Read the given information below the dotted lines and attempt to answer these qu
ID: 2080918 • Letter: R
Question
Read the given information below the dotted lines and attempt to answer these questions: ¥ How would you define Hacker, Cracker, Pen Tester? ¥ What rules are the key to differentiating these categories? ¥ Would you hire a Hacker as a Pen Tester? Why or why not? Also, please consider commenting on at least one other student's response. ------------- Important Terms For our purposes, we will use the following terms ... Hacking: exploring the functions and limits, both intended and unintended, of a [computing] system. Cracking: an unauthorized attempt to circumvent security controls or break into a computer organisation's computing systems. The goals for this activity include financial gain, information, and notoriety. Crackers have no [external] time or technology constraints imposed on their actions. Penetration Testing: an authorized attempt to circumvent controls or break into an organisation's computing systems. The goal for this activity is to prove a system's vulnerability in order to identify areas for improvement. There are normally limits placed on the time and methods used in such testing. Pen tests may be performed in-house or by contracting with a specialized service provider. Why perform penetration tests? Organisations may be required to by a governing body or industry organisation. NIST SP800-53 (CA-8, for High System only) requires an independent team perform regular assessments. Reference: NIST SP800-53r4 FFIEC requires annual tests performed by an independent team. Reference: FFIEC IT Examination Materials Payment card industry's PCI-DSS certification requires annual tests by "qualified internal resource" as well as tests after any "significant infrastructure or application change." PCI-DSS Penetration Testing Guidance Reference: PCD-DSS v3.2 Standard But Why? Vulnerability assessments can identify potential weaknesses in an organisation's computer systems. Penetration tests, on the other hand, are used to demonstrate the potential impact to the organisation's current information through these vulnerabilities. What data can be accessed by unauthorized individuals? How can it be accessed? By knowing the answers to these two questions, we can make better choices about how to protect our information assets. Reflect: What are the rules for attackers? Consider the differences between hacking (as we define it) and penetration testing? What, if any, are the rules that apply in each type of activity? Take some time to consider this, then go to the Penetration Testing Forum in Moodle and share your thoughts. Types of Penetration Tests Not only must you decide what you wish to test - applications, infrastructure, people - but you must decide on how much information about the target(s) you will provide to the testers. ¥ Return to Moodle and watch the VoiceThread on Penetration testing (so that you are automatically logged in). ¥ You can find the VoiceThread under In-Class Activities/4 - Penetration Testing. Next Class ¥ Two ISA presentations (yay teams!). Remember to view their materials, posted in the ISA Forum. Wireless networking - See the Class Prep Forum for more details. Remember: Take some time to reflect on the rules that govern hackers, crackers, and penetration testers. Be sure to share your thoughts in the Moodle Penetration Testing Forum.
Explanation / Answer
So basically you want to know what is the difference between a hacker, cracker and a penetration tester?
Basically hacking means unauthorized use of computing resources. In general, hacking is synonymous to gifted programmer. That means, hackers are very good programmers in the first place. In modern terminology, hackers are essentially ethical hackers hired by some organization. First, they hack a system and find the loopholes. They think like real computer criminals and then they try to provide some technique so that those loopholes can be removed.
On the other hands, crackers are bad counterpart of the hackers. They also have immense knowledge in computer programming and they are also experts in finding out the vulnarabilities in computer networks. But they break in a computer security, steal data, credit card information and sometimes they also demand ransom in order to give back your data. They are then called Phishers.
Hope the difference between hacker and cracker is clear. Now lets move to the difference between hacker and pen tester:
Essentially, hackers are the super set of penetration testers. The comparison is given below:
Penetration testing is conducted by a specific team who checks the security vulnaribilities of the entire computer system of the organization. In other words, penetration testing targets the hiring organization's computer security system to check the security standard.
Hackers on the otherhand, checks all the loop holes of the organization and not only that, they also implement techniques needed to make sure that the flaws are protected.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.