the playing field. The Honeypot is a great example of how greed and success starvation will lead an attacker right into a psychological trap. If they are willing to go there then they deserve to get caught.
I wish all of my classmates the best of luck and want to thank our instructor for her guidance and patience through this phase of our learning process.  

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.