Explanation: It is unethical to use a computer to harm another computer user. It is not limited to physical injury. Manipulating or destroying files of other users is ethically wrong. Being involved in practices like hacking, spamming, phishing or cyber bullying does not conform to computer ethics. Explanation: Computer software can be used in ways that disturb other users or disrupt their work. Viruses, for example, are programs meant to harm useful computer programs or interfere with the normal functioning of a computer or delete files on a computer.
Malicious software can disrupt the functioning of computers in so many ways. It may overload computer memory through excessive consumption of computer resources, thus slowing its functioning. It may cause a computer to function wrongly or even stop working. Using malicious software to attack a computer is unethical.
There are exceptions to this. For example, spying is necessary and cannot be called unethical when it is done against illegitimate use of computers. For example, intelligence agencies working on cyber-crime cases need to spy on the internet activity of suspects. Simply put: Do not use computer technology to steal information. Explanation: Stealing sensitive information or leaking confidential information is as good as robbery.
It is wrong to acquire personal information of employees from an employee database or patient history from a hospital database or other such information that is meant to be confidential. Similarly, breaking into a bank account to collect information about the account or account holder is wrong. Illegal electronic transfer of funds is a type of fraud. Simply put: Do not contribute to the spread of misinformation using computer technology.
Explanation: Spread of information has become viral today, because of the Internet. This also means that false news or rumors can spread speedily through social networking sites or emails. Being involved in the circulation of incorrect information is unethical.
Mails and pop-ups are commonly used to spread the wrong information or give false alerts with the only intent of selling products. Simply put: Refrain from copying software or buying pirated copies. Pay for software unless it is free. Explanation: Like any other artistic or literary work, software is copyrighted. A piece of code is the original work of the individual who created it. It is copyrighted in his name. In case of a developer writing software for the organization he works for, the organization holds the copyright for it.
Copyright holds true unless its creators announce it is not. Obtaining illegal copies of copyrighted software is unethical. Explanation: Multi-user systems have user specific passwords. It is not ethical to hack passwords for gaining unauthorized access to a password-protected computer system. This applies to any creative work, program or design. Establishing ownership on a work which is not yours is ethically wrong.
Explanation: Looking at the social consequences that a program can have, describes a broader perspective of looking at technology. Identify the networks you intend to test.
Specify the testing interval. Specify the testing process. Develop a plan and share it with all stakeholders. Obtain approval of the plan. Share your plan. Socialize it with as many people as you can. I was just testing the controls of the system. You must get your permission in writing. This permission may represent the only thing standing between you and an ill-fitting black-and-white-striped suit and a lengthy stay in the Heartbreak Hotel.
The term ethical in this context means working professionally and with good conscience. You must do nothing that is not in the approved plan or that has been authorized after the approval of the plan.
As an ethical hacker, you are bound to confidentiality and non-disclosure of information you uncover, and that includes the security-testing results.
Everything you do as an ethical hacker must be aboveboard, and must sup- port the goals of the organization. You should notify the organization when- ever you change the testing plan, change the source test venue, or detect high-risk conditions — and before you run any new high-risk or high-traffic tests, as well as when any testing problems occur. Do not perform an ethical hack when your policy expressly forbids it — or when the law does.
In the previous commandment we talked about acting professionally. One hallmark of professionalism is keeping adequate records to support your findings. When keeping paper or electronic notes, do the following: Log all work performed. Record all information directly into your log. Keep a duplicate of your log. Document — and date — every test. Keep factual records and record all work, even when you think you were not successful. This record of your test design, outcome, and analysis is an important aspect of your work.
Your records will allow you to compile the information needed for a written or oral report. You should take care in compiling your records.
Be diligent in your work and your documentation. Treat the information you gather with the utmost respect. You must protect the secrecy of confidential or personal information. All information you obtain during your testing — for example, encryption keys or clear text passwords — must be kept private. Treat the information with the same care you would give to your own personal information. You try something, and it works, so you keep going.
Resist the urge to go too far — and stick to your original plan. Also, you must understand the nature of your tools. Far too often, people jump in and start using the tools shown in this book without truly understanding the full implications of the tool. They do not understand that setting up a monkey- in-the-middle attack, for example, creates a denial of service. Relax, take a deep breath, set your goals, plan your work, select your tools, and oh yeah read the documentation.
For our purposes, the scientific process has three steps: 1. Select a goal and develop your plan. Test your networks and systems to address your goals.
Persuade your organization to acknowledge your work. Your work should garner greater acceptance when you adopt an empirical method. Pick a goal that you can quantify: associating with ten access points, broken encryption keys or a file from an internal server.
Time-quantifiable goals, such as testing your systems to see how they stand up to three days of concerted attack, are also good.
0コメント