SlideShare a Scribd company logo

CNIT 123 Ch 1: Ethical Hacking Overview

Sam Bowne
Sam Bowne

Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610. Instructor: Sam Bowne Class website: https://samsclass.info/123/123_S17.shtml

Education
1 of 30
Download to read offline
Chapter 1 Ethical Hacking Overview Last modified 1-11-17
Hands-On Ethical Hacking and Network Defense 2 Describe the role of an ethical hacker Describe what you can do legally as an ethical hacker Describe what you cannot do as an ethical hacker
Hands-On Ethical Hacking and Network Defense 4 Ethical hackers ▪ Employed by companies to perform penetration tests Penetration test ▪ Legal attempt to break into a company’s network to find its weakest link ▪ Tester only reports findings, does not solve problems Security test ▪ More than an attempt to break in; also includes analyzing company’s security policy and procedures ▪ Tester offers solutions to secure or protect the network
Hands-On Ethical Hacking and Network Defense 5 Hackers ▪ Access computer system or network without authorization ▪ Breaks the law; can go to prison Crackers ▪ Break into systems to steal or destroy data ▪ U.S. Department of Justice calls both hackers Ethical hacker ▪ Performs most of the same activities but with owner’s permission
Hands-On Ethical Hacking and Network Defense 6 Script kiddies or packet monkeys ▪ Young inexperienced hackers ▪ Copy codes and techniques from knowledgeable hackers Experienced penetration testers write programs or scripts using these languages ▪ Practical Extraction and Report Language (Perl), C, C++, Python, JavaScript,Visual Basic, SQL, and many others Script ▪ Set of instructions that runs in sequence
This class alone won’t make you a hacker, or an expert ▪ It might make you a script kiddie It usually takes years of study and experience to earn respect in the hacker community It’s a hobby, a lifestyle, and an attitude ▪ A drive to figure out how things work Hands-On Ethical Hacking and Network Defense 7
Hands-On Ethical Hacking and Network Defense 8 Tiger box ▪ Collection of OSs and hacking tools ▪ Usually on a laptop ▪ Helps penetration testers and security testers conduct vulnerabilities assessments and attacks
Hands-On Ethical Hacking and Network Defense 9 White box model ▪ Tester is told everything about the network topology and technology ▪ Network diagram ▪ Tester is authorized to interview IT personnel and company employees ▪ Makes tester’s job a little easier
Hands-On Ethical Hacking and Network Defense 10 Black box model ▪ Company staff does not know about the test ▪ Tester is not given details about the network ▪ Burden is on the tester to find these details ▪ Tests if security personnel are able to detect an attack
Hands-On Ethical Hacking and Network Defense 11 Gray box model ▪ Hybrid of the white and black box models ▪ Company gives tester partial information
Hands-On Ethical Hacking and Network Defense 13 Basics: ▪ CompTIA Security+ (CNIT 120) ▪ Network+ (CNIT 106 or 201)
14 CNIT 123: Ethical Hacking and Network Defense CNIT 124:Advanced Ethical Hacking
15 Issued by the International Information Systems Security Certifications Consortium (ISC2) ▪ Usually more concerned with policies and procedures than technical details CNIT 125: Information Security Professional Practices Web site: www.isc2.org
Hands-On Ethical Hacking and Network Defense 16 SysAdmin,Audit, Network, Security (SANS) Offers certifications through Global Information Assurance Certification (GIAC) Top 20 list ▪ One of the most popular SANS Institute documents ▪ Details the most common network exploits ▪ Suggests ways of correcting vulnerabilities Web site ▪ www.sans.org (links Ch 1i & Ch 1j)
Hands-On Ethical Hacking and Network Defense 18 Laws involving technology change as rapidly as technology itself Find what is legal for you locally ▪ Laws change from place to place Be aware of what is allowed and what is not allowed
Hands-On Ethical Hacking and Network Defense 19 Tools on your computer might be illegal to possess Contact local law enforcement agencies before installing hacking tools Written words are open to interpretation Governments are getting more serious about punishment for cybercrimes
Hands-On Ethical Hacking and Network Defense 20 Some states deem it legal Not always the case Federal Government does not see it as a violation ▪ Allows each state to address it separately Read your ISP’s “Acceptable Use Policy” IRC “bots” may be forbidden ▪ Program that sends automatic responses to users ▪ Gives the appearance of a person being present
Hands-On Ethical Hacking and Network Defense 21 www.ccsf.edu/Policy/policy.shtml (link Ch 1k)
Hands-On Ethical Hacking and Network Defense 22 Federal computer crime laws are getting more specific ▪ Cover cybercrimes and intellectual property issues Computer Hacking and Intellectual Property (CHIP) ▪ New government branch to address cybercrimes and intellectual property issues
Hands-On Ethical Hacking and Network Defense 23
Hands-On Ethical Hacking and Network Defense 24 Accessing a computer without permission is illegal Other illegal actions ▪ Installing worms or viruses ▪ Denial of Service attacks ▪ Denying users access to network resources Be careful your actions do not prevent customers from doing their jobs
Hands-On Ethical Hacking and Network Defense 25 Using a contract is just good business Contracts may be useful in court Books on working as an independent contractor ▪ The Computer Consultant’s Guide by Janet Ruhl ▪ Getting Started in Computer Consulting by Peter Meyer Internet can also be a useful resource Have an attorney read over your contract before sending or signing it
Hands-On Ethical Hacking and Network Defense 26 What it takes to be a security tester ▪ Knowledge of network and computer technology ▪ Ability to communicate with management and IT personnel ▪ Understanding of the laws ▪ Ability to use necessary tools
27
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking Overview

Recommended

Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksSam Bowne
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
 

Recommended

Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksSam Bowne
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware AnalysisAndrew McNicol
 
Footprinting and reconnaissance
Footprinting and reconnaissanceFootprinting and reconnaissance
Footprinting and reconnaissanceNishaYadav177
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Sam Bowne
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Simplilearn
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printingCHETAN THAKRE
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection PresentationMustafash79
 
Ch 10: Hacking Web Servers
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web ServersSam Bowne
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hackingSunny Sundeep
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewSam Bowne
 
CEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertCEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertjmbrrvgzhr
 

More Related Content

What's hot

Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing RomSoft SRL
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Sam Bowne
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Simplilearn
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printingCHETAN THAKRE
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection PresentationMustafash79
 
Ch 10: Hacking Web Servers
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web ServersSam Bowne
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hackingSunny Sundeep
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and AnalysisPrashant Chopra
 

What's hot (20)

Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
Ethical Hacking Certifications | Certified Ethical Hacker | Ethical Hacking |...
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printing
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printing
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
 
Ch 10: Hacking Web Servers
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web Servers
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hacking
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
What is pentest
What is pentestWhat is pentest
What is pentest
 

Similar to CNIT 123 Ch 1: Ethical Hacking Overview

CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewSam Bowne
 
CEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertCEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertjmbrrvgzhr
 
Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Rishab garg
 
The Role of Security and Penetration Testers
The Role of Security and Penetration TestersThe Role of Security and Penetration Testers
The Role of Security and Penetration Testersyasirabdullah15
 
Foot printing and Reconnaissance Techniques
Foot printing and Reconnaissance TechniquesFoot printing and Reconnaissance Techniques
Foot printing and Reconnaissance Techniquesyasirabdullah15
 
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEthical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEric Vanderburg
 
Ethical hacking: Safeguarding your digital world.
Ethical hacking: Safeguarding your digital world.Ethical hacking: Safeguarding your digital world.
Ethical hacking: Safeguarding your digital world.Cetpa Infotech
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.Teri Radichel
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.rizwanshafique4321
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02PacSecJP
 
Cyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowCyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowkCura_Relativity
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxL12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxtalhajann43
 

Similar to CNIT 123 Ch 1: Ethical Hacking Overview (20)

CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
 
CEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertCEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expert
 
Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Ethical Hacking and Network Defense
Ethical Hacking and Network Defense
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
The Role of Security and Penetration Testers
The Role of Security and Penetration TestersThe Role of Security and Penetration Testers
The Role of Security and Penetration Testers
 
Foot printing and Reconnaissance Techniques
Foot printing and Reconnaissance TechniquesFoot printing and Reconnaissance Techniques
Foot printing and Reconnaissance Techniques
 
Ch01
Ch01Ch01
Ch01
 
Ch01
Ch01Ch01
Ch01
 
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEthical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking: Safeguarding your digital world.
Ethical hacking: Safeguarding your digital world.Ethical hacking: Safeguarding your digital world.
Ethical hacking: Safeguarding your digital world.
 
hacking
hackinghacking
hacking
 
CRI Retail Cyber Threats
CRI Retail Cyber ThreatsCRI Retail Cyber Threats
CRI Retail Cyber Threats
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.The Threat Is Real. Protect Yourself.
The Threat Is Real. Protect Yourself.
 
Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.Computer Security and their social effect and their usage.
Computer Security and their social effect and their usage.
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
 
Cyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowCyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to Know
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
L12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptxL12. Digital Forensics BS.pptx
L12. Digital Forensics BS.pptx
 

More from Sam Bowne

3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities Sam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the ApplicationSam Bowne
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)Sam Bowne
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic CurvesSam Bowne
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-HellmanSam Bowne
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1Sam Bowne
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android ApplicationsSam Bowne
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard ProblemsSam Bowne
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis MethodologySam Bowne
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated EncryptionSam Bowne
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)Sam Bowne
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)Sam Bowne
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream CiphersSam Bowne
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data CollectionSam Bowne
 

More from Sam Bowne (20)

Cyberwar
CyberwarCyberwar
Cyberwar
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
 
10 RSA
10 RSA10 RSA
10 RSA
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection
 

Recently uploaded

Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 

Recently uploaded (20)

Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 

CNIT 123 Ch 1: Ethical Hacking Overview

  • 1. Chapter 1 Ethical Hacking Overview Last modified 1-11-17
  • 2. Hands-On Ethical Hacking and Network Defense 2 Describe the role of an ethical hacker Describe what you can do legally as an ethical hacker Describe what you cannot do as an ethical hacker
  • 3.
  • 4. Hands-On Ethical Hacking and Network Defense 4 Ethical hackers ▪ Employed by companies to perform penetration tests Penetration test ▪ Legal attempt to break into a company’s network to find its weakest link ▪ Tester only reports findings, does not solve problems Security test ▪ More than an attempt to break in; also includes analyzing company’s security policy and procedures ▪ Tester offers solutions to secure or protect the network
  • 5. Hands-On Ethical Hacking and Network Defense 5 Hackers ▪ Access computer system or network without authorization ▪ Breaks the law; can go to prison Crackers ▪ Break into systems to steal or destroy data ▪ U.S. Department of Justice calls both hackers Ethical hacker ▪ Performs most of the same activities but with owner’s permission
  • 6. Hands-On Ethical Hacking and Network Defense 6 Script kiddies or packet monkeys ▪ Young inexperienced hackers ▪ Copy codes and techniques from knowledgeable hackers Experienced penetration testers write programs or scripts using these languages ▪ Practical Extraction and Report Language (Perl), C, C++, Python, JavaScript,Visual Basic, SQL, and many others Script ▪ Set of instructions that runs in sequence
  • 7. This class alone won’t make you a hacker, or an expert ▪ It might make you a script kiddie It usually takes years of study and experience to earn respect in the hacker community It’s a hobby, a lifestyle, and an attitude ▪ A drive to figure out how things work Hands-On Ethical Hacking and Network Defense 7
  • 8. Hands-On Ethical Hacking and Network Defense 8 Tiger box ▪ Collection of OSs and hacking tools ▪ Usually on a laptop ▪ Helps penetration testers and security testers conduct vulnerabilities assessments and attacks
  • 9. Hands-On Ethical Hacking and Network Defense 9 White box model ▪ Tester is told everything about the network topology and technology ▪ Network diagram ▪ Tester is authorized to interview IT personnel and company employees ▪ Makes tester’s job a little easier
  • 10. Hands-On Ethical Hacking and Network Defense 10 Black box model ▪ Company staff does not know about the test ▪ Tester is not given details about the network ▪ Burden is on the tester to find these details ▪ Tests if security personnel are able to detect an attack
  • 11. Hands-On Ethical Hacking and Network Defense 11 Gray box model ▪ Hybrid of the white and black box models ▪ Company gives tester partial information
  • 12.
  • 13. Hands-On Ethical Hacking and Network Defense 13 Basics: ▪ CompTIA Security+ (CNIT 120) ▪ Network+ (CNIT 106 or 201)
  • 14. 14 CNIT 123: Ethical Hacking and Network Defense CNIT 124:Advanced Ethical Hacking
  • 15. 15 Issued by the International Information Systems Security Certifications Consortium (ISC2) ▪ Usually more concerned with policies and procedures than technical details CNIT 125: Information Security Professional Practices Web site: www.isc2.org
  • 16. Hands-On Ethical Hacking and Network Defense 16 SysAdmin,Audit, Network, Security (SANS) Offers certifications through Global Information Assurance Certification (GIAC) Top 20 list ▪ One of the most popular SANS Institute documents ▪ Details the most common network exploits ▪ Suggests ways of correcting vulnerabilities Web site ▪ www.sans.org (links Ch 1i & Ch 1j)
  • 17.
  • 18. Hands-On Ethical Hacking and Network Defense 18 Laws involving technology change as rapidly as technology itself Find what is legal for you locally ▪ Laws change from place to place Be aware of what is allowed and what is not allowed
  • 19. Hands-On Ethical Hacking and Network Defense 19 Tools on your computer might be illegal to possess Contact local law enforcement agencies before installing hacking tools Written words are open to interpretation Governments are getting more serious about punishment for cybercrimes
  • 20. Hands-On Ethical Hacking and Network Defense 20 Some states deem it legal Not always the case Federal Government does not see it as a violation ▪ Allows each state to address it separately Read your ISP’s “Acceptable Use Policy” IRC “bots” may be forbidden ▪ Program that sends automatic responses to users ▪ Gives the appearance of a person being present
  • 21. Hands-On Ethical Hacking and Network Defense 21 www.ccsf.edu/Policy/policy.shtml (link Ch 1k)
  • 22. Hands-On Ethical Hacking and Network Defense 22 Federal computer crime laws are getting more specific ▪ Cover cybercrimes and intellectual property issues Computer Hacking and Intellectual Property (CHIP) ▪ New government branch to address cybercrimes and intellectual property issues
  • 23. Hands-On Ethical Hacking and Network Defense 23
  • 24. Hands-On Ethical Hacking and Network Defense 24 Accessing a computer without permission is illegal Other illegal actions ▪ Installing worms or viruses ▪ Denial of Service attacks ▪ Denying users access to network resources Be careful your actions do not prevent customers from doing their jobs
  • 25. Hands-On Ethical Hacking and Network Defense 25 Using a contract is just good business Contracts may be useful in court Books on working as an independent contractor ▪ The Computer Consultant’s Guide by Janet Ruhl ▪ Getting Started in Computer Consulting by Peter Meyer Internet can also be a useful resource Have an attorney read over your contract before sending or signing it
  • 26. Hands-On Ethical Hacking and Network Defense 26 What it takes to be a security tester ▪ Knowledge of network and computer technology ▪ Ability to communicate with management and IT personnel ▪ Understanding of the laws ▪ Ability to use necessary tools
  • 27. 27