Ethical Hacking Compared to Penetration Testing?

Viewing 10 reply threads
  • Author
    Posts
    • #5902
      angila
      Participant

      I just began studying for the CEH v5 and finished reading module 1 of the official courseware. As I was doing the exercises at the end of the module, I stumbled upon a question where I had to pause and think for minute. The question that I was referring is question #5: What are the similarities and differences between Ethical Hacking and Penetration Testing? I know that Vulnerability assessment and Pentesting are use interchangeably, however they have their differences. Vulnerability assessment is when you test a target for known vulnerabilities whereas Penetration Testing is use to conduct the actual exploitation based on the information obtained from the former test. But what is Ethical Hacking when compared to Penetration testing? The following is the information I found so far:

    • #36979
      BillV
      Participant

      It’s just a bad question and won’t be on the test. It would take your imagination and some creativity to come up with an answer to it as there’s really no technical difference, it all be in how you want to define the terms.

      What are you using to study? I ask because you mention v5 but I don’t think the v5 exam is available any longer. The v6 courseware has been out for a while and they’re working on getting the v7 release out.

    • #36980
      Don Donzal
      Keymaster

      Many define these in different ways, but let me share my thoughts.

      1. Vulnerability Assessment and Pen Testing should NOT be used interchangeably. VA finds where you might be vulnerable like with password policies or unpatched services. Pen Testing is actually hitting those vulns.

      2. I view Ethical Hacking as a general term for a wide range of topics that include network pen testing, web app pen testing, forensics, wireless, social engineering, etc. All are forms of hacking and we want to make sure that all of them are done with permission and in an ethical manner.

      What do you EH-Netters think? Agree? Disagree?

      Hope this helps,
      Don

    • #36981
      caissyd
      Participant

      I agree with Don, “Penetration Testing” is a subset of “Ethical Hacking”.

      You have hardware hacking, people hacking (social engineering), software hacking (exploit development), web application hacking (web app pen test), network and server hacking (pen test), wireless hacking, etc.

      Hacking in general could be legal (ethical) or illegal.

      To me, in a nutshell, ethical means that all the parties involved are fully aware of the hack being performed. To me “parties” include owners of the network, servers, application and data. This doesn’t mean you warn Microsoft before pen testing a Windows environment, but make sure the owner or the person responsible of this environment understand what you will be doing. This means written permission and all that comes with it (Non disclosure agreement, methodology, rules of engagement, etc).

      Alternatively, you work in your own lab.

      Just about everything else is illegal, hence not ethical.

      Personally, I don’t get any pride or glory in hacking my neighbour’s wireless access point. But downloading a vulnerable VM image and hack my way into it in my lab is very rewarding (and much, much harder!). The same goes from pen testing a web application and downloading the entire database. It is legal, your client is happy and you are happy. In addition, you can add it to your resume!

    • #36982
      tturner
      Participant

      In my opinion ethical hacking is exploiting the system in an ethical way whereas penetration testing takes it a step farther and uses the output from ethical hacking and creates a useful report for the target organization. This process includes all the piece parts of a quality pentest report and real value add for the business by identifying where the verified vulnerabilities create risk scenarios for the business and why and from what vectors as well as the real world impact of a threat exploiting that vulnerability.

      Ethical hacking is a subset of penetration testing and does not provide that level of value to business by itself but is more about achieving the level of understanding of the target asset/process necessary to deliver quality pentest results. I also don’t feel that ethical hacking includes the security analysis skills required to draw the necessary conclusions outside the very narrow scope of that target system being exploited that a good penetration tester will from good critical security thinking processes. I’d be interested in how others define these as I see many people use these terms interchangeably but I just don’t agree that they are the same.

    • #36983
      Don Donzal
      Keymaster

      Hey tturner,

      If someone describes themself as a hacker or says that they hack things, we would most likely ask for more info… is it hardware hacking, computer hacking, human hacking, etc.

      Most of us would agree that ‘hacking’ is more than just exploiting a system. Therefore, ‘ethical hacking’ is much more than just exploiting a system with permission.

      So I think my definition would fit that thought process better than yours.

      But I do love a good debate. 😉

      What r your thoughts,
      Don

    • #36984
      sil
      Participant

      @don wrote:

      If someone describes themself as a hacker or says that they hack things, we would most likely ask for more info

      I try to stay away from butchers. I’m usually scared of people with blades hacking away at slabs of meat

    • #36985
      maxpeck
      Participant

      …Its the people hacking behind me that make me nervous. I don’t want to hear ‘cough, cough’ and then feel ‘splat’ on the back of my head.  🙁
      With all the condo commandos that live around me its always a possibility…

      MP

    • #36986
      tturner
      Participant

      @don wrote:

      Hey tturner,

      If someone describes themself as a hacker or says that they hack things, we would most likely ask for more info… is it hardware hacking, computer hacking, human hacking, etc.

      Most of us would agree that ‘hacking’ is more than just exploiting a system. Therefore, ‘ethical hacking’ is much more than just exploiting a system with permission.

      So I think my definition would fit that thought process better than yours.

      I have always defined hacking as “An interaction with something with the intent to make it do something it was not designed or intended for” Hacking is just that interaction point and any activities that support those activities. That includes recon, scanning, etc. Writing up a report that correlates technology to business risk is not typically associated with hacking and is only associated with ethical hacking because EC-Council made a cert and called it that. This is one of my pet peeves in security, not just this but all the ways in which we completely confuse security jargon because of vendors incorrectly marketing products. Take privacy and confidentiality for instance. How many security professionals really know the difference? There is one.

      Penetration testing is supported by ethical hacking activities but it is not the same thing.

    • #36987
      Don Donzal
      Keymaster

      I agree with you and the marketing of CEH (Certified Ethical Hacker). But I disagree completely with your time frame. IBM and many others were using the term ethical hacking long before EC-Council used the term in the name of their cert. I like to cite things, so here you go.

      In a paper written by IBMer Charles C. Palmer in 2001, he states:

      “In the case of computer security, these “tiger teams” or “ethical hackers”
      (3) would employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information.”

      The 3 in that statement is the footnote which reads:

      “The first use of the term “ethical hackers” appears to have been in an interview with John Patrick of IBM by Gary Anthens that appeared in a June 1995 issue of ComputerWorld.”

      Don

    • #36988
      tturner
      Participant

      I did not mean to state that EC-Council created the term, simply that todays definition of what it means stems largely from their marketing efforts. The article you posted was a good read, thanks for the link Don. It did mention that these ethical hackers reported on vulnerabilities and developed remediation plans, but it is my stipulation that a good penetration tester goes a step farther and correlates the verified vulnerabilities to business risk. Without a compelling reason to resolve the vulnerability, there is little incentive to do so. You have to show the impact.

      There is no authority on this subject currently that can clearly define these terms for us. That’s just my personal definition. I’m fine if you disagree but that doesn’t change my opinion. 🙂 I will contend that I usually don’t include a remediation plan within my definition of ethical hacker either, but IBM clearly did.

Viewing 10 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?