Three Different Shades Of Ethical Hacking: Black, White And Gray - Airbus Case Study
- 12th Jun, 2019
- 13:41 PM
In the current prime aspect of hackers is related to cybercrime which is done by three methods such as black, white and grey hackers. The ethical hackers are utilising their knowledge and skills to measure the security on the computer. Hacking is not an illegal thing; it breaks down the security of computer software and hardware with permission of the owner. Organizations are recruiting hackers in their business to secure data or information about the company. There are two types of hackers which are law breaking hacker and motivational hacker. The black hackers are done for financial gain, and white hackers do it for security by permission of owner and grey hackers are a mix of both black and white and report to the owner after hacking system without their consent. Hackings are the criminal aspect; however the same is applied within the organisation for the future safeguarding aspects of Airbus.
The Airbus organisation viewed ethical hacking for their organisation to secure crime. Nowadays it is common in newspaper and internet that are also giving about criminal activity which suffered by Airbus organisation. According to the Behera & Dash (2015), hackers attack without knowledge of management about various information on the computer-based level. The crime increases due to a growth of internet networks. Airbus resolves it through taking SANS Ethical Hacking white box centre and reduces crime of their company. SANS Ethical Hacking institute takes permission to the management of Airbus organisation for collecting information and data of company and employees. It is done for the security of data and information of Airbus that not to be spread outside. Ethical hackers are using their skills and knowledge in the legal environment.
The current digital era has out looked at the process of hacking as one of the vital cyber threats that the firm can face in the process of losing the most confidential data in front of the peers. The past few days it the process of hacking has not been taken seriously in the process of sustainable development within the organisation. As per the opinion of Gupta & Anand (2017), it has been noticed that white box model of ethical hacking is used as the most popular hacking model that is used in the process of ethical hacking. It has been notified that with the process of applying the white box ethical hacking modelling helps in the organisation to identify the existing code and market penetration sting. As per the opinion of Miller (2017), the penetration tester is used in the process of white box hacking to identify the vulnerabilities of the penetrating markets of the organisation by patching the infrastructural layouts. With this process of applying this cheap and fast process of ethical hacking Airbus can able to trace the record regarding the market penetration process in the process of competing with its most suitable and close peer namely, Boeing (Airbus.com, 2018).
Airbus faces lots of problems due to hackers because they hacked personal information of the company and their employees and took fees on behalf of giving the data. As opined by Satapathy & Patra (2015), ethical hacker develops a plan to resolve the issue in future that handling by them with taking permission from an owner of the company. In the current scenario, ethical hackers are aware of problems present in an organisation and suggest installing security solution on their system. The management of Airbus requires to the belief of their employees that network security in their organisation is kept so that their data and information controlled by legal hackers. Network resources of the client are more safety for the ethical hacker on the penetration of the organisation. According to the Al-Zadjali (2016), there are different types of hackers which solve or create the problem for Airbus which is listed as the black box, white box and grey box. The black box used by Airbus at the time of business penetration with their competitor, Boeing.
The annual report of Airbus shows that in its target statement the firm has committed an investment amounted to $12 billion for developing the superjumbo (or, A380) (Airbus.com, 2018). At this time application of white box, model is more important at the time of competing with Boeing for developing the superjumbo. On the contrary to the same Artino, Driessen & Maggio (2018), commented that application of black box model of hacking is more critical for the organisation in the process of managing the workforce management of the organisation. In the current annual report of the company shows that in the recent times Airbus is facing a prime issue regarding the managerial structure, the same has witnessed that in spite of having a better remuneration structure and winning the world-class staff benefits firm is facing the administrative issues. This is the reason for which the theory and concept of ethical hacking modelling identify the application of black box is most relevant for Airbus.
The ethical hackers aim to promote security to the companies by hacking. It is also equally important to ask ethical hackers, especially by SANS. Likewise, Airbus has also applied an ethical hacking to get the information about the project. As stated by Forlano & Jungnickel (2015) the ethical hacker is considered to be a security expert appointed by the Airbus to specialise in testing for penetration of software systems and computer. These ethical hackers are also known as the White hacker. Moreover, SANS is a trusted institute and the most significant source of information to certification in cybersecurity training around the world. The three attack models implemented by Airbus are Black, White and Gray box. One of the attack method used by the ethical hacker is the approach of a White box. As opined by Lewis & Westlund (2015) the team of ethical hacking of White box has ample of information for a penetration test, so that there remain fewer variables. The primary objective of using White Box method is that it is twofold with money and time in comparison to the mode of Black Box. The black box follows stochastic approach for performing its functions. It signifies that there is the number of variables that can be utilised by the Airbus rather than choosing other criteria. As mentioned by Fox (2017) Moreover, there are five phases of test for the Black box such as initial reconnaissance, gaining access, enumeration, privilege escalation and service determination. Among the aspects initial surveillance is extremely important for the attack.
The attackers of Black box try to look at the services of the open network which are readily available for possible exploitation. Ethical hacker sometimes may use the approach of the White box as it is a deterministic plan for attack as compared to Black box. As opined by Rusconi et al. (2016) the three main groups that are necessary for obtaining the information through white box approach are upper management, human resources along with legal department and management of technical support. Every group provide with different viewpoint and expertise for the team. These groups act as a framework for the process of attack. Everything in the organisation begins with the upper management since they not only create policy but also create a vision for the company. As stated by Lewis & Westlund (2015) it provides a clear understanding of existing security policies to penetration team that affected the organisation. Management of technical support is considered to be critical planners for penetration attack. It is a primary source for the team to acquire the information to map its network and enumerate it. Technical support act as watchdogs while testing the process as they have to arbitrate during the process while testing. The department of human resource also provides with useful insights for the Airbus. They are considered to be the good source for making decisions. As opined by Fox (2017), the approach of Gray box is essential for the hybrid model attack. It incorporates both the elements of the White box and Black box.
Airbus is facing the main issues with the process of management. There were other relevant problems faced by the Airbus which can be monitored and rectified. Moreover, Airbus should apply the Black box as it concentrates more on operational constraints that are placed by the hacking team. Airbus can follow the process of market penetration to compete with the close and sustainable peer, Boeing (Airbus.com, 2018). Through the model of the Black box, it makes Airbus the management process more efficient. From the annual report of Airbus, it has been seen that the company is facing significant problems regarding managerial structure as well as remuneration and staff benefits issues. To overcome these issues, the Airbus must adopt the model of the Black box as it is more relevant to solve the problems.
In the present era of the digital world, hacking has become one of the cybercrimes which could create a problem for the individual and the company. Through hacking, most of the confidential data are disclosed by the hackers. It has been observed that applying the ethical hacking model of the white box could help the organisation for identifying sting of market penetration and existing code. As opined by Lewis & Westlund (2015), penetration tester is used during the process of White box hacking for identifying the weak penetration markets.
Aiming to the completion of the above assignment has encouraged my in-depth knowledge regarding the importance of ethical hacking process for the enlargement of the organisation in its close future. The prior assignment has provided me with with the knowledge regarding the existing three varied types of ethical hacking model that is used within the organisation for the process of the further rise in the prospect of the organisation. Hacking the term itself identifies an act of unethical, but the prior assignment has provided me with a deep knowledge regarding the opposite meaning of a single terminology. As I have observed from the above assignment that despite having a good wage and remuneration structure in the organisation (here, Airbus) firm is facing the varied list of issues. From the above assignment, I have come to enrich my knowledge regarding the list of the issue including the managerial style and to keep pace with the peer's group.
I have noticed from the prior section that due to the absence of improvised and proper managerial skills and inconvenient business communication process has to lead to falling in the employee motivation level within Airbus. In addition to the same it has been notified that in order to meet the level of competition with the peer world (namely, Boeing) the application of white box ethical hacking modelling can be applied. The recommendation for applying the same type of hacking modelling is for identifying the market penetration process in the superjumbo market.
Ethical hacking is considered to promote cyber security for the organization by collecting the information from different sources. Likewise, Airbus has also adopted three models of hacking that are the White box, Black box and Gray box. Among these models Black box is considered to be more fruitful as it helps to overcome the main issues of market penetration of Airbus. Moreover, White and Gray's box are also considered to be important for identifying the testing process and other relevant issues. In the current digital world of technology hacking has become one of the main concerns for the organization to deal with. However, there are the certain legal act and government policies that restrict the hackers from doing offensive work. Through ethical hacking the organizational structure becomes more efficient with the help of the models. The ethical hacking aims to create awareness in the mind of cyber crime.
Al-Zadjali, B. M. (2016). Penetration Testing of Vulnerability in Android Linux Kernel Layer via an Open Network (Wi-Fi). International Journal of Computer Applications, 134(6).
Artino, A. R., Driessen, E. W., & Maggio, L. A. (2018). Ethical Shades of Gray: Questionable Research Practices in Health Professions Education. bioRxiv, 256982.
Behera, M. P. C., & Dash, M. C. (2015), Ethical Hacking: A Security Assessment Tool to Uncover Loopholes and Vulnerabilities in Network and to Ensure Protection to the System.
Gupta, A., & Anand, A. (2017). Ethical Hacking and Hacking Attacks. International Journal Of Engineering And Computer Science, 6(4).
Miller, A. (2017). An Examination of Modern Challenges in Maintaining HIPAA and HITECH Compliance.
Satapathy, S., & Patra, R. R. (2015). Ethical Hacking. International Journal of Scientific and Research Publications, 5(6).
Spiekermann-Hoff, S., Korunovska, J., & Langheinrich, M. (2018). Understanding Engineers' Drivers and Impediments for Ethical System Development: The Case of Privacy and Security Engineering.
Bolgan, S., Mosca, D., McLean, C. & Rusconi, E., 2016. Systemizers are better code-breakers: self-reported systemizing predicts code-breaking performance in expert hackers and naïve participants. Frontiers in human neuroscience, 10, p.229. [Online] Available at: https://www.frontiersin.org/articles/10.3389/fnhum.2016.00229/full viewed on 18th/03/2018
Forlano, L. & Jungnickel, K., 2015. Hacking Binaries/Hacking Hybrids: Understanding the Black/White Binary as a Socio-technical Practice. Ada: A Journal of Gender, New Media, and Technology, (6). [Online] Available at: https://adanewmedia.org/2015/01/issue6-forlano-jungnickel/ viewed on 12th/03/2018
Fox, S., 2017. Beyond AI: Multi-Intelligence (MI) Combining Natural and Artificial Intelligences in Hybrid Beings and Systems. Technologies, 5(3), p.38. [Online] Available at: http://www.mdpi.com/2227-7080/5/3/38/htm viewed on 15th/03/2018
Haug, C.J., 2015. Peer-review fraud—hacking the scientific publication process. New England Journal of Medicine, 373(25), pp.2393-2395. [Online] Available at: https://www.nejm.org/doi/full/10.1056/NEJMp1512330 viewed on 22nd/03/2018