Abstract: The state of security on the internet is bad and getting worse. With the emerge and adoption of technologies such as cloud computing, virtualization, or IT outsourcing, enterprises now face a lot of security threats and their security processes, policies, and architectures should be adjusted accordingly. Out of all the options available to help customers to achieve this goal, organizations must understand the importance of ethical hacking services. Ethical Hacking increases security protection by identifying and patching known security vulnerabilities on systems owned by other parties. So, Ethical hacking is an assessment to test and check an information technology environment for possible weak links and vulnerabilities.
Ethical hacking describes the process of hacking a network in an ethical way, therefore with good intentions. This paper throws light on what is ethical hacking, some of its tools which can be used for ethical hacking and comparative study between them.
Keywords: Vulnerabilities, Hacker and Port.
1. Introduction :
Hacking is the practice of modifying the features of a system, in order to accomplish a goal outside of the creator's original purpose. The person who is consistently engaging in hacking activities, and has accepted hacking as a lifestyle and philosophy of their choice, is called a hacker.
Computer Hacking is the most popular form of hacking nowadays, especially in the field of computer security.
Ethical hacking is an identical activity which aims to find and rectify the weakness in a system. Ethical Hacker is the person who punches back the illegal attacks on the computer systems. He is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit.
An ethical hack's results is a detailed report of the findings as well as a testimony that a hacker with a certain amount of time and skills is or isn't able to successfully attack a system or get access to certain information. Ethical hacking can be categorized as a security assessment, a kind of training, a test for the security of an information technology environment. An ethical hack shows the risks an information technology environment is facing and actions can be taken to reduce certain risks or to accept them.
2. Tools used for Ethical Hacking:
Automatic tools has changed the world of penetration testing/ethical hacking, IT security researcher has been developed and currently developing different tools to make the test fast, reliable and easy. Just consider the world without automatic tools; you can easily say that the hacking process is slow and time consuming.
2.1. Scanning Tools:
 The Scanning tools are quite helpful in the ethical hacking process. In technical detail, a scanner sends a message requesting to open a connection with a computer on a particular port. (A port is an interface where different layers of software exchanges information). The computer has an option of ignoring the message, responding negatively to the message, or opening a session. Ignoring the message is the safest since if there are no open services it may be hard for a cracker to determine if a computer exists. Once a port scan reveals the existence of an open service, a cracker can attack known vulnerabilities. Once a cracker scans all computers on a network and creates a network map showing what computers are running, what operating systems and what services are available, almost any kind of attack is possible including automated scripting program attacks and social engineered attacks.
Nessus is the world most famous vulnerability scanner, Nessus has been developed by Tenable network security, and it is available for free of cost for non-enterprise environment. It is a vulnerability scanner, a program that looks for security bugs in software. There is a freely available open source version which runs on UNIX. Tenable Security has also recently released a commercial version for Windows called Newt.
It can detect vulnerabilities like:
' Misconfiguration or unpatched services.
' Default passwords and common passwords, in general weak passwords.
' Available vulnerabilities on the system.
lynx-source http://install.nessus.org | sh
One of the very powerful features of Nessus is its client server technology. Servers can be placed at various strategic points on a network allowing tests to be conducted from various points of view. A central client or multiple distributed clients can control all the servers. The server portion will run on most any flavor of UNIX. It even runs on MAC OS X and IBM/AIX, but Linux tends to make the installation simpler. Clients are available for both Windows and UNIX. The Nessus server performs the actual testing while the client provides configuration and reporting functionality.
Nessus server installation is fairly simple. First an installed version of UNIX is required. Secondly, prior installation of several external programs is recommended: NMAP is the industry standard for port scanners, Hydra is a weak password tester and Nikto is a cgi/.script checker. While not required, these external programs greatly enhance Nessus' scanning ability. They are included because they are the best applications in their class. If installed in the PATH$ before Nessus installation, they will automatically be available.
The simplest installation method is using the Lynx automatic install. Lynx is included on many of the Linux versions. The Lynx command is (logged in as a user and not root):
Once the server is installed, some basic setup steps are required. The first task to complete in the new install is to add a user. A new user can be added by the "nessus-adduser" command. The script will question you for the authentication method. Authentication can be performed by several means; however a password is the simplest and is recommended.
More than 100 websites have been scanned using Nessus. The figure below depicts the results obtained for Hebron website.
Figure: Vulnerability details for Hebron website using Nessus
It shows total 29 vulnerabilities for this particular website- 0 Critical, 1 High, 3 Medium, 2 Low and 23 Informal. The range of either being high, medium, low or informal type is also given. For instance, FTP privileged port bounce scan is belongs to high category ranging to 7.5 with its plugin ID given as 10081. The report generated provides the description for all the vulnerabilities that occurred in the scanning process with its appropriate solution.
2.1.2 ETTER CAP
Ettercap is an open-source tool written by Alberto Ornaghi and Marco Valleri. Ettercap is described by its authors as 'a multipurpose sniffer/interceptor/logger for switched LANs.' Since it incorporates a variety of features necessary for working in switched environments, ettercap has evolved into a powerful tool that allows the user to launch several different types of manin-the-middle attacks. In addition, ettercap makes available many separate classic attacks and reconnaissance techniques within its interface. Ettercap is a versatile network manipulation tool. It uses its ability to easily perform man-in-the-middle (MITM) attacks in a switched LAN environment as the launch pad for many of its other functions. Once ettercap has inserted itself in the middle of a switched connection, it can capture and examine all communication between the two victim hosts, and subsequently take advantage of these other features:
' Character injection: Insert arbitrary characters into a live connection in either direction, emulating commands sent from the client or replies sent by the server
' Packet filtering: Automatically filter the TCP or UDP payload of packets in a live connection by searching for an arbitrary ASCII or hexadecimal string, and replacing it with your own string, or simply dropping the filtered packet.
' Automatic password collection for many common network protocols: The Active Dissector component automatically recognizes and extracts pertinent information from many protocols including TELNET, FTP, POP3, RLOGIN, SSH1, ICQ, SMB, MySQL, HTTP, NNTP, X11, NAPSTER, IRC, RIP, BGP, SOCKS 5, IMAP 4, VNC, LDAP, NFS, and SNMP
' SSH1 support: Capture username, password, and the data of an SSH1 connection
' HTTPS support: Insertion into an HTTP SSL session, as long as a false certificate is accepted by the user
' PPTP suite: Perform man-in-the-middle attacks against PPTP tunnels
' Kill any connection: View and kill arbitrary active connections.
OpenVAS is a versatile and powerful vulnerability scanner. The tool was originally designed as an open-source vulnerability assessment tool called Nessus. OpenVAS has highly customizable scans, but comes with a set of preconfigured scans, which are adequate for most purposes.
According to OpenVAS website ' The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.'
 Its components are :
' Scanner: Executes the actual Network Vulnerability Tests (NVTs) via Open-VAS NVT Feed
' Administrator: Command line tool or as a full service daemon offering the OpenVAS Administration Protocol(OAP)
' Greenbone Security Assistant(GSA): Web service offering a user interface for web browsers
' Greenbone Security Desktop (GSD): Qt-based desktop client for OpenVAS Management Protocol (OMP)
' Command Line Interface (CLI): Command line tool which allows batch process creation to drive OpenVAS Manager
' Libraries: Aggregated shared functionality
' The most significant new features:
' Report Format Plug-in Framework
' Master-Slave mode
' Improved Scanner.
' The extended OMP of OpenVAS Manager makes several new features consistently available to all of its clients
2.2. Password cracking tools:
Password cracking does not have to involve fancy tools, but it is a tedious process. If the target doesn't lock you out after a specific number of tries, you can spend an infinite amount of time trying every combination of alphanumeric characters. It's just a question of time and bandwidth before you break into a system.
Brutus is one of the most popular remote online password cracking tools. It claims to be the fastest and most flexible password cracking tool.
 Brutus version AET2 is the current release and includes the following authentication types:
' HTTP (Basic Authentication)
' HTTP (HTML Form/CGI)
BRUTUS utilizes a management module, or Adaptive Critic, providing the user with a comprehensive analyzing tool for pseudo real-time detection of behavior changes. We provide details of the systems architecture of the individual components and the common framework within which they operate.
Most of the options in the user interface are pretty self explanatory. At the top, there are fields for you to input the IP address of the system that you are trying to crack, and the port number. There are also a couple of slide bars that allow you to choose how many simultaneous connections you want to make to the remote host and what the timeout period is for a non responding connection. Both of these options are already set to optimum values and should not be changed under most circumstances.
This tool has not been updated for many years. Still, it can be useful.
2.2.2 OBI WAN
Obi Wan stands for Operation burning insecure Web server against Netscape. Obi Wan is written to carry out brute force security testing on Web servers. The idea behind this is web servers with simple challenge-response authentication mechanism mostly have no switches to set up intruder lockout or delay timings for wrong passwords. In fact this is the point to start from. Every user with a HTTP connection to a host with basic authentication can try username-password combinations as long as he/she likes.
Like other programs for UNIX systems passwords (crack) or NT passwords (l0phtcrack) Obi Wan uses wordlists and alternations of numeric or alpha-numeric characters as possible passwords. Since Web servers allow unlimited requests it is a question of time and bandwidth to break in a server system .The most interesting targets are web based administration front ends like Netscapes Server Administration. If you can break in, you are able to create accounts, stop the server and modify its content.
It is a Web password cracking tool that can work through a proxy. Obi Wan uses wordlists and alternations of numeric or alpha-numeric characters as possible passwords.
2.3 Port Scanning tools
Port scanning is one of the most common reconnaissance techniques used by testers to discover the vulnerabilities in the services listening at well-known ports. Once you've identified the IP address of a target system through foot printing, you can begin the process of port scanning: looking for holes in the system through which you -- or a malicious intruder -- can gain access. A typical system has 2^16 -1 port numbers, each with its own TCP and UDP port that can be used to gain access if unprotected. The most popular port scanner for Linux, Nmap, is also available for Windows. Nmap can scan a system in variety of stealth modes, depending upon how undetectable you want to be. Nmap can determine a lot of information about a target, like what hosts are available, what services are offered and what OS is running.
NMAP (" Network Mapper ") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).; Nmap is free software, available with full source code under the terms of the GNU GPL.
Nmap features include:
' Host discovery ' Identifying hosts on a network. For example, listing the hosts that respond to pings or have a particular port open.
' Port scanning' Enumerating the open ports on target hosts.
' Version detection ' Interrogating network services on remote devices to determine application name and version number.
' OS detection ' Determining the operating system and hardware characteristics of network devices.
' Scriptable interaction with the target ' using Nmap Scripting Engine (NSE) and Lua programming language.
Nmap can provide further information on targets, including reverse DNS names, device types, and MAC addresses.
Typical uses of Nmap:
' Auditing the security of a device by identifying the network connections which can be made to it.
' Identifying open ports on a target host in preparation for auditing.
' Network inventory, network mapping, and maintenance and asset management.
' Auditing the security of a network by identifying new servers.
Nmap is a tool that can be used to discover services running on Internet connected systems. Like any tool it could potentially be used for black hat hacking, as a precursor to attempts to gain unauthorized access to computer systems. Nmap is more often used by security and systems administration to assess networks for vulnerabilities.
System administrators can use Nmap to search for unauthorized servers, or for computers that do not conform to security standards.
Nmap is related to vulnerability assessment tools such as Nessus, which test for common vulnerabilities in open ports. The included NSE scripts that are packaged with modern versions of Nmap are able to perform vulnerability checks against discovered services.
A number of various sites have been scanned using NMAP. The figure below depicts the results obtained after scanning RTU website.
Figure 1 shows the basic details of RTU website including the IP address, number of total ports available, number of open ports discovered, performing RPCGrind scan and much more other relevant details. It outlays the host details of RTU website which includes the host status that depicts the number of total ports scanned, number of open ports available, number of filtered ports. It shows IPv4 address of the website ;IPv6 and MAC address are not available for this website. Further, the type of operating system used and its accuracy of being correct is also illustrated. In this case, types of operating system detected may be Microsoft Windows Vista Home Premium SPI, Windows 7or Server2008. The accuracy with which this result has been obtained is 92% approximately.
It also shows the list of open ports on RTU website. It depicts the port number, protocol used on that port, its state of being open or closed or filtered, type of service provided on that port and the version details. For instance, port 21 is in open state where TCP protocol is used and the service provided is FTP.
2.4 Vulnerability scanning tools
Vulnerability is a flaw in a system, device, or application that, if leveraged by an attacker, could impact the security of the system. Exploits take advantage of vulnerability by compromising or destructing the vulnerable system, device, or application. Remediation is the process of repairing or providing a remedy for vulnerability, thereby eliminating the risk of being exploited. Vulnerability scanning is used to identify and evaluate the security posture of a network. Historically, scanners were developed for specific purposes such as scanning only Windows desktops, applications, or network devices.
A Vulnerability scanner allows you to connect to a target system and check for such vulnerabilities as configuration errors. A popular vulnerability scanner is the freely available open source tool Nessus. Nessus is an extremely powerful scanner that can be configured to run a variety of scans. While a windows graphical front end is available, the core Nessus product requires Linux to run. Microsoft's Baseline Security Analyser is a free Windows vulnerability scanner. MBSA can be used to detect security configuration errors on local computers or remotely across a network. Popular commercial vulnerability scanners include Retina Network Security Scanner, which runs on Windows, and SAINT, which runs on various Unix/Linux versions.
In general, a vulnerability scanner is made up of four main modules, namely, a Scan Engine, a Scan Database, a Report Module and a User Interface.
The Scan Engine executes security checks according to its installed plug-ins, identifying system information and vulnerabilities. It can scan more than one host at a time and compares the results against known vulnerabilities.
2. The Scan Database stores vulnerability information, scan results, and other data used by scanner. The number of available plug-ins, and the updating frequency of plug-ins will vary depending on the corresponding vendor. Each plug-in might contain not only the test case itself, but also a vulnerability description, a Common Vulnerabilities and Exposures (CVE) identifier; and even fixing instructions for a detected vulnerability. Scanners with an "auto-update" feature can download and install the latest set of plug-ins to the database automatically.
3. The Report Module provides different levels of reports on the scan results, such as detailed technical reports with suggested remedies for system administrators, summary reports for security managers, and high-level graph and trend reports for executives.
4. The User Interface allows the administrator to operate the scanner. It may be either a Graphical User Interface (GUI), or just a command line interface.
2.4.1 Microsoft Baseline Security Analyzer
The Microsoft Baseline Security Analyzer, or MBSA, is a simple, easy-to-use application that helps determine the security state of Windows-based computers against Microsoft's recommendations. MBSA can detect common security mis-configurations and missing security updates for Windows and other related Microsoft software.
The MBSA provides built-in checks to determine if Windows administrative vulnerabilities are present, if weak passwords are being used on Windows accounts, the presence of known IIS and SQL administrative vulnerabilities, and which security updates are required on each individual system. The MBSA provides dynamic assessment of missing security updates. The MBSA can scan one or more computers by domain, IP address range or other grouping. Once complete, the MBSA provides a detailed report and instructions on how to help turn your system into a more secure working environment. The MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML.
The three main options for utilizing MBSA are Scan A Computer, Scan Multiple Computers, and View Existing Security Scan Reports.
When you want to scan a single host (whether a remote node or your own computer), choose Scan A Computer and you will be shown the interface below.
When you initiate a scan, MBSA attempts to connect to the Internet to download the latest signatures and definitions from Microsoft.com.
After the download completes, the scan runs. When it's finished the results are displayed and you are given the option to print a report or save it to the clipboard.
Later on you can view this scan report again by choosing View Existing Security Scan Reports from the main MBSA interface.
A completed scan report groups its findings into categories matching the options in the scan menu, such as administrative vulnerabilities, SQL Server status and security updates. This is helpful in quickly resolving any issues discovered. The top of the report indicates which of three data sources were used, including Microsoft Update (the live service), Windows Server Update Services (a managing WSUS server) or Microsoft Update offline (when no other data source was available). It will also display the actual WSUS server used (if appropriate) and the date of the offline catalog. If an MBSA scan report is older than 7 days, the report will also indicate that a new scan should be performed to ensure an up-to-date security assessment.
2.4.2 SAINT scanner
SAINT (System Administrator's Integrated Network Tool) is computer software used for scanning computer networks for security vulnerabilities, and exploiting found vulnerabilities. The SAINT scanner screens every live system on a network for TCP and UDP services. For each service it finds running, it launches a set of probes designed to detect anything that could allow an attacker to gain unauthorized access, create a denial-of-service, or gain sensitive information about the network.
SAINT provides support to The Security Content Automation Protocol (SCAP) specification as an Unauthenticated Vulnerability Scanner and Authenticated Vulnerability and Patch Scanner. SAINT is also an approved scanning vendor with the Payment Card Industry (PCI).
The Four Steps of a SAINT Scan:
' Step 1 ' SAINT screens every live system on a network for TCP and UDP services.
' Step 2 ' For each service it finds running, it launches a set of probes designed to detect anything that could allow an attacker to gain unauthorized access, create a denial-of-service, or gain sensitive information about the network.
' Step 3 ' The scanner checks for vulnerabilities.
' Step 4 ' When vulnerabilities are detected, the results are categorized in several ways, allowing customers to target the data they find most useful.
SAINT can group vulnerabilities according to severity, type, or count. It can also provide information about a particular host or group of hosts. SAINT describes each of the vulnerabilities it locates; references Common Vulnerabilities & Exposures (CVE), CERT advisories, and IAVA (Information Assurance Vulnerability Alerts); and describes ways to correct the vulnerabilities. In many cases, the SAINT scanner provides links to patches or new software versions that will eliminate the detected vulnerabilities. SAINT offers heterogeneous scanning that identifies vulnerabilities across operating systems, desktop applications, network devices, Web applications, databases, and more.
2.4.3 RETINA scanner
Retina's function is to scan all the hosts on a network and report on any vulnerability found. Retina Network Security Scanner is the most sophisticated vulnerability assessment solution on the market. Available as a standalone application or as part of the Retina CS unified vulnerability management platform, Retina Security Scanner enables you to efficiently identify IT exposures and prioritize remediation enterprise-wide. Retina Network Security Scanner, the industry's most mature and effective vulnerability scanning technology, identifies the vulnerabilities ' missing patches, configuration weaknesses, and industry best practices - to protect an organization's IT assets. Retina provides cost-effective security risk assessment, as well as enables security best practices, policy enforcement, and regulatory audits.
Retina Network Security Scanner is used to proactively guard the network against intrusion by regularly testing the integrity of the network to uncover and fix potential security weaknesses. This award winning Security Scanner is designed to work in conjunction with the existing systems, networks, security packages, databases, and user interfaces.
3. Comparison of Tools
3.1 Nessus Vs OpenVAS
'  Nessus is one of the most popular and capable vulnerability scanners, particularly for UNIX systems. It was initially free and open source, but they closed the source code in 2005 and removed the free "Registered Feed" version in 2008. It now costs $1,200 per year, which still beats many of its competitors whereas OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after that tool went proprietary in 2005.
' Nessus is constantly updated, with more than 46,000 plug-in but for OpenVAS the project seemed dead for a while, but development has restarted.
' Nessus plug in count is 42,493 whereas OpenVAS plug in count is 20,961 (49% of Nessus)
A comparison test was conducted to compare results of scanning various servers (Windows and Linux/Unix) in production environment by both mentioned vulnerability scanners and to determine which vulnerabilities are missed by any of those tools in order to improve them.
In this different servers are scanned in production environment, several switches, Wi-Fi access point and print servers. This testing environment included both Windows and Linux servers in various functions such as DNS servers, mail servers, web servers etc. These servers are all used on daily basis for academic and research purposes, hosting projects and other purposes. Both, OpenVAS and Nessus, scans were executed in two similar configurations:
1. Default configuration with all plugins and safe checks option enabled
2. Default configuration with all plugins enabled and safe checks option disabled
By default configuration initial Global Settings in OpenVAS Client, and initial Default Scan Policy in Nessus Client. Ness* => scan with safe checks option enabled
Ness =>scan without safe checks option enabled
OVAS* => OpenVAS scan with safe checks option enabled
OVAS => OpenVAS scan without safe checks option enable
Scanning results show that Nessus scanner still reports much more vulnerabilities than OpenVAS.
Scan Percentage (all vuln.)
Table: Testing efficiency
3.2 Nmap Vs Nessus
As the Open Source movement became popular, in network security field .Nmap was released in 1997 and Nessus released in 1998 both was open source. Nessus became proprietary in 2005 although for personal use this product is still free.
As per as use Nmap use is concern, it is very helpful in
' Find the status of host (up or down)
' Find the open ports on a particular hosts
' OS and its version on hosts (windows xp or Linux?)
' Presence of firewall
' List of network services running on host
Nessus can do almost all which Nmap do, other than that Nessus can find CVE(Common Vulnerability Exposures) using its plug in. Nessus should be used in you have following security needs
' Security audit
' Vulnerability Scanning and analysis
' Sensitive data discovery
' Open port scanner (like Nmap)
' Asset & Process profiling
Comparative view of the vulnerabilities detected by the scanners
Vulnerabilities Nmap Nessus
SQL injection ' '
Improper error management ' '
Cross site Scripting ' '
Rogue Servers ' '
Denial of Service ' '
Remote Code Execution '
Format String Identifier '
3.3 NESSUS v/s RETINA v/s SAINT
The comparison between the three is done on the basis of four criteria:-
1. Mapping- Network mapping is a critical first step in any network security project.
2. Vulnerability analysis- The vulnerabilities these scanners can detect
3. Data management- Large networks generate hundreds, if not thousands, of records of network map and vulnerability information. We evaluated how these tools let network managers sort, sift and report on all that data--and how hard they have to work to do it.
4. Performance- tools on large networks
The first task of a vulnerability analyzer is to discover what's on the network, and what it's running. In addition to discovering systems and services, we tested each product's ability to spot services running on nonstandard ports, and what OSes were running on each system.
' Nessus offers the best control, with six port-scanning techniques, from simple ping to SNMP discovery to actually trying a TCP connection. Nessus did a good job of identifying services on nonstandard ports, but as with many open-source products, it was inconsistent on quality control.
' Retina allows you to scan a host even if it doesn't respond to ping packets. Retina and SAINT did well in most cases, but both had major functional flaws. Retina reported hundreds of nonexistent TCP and UDP services. Retina identified all of the services we had stashed on nonstandard ports, but didn't follow through as it sometimes cannot detect the server running on the same ports in a relay.
' SAINT generally did an excellent job, even finding some services that the others missed. However, its internal database was confused by a DNS trap we laid for it, and one system couldn't be scanned or reported on by IP number or DNS name. It also performed poorly on a Windows system with many simultaneous Web servers, missing not only the nonstandard ones, but one running on port 80 as well. SAINT failed to flag any TCP/IP network services on nonstandard ports.
The core of VA products is their engine. Each of the engines had problems both with false positives (a vulnerability reported which was not actually there) and false negatives (failing to report a known problem).
' Nessus (see screen, below) performed best overall.
' Retina, SAINT missed a lot of problems on all the servers and systems tested, but had a fairly low false positive rate.
Data Management Data management is vital, especially if you plan to scan your network more than once.
None of tools stood out for their data management capabilities.
' SAINT does a poor job integrating the results of scans, their configuration and some repeatable way to run the same scan.
' Nessus itself doesn't have a data management tool.
' The Windows-based GUI on Retina doesn't have a lot of data management features, but it's one of the best to give an overview on a system-by-system basis of the problems found in vulnerability analysis. Unfortunately, Retina only allows you to look at your results on a system-by-system basis.
Product name SAINT NESSUS RETINA
Pricing Expensive Open-source Cost effective
Platform Linux/solaris Unix/windows Windows
Network mapping Name-to-address problems kept it from working well Could be more accurate Generally excellent when worked, but create problems sometimes
Vulnerability testing Missed some critical problems Good balance
Excellent unix coverage Didn't do well on non-standard ports
Data management Few tools to help network admin Nice data management Excellent overview of the problems found
Reporting Weak reporting overall Good selection of reports Good report selection
performance Had to break up scans into pieces Scanned in appropriate length of time Fast, but did not always run to completion
This paper addressed ethical hacking from several perspectives. Ethical hacking seems to be a new buzz word although the techniques and ideas of testing security by attacking an installation aren't new at all. But, with the present poor security on the internet, ethical hacking may be the most effective way to plug security holes and prevent intrusions. On the other hand ethical hacking tools have also been notorious tools for crackers. So, at present the tactical objective is to stay one step ahead of the crackers. Ethical Hacking is a tool, which if properly utilized, can prove useful for understanding the weaknesses of a network and how they might be exploited. After all, ethical hacking will play a certain role in the security assessment offerings and certainly has earned its place among other security assessments. In conclusion, it must be said that the ethical hacker is an educator who seeks to enlighten not only the customer, but also the security industry as a whole. In an effort to accomplish this, let us welcome the Ethical Hacker into our ranks as a partner in this quest.
 Vol. 2, Issue 12, December 2013
ETHICAL HACKING: A TECHNIQUE TO
ENHANCE INFORMATION SECURITY
Gurpreet K. Juneja.
 OpenVAS. 'open vulnerability assessment system'. http://www.openvas.org/about.html and http://www.openvas.org/aboutsoftware.
html. [Accessed on March 2014].
 Security Assessment via Penetration Testing: A
Network and System Administrator's Approach
Network and System Administration
Oslo University College
June 4, 2012
 http://www.darknet.org.uk/2006/09/brutus-password-cracker-download-brutus-aet2zip-aet2/ [Accessed on March 2104]
 http://sectools.org/tag/vuln-scanners/ [Accessed on April 2014]
 http://rageweb.info/2011/04/13/openvas-vs-tenable-nessus/ [Accessed on April 2014]
 BRUTUS - A Hybrid Detection Tool.
P.Burge, J.Shawe-Taylor, Y.Moreau, H.Verrelst, C.Stoermann, P.Gosset.