Presentation is loading. Please wait.

Presentation is loading. Please wait.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

Published byJade Richardson Modified over 9 years ago

Similar presentations

Presentation on theme: "About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning."— Presentation transcript:

1 About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning of each presentation. You may customize the presentations to fit your class needs. Some figures from the chapters are included. A complete set of images from the book can be found on the Instructor Resources disc. 1

2 Hands-On Ethical Hacking and Network Defense Second Edition Chapter 1 Ethical Hacking Overview

3 Objectives After reading this chapter and completing the exercises, you will be able to: –Describe the role of an ethical hacker –Describe what you can do legally as an ethical hacker –Describe what you can’t do as an ethical hacker Hands-On Ethical Hacking and Network Defense, Second Edition3

4 Introduction to Ethical Hacking Ethical hackers –Hired by companies to perform penetration tests Penetration test –Attempt to break into a company’s network to find the weakest link Security test –More than a break in attempt; includes analyzing company’s security policy and procedures –Vulnerabilities are reported Hands-On Ethical Hacking and Network Defense, Second Edition4

5 The Role of Security and Penetration Testers Hackers –Access computer system or network without authorization Breaks the law; can go to prison Crackers –Break into systems to steal or destroy data U.S. Department of Justice calls both hackers Ethical hacker –Performs most of the same activities with owner’s permission Hands-On Ethical Hacking and Network Defense, Second Edition5

6 The Role of Security and Penetration Testers (cont’d.) Script kiddies or packet monkeys –Younger, inexperienced hackers who copy codes from knowledgeable hackers Programming languages used by experienced penetration testers –Practical Extraction and Report Language (Perl) –C language Script –Set of instructions –Runs in sequence to perform tasks Hands-On Ethical Hacking and Network Defense, Second Edition6

7 The Role of Security and Penetration Testers (cont’d.) Tiger box –Collection of tools –Used for conducting vulnerability assessments and attacks Hands-On Ethical Hacking and Network Defense, Second Edition7

8 Penetration-Testing Methodologies White box model –Tester is told about network topology and technology –Tester is permitted to interview IT personnel and company employees Makes tester’s job a little easier Black box model –Staff does not know about the test –Tester is not given details about technologies used Burden is on tester to find details –Tests security personnel’s ability to detect an attack Hands-On Ethical Hacking and Network Defense, Second Edition8

9 9 Figure 1-1 A sample floor plan

10 Penetration-Testing Methodologies (cont’d.) Gray box model –Hybrid of the white and black box models –Company gives tester partial information (e.g., OSs are used, but no network diagrams) Hands-On Ethical Hacking and Network Defense, Second Edition10

11 Certification Programs for Network Security Personnel Certification programs –Available in almost every area of network security Minimum certification –CompTIA Security+ or equivalent knowledge Prerequisite for Security+ certification Hands-On Ethical Hacking and Network Defense, Second Edition11

12 Certified Ethical Hacker (CEH) Developed by the International Council of Electronic Commerce Consultants (EC-Council) –Based on 22 domains (subject areas) –Web site: www.eccouncil.org Red team –Conducts penetration tests –Composed of people with varied skills –Unlikely that one person will perform all tests Hands-On Ethical Hacking and Network Defense, Second Edition12

13 OSSTMM Professional Security Tester (OPST) Open Source Security Testing Methodology Manual (OSSTMM) Professional Security Tester –Designated by the Institute for Security and Open Methodologies (ISECOM) –Based on Open Source Security Testing Methodology Manual (OSSTMM) Written by Peter Herzog –Five main topics (i.e., professional, enumeration, assessments, application, and verification) –Web site: www.isecom.org Hands-On Ethical Hacking and Network Defense, Second Edition13

14 Certified Information Systems Security Professional (CISSP) Issued by the International Information Systems Security Certification Consortium (ISC2) –Not geared toward technical IT professionals –Tests security-related managerial skills Usually more concerned with policies and procedures –Consists of ten domains –Web site: www.isc2.org Hands-On Ethical Hacking and Network Defense, Second Edition14

15 SANS Institute SysAdmin, Audit, Network, Security (SANS) Institute –Offers training and certifications through Global Information Assurance Certification (GIAC) Top 20 list –One of the most popular SANS Institute documents –Details most common network exploits –Suggests ways of correcting vulnerabilities –Web site: www.sans.org Hands-On Ethical Hacking and Network Defense, Second Edition15

16 Which Certification Is Best? Penetration testers and security testers –Both need technical skills to perform duties effectively Good understanding of networks Role of management in an organization Skills in writing and verbal communication Desire to continue learning Danger of certification exams –Some participants simply memorize terminology Don’t have a good grasp of subject matter Hands-On Ethical Hacking and Network Defense, Second Edition16

17 What You Can Do Legally Laws involving technology change as rapidly as technology itself –Keep abreast of what’s happening in your area Find out what is legal for you locally –Be aware of what is allowed and what you should not or cannot do Laws vary from state to state and country to country Hands-On Ethical Hacking and Network Defense, Second Edition17

18 Laws of the Land Some hacking tools on your computer might be illegal –Contact local law enforcement agencies before installing hacking tools Laws are written to protect society –Written words are open to interpretation Government is getting more serious about cybercrime punishment Hands-On Ethical Hacking and Network Defense, Second Edition18

19 Hands-On Ethical Hacking and Network Defense, Second Edition19 Table 1-1 An overview of recent hacking cases

20 Hands-On Ethical Hacking and Network Defense, Second Edition20 Table 1-1 An overview of recent hacking cases (cont’d.)

21 Is Port Scanning Legal? Some states deem it legal –Not always the case –Be prudent before using penetration-testing tools Federal government does not see it as a violation –Allows each state to address it separately Research state laws Read your ISP’s “Acceptable Use Policy” Hands-On Ethical Hacking and Network Defense, Second Edition21

22 Hands-On Ethical Hacking and Network Defense, Second Edition22 Figure 1-2 An example of an acceptable use policy

23 Is Port Scanning Legal? (cont’d.) IRC “bot” –Program that sends automatic responses to users –Gives the appearance of a person being present Hands-On Ethical Hacking and Network Defense, Second Edition23

24 Federal Laws Federal computer crime laws are getting more specific –Cybercrimes –Intellectual property issues Computer hacking and intellectual property (CHIP) –New government branch to address computer hacking and intellectual property crimes Hands-On Ethical Hacking and Network Defense, Second Edition24

25 Hands-On Ethical Hacking and Network Defense, Second Edition25 Table 1-2 Federal computer crime laws

26 Hands-On Ethical Hacking and Network Defense, Second Edition26 Table 1-2 Federal computer crime laws (cont’d.)

27 What You Cannot Do Legally Illegal actions: –Accessing a computer without permission –Destroying data without permission –Copying information without permission –Installing worms or viruses –Denying users access to network resources Be careful your actions do not prevent client’s employees from doing their jobs Hands-On Ethical Hacking and Network Defense, Second Edition27

28 Get It in Writing Using a contract is good business –May be useful in court Books on working as an independent contractor –The Computer Consultant’s Guide by Janet Ruhl –Getting Started in Computer Consulting by Peter Meyer Internet can also be a helpful resource –Free modifiable templates Have an attorney read your contract before signing Hands-On Ethical Hacking and Network Defense, Second Edition28

29 Ethical Hacking in a Nutshell Skills needed to be a security tester –Knowledge of network and computer technology –Ability to communicate with management and IT personnel –An understanding of the laws in your location –Ability to use necessary tools Hands-On Ethical Hacking and Network Defense, Second Edition29

30 Summary Companies hire ethical hackers to perform penetration tests –Penetration tests discover vulnerabilities in a network –Security tests are performed by a team of people with varied skills Penetration test models –White box model –Black box model –Gray box model Hands-On Ethical Hacking and Network Defense, Second Edition30

31 Summary (cont’d.) Security testers can earn certifications –CEH –CISSP –OPST Be aware –What you are legally allowed or not allowed to do ISPs may have an acceptable use policy –May limit ability to use tools Hands-On Ethical Hacking and Network Defense, Second Edition31

32 Summary (cont’d.) Laws should be understood before conducting a security test –Federal laws –State laws Get it in writing –Use a contract –Have an attorney read the contract Understand tools available to conduct security tests –Learning how to use them should be a focused and methodical process Hands-On Ethical Hacking and Network Defense, Second Edition32

Download ppt "About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Security and Personnel

Security and Personnel
Chapter 1 Ethical Hacking Overview. Who Am I?  Kevin Riley  Systems / Network Analyst Orange Coast College   Phone 714.432.5949.

Chapter 1 Ethical Hacking Overview. Who Am I?  Kevin Riley  Systems / Network Analyst Orange Coast College   Phone
Computer Threats I can understand computer threats and how to protect myself from these threats.

Computer Threats I can understand computer threats and how to protect myself from these threats.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.

1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.

 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
CS 5150 1 CS 5150: Software Engineering Lecture 5 Legal Aspects of Software Engineering 1.

CS CS 5150: Software Engineering Lecture 5 Legal Aspects of Software Engineering 1.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Similar presentations

Ads by Google