SlideShare a Scribd company logo

Ethical hacking Chapter 1 - Overview - Eric Vanderburg

Download as PPTX, PDF
Eric Vanderburg
Eric Vanderburg

Ethical hacking Chapter 1 - Overview - Eric Vanderburg

Technology
1 of 23
Ethical Hacking CHAPTER 1 – OVERVIEW ERIC VANDERBURG
Objectives  Describe the role of an ethical hacker  Describe what you can do legally as an ethical hacker  Describe what you cannot do as an ethical hacker
Introduction to Ethical Hacking  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network
The Role of Security and Penetration Testers  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission
The Role of Security and Penetration Testers (cScoriptn kidtdiniesu ore padck)et monkeys  Young inexperienced hackers  Copy codes and techniques from knowledgeable hackers  Programming languages used by experienced penetration testers  Practical Extraction and Report Language (Perl)  C  Script  Set of instructions that runs in sequence
The Role of Security and Penetration Testers (cTigoer nbotxinued)  Collection of OSs and hacking tools  Helps penetration testers and security testers conduct vulnerabilities assessments and attacks
Penetration-Testing Methodologies  White box model  Tester is told everything about the network topology and technology  Tester is authorized to interview IT personnel and company employees  Makes tester job a little easier  Black box model  Company staff does not know about the test  Tester is not given details about the network  Burden is on the tester to find these details  Tests if security personnel are able to detect an attack
Penetration-Testing Methodologies (continued)  Gray box model  Hybrid of the white and black box models  Company gives tester partial information
Certification Programs for Network Security Personnel  Certification programs available in almost every area of network security  Other certifications that help prepare for these certifications  CompTIA Security+  Network+
Certified Ethical Hacker (CEH)  Developed by the International Council of Electronic Commerce Consultants (EC-Council)  Based on 21 domains (subject areas)  Web site  www.eccouncil.org  Red team  Conducts penetration tests  Composed of people with varied skills
OSSTMM Professional Security Tester (OPST)  Designated by the Institute for Security and Open Methodologies (ISECOM)  Based on the Open Source Security Testing Methodology Manual (OSSTMM)  Written by Peter Herzog  Consists of 5 domains  Web site  www.isecom.org
Certified Information Systems Security Professional (CISSP)  Issued by the International Information Systems Security Certifications Consortium (ISC2)  Usually more concerned with policies and procedures  Consists of 10 domains  Web site  www.isc2.org
SANS Institute  SysAdmin, Audit, Network, Security (SANS)  Offers certifications through Global Information Assurance Certification (GIAC)  Top 20 list  One of the most popular SANS Institute documents  Details the most common network exploits  Suggests ways of correcting vulnerabilities  Web site  www.sans.org
What You Can Do Legally  Laws involving technology change as rapidly as technology itself  Find what is legal for you locally  Laws change from place to place  Be aware of what is allowed and what is not allowed
Laws of the Land  Tools on your computer might be illegal to possess  Contact local law enforcement agencies before installing hacking tools  Written words are open to interpretation  Governments are getting more serious about punishment for cybercrimes
Is Port Scanning Legal?  Some states deem it legal  Not always the case  Federal Government does not see it as a violation  Allows each state to address it separately  Read your ISP’s “Acceptable Use Policy”  IRC “bot”  Program that sends automatic responses to users  Gives the appearance of a person being present
Federal Laws  Federal computer crime laws are getting more specific  Cover cybercrimes and intellectual property issues  Computer Hacking and Intellectual Property (CHIP)  New government branch to address cybercrimes and intellectual property issues
What You Cannot Do Legally  Accessing a computer without permission is illegal  Other illegal actions  Installing worms or viruses  Denial of Service attacks  Denying users access to network resources  Be careful your actions do not prevent customers from doing their jobs
Get It in Writing  Using a contract is just good business  Contracts may be useful in court  Books on working as an independent contractor  The Computer Consultant’s Guide by Janet Ruhl  Getting Started in Computer Consulting by Peter Meyer  Internet can also be a useful resource  Have an attorney read over your contract before sending or signing it
Ethical Hacking in a Nutshell  What it takes to be a security tester  Knowledge of network and computer technology  Ability to communicate with management and IT personnel  Understanding of the laws  Ability to use necessary tools
Summary  Companies hire ethical hackers to perform penetration tests  Penetration tests discover vulnerabilities in a network  Security tests are performed by a team of people with varied skills  Penetration test models:  White box model  Black box model  Gray box model  Security testers can earn certifications
Summary (continued)  Certifications  CEH  CISSP  OPST  Sans Institute  Be aware of what you are legally allowed or not allowed to do  Laws change from place to place  ISPs usually have an “Acceptable Use Policy”
Summary (continued)  State and federal laws should be understood before conducting a security test  Get it in writing  Use a contract  Have an attorney read the contract

Recommended

Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEric Vanderburg
 
Ethical hacking Chapter 5 - Physical Information Gathering - Eric Vanderburg
Ethical hacking Chapter 5 - Physical Information Gathering - Eric VanderburgEthical hacking Chapter 5 - Physical Information Gathering - Eric Vanderburg
Ethical hacking Chapter 5 - Physical Information Gathering - Eric VanderburgEric Vanderburg
 
Ch05 Network Defenses
Ch05 Network DefensesCh05 Network Defenses
Ch05 Network DefensesInformation Technology
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric VanderburgEthical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric VanderburgEric Vanderburg
 
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric VanderburgEthical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric VanderburgEric Vanderburg
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 

Recommended

Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEric Vanderburg
 
Ethical hacking Chapter 5 - Physical Information Gathering - Eric Vanderburg
Ethical hacking Chapter 5 - Physical Information Gathering - Eric VanderburgEthical hacking Chapter 5 - Physical Information Gathering - Eric Vanderburg
Ethical hacking Chapter 5 - Physical Information Gathering - Eric VanderburgEric Vanderburg
 
Ch05 Network Defenses
Ch05 Network DefensesCh05 Network Defenses
Ch05 Network DefensesInformation Technology
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksInformation Technology
 
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric VanderburgEthical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric VanderburgEric Vanderburg
 
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric VanderburgEthical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric VanderburgEric Vanderburg
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)Wail Hassan
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
Network Security
Network SecurityNetwork Security
Network SecurityRaymond Jose
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)Wail Hassan
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Intruders detection
Intruders detectionIntruders detection
Intruders detectionEhtisham Ali
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Network Security
Network SecurityNetwork Security
Network SecurityVIKAS SINGH BHADOURIA
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingViraj Kansara
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security conceptssonuagain
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewSam Bowne
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & AttacksNetwax Lab
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksSam Bowne
 
Windows network security
Windows network securityWindows network security
Windows network securityInformation Technology
 
Certified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book SummaryCertified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book Summaryudemy course
 
Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6HCL Technologies
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threadssrivijaymanickam
 
Ch01
Ch01Ch01
Ch01phanleson
 
Ch01
Ch01Ch01
Ch01phanleson
 

More Related Content

What's hot

Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)Wail Hassan
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Wail Hassan
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)Wail Hassan
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Intruders detection
Intruders detectionIntruders detection
Intruders detectionEhtisham Ali
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7AfiqEfendy Zaen
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security conceptssonuagain
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewSam Bowne
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & AttacksNetwax Lab
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksSam Bowne
 
Certified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book SummaryCertified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book Summaryudemy course
 
Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6HCL Technologies
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threadssrivijaymanickam
 

What's hot (20)

Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
Network Security
Network SecurityNetwork Security
Network Security
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
 
Intruders detection
Intruders detectionIntruders detection
Intruders detection
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
 
Network Security
Network SecurityNetwork Security
Network Security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security concepts
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking Overview
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer Attacks
 
Windows network security
Windows network securityWindows network security
Windows network security
 
Certified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book SummaryCertified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book Summary
 
Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
 

Similar to Ethical hacking Chapter 1 - Overview - Eric Vanderburg

Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Rishab garg
 
CEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertCEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertjmbrrvgzhr
 
The Role of Security and Penetration Testers
The Role of Security and Penetration TestersThe Role of Security and Penetration Testers
The Role of Security and Penetration Testersyasirabdullah15
 
Foot printing and Reconnaissance Techniques
Foot printing and Reconnaissance TechniquesFoot printing and Reconnaissance Techniques
Foot printing and Reconnaissance Techniquesyasirabdullah15
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewSam Bowne
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGDrm Kapoor
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop newforensicsnation
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshopforensicsnation
 
Advanced pc security final exam results
Advanced pc security final exam resultsAdvanced pc security final exam results
Advanced pc security final exam resultsDale Vick
 
Penetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt itPenetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt itTestingXperts
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hackingjoeymar143
 
Ch04 Footprinting and Social Engineering
Ch04 Footprinting and Social EngineeringCh04 Footprinting and Social Engineering
Ch04 Footprinting and Social Engineeringphanleson
 

Similar to Ethical hacking Chapter 1 - Overview - Eric Vanderburg (20)

Ch01
Ch01Ch01
Ch01
 
Ch01
Ch01Ch01
Ch01
 
Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Ethical Hacking and Network Defense
Ethical Hacking and Network Defense
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
 
CEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertCEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expert
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
The Role of Security and Penetration Testers
The Role of Security and Penetration TestersThe Role of Security and Penetration Testers
The Role of Security and Penetration Testers
 
Foot printing and Reconnaissance Techniques
Foot printing and Reconnaissance TechniquesFoot printing and Reconnaissance Techniques
Foot printing and Reconnaissance Techniques
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKING
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
 
FNC Corporate Protect
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
 
Advanced pc security final exam results
Advanced pc security final exam resultsAdvanced pc security final exam results
Advanced pc security final exam results
 
Penetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt itPenetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt it
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ch04 Footprinting and Social Engineering
Ch04 Footprinting and Social EngineeringCh04 Footprinting and Social Engineering
Ch04 Footprinting and Social Engineering
 

More from Eric Vanderburg

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveEric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgEric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityEric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology managementEric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technologyEric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challengesEric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: RoboticsEric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercisesEric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsEric Vanderburg
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgEric Vanderburg
 

More from Eric Vanderburg (20)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 

Recently uploaded (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 

Ethical hacking Chapter 1 - Overview - Eric Vanderburg

  • 1. Ethical Hacking CHAPTER 1 – OVERVIEW ERIC VANDERBURG
  • 2. Objectives  Describe the role of an ethical hacker  Describe what you can do legally as an ethical hacker  Describe what you cannot do as an ethical hacker
  • 3. Introduction to Ethical Hacking  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network
  • 4. The Role of Security and Penetration Testers  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission
  • 5. The Role of Security and Penetration Testers (cScoriptn kidtdiniesu ore padck)et monkeys  Young inexperienced hackers  Copy codes and techniques from knowledgeable hackers  Programming languages used by experienced penetration testers  Practical Extraction and Report Language (Perl)  C  Script  Set of instructions that runs in sequence
  • 6. The Role of Security and Penetration Testers (cTigoer nbotxinued)  Collection of OSs and hacking tools  Helps penetration testers and security testers conduct vulnerabilities assessments and attacks
  • 7. Penetration-Testing Methodologies  White box model  Tester is told everything about the network topology and technology  Tester is authorized to interview IT personnel and company employees  Makes tester job a little easier  Black box model  Company staff does not know about the test  Tester is not given details about the network  Burden is on the tester to find these details  Tests if security personnel are able to detect an attack
  • 8. Penetration-Testing Methodologies (continued)  Gray box model  Hybrid of the white and black box models  Company gives tester partial information
  • 9. Certification Programs for Network Security Personnel  Certification programs available in almost every area of network security  Other certifications that help prepare for these certifications  CompTIA Security+  Network+
  • 10. Certified Ethical Hacker (CEH)  Developed by the International Council of Electronic Commerce Consultants (EC-Council)  Based on 21 domains (subject areas)  Web site  www.eccouncil.org  Red team  Conducts penetration tests  Composed of people with varied skills
  • 11. OSSTMM Professional Security Tester (OPST)  Designated by the Institute for Security and Open Methodologies (ISECOM)  Based on the Open Source Security Testing Methodology Manual (OSSTMM)  Written by Peter Herzog  Consists of 5 domains  Web site  www.isecom.org
  • 12. Certified Information Systems Security Professional (CISSP)  Issued by the International Information Systems Security Certifications Consortium (ISC2)  Usually more concerned with policies and procedures  Consists of 10 domains  Web site  www.isc2.org
  • 13. SANS Institute  SysAdmin, Audit, Network, Security (SANS)  Offers certifications through Global Information Assurance Certification (GIAC)  Top 20 list  One of the most popular SANS Institute documents  Details the most common network exploits  Suggests ways of correcting vulnerabilities  Web site  www.sans.org
  • 14. What You Can Do Legally  Laws involving technology change as rapidly as technology itself  Find what is legal for you locally  Laws change from place to place  Be aware of what is allowed and what is not allowed
  • 15. Laws of the Land  Tools on your computer might be illegal to possess  Contact local law enforcement agencies before installing hacking tools  Written words are open to interpretation  Governments are getting more serious about punishment for cybercrimes
  • 16. Is Port Scanning Legal?  Some states deem it legal  Not always the case  Federal Government does not see it as a violation  Allows each state to address it separately  Read your ISP’s “Acceptable Use Policy”  IRC “bot”  Program that sends automatic responses to users  Gives the appearance of a person being present
  • 17. Federal Laws  Federal computer crime laws are getting more specific  Cover cybercrimes and intellectual property issues  Computer Hacking and Intellectual Property (CHIP)  New government branch to address cybercrimes and intellectual property issues
  • 18. What You Cannot Do Legally  Accessing a computer without permission is illegal  Other illegal actions  Installing worms or viruses  Denial of Service attacks  Denying users access to network resources  Be careful your actions do not prevent customers from doing their jobs
  • 19. Get It in Writing  Using a contract is just good business  Contracts may be useful in court  Books on working as an independent contractor  The Computer Consultant’s Guide by Janet Ruhl  Getting Started in Computer Consulting by Peter Meyer  Internet can also be a useful resource  Have an attorney read over your contract before sending or signing it
  • 20. Ethical Hacking in a Nutshell  What it takes to be a security tester  Knowledge of network and computer technology  Ability to communicate with management and IT personnel  Understanding of the laws  Ability to use necessary tools
  • 21. Summary  Companies hire ethical hackers to perform penetration tests  Penetration tests discover vulnerabilities in a network  Security tests are performed by a team of people with varied skills  Penetration test models:  White box model  Black box model  Gray box model  Security testers can earn certifications
  • 22. Summary (continued)  Certifications  CEH  CISSP  OPST  Sans Institute  Be aware of what you are legally allowed or not allowed to do  Laws change from place to place  ISPs usually have an “Acceptable Use Policy”
  • 23. Summary (continued)  State and federal laws should be understood before conducting a security test  Get it in writing  Use a contract  Have an attorney read the contract