Listening Script Vocabulary
(Section 3: You will hear a discussion between a tutor and a student. The discussion is about ethical hacking. First, you will have some time to look at questions 21 to 30 [20 seconds]. Listen carefully and answer questions 21 to 30.)
T: Right, Louisa, you were going to begin this week’s seminar for us with a summary of your reading of ethical hacking.
L: That’s right.
T: Great. Shall we start with a definition? How would you define ethical hacking?
L: Right. Well, we hear about hacking on the news all the time—from fake news to service attacks to data breaches. It seems like the bad guys are always causing trouble. And it’s true; the bad guys are doing all kinds of damage, from the annoying spam in your email inbox to the destructive cyber attacks that steal personal data—or worse. But there are good guys with the same skills, and they are the ethical hackers.
T: But what is ethical hacking, exactly?
L: An ethical hacker, also known as a white hat hacker, is the ultimate security professional. Ethical hackers know how to find and exploit vulnerabilities and weaknesses in various systems—just like a malicious hacker, or a black hat hacker. In fact, they both use the same skills; however, an ethical hacker uses those skills in a legitimate, lawful manner to try to find vulnerabilities and fix them before the bad guys can get there and try to break in.
An ethical hacker’s role is similar to that of a tester, but it involves broader duties. They break into systems legally and ethically. This is the primary difference between ethical hackers and real hackers—the legality.
T: Right. So it’s an individual who is usually employed by an organization, and who can be trusted to undertake an attempt to penetrate networks and/or computer systems using the same methods as a malicious hacker.
L: Exactly. The role of an ethical hacker is important since the bad guys will always be there, trying to find cracks, backdoors, and other secret ways to access data they shouldn’t. In fact, there’s even a professional certification for ethical hackers.
T: Apart from testing duties, do ethical hackers have other responsibilities?
L: The main idea is to replicate a malicious hacker at work and instead of exploiting the vulnerabilities for malicious purposes, seek countermeasures to shore up the system’s defences. An ethical hacker might employ some strategies to penetrate a system, like
scanning ports and seeking vulnerabilities. The vulnerabilities with each of the ports can then be studied and remedial measures can be taken. Another more unusual strategy is social engineering concepts like dumpster diving—rummaging through trash bins for passwords, charts, sticky notes, or anything with crucial information that can be used to generate an attack.
T: Wow. That’s an unusual job description!
L: Yes, and there are more! An ethical hacker may also employ other social engineering techniques like ‘shoulder surfing’ when they take a sneaky look over somebody’s shoulder and look at the password they’re typing onto the screen, for example. They might also play the kindness card to trick employees to part with their passwords.
T: I suppose that detecting how well the organization reacts to these and other tactics help test the strength of the security policy and security infrastructure.
L: Right. An ethical hacker attempts the same types of attacks as a malicious hacker would try—and then help organizations strengthen their defences. While some may argue that there is no such thing as a good hacker and all white hat hackers are actually bad hackers who have turned a new leaf, most people agree that the profession is here to stay. As with any profession, passion for the industry is one of the key aspects to success. This, combined with a good knowledge of networking and programming, will help a professional succeed in the ethical hacking field.
T: How much can an ethical hacker expect to make?
L: Well, that’s an interesting question …