Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Ethical Hacking, Ethics, and Legality.

Similar presentations


Presentation on theme: "Introduction to Ethical Hacking, Ethics, and Legality."— Presentation transcript:

1 Introduction to Ethical Hacking, Ethics, and Legality

2  Defining Ethical Hacking  Hacking for defensive purposes  White Hats, Black Hats, Gray Hats  Hacktivists: Hacking for a cause  Script Kiddies: Use other’s tools  Testing  White Box: Know everything  Black Box: Know only company name  Gray Box: between white box and black box, from inside  Security Elements  CIA: Confidentiality, Integrity, Authenticity/Availability

3  Threat  Exploit  Vulnerability  Target of Evaluation  Attack  Remote vs Local

4  1. Reconnaissance  2. Scanning  3. Gaining Access  4. Maintaining Access  5. Covering Tracks

5  Two Basic Types  Passive: dumpster diving, shoulder surfing, eavesdropping, gathering data from a whois tool, DNS, and network scanning, find active machines, open ports & apps  Active: probing, social engineering,

6  Dialers  Port Scanners  ICMP Scanners  PING Sweeps  Network Mappers  SNMP Sweepers  Vulnerability Scanners

7  Buffer overflows  Denial of Service  Session Hijacking

8  Planting  Backdoors  Rootkits  Trojans  Making a zombie

9  Steganography  Snow.exe: ASCII files  Stealth: PGP files  ImageHide: Text files  Tunneling Protocols  ITunnel, Ptunnel  Altering Log Files  Elsave, WinZapper

10  Operating Systems  Default setting, bugs  Applications  Default settings, bugs  Shrink-Wrap code  Enabled features that aren’t used but left open  Misconfigurations

11  Remote Network  Remote Dial-Up Network  Local Network  Stolen Equipment  Social Engineering  Physical Entry  Operating System  Application Level  Shrink wrap and malicious code attacks  Misconfiguration attacks

12  Gain Authorization  Maintain/follow nondisclosure agreement  Maintain confidentiality  Perform test – but do no evil

13  EC-Council’s 3 Phrases  1. Preparation  2. Conduct  3. Conclusion

14  No U.S. laws prior to 1984 outlawing crimes committed with or against a computer  Who investigates?  Financial computer crimes -> U.S. Secret Service  All other computer crimes -> Federal Bureau of Investigation  Computer Fraud and Abuse Act – 1986 / 1996  18 U.S.C. 1030: Fraud and Related activity in connection with computers  18 U.S.C. 1029: Fraud and Related activity in connection with Access Devices

15  Computer Misuse Act of 1990 (United Kingdom)  Freedom of Information Act (FOIA)  USA Patriot Act

16  Cyber Security Enhancement Act of 2002  SPY ACT 2007  18 U.S.C. 1028: deals with fraud related to possession of false identification documents  18 U.S.C. 1362: Destruction of Communication Lines, Stations, or Systems  18 U.S.C. 2510: Wire and Electronic Communications Interception and Interception of Oral Communication  18 U.S.C. 2701: Stored wire and electronic communications, and transactional records access

17  Human Rights Act 1998 (U.K.)  judges are not allowed to override the Act. However, they can issue a declaration of incompatibility  makes available in UK courts a remedy for breach of a Convention right, without the need to go to the European Court of Human Rights.  totally abolished the death penalty in UK law.  FMFIA of 1982  2004 CAN SPAM Act

18  Federal Information Security Mgt Act (FISMA)  Privacy Act of 1974  Gov’t Paperwork Elimination Act (GPEA)  Stalking Amendment Act 1999 (Australia)  Equal Credit Opportunity Act (ECOA)  Prohibits creditors from collecting data from applicants, such as national origin, caste, religion


Download ppt "Introduction to Ethical Hacking, Ethics, and Legality."

Similar presentations


Ads by Google