SlideShare a Scribd company logo

The Role of Security and Penetration Testers

Download as PPT, PDF
Y
yasirabdullah15

The Role of Security and Penetration Testers

Education
1 of 29
Ethical Hacking Overview
Hands-On Ethical Hacking and Network Defense 2  Describe the role of an ethical hacker  Describe what you can do legally as an ethical hacker  Describe what you cannot do as an ethical hacker
Hands-On Ethical Hacking and Network Defense 3  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings, does not solve problems  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network
Hands-On Ethical Hacking and Network Defense 4  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission
Hands-On Ethical Hacking and Network Defense 5  Script kiddies or packet monkeys  Young inexperienced hackers  Copy codes and techniques from knowledgeable hackers  Experienced penetration testers write programs or scripts using these languages  Practical Extraction and Report Language (Perl), C, C++, Python, JavaScript,Visual Basic, SQL, and many others  Script  Set of instructions that runs in sequence
 This class alone won’t make you a hacker, or an expert  It might make you a script kiddie  It usually takes years of study and experience to earn respect in the hacker community  It’s a hobby, a lifestyle, and an attitude  A drive to figure out how things work Hands-On Ethical Hacking and Network Defense 6
Hands-On Ethical Hacking and Network Defense 7  Tiger box  Collection of OSs and hacking tools  Usually on a laptop  Helps penetration testers and security testers conduct vulnerabilities assessments and attacks
Hands-On Ethical Hacking and Network Defense 8  White box model  Tester is told everything about the network topology and technology  Network diagram  Tester is authorized to interview IT personnel and company employees  Makes tester’s job a little easier
 From ratemynetworkdiagram.com (Link Ch 1g) Hands-On Ethical Hacking and Network Defense 9
Hands-On Ethical Hacking and Network Defense 10
Hands-On Ethical Hacking and Network Defense 11  Black box model  Company staff does not know about the test  Tester is not given details about the network ▪ Burden is on the tester to find these details  Tests if security personnel are able to detect an attack
Hands-On Ethical Hacking and Network Defense 12  Gray box model  Hybrid of the white and black box models  Company gives tester partial information
Hands-On Ethical Hacking and Network Defense 13  Certification programs available in almost every area of network security  Basics:  CompTIA Security+ (CNIT 120)  Network+ (CNIT 106 or 201)
14  But see Run Away FromThe CEH Certification  Link Ch 1e on myWeb page
15  Designated by the Institute for Security and Open Methodologies (ISECOM)  Uses the Open Source SecurityTesting Methodology Manual (OSSTMM)  Test is only offered in Connecticut and outside the USA, as far as I can tell ▪ See links Ch 1f and Ch 1h on myWeb page
16  Issued by the International Information Systems Security Certifications Consortium (ISC2)  Usually more concerned with policies and procedures than technical details  Web site  www.isc2.org
Hands-On Ethical Hacking and Network Defense 17  SysAdmin, Audit, Network, Security (SANS)  Offers certifications through Global Information Assurance Certification (GIAC)  Top 20 list  One of the most popular SANS Institute documents  Details the most common network exploits  Suggests ways of correcting vulnerabilities  Web site  www.sans.org (links Ch 1i & Ch 1j)
Hands-On Ethical Hacking and Network Defense 18  Laws involving technology change as rapidly as technology itself  Find what is legal for you locally  Laws change from place to place  Be aware of what is allowed and what is not allowed
Hands-On Ethical Hacking and Network Defense 19  Tools on your computer might be illegal to possess  Contact local law enforcement agencies before installing hacking tools  Written words are open to interpretation  Governments are getting more serious about punishment for cybercrimes
Hands-On Ethical Hacking and Network Defense 20  Some states deem it legal  Not always the case  Federal Government does not see it as a violation  Allows each state to address it separately  Read your ISP’s “Acceptable Use Policy”  IRC “bots” may be forbidden  Program that sends automatic responses to users  Gives the appearance of a person being present
Hands-On Ethical Hacking and Network Defense 21 www.ccsf.edu/Policy/policy.shtml (link Ch 1k)
Hands-On Ethical Hacking and Network Defense 22  Federal computer crime laws are getting more specific  Cover cybercrimes and intellectual property issues  Computer Hacking and Intellectual Property (CHIP)  New government branch to address cybercrimes and intellectual property issues
Hands-On Ethical Hacking and Network Defense 23
Hands-On Ethical Hacking and Network Defense 24  Accessing a computer without permission is illegal  Other illegal actions  Installing worms or viruses  Denial of Service attacks  Denying users access to network resources  Be careful your actions do not prevent customers from doing their jobs
 Ch 1l1: Lycos starts anti-spam screensaver plan: Dec 2, 2004  Ch 1l2: Lycos Pulls Anti-Spam 'Vigilante' Campaign -- Dec 3, 2004  Ch 1l3: Lycos's SpamAttack Network Dismantled -- Spammers sent the DOS packets back to Lycos -- Dec 6, 2004 Hands-On Ethical Hacking and Network Defense 25
 Ch 1m: Blue Frog begins its "vigilante approach" to fight spam -- July, 2005  Ch 1n: Russian spammer fights back, claims to have stolen Blue Frog's database, sends threating email -- DOS attack in progress -- May 2, 2006  Ch 1o: Blue Frog compromised and destroyed by attacks, urgent instructions to uninstall it, the owners have lost control -- May 17, 2006 Hands-On Ethical Hacking and Network Defense 26
 Ch 1p: Call for help creating distributed, open-source Blue Frog replacement -- May 17, 2006  Not in textbook, see links on my page (samsclass.info) Hands-On Ethical Hacking and Network Defense 27
Hands-On Ethical Hacking and Network Defense 28  Using a contract is just good business  Contracts may be useful in court  Books on working as an independent contractor  The Computer Consultant’s Guide by Janet Ruhl  Getting Started in ComputerConsulting by Peter Meyer  Internet can also be a useful resource  Have an attorney read over your contract before sending or signing it
Hands-On Ethical Hacking and Network Defense 29  What it takes to be a security tester  Knowledge of network and computer technology  Ability to communicate with management and IT personnel  Understanding of the laws  Ability to use necessary tools

Recommended

ch01.ppt
ch01.pptch01.ppt
ch01.pptssuser5162c9
 
CEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertCEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertjmbrrvgzhr
 
Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Rishab garg
 
Ch01
Ch01Ch01
Ch01phanleson
 
Ch01
Ch01Ch01
Ch01phanleson
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewSam Bowne
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewSam Bowne
 
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEthical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEric Vanderburg
 

Recommended

ch01.ppt
ch01.pptch01.ppt
ch01.pptssuser5162c9
 
CEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertCEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertjmbrrvgzhr
 
Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Rishab garg
 
Ch01
Ch01Ch01
Ch01phanleson
 
Ch01
Ch01Ch01
Ch01phanleson
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewSam Bowne
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewSam Bowne
 
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEthical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEric Vanderburg
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingmonacofamily
 
Chap13 Security and Ethical Challenges
Chap13 Security and Ethical ChallengesChap13 Security and Ethical Challenges
Chap13 Security and Ethical ChallengesAqib Syed
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hackingWaseem Rauf
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMohammad Affan
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingSanu Subham
 
Puna 2015
Puna 2015Puna 2015
Puna 2015Salaj Goyal
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBinit Kumar
 
hacking
hackinghacking
hackingADAIKKAPPANS1
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxasharshaikh8
 
ANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdfANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdfMeymunaMohammed1
 
ANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdfANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdfMeymunaMohammed1
 
Computer hacking
Computer hackingComputer hacking
Computer hackingshreyas dani
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxBishalRay8
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Ethical Hacking - A Need To Know.pptx
Ethical Hacking - A Need To Know.pptxEthical Hacking - A Need To Know.pptx
Ethical Hacking - A Need To Know.pptxSiddheshSurve10
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAKSHAY KHATRI
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 

More Related Content

Similar to The Role of Security and Penetration Testers

Chap13 Security and Ethical Challenges
Chap13 Security and Ethical ChallengesChap13 Security and Ethical Challenges
Chap13 Security and Ethical ChallengesAqib Syed
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hackingWaseem Rauf
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsRwik Kumar Dutta
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxasharshaikh8
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxBishalRay8
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Ethical Hacking - A Need To Know.pptx
Ethical Hacking - A Need To Know.pptxEthical Hacking - A Need To Know.pptx
Ethical Hacking - A Need To Know.pptxSiddheshSurve10
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 

Similar to The Role of Security and Penetration Testers (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Chap13 Security and Ethical Challenges
Chap13 Security and Ethical ChallengesChap13 Security and Ethical Challenges
Chap13 Security and Ethical Challenges
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hacking
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testing
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Puna 2015
Puna 2015Puna 2015
Puna 2015
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
hacking
hackinghacking
hacking
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptx
 
ANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdfANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdf
 
ANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdfANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdf
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptx
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
 
Ethical Hacking - A Need To Know.pptx
Ethical Hacking - A Need To Know.pptxEthical Hacking - A Need To Know.pptx
Ethical Hacking - A Need To Know.pptx
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPT
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Recently uploaded

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 

Recently uploaded (20)

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 

The Role of Security and Penetration Testers

  • 2. Hands-On Ethical Hacking and Network Defense 2  Describe the role of an ethical hacker  Describe what you can do legally as an ethical hacker  Describe what you cannot do as an ethical hacker
  • 3. Hands-On Ethical Hacking and Network Defense 3  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings, does not solve problems  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network
  • 4. Hands-On Ethical Hacking and Network Defense 4  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission
  • 5. Hands-On Ethical Hacking and Network Defense 5  Script kiddies or packet monkeys  Young inexperienced hackers  Copy codes and techniques from knowledgeable hackers  Experienced penetration testers write programs or scripts using these languages  Practical Extraction and Report Language (Perl), C, C++, Python, JavaScript,Visual Basic, SQL, and many others  Script  Set of instructions that runs in sequence
  • 6.  This class alone won’t make you a hacker, or an expert  It might make you a script kiddie  It usually takes years of study and experience to earn respect in the hacker community  It’s a hobby, a lifestyle, and an attitude  A drive to figure out how things work Hands-On Ethical Hacking and Network Defense 6
  • 7. Hands-On Ethical Hacking and Network Defense 7  Tiger box  Collection of OSs and hacking tools  Usually on a laptop  Helps penetration testers and security testers conduct vulnerabilities assessments and attacks
  • 8. Hands-On Ethical Hacking and Network Defense 8  White box model  Tester is told everything about the network topology and technology  Network diagram  Tester is authorized to interview IT personnel and company employees  Makes tester’s job a little easier
  • 9.  From ratemynetworkdiagram.com (Link Ch 1g) Hands-On Ethical Hacking and Network Defense 9
  • 10. Hands-On Ethical Hacking and Network Defense 10
  • 11. Hands-On Ethical Hacking and Network Defense 11  Black box model  Company staff does not know about the test  Tester is not given details about the network ▪ Burden is on the tester to find these details  Tests if security personnel are able to detect an attack
  • 12. Hands-On Ethical Hacking and Network Defense 12  Gray box model  Hybrid of the white and black box models  Company gives tester partial information
  • 13. Hands-On Ethical Hacking and Network Defense 13  Certification programs available in almost every area of network security  Basics:  CompTIA Security+ (CNIT 120)  Network+ (CNIT 106 or 201)
  • 14. 14  But see Run Away FromThe CEH Certification  Link Ch 1e on myWeb page
  • 15. 15  Designated by the Institute for Security and Open Methodologies (ISECOM)  Uses the Open Source SecurityTesting Methodology Manual (OSSTMM)  Test is only offered in Connecticut and outside the USA, as far as I can tell ▪ See links Ch 1f and Ch 1h on myWeb page
  • 16. 16  Issued by the International Information Systems Security Certifications Consortium (ISC2)  Usually more concerned with policies and procedures than technical details  Web site  www.isc2.org
  • 17. Hands-On Ethical Hacking and Network Defense 17  SysAdmin, Audit, Network, Security (SANS)  Offers certifications through Global Information Assurance Certification (GIAC)  Top 20 list  One of the most popular SANS Institute documents  Details the most common network exploits  Suggests ways of correcting vulnerabilities  Web site  www.sans.org (links Ch 1i & Ch 1j)
  • 18. Hands-On Ethical Hacking and Network Defense 18  Laws involving technology change as rapidly as technology itself  Find what is legal for you locally  Laws change from place to place  Be aware of what is allowed and what is not allowed
  • 19. Hands-On Ethical Hacking and Network Defense 19  Tools on your computer might be illegal to possess  Contact local law enforcement agencies before installing hacking tools  Written words are open to interpretation  Governments are getting more serious about punishment for cybercrimes
  • 20. Hands-On Ethical Hacking and Network Defense 20  Some states deem it legal  Not always the case  Federal Government does not see it as a violation  Allows each state to address it separately  Read your ISP’s “Acceptable Use Policy”  IRC “bots” may be forbidden  Program that sends automatic responses to users  Gives the appearance of a person being present
  • 21. Hands-On Ethical Hacking and Network Defense 21 www.ccsf.edu/Policy/policy.shtml (link Ch 1k)
  • 22. Hands-On Ethical Hacking and Network Defense 22  Federal computer crime laws are getting more specific  Cover cybercrimes and intellectual property issues  Computer Hacking and Intellectual Property (CHIP)  New government branch to address cybercrimes and intellectual property issues
  • 23. Hands-On Ethical Hacking and Network Defense 23
  • 24. Hands-On Ethical Hacking and Network Defense 24  Accessing a computer without permission is illegal  Other illegal actions  Installing worms or viruses  Denial of Service attacks  Denying users access to network resources  Be careful your actions do not prevent customers from doing their jobs
  • 25.  Ch 1l1: Lycos starts anti-spam screensaver plan: Dec 2, 2004  Ch 1l2: Lycos Pulls Anti-Spam 'Vigilante' Campaign -- Dec 3, 2004  Ch 1l3: Lycos's SpamAttack Network Dismantled -- Spammers sent the DOS packets back to Lycos -- Dec 6, 2004 Hands-On Ethical Hacking and Network Defense 25
  • 26.  Ch 1m: Blue Frog begins its "vigilante approach" to fight spam -- July, 2005  Ch 1n: Russian spammer fights back, claims to have stolen Blue Frog's database, sends threating email -- DOS attack in progress -- May 2, 2006  Ch 1o: Blue Frog compromised and destroyed by attacks, urgent instructions to uninstall it, the owners have lost control -- May 17, 2006 Hands-On Ethical Hacking and Network Defense 26
  • 27.  Ch 1p: Call for help creating distributed, open-source Blue Frog replacement -- May 17, 2006  Not in textbook, see links on my page (samsclass.info) Hands-On Ethical Hacking and Network Defense 27
  • 28. Hands-On Ethical Hacking and Network Defense 28  Using a contract is just good business  Contracts may be useful in court  Books on working as an independent contractor  The Computer Consultant’s Guide by Janet Ruhl  Getting Started in ComputerConsulting by Peter Meyer  Internet can also be a useful resource  Have an attorney read over your contract before sending or signing it
  • 29. Hands-On Ethical Hacking and Network Defense 29  What it takes to be a security tester  Knowledge of network and computer technology  Ability to communicate with management and IT personnel  Understanding of the laws  Ability to use necessary tools