Scribd
Upload
178 views31 pages

Chapter 1

The document describes the role of an ethical hacker, what they can legally do, and cannot do. It explains that ethical hackers are employed by companies to perform penetration tests and security tests to find vulnerabilities, and only report their findings to help secure networks. Meanwhile, illegal hackers access systems without authorization to steal or damage data.

Uploaded by

Bin Flan
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
178 views31 pages

Chapter 1

The document describes the role of an ethical hacker, what they can legally do, and cannot do. It explains that ethical hackers are employed by companies to perform penetration tests and security tests to find vulnerabilities, and only report their findings to help secure networks. Meanwhile, illegal hackers access systems without authorization to steal or damage data.

Uploaded by

Bin Flan
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

Chapter 1 Ethical Hacking Overview

Describe the role of an ethical hacker


Describe what you can do legally as an ethical hacker Describe what you cannot do as an ethical hacker

Hands-On Ethical Hacking and Network Defense

Ethical hackers
Employed by companies to perform penetration tests

Penetration test
Legal attempt to break into a companys network to find

its weakest link


Tester only reports findings, does not solve problems

Security test
More than an attempt to break in; also includes analyzing

companys security policy and procedures


Tester offers solutions to secure or protect the network
Hands-On Ethical Hacking and Network Defense 3

Hackers
Access computer system or network without authorization Breaks the law; can go to prison

Crackers
Break into systems to steal or destroy data

U.S. Department of Justice calls both hackers

Ethical hacker
Performs most of the same activities but with owners

permission
Hands-On Ethical Hacking and Network Defense 4

Script kiddies or packet monkeys


Young inexperienced hackers Copy codes and techniques from knowledgeable hackers

Experienced penetration testers write programs or scripts using these languages


Practical Extraction and Report Language (Perl), C, C++,

Python, JavaScript, Visual Basic, SQL, and many others

Script
Set of instructions that runs in sequence
Hands-On Ethical Hacking and Network Defense 5

This class alone wont make you a hacker, or an expert


It might make you a script kiddie

It usually takes years of study and experience to earn respect in the hacker community Its a hobby, a lifestyle, and an attitude
A drive to figure out how things work

Hands-On Ethical Hacking and Network Defense

Tiger box
Collection of OSs and hacking tools

Usually on a laptop
Helps penetration testers and security testers

conduct vulnerabilities assessments and attacks

Hands-On Ethical Hacking and Network Defense

White box model


Tester is told everything about the network

topology and technology


Network diagram

Tester is authorized to interview IT personnel and

company employees
Makes testers job a little easier
Hands-On Ethical Hacking and Network Defense 8

From ratemynetworkdiagram.com (Link Ch 1g)


Hands-On Ethical Hacking and Network Defense 9

Hands-On Ethical Hacking and Network Defense

10

Black box model


Company staff does not know about the test

Tester is not given details about the network


Burden is on the tester to find these details

Tests if security personnel are able to detect an

attack

Hands-On Ethical Hacking and Network Defense

11

Gray box model


Hybrid of the white and black box models Company gives tester partial information

Hands-On Ethical Hacking and Network Defense

12

Certification programs available in almost every area of network security


Basics:
CompTIA Security+ (CNIT 120) Network+ (CNIT 106 or 201)

Hands-On Ethical Hacking and Network Defense

13

CNIT is a Prometric Vue testing center


Certification tests are given in S214 CompTIA and Microsoft The next tests will be in the second week of April,

right after Spring Break


Email sbowne@ccsf.edu if you want to take a test

Hands-On Ethical Hacking and Network Defense

14

Is it good?

15

Designated by the Institute for Security and Open Methodologies (ISECOM)


Uses the Open Source Security Testing

Methodology Manual (OSSTMM)


Test is only offered in Connecticut and outside the

USA, as far as I can tell

16

Issued by the International Information Systems Security Certifications Consortium (ISC2) Usually more concerned with policies and procedures than technical details Web site
www.isc2.org
17

SysAdmin, Audit, Network, Security (SANS)


Offers certifications through Global Information Assurance Certification (GIAC)

Top 20 list
One of the most popular SANS Institute documents Details the most common network exploits Suggests ways of correcting vulnerabilities

Web site
www.sans.org
Hands-On Ethical Hacking and Network Defense 18

Laws involving technology change as rapidly as technology itself


Find what is legal for you locally
Laws change from place to place

Be aware of what is allowed and what is not allowed

Hands-On Ethical Hacking and Network Defense

19

Tools on your computer might be illegal to possess Contact local law enforcement agencies before installing hacking tools
Written words are open to interpretation Governments are getting more serious about punishment for cybercrimes
Hands-On Ethical Hacking and Network Defense 20

Hands-On Ethical Hacking and Network Defense

21

Some states deem it legal Not always the case Federal Government does not see it as a violation
Allows each state to address it separately

Read your ISPs Acceptable Use Policy


IRC bots may be forbidden
Program that sends automatic responses to users

Gives the appearance of a person being present


Hands-On Ethical Hacking and Network Defense 22

www.ccsf.edu/Policy/policy.shtml (link Ch 1k)


Hands-On Ethical Hacking and Network Defense 23

Federal computer crime laws are getting more specific


Cover cybercrimes and intellectual property issues

Computer Hacking and Intellectual Property (CHIP)


New government branch to address cybercrimes

and intellectual property issues

Hands-On Ethical Hacking and Network Defense

24

Hands-On Ethical Hacking and Network Defense

25

Accessing a computer without permission is illegal Other illegal actions


Installing worms or viruses
Denial of Service attacks

Denying users access to network resources

Be careful your actions do not prevent customers from doing their jobs
Hands-On Ethical Hacking and Network Defense 26

Ch 1l1: Lycos starts anti-spam screensaver plan: Dec 2, 2004 Ch 1l2: Lycos Pulls Anti-Spam 'Vigilante' Campaign -- Dec 3, 2004 Ch 1l3: Lycos's Spam Attack Network Dismantled -- Spammers sent the DOS packets back to Lycos -- Dec 6, 2004

Hands-On Ethical Hacking and Network Defense

27

Ch 1m: Blue Frog begins its "vigilante approach" to fight spam -- July, 2005 Ch 1n: Russian spammer fights back, claims to have stolen Blue Frog's database, sends threating email -- DOS attack in progress -May 2, 2006 Ch 1o: Blue Frog compromised and destroyed by attacks, urgent instructions to uninstall it, the owners have lost control -May 17, 2006
Hands-On Ethical Hacking and Network Defense 28

Ch 1p: Call for help creating distributed, open-source Blue Frog replacement -- May 17, 2006

Hands-On Ethical Hacking and Network Defense

29

Using a contract is just good business


Contracts may be useful in court Books on working as an independent contractor
The Computer Consultants Guide by Janet Ruhl Getting Started in Computer Consulting by Peter Meyer

Internet can also be a useful resource Have an attorney read over your contract before sending or signing it
Hands-On Ethical Hacking and Network Defense 30

What it takes to be a security tester


Knowledge of network and computer technology Ability to communicate with management and IT

personnel
Understanding of the laws

Ability to use necessary tools

Hands-On Ethical Hacking and Network Defense

31

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy