Ethical Hacker

1,091 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,091
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ethical Hacker

  1. 1. Ethical Hacker<br />Keri Michalski-Smith<br />Bryant & Stratton College<br />INFT 242 Network & PC Security Fundamentals<br />August 1st, 2009<br />
  2. 2. Ethical Hacker Defined <br />∙ Use their expertise and skills to protect a <br /> company’s information security<br />∙ Purpose is to reveal system inadequacies and <br /> penetrate defenses<br />∙ Results used to implement additional tools to <br /> defend against intrusion<br />∙ Goal is to find system vulnerabilities before a <br /> malicious hacker<br />∙ Always in need as security threats are continual <br /> and ever-changing <br />
  3. 3. Ethical Hacker Job Function<br />∙ Obtains explicit written permission from system <br /> owner in regards to systems tested, methods to <br /> be used, and any limitations<br />∙ Conducts tests based upon three type of <br /> attackers: outsider, outsider with limited access,<br /> and internal user<br />∙ Systematically documents processes used and <br /> recommendations in detailed report<br />
  4. 4. Tools Used By Ethical hacker<br /> Intrusion detecting monitoring software and tools <br /> used to:<br />∙ Scan log files<br />∙ Detect port scans<br />∙ Ethernet sniffing<br />∙ Network mapping<br />∙ Scan registry or configuration files<br />
  5. 5. Ethical Hacker Testing conducted on:<br />∙ Internet access to connect to firewalls, <br /> web servers, routers, and filters<br />∙ Internal attack on firewalls, web servers, <br /> server, and e-mail systems<br />∙ Social engineering attack utilizing staff’s job<br /> functions and helpfulness to obtain confidential <br /> information<br />∙ Fraud through physical access impersonating as<br /> employee<br />∙ Theft of key employee’s laptop revealing <br /> confidential information<br />
  6. 6. Importance of Ethical Hacker:<br />∙ Considered a necessity not a luxury given <br /> today’s exposure to attacks<br />∙ Valuable method for counteracting intrusion <br /> along with security policies already in place<br />∙ Expertise and familiarity with latest network <br /> attack strategies<br />∙ Contracted Ethical Hacker from outside source <br /> considered better due to lack of bias, as they <br /> have no preconceived notions about system <br /> strengths or weaknesses<br />
  7. 7. Phases of Ethical hacking<br />Planning Stage<br /> ∙ Time and cost considerations determine what <br /> will be tested<br /> ∙ Determinations made upon which information<br /> exposure poses the greatest risks<br />
  8. 8. Phases of Ethical hacking<br />Discovery Phase<br />Information gathered about company through<br /> ∙ Company website<br /> ∙ Press releases<br /> ∙ Job listings that often reveal employee names, e-mail addresses and even network diagrams <br /> ∙ Blogs and discussion forums revealing specific technical issues and methodologies used by company’s IT department<br /> ∙ Hardware and software tools<br />All information gathered used to find vulnerabilities <br />in company’s architecture, policies, and processes to <br />reveal weak configurations and unsecure systems<br />
  9. 9. Phases of Ethical hacking<br />Attack Phase<br />∙ All vulnerabilities indentified in discovery phase<br /> are exploited<br />∙ Information confidentiality, integrity, availability,<br /> and accountability are all subjected to ethical attack<br />∙ Attempts to gain system access, escalate privileges, <br /> system browsing, and gain access without detection<br />
  10. 10. Recommendations<br />Harden Network Servers<br />
  11. 11. Recommendations<br />Best Practices<br />
  12. 12. Ethical hacker<br />- THE END-<br />Keri Michalski-Smith<br />Bryant & Stratton College<br />INFT 242 - Network & PC Security Fundamentals<br />August 1st, 2009<br />

×