Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense

Published byGordon Morris Modified over 9 years ago

Similar presentations

Presentation on theme: "Hands-On Ethical Hacking and Network Defense"— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense
Chapter 1 Ethical Hacking Overview

2 Objectives Describe the role of an ethical hacker
Describe what you can do legally as an ethical hacker Describe what you cannot do as an ethical hacker Hands-On Ethical Hacking and Network Defense

3 Introduction to Ethical Hacking
Ethical hackers Employed by companies to perform penetration tests Penetration test Legal attempt to break into a company’s network to find its weakest link Tester only reports findings Security test More than an attempt to break in; also includes analyzing company’s security policy and procedures Tester offers solutions to secure or protect the network Hands-On Ethical Hacking and Network Defense

4 The Role of Security and Penetration Testers
Hackers Access computer system or network without authorization Breaks the law; can go to prison Crackers Break into systems to steal or destroy data U.S. Department of Justice calls both hackers Ethical hacker Performs most of the same activities but with owner’s permission Hands-On Ethical Hacking and Network Defense

5 The Role of Security and Penetration Testers (continued)
Script kiddies or packet monkeys Young inexperienced hackers Copy codes and techniques from knowledgeable hackers Programming languages used by experienced penetration testers Practical Extraction and Report Language (Perl) C Script Set of instructions that runs in sequence Hands-On Ethical Hacking and Network Defense

6 The Role of Security and Penetration Testers (continued)
Tiger box Collection of OSs and hacking tools Helps penetration testers and security testers conduct vulnerabilities assessments and attacks Hands-On Ethical Hacking and Network Defense

7 Penetration-Testing Methodologies
White box model Tester is told everything about the network topology and technology Tester is authorized to interview IT personnel and company employees Makes tester job a little easier Black box model Company staff does not know about the test Tester is not given details about the network Burden is on the tester to find these details Tests if security personnel are able to detect an attack Hands-On Ethical Hacking and Network Defense

8 Hands-On Ethical Hacking and Network Defense

9 Penetration-Testing Methodologies (continued)
Gray box model Hybrid of the white and black box models Company gives tester partial information Hands-On Ethical Hacking and Network Defense

10 Certification Programs for Network Security Personnel
Certification programs available in almost every area of network security Other certifications that help prepare for these certifications CompTIA Security+ Network+ Hands-On Ethical Hacking and Network Defense

11 Certified Ethical Hacker (CEH)
Developed by the International Council of Electronic Commerce Consultants (EC-Council) Based on 21 domains (subject areas) Web site Red team Conducts penetration tests Composed of people with varied skills Hands-On Ethical Hacking and Network Defense

12 OSSTMM Professional Security Tester (OPST)
Designated by the Institute for Security and Open Methodologies (ISECOM) Based on the Open Source Security Testing Methodology Manual (OSSTMM) Written by Peter Herzog Consists of 5 domains Web site Hands-On Ethical Hacking and Network Defense

13 Certified Information Systems Security Professional (CISSP)
Issued by the International Information Systems Security Certifications Consortium (ISC2) Usually more concerned with policies and procedures Consists of 10 domains Web site Hands-On Ethical Hacking and Network Defense

14 SANS Institute SysAdmin, Audit, Network, Security (SANS)
Offers certifications through Global Information Assurance Certification (GIAC) Top 20 list One of the most popular SANS Institute documents Details the most common network exploits Suggests ways of correcting vulnerabilities Web site Hands-On Ethical Hacking and Network Defense

15 What You Can Do Legally Laws involving technology change as rapidly as technology itself Find what is legal for you locally Laws change from place to place Be aware of what is allowed and what is not allowed Hands-On Ethical Hacking and Network Defense

16 Laws of the Land Tools on your computer might be illegal to possess
Contact local law enforcement agencies before installing hacking tools Written words are open to interpretation Governments are getting more serious about punishment for cybercrimes Hands-On Ethical Hacking and Network Defense

17 Hands-On Ethical Hacking and Network Defense

18 Hands-On Ethical Hacking and Network Defense

19 Is Port Scanning Legal? Some states deem it legal Not always the case
Federal Government does not see it as a violation Allows each state to address it separately Read your ISP’s “Acceptable Use Policy” IRC “bot” Program that sends automatic responses to users Gives the appearance of a person being present Hands-On Ethical Hacking and Network Defense

20 Hands-On Ethical Hacking and Network Defense

21 Federal Laws Federal computer crime laws are getting more specific
Cover cybercrimes and intellectual property issues Computer Hacking and Intellectual Property (CHIP) New government branch to address cybercrimes and intellectual property issues Hands-On Ethical Hacking and Network Defense

22 Hands-On Ethical Hacking and Network Defense

23 What You Cannot Do Legally
Accessing a computer without permission is illegal Other illegal actions Installing worms or viruses Denial of Service attacks Denying users access to network resources Be careful your actions do not prevent customers from doing their jobs Hands-On Ethical Hacking and Network Defense

24 Get It in Writing Using a contract is just good business
Contracts may be useful in court Books on working as an independent contractor The Computer Consultant’s Guide by Janet Ruhl Getting Started in Computer Consulting by Peter Meyer Internet can also be a useful resource Have an attorney read over your contract before sending or signing it Hands-On Ethical Hacking and Network Defense

25 Ethical Hacking in a Nutshell
What it takes to be a security tester Knowledge of network and computer technology Ability to communicate with management and IT personnel Understanding of the laws Ability to use necessary tools Hands-On Ethical Hacking and Network Defense

26 Summary Companies hire ethical hackers to perform penetration tests
Penetration tests discover vulnerabilities in a network Security tests are performed by a team of people with varied skills Penetration test models: White box model Black box model Gray box model Security testers can earn certifications Hands-On Ethical Hacking and Network Defense

27 Summary (continued) Certifications
CEH CISSP OPST Sans Institute Be aware of what you are legally allowed or not allowed to do Laws change from place to place ISPs usually have an “Acceptable Use Policy” Hands-On Ethical Hacking and Network Defense

28 Summary (continued) State and federal laws should be understood before conducting a security test Get it in writing Use a contract Have an attorney read the contract Hands-On Ethical Hacking and Network Defense

Download ppt "Hands-On Ethical Hacking and Network Defense"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.

1.8 Malpractice and Crime In this section you must be able to: Explain the consequences of malpractice and crime on information systems. Describe the possible.
Craig Rimando Luke White. “hacking” - negative connotation Not always that way Originally a compliment Not all hacking necessarily bad “Good” hacking?

Craig Rimando Luke White. “hacking” - negative connotation Not always that way Originally a compliment Not all hacking necessarily bad “Good” hacking?
Security and Personnel

Security and Personnel
Chapter 1 Ethical Hacking Overview. Who Am I?  Kevin Riley  Systems / Network Analyst Orange Coast College   Phone 714.432.5949.

Chapter 1 Ethical Hacking Overview. Who Am I?  Kevin Riley  Systems / Network Analyst Orange Coast College   Phone
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Hectic Ethics Computer Applications Mrs. Wohleb. Objectives Students will be able to: Describe ethical considerations resulting from technological advances.

Hectic Ethics Computer Applications Mrs. Wohleb. Objectives Students will be able to: Describe ethical considerations resulting from technological advances.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.

About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.

 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Handling Security Incidents

Handling Security Incidents
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Security, Privacy, and Ethical Issues in Information Systems and the Internet Chapter.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Similar presentations

Ads by Google