![Ethics of Ethical Hacking ,[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
More Related Content
What's hot
What's hot (20)
Similar to Ethical Hacking
Similar to Ethical Hacking (20)
Ethical Hacking
- 1. Ethics of Ethical Hacking Source: Grey Hat Hacking: The Ethical Hacker’s Handbook By Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Michael Lester
- 20. 18 USC 1029: Fraud And Related Activity In Connection With Access Devices
- 21. 18 USC 1029: Fraud And Related Activity In Connection With Access Devices
- 23. 18 USC 1030: Fraud And Related Activity In Connection With Computers
- 24. 18 USC 1030: Fraud And Related Activity In Connection With Computers
- 33. 4.6. Attempts to circumvent security Users are prohibited from attempting to circumvent or subvert any system’s security measures. This section does not prohibit use of security tools by personnel authorized by OIT or their unit. 4.6.1. Decoding access control information Users are prohibited from using any computer program or device to intercept or decode passwords or similar access control information. 4.6.2. Denial of service Deliberate attempts to degrade the performance of a computer system or network or to deprive authorized personnel of resources or access to any Institute computer system or network are prohibited. 4.6.3. Harmful activities Harmful activities are prohibited. Examples include IP spoofing; creating and propagating viruses; port scanning; disrupting services; damaging files; or intentional destruction of or damage to equipment, software, or data. GIT Computer and Network Usage Policy
Editor's Notes
- Legal and Ethical Aspects of Computer Hacking ECE4883 – Internetwork Security Georgia Institute of Technology
- What types of policies are in place? Many different policies are already set in place such as the United States Title 18 on Crimes and Criminal Procedure. Furthermore, there is also the Georgia Computer Systems Protection Act HB 822, the Patriot Act and Homeland Security. Since so many different acts are not enough to define hacking, individual organizations also have taken liberty to define their own rules like the one at Georgia Tech: Georgia Institute of Technology Computer and Network Usage Policy How do they differ from each other? Each act has a certain defined area to concentrate on. There are some where rules are broad and left at that to cover all types of details. Then there are other individual specific for the soul purpose of describing details that have been dealt with earlier. What kind of defined lines are there? Each act covers what is believed to be “bad” or which causes harm to others. Should these be there? Should laws be in place? After all the Internet is for everyone! Yes, the Internet is, but even there, disputes about personal space come into affect. Are they clear enough? The laws are not clear enough. If they were, then different people would not be punished differently for almost the same things. There would be a bar in place that said, if x is happening, then y is the punishment. With the laws in place, it is more like x is happening, but there is also a, b, c, then z is the punishment.
- Georgia Institute of Technology implements the Computer and Network Usage Policy for all students and faculty. It defines several areas including authorized users and uses, privileges for individuals, and user Responsibilities. Under Responsibilities comes section 4.5 Access to facilities and information. This section describes sharing of access, permitting unauthorized access, denial of service, harmful activities, unauthorized monitoring and access. The Harmful activities include many examples such as: IP spoofing; creating and propagating viruses; port scanning; disrupting services; damaging files; or intentional destruction of or damage to equipment, software, or data.
- Scenarios as such happen regularly. Access is either taken or given sometimes intentionally or accidentally. What steps can be taken from a users point of view? A Georgia Tech student uses their personal PC and the school’s network to do a port scan on a commercial web site. A Georgia Tech student uses their personal PC and a commercial ISP to do a port scan on a commercial web site. A Georgia Tech student sends a “spoofed mail” from the school account that appears to come from another user. A Georgia Tech student uses a school computer and password guessing software to access and crack the administrator password. A Georgia Tech student discovers that another user failed to log off when departing. The student uses the account to send an inflammatory email to the department chair.