A hacker accesses a computer system or network without the authorization of the
system’s owner. By doing so, a hacker is breaking the law and can go to prison.
Those who break into systems to steal or destroy data are often referred to as crackers; hackers might simply want to prove how vulnerable a system is by accessing the computer or network without destroying any data. For the purpose of this article, no
distinction is made between the terms “hackers” and “crackers.” The U.S. Department of Justice labels all illegal access to computer or network systems as “hacking,”
and that usage is followed in this article.
Some hackers are skillful computer experts, but others are younger, inexperienced people who experienced hackers refer to as script kiddies or packet monkeys. These disrespectful words refer to persons who copy code from skilled programmers instead of writing the code themselves. Many experienced penetration testers can write computer programs or scripts in Perl (Practical Extraction and Report Language, although it’s always referred to as “Perl”) or the C language to carry out network attacks. (A script is a set of instructions that run in sequence to perform tasks on a computer system.)
An Internet search on IT job recruiter sites for “penetration tester” produces hundreds of job announcements, many from Fortune 500 companies looking for experienced applicants. A typical ad might include the following requirements:
- Perform vulnerability, attack, and penetration assessments in Internet, intranet,
and wireless environments.and wireless environments.
- Perform discovery and scanning for open ports and services.
- Apply appropriate exploits to gain access and expand access as necessary.
- Participate in activities involving application penetration testing and application source code review.
- Interact with the client as required throughout the engagement.
- Produce reports documenting discoveries during the engagement.
- Debrief with the client at the conclusion of each engagement.
- Participate in research and provide recommendations for continuous improvement.
- Participate in knowledge sharing.
Penetration testers and security testers usually have a laptop computer configured
with multiple OSs and hacking tools. The online resources accompanying this article
contains the Linux OS and many tools needed to conduct actual network attacks.
This collection of tools for conducting vulnerability assessments and attacks is sometimes referred to as a “tiger box.” You can order tiger boxes on the Internet, but if
you want to gain more experience, you can install multiple OSs and security tools on
your own system. Learning how to install an OS isn’t covered in this article, but you
can find article on this topic easily. The procedure for installing security tools varies,
depending on the OS.