chapter 1 ethical hacking overview. objectives after reading this chapter and completing the...
Post on 02-Jan-2016
220 Views
Preview:
TRANSCRIPT
Chapter 1Ethical Hacking Overview
ObjectivesAfter reading this chapter and completing the
exercises, you will be able to:Describe the role of an ethical hackerDescribe the Role Of Security And Penetration
TestersDescribe the Penetration-Testing
Methodologies
2
Introduction to Ethical HackingEthical hackers
Hired by companies to perform penetration testsPenetration test
Attempt to break into a company’s network to find the weakest link
Security testMore than a break in attempt; includes
analyzing company’s security policy and procedures
Vulnerabilities are reported
3
The Role of Security and Penetration TestersHackers
Access computer system or network without authorization Breaks the law; can go to prison
CrackersBreak into systems to steal or destroy data
U.S. Department of Justice calls both hackers
Ethical hackerPerforms most of the same activities with
owner’s permission
4
The Role of Security and Penetration Testers (cont’d.)Script kiddies or packet monkeys
Younger, inexperienced hackers who copy codes from knowledgeable hackers
Programming languages used by experienced penetration testersPractical Extraction and Report Language
(Perl)C language
ScriptSet of instructions Runs in sequence to perform tasks
5
The Role of Security and Penetration Testers (cont’d.)Tiger box
Collection of toolsUsed for conducting vulnerability assessments
and attacks
6
Penetration-Testing MethodologiesWhite box model
Tester is told about network topology and technology
Tester is permitted to interview IT personnel and company employees Makes tester’s job a little easier
Black box modelStaff does not know about the testTester is not given details about technologies used
Burden is on tester to find detailsTests security personnel’s ability to detect an attack
7
8
Figure 1-1 A sample floor plan
Penetration-Testing Methodologies (cont’d.)Gray box model
Hybrid of the white and black box modelsCompany gives tester partial information (e.g.,
OSs are used, but no network diagrams)
9
SummaryCompanies hire ethical hackers to perform
penetration testsPenetration tests discover vulnerabilities in a
networkSecurity tests are performed by a team of
people with varied skillsPenetration test models
White box modelBlack box modelGray box model
10
top related