Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ethical Hacker


Published on

  • Be the first to comment

  • Be the first to like this

Ethical Hacker

  1. 1. Ethical Hacker<br />Keri Michalski-Smith<br />Bryant & Stratton College<br />INFT 242 Network & PC Security Fundamentals<br />August 1st, 2009<br />
  2. 2. Ethical Hacker Defined <br />∙ Use their expertise and skills to protect a <br /> company’s information security<br />∙ Purpose is to reveal system inadequacies and <br /> penetrate defenses<br />∙ Results used to implement additional tools to <br /> defend against intrusion<br />∙ Goal is to find system vulnerabilities before a <br /> malicious hacker<br />∙ Always in need as security threats are continual <br /> and ever-changing <br />
  3. 3. Ethical Hacker Job Function<br />∙ Obtains explicit written permission from system <br /> owner in regards to systems tested, methods to <br /> be used, and any limitations<br />∙ Conducts tests based upon three type of <br /> attackers: outsider, outsider with limited access,<br /> and internal user<br />∙ Systematically documents processes used and <br /> recommendations in detailed report<br />
  4. 4. Tools Used By Ethical hacker<br /> Intrusion detecting monitoring software and tools <br /> used to:<br />∙ Scan log files<br />∙ Detect port scans<br />∙ Ethernet sniffing<br />∙ Network mapping<br />∙ Scan registry or configuration files<br />
  5. 5. Ethical Hacker Testing conducted on:<br />∙ Internet access to connect to firewalls, <br /> web servers, routers, and filters<br />∙ Internal attack on firewalls, web servers, <br /> server, and e-mail systems<br />∙ Social engineering attack utilizing staff’s job<br /> functions and helpfulness to obtain confidential <br /> information<br />∙ Fraud through physical access impersonating as<br /> employee<br />∙ Theft of key employee’s laptop revealing <br /> confidential information<br />
  6. 6. Importance of Ethical Hacker:<br />∙ Considered a necessity not a luxury given <br /> today’s exposure to attacks<br />∙ Valuable method for counteracting intrusion <br /> along with security policies already in place<br />∙ Expertise and familiarity with latest network <br /> attack strategies<br />∙ Contracted Ethical Hacker from outside source <br /> considered better due to lack of bias, as they <br /> have no preconceived notions about system <br /> strengths or weaknesses<br />
  7. 7. Phases of Ethical hacking<br />Planning Stage<br /> ∙ Time and cost considerations determine what <br /> will be tested<br /> ∙ Determinations made upon which information<br /> exposure poses the greatest risks<br />
  8. 8. Phases of Ethical hacking<br />Discovery Phase<br />Information gathered about company through<br /> ∙ Company website<br /> ∙ Press releases<br /> ∙ Job listings that often reveal employee names, e-mail addresses and even network diagrams <br /> ∙ Blogs and discussion forums revealing specific technical issues and methodologies used by company’s IT department<br /> ∙ Hardware and software tools<br />All information gathered used to find vulnerabilities <br />in company’s architecture, policies, and processes to <br />reveal weak configurations and unsecure systems<br />
  9. 9. Phases of Ethical hacking<br />Attack Phase<br />∙ All vulnerabilities indentified in discovery phase<br /> are exploited<br />∙ Information confidentiality, integrity, availability,<br /> and accountability are all subjected to ethical attack<br />∙ Attempts to gain system access, escalate privileges, <br /> system browsing, and gain access without detection<br />
  10. 10. Recommendations<br />Harden Network Servers<br />
  11. 11. Recommendations<br />Best Practices<br />
  12. 12. Ethical hacker<br />- THE END-<br />Keri Michalski-Smith<br />Bryant & Stratton College<br />INFT 242 - Network & PC Security Fundamentals<br />August 1st, 2009<br />