Download presentation
Presentation is loading. Please wait.
Published byJustin Lloyd Modified over 10 years ago
1
Introduction to Ethical Hacking, Ethics, and Legality
2
Defining Ethical Hacking Hacking for defensive purposes White Hats, Black Hats, Gray Hats Hacktivists: Hacking for a cause Script Kiddies: Use other’s tools Testing White Box: Know everything Black Box: Know only company name Gray Box: between white box and black box, from inside Security Elements CIA: Confidentiality, Integrity, Authenticity/Availability
3
Threat Exploit Vulnerability Target of Evaluation Attack Remote vs Local
4
1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Covering Tracks
5
Two Basic Types Passive: dumpster diving, shoulder surfing, eavesdropping, gathering data from a whois tool, DNS, and network scanning, find active machines, open ports & apps Active: probing, social engineering,
6
Dialers Port Scanners ICMP Scanners PING Sweeps Network Mappers SNMP Sweepers Vulnerability Scanners
7
Buffer overflows Denial of Service Session Hijacking
8
Planting Backdoors Rootkits Trojans Making a zombie
9
Steganography Snow.exe: ASCII files Stealth: PGP files ImageHide: Text files Tunneling Protocols ITunnel, Ptunnel Altering Log Files Elsave, WinZapper
10
Operating Systems Default setting, bugs Applications Default settings, bugs Shrink-Wrap code Enabled features that aren’t used but left open Misconfigurations
11
Remote Network Remote Dial-Up Network Local Network Stolen Equipment Social Engineering Physical Entry Operating System Application Level Shrink wrap and malicious code attacks Misconfiguration attacks
12
Gain Authorization Maintain/follow nondisclosure agreement Maintain confidentiality Perform test – but do no evil
13
EC-Council’s 3 Phrases 1. Preparation 2. Conduct 3. Conclusion
14
No U.S. laws prior to 1984 outlawing crimes committed with or against a computer Who investigates? Financial computer crimes -> U.S. Secret Service All other computer crimes -> Federal Bureau of Investigation Computer Fraud and Abuse Act – 1986 / 1996 18 U.S.C. 1030: Fraud and Related activity in connection with computers 18 U.S.C. 1029: Fraud and Related activity in connection with Access Devices
15
Computer Misuse Act of 1990 (United Kingdom) Freedom of Information Act (FOIA) USA Patriot Act - 2001
16
Cyber Security Enhancement Act of 2002 SPY ACT 2007 18 U.S.C. 1028: deals with fraud related to possession of false identification documents 18 U.S.C. 1362: Destruction of Communication Lines, Stations, or Systems 18 U.S.C. 2510: Wire and Electronic Communications Interception and Interception of Oral Communication 18 U.S.C. 2701: Stored wire and electronic communications, and transactional records access
17
Human Rights Act 1998 (U.K.) judges are not allowed to override the Act. However, they can issue a declaration of incompatibility makes available in UK courts a remedy for breach of a Convention right, without the need to go to the European Court of Human Rights. totally abolished the death penalty in UK law. FMFIA of 1982 2004 CAN SPAM Act
18
Federal Information Security Mgt Act (FISMA) Privacy Act of 1974 Gov’t Paperwork Elimination Act (GPEA) Stalking Amendment Act 1999 (Australia) Equal Credit Opportunity Act (ECOA) Prohibits creditors from collecting data from applicants, such as national origin, caste, religion
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.