4. Introduction to Ethical Hacking
ā¢ Ethical hackers
ā« Employed by companies to perform penetration tests
ā¢ Penetration test
ā« Legal attempt to break into a companyās network to
find its weakest link
ā« Tester only reports findings
ā¢ Security test
ā« More than an attempt to break in; also includes
analyzing companyās security policy and procedures
ā« Tester offers solutions to secure or protect the network
5. The Role of Security and Penetration
Testers
ā¢ Hackers
ā« Access computer system or network without
authorization
ā« Breaks the law; can go to prison
ā¢ Crackers
ā« Break into systems to steal or destroy data
ā« U.S. Department of Justice calls both hackers
ā¢ Ethical hacker
ā« Performs most of the same activities but with
ownerās permission
6. Penetration-Testing Methodologies
ā¢ White box model
ā« Tester is told everything about the network topology
and technology
ā« Tester is authorized to interview IT personnel and
company employees
ā« Makes tester job a little easier
ā¢ Black box model
ā« Company staff does not know about the test
ā« Tester is not given details about the network
ļ Burden is on the tester to find these details
ā« Tests if security personnel are able to detect an attack
ā¢ Gray box model
ā« Hybrid of the white and black box models
ā« Company gives tester partial information
7. Ethical Hacking in a Nutshell
ā¢ What it takes to be a security tester
ā« Knowledge of network and computer technology
ā« Ability to communicate with management and IT
personnel
ā« Understanding of the laws
ā« Ability to use necessary tools