Ethical Hacking: Role, Legalities, and Models, Lecture notes of Compilers

An overview of ethical hacking, including the role of ethical hackers, what they can and cannot do legally, and different hacking models. It also discusses certification programs and laws related to ethical hacking.

Typology: Lecture notes

2020/2021

Uploaded on 04/29/2021

shabir-ahmad-5
shabir-ahmad-5 🇵🇰

4

(1)

6 documents

1 / 31

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Chapter 1
Ethical Hacking Overview
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f

Partial preview of the text

Download Ethical Hacking: Role, Legalities, and Models and more Lecture notes Compilers in PDF only on Docsity!

Chapter 1

Ethical Hacking Overview

Describe the role of an ethical hacker

Describe what you can do legally as

an ethical hacker

Describe what you cannot do as an

ethical hacker

 (^) Hackers

 Access computer system or network without
authorization
 Breaks the law; can go to prison

 (^) Crackers

 Break into systems to steal or destroy data
 U.S. Department of Justice calls both hackers

 (^) Ethical hacker

 Performs most of the same activities but with owner’s
permission

 Script kiddies or packet monkeys

 (^) Young inexperienced hackers  (^) Copy codes and techniques from knowledgeable hackers

 Experienced penetration testers write programs

or scripts using these languages

 (^) Practical Extraction and Report Language (Perl), C, C++, Python, JavaScript, Visual Basic, SQL, and many others

 Script

 (^) Set of instructions that runs in sequence

Tiger box

 (^) Collection of OSs and hacking tools  (^) Usually on a laptop  (^) Helps penetration testers and security testers conduct vulnerabilities assessments and attacks

White box model

 (^) Tester is told everything about the network topology and technology

 Network diagram

 (^) Tester is authorized to interview IT personnel and company employees  (^) Makes tester’s job a little easier

Black box model  (^) Company staff does not know about the test  (^) Tester is not given details about the network ▪ (^) Burden is on the tester to find these details  (^) Tests if security personnel are able to detect an attack

Certification programs available in almost every area of network security  Basics:

 CompTIA Security+ (CNIT 120)

 Network+ (CNIT 106 or 201)

CNIT is a Prometric Vue testing

center

 (^) Certification tests are given in S  (^) CompTIA and Microsoft  (^) The next tests will be in the second week of April, right after Spring Break  (^) Email [email protected] if you want to take a test

16

Designated by the Institute for

Security and Open Methodologies

(ISECOM)

 (^) Uses the Open Source Security Testing Methodology Manual (OSSTMM)  (^) Test is only offered in Connecticut and outside the USA, as far as I can tell

▪ See links Ch 1f and Ch 1h on my Web page

17 Issued by the International Information Systems Security Certifications Consortium (ISC^2 )  Usually more concerned with policies and procedures than technical details  Web site

 www.isc2.org

Laws involving technology change as

rapidly as technology itself

Find what is legal for you locally

 (^) Laws change from place to place

Be aware of what is allowed and what

is not allowed

Tools on your computer might be illegal to possess  Contact local law enforcement agencies before installing hacking tools  Written words are open to interpretation  Governments are getting more serious about punishment for cybercrimes