Scribd
Upload
11 views

ch06

Ethical hackers are employed to perform penetration tests, legally attempting to identify vulnerabilities in a company's network while providing reports on their findings. They operate with the owner's permission, unlike illegal hackers who access systems without authorization. Ethical hackers must be aware of legal boundaries and the tools they use, as laws regarding cyber activities can vary by location.

Uploaded by

upipersonal8465
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
11 views

ch06

Ethical hackers are employed to perform penetration tests, legally attempting to identify vulnerabilities in a company's network while providing reports on their findings. They operate with the owner's permission, unlike illegal hackers who access systems without authorization. Ethical hackers must be aware of legal boundaries and the tools they use, as laws regarding cyber activities can vary by location.

Uploaded by

upipersonal8465
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 21

Ethical Hacking

 Describe the role of an ethical hacker


 Describewhat you can do legally as
an ethical hacker
 Describe what you cannot do as an
ethical hacker

Hands-On Ethical Hacking and Network Defense 2


 Ethical hackers
 Employed by companies to perform penetration tests
 Penetration test
 Legal attempt to break into a company’s network to
find its weakest link
 Tester only reports findings, does not solve problems
 Security test
 More than an attempt to break in; also includes
analyzing company’s security policy and procedures
 Tester offers solutions to secure or protect the
network

Hands-On Ethical Hacking and Network Defense 3


 Hackers
 Access computer system or network without
authorization
 Breaks the law; can go to prison

 Crackers
 Break into systems to steal or destroy data
 U.S. Department of Justice calls both hackers

 Ethical hacker
 Performs most of the same activities but with owner’s
permission
Hands-On Ethical Hacking and Network Defense 4
 Script kiddies or packet monkeys
 Young inexperienced hackers
 Copy codes and techniques from knowledgeable
hackers
 Experienced penetration testers write programs
or scripts using these languages
 Practical Extraction and Report Language (Perl), C,
C++, Python, JavaScript, Visual Basic, SQL, and
many others
 Script
 Set of instructions that runs in sequence

Hands-On Ethical Hacking and Network Defense 5


 Thisclass alone won’t make you a
hacker, or an expert
 It might make you a script kiddie
 It usually takes years of study and
experience to earn respect in the
hacker community
 It’s a hobby, a lifestyle, and an
attitude
 A drive to figure out how things work

Hands-On Ethical Hacking and Network Defense 6


 Tiger box
 Collection of OSs and hacking tools
 Usually on a laptop
 Helps penetration testers and security
testers conduct vulnerabilities
assessments and attacks

Hands-On Ethical Hacking and Network Defense 7


 White box model
 Tester is told everything about the
network topology and technology
 Network diagram

 Tester is authorized to interview IT


personnel and company employees
 Makes tester’s job a little easier

Hands-On Ethical Hacking and Network Defense 8


 From ratemynetworkdiagram.com (Link Ch 1g)

Hands-On Ethical Hacking and Network Defense 9


Hands-On Ethical Hacking and Network Defense 10
 Black box model
 Company staff does not know about the
test
 Tester is not given details about the
network
▪ Burden is on the tester to find these details
 Tests if security personnel are able to
detect an attack
Hands-On Ethical Hacking and Network Defense 11
 Gray box model
 Hybrid of the white and black box
models
 Company gives tester partial
information

Hands-On Ethical Hacking and Network Defense 12


13
 SysAdmin, Audit, Network, Security (SANS)
 Offers certifications through Global
Information Assurance Certification (GIAC)
 Top 20 list
 One of the most popular SANS Institute
documents
 Details the most common network exploits
 Suggests ways of correcting vulnerabilities
 Web site
 www.sans.org (links Ch 1i & Ch 1j)
Hands-On Ethical Hacking and Network Defense 14
 Laws involving technology change as
rapidly as technology itself
 Find what is legal for you locally
 Laws change from place to place
 Be aware of what is allowed and what
is not allowed

Hands-On Ethical Hacking and Network Defense 15


 Tools
on your computer might be illegal to
possess
 Contact local law enforcement agencies
before installing hacking tools
 Written words are open to interpretation
 Governments are getting more serious
about punishment for cybercrimes

Hands-On Ethical Hacking and Network Defense 16


 Federalcomputer crime laws are
getting more specific
 Cover cybercrimes and intellectual
property issues
 Computer Hacking and Intellectual
Property (CHIP)
 New government branch to address
cybercrimes and intellectual property
issues
Hands-On Ethical Hacking and Network Defense 17
Hands-On Ethical Hacking and Network Defense 18
 Accessinga computer without
permission is illegal
 Other illegal actions
 Installing worms or viruses
 Denial of Service attacks
 Denying users access to network resources
 Becareful your actions do not prevent
customers from doing their jobs

Hands-On Ethical Hacking and Network Defense 19


 Using a contract is just good business
 Contracts may be useful in court
 Bookson working as an independent
contractor
 The Computer Consultant’s Guide by Janet Ruhl
 Getting Started in Computer Consulting by Peter
Meyer
 Internet can also be a useful resource
 Havean attorney read over your contract
before sending or signing it
Hands-On Ethical Hacking and Network Defense 20
 What it takes to be a security tester
 Knowledge of network and computer
technology
 Ability to communicate with
management and IT personnel
 Understanding of the laws
 Ability to use necessary tools

Hands-On Ethical Hacking and Network Defense 21

You might also like