2. Ethical Hackers
Skills
Ethical Hackers should have expertise in the following
domain:
• Routers: broad understanding of routers, routing
protocols, and access control lists (ACLs). Additional
certifications such as Cisco Certified Network Associate
(CCNA), Cisco Certified Internetworking Expert (CCIE).
• Microsoft: posses skills in the operation, configuration
and management of Microsoft systems.
3. Ethical Hackers
Skills
• Linux:
Posses comprehensive understanding of Linux/UNIX OS, which
encompasses security, setting, configuration and services.
Fedora or Linux+ certification is beneficial.
• Firewalls:
Maintain knowledge of firewall configuration, Intrusion
Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
Cisco Certified Network Associate Security Professional (CCNA)
or Check Point Certified Security Administrator (CCSA) are
advantageous
• Programming:
Knowledge of programming, including SQL, programming
languages such as C++, Ruby, C#, and C, and scripting languages
such as PHP and Java
4. Ethical Hackers
Skills
• Mainframes:
Understanding of Mainframes
• Network Protocols:
Understanding of Transmission Control Protocol/Internet
Protocol (TCP/IP). Possess CompTIA Network+, Security+, or
Advanced Security Practitioner (CASP) certification.
5. Establishing
Ethical
Hacking Goals
The following types of questions that can help you establish
goals
1. What is the strategic intent of the organisation?
2. What unique objectives does the organization want to
achieve
3. What is the budget size
4. What is the scope of the test plans and when will they
be implemented ?
5. What are they core project deliverables ?
6. How will customers be informed ? etc
6. Additional
Reading
• http://www.hackerlaw.org/?page_id=55: U.S. hacker
laws
• https://tools.ietf.org/html/rfc1087: Ethics and the
Internet
• https://www.owasp.org/index.php/Main_Page: The
Open Web Application Security Project
• https://www.owasp.org/index.php/Penetration_testing
_methodologies: Various pen testing methodologies
• http://blogs.getcertifiedgetahead.com/quantitative-
risk-assessment/: Quantitative risk assessment
• https://www.pcisecuritystandards.org/documents/PCI%
20SSC%20Quick%20Reference%20Guide.pdf: A guide to
PCI-DSS
7. Additional
Reading
• http://www.informationisbeautiful.net/visualizations/
worlds-biggest-data-breaches-hacks/: Top IT security
breaches
• http://searchnetworking.techtarget.com/tutorial/Netw
ork-penetration-testing-guide: Guide to penetration
testing
• https://www.rapid7.com/resources/how-to-respond-to-
an-incident/: Incident response methodologies
• http://securityaffairs.co/wordpress/49624/hacking/cyb
er-red-team-blue-team.html: Description of hacking
teams including pen testers, blue teams, and red teams