Lecture 22 - Ethical hacking. After studying this chapter you will be able to understand: Ethical hacking, what you can do legally as an ethical hacker, what you cannot do as an ethical hacker. | Lecture 22 Ethical Hacking Objectives Ethical hacking What you can do legally as an ethical hacker What you cannot do as an ethical hacker Hacker and Ethical hacker Hackers Access computer system or network without authorization Breaks the law; can go to prison Ethical hacker Performs most of the same activities but with owner’s permission Employed by companies to perform penetration tests Penetration test vs. Security test Penetration test Legal attempt to break into a company’s network to find its weakest link Tester only reports findings Security test More than an attempt to break in; also includes analyzing company’s security policy and procedures Tester offers solutions to secure or protect the network Penetration test & Security test Programming languages used by experienced penetration testers Practical Extraction and Report Language (Perl) C Tiger box Collection of OSs and hacking tools Helps penetration testers and security testers conduct vulnerabilities assessments and attacks Penetration-Testing Methodologies Penetration-Testing Methodologies White box model Black box model Gray box model White box model Tester is told everything about the network topology and technology Tester is authorized to interview IT personnel and company employees Makes tester job a little easier Penetration-Testing Methodologies (continued) Black box model Company staff does not know about the test Tester is not given details about the network Burden is on the tester to find these details Tests if security personnel are able to detect an attack Gray box model Hybrid of the white and black box models Company gives tester partial information Certification Programs for Network Security Personnel Penetration testers need to have the technical skills good understanding of networks the role of management in an organization. Network security certification programs Certified Ethical Hacker (CEH) OSSTMM Professional Security Tester | Lecture 22 Ethical Hacking Objectives Ethical hacking What you can do legally as an ethical hacker What you cannot do as an ethical hacker Hacker and Ethical hacker Hackers Access computer system or network without authorization Breaks the law; can go to prison Ethical hacker Performs most of the same activities but with owner’s permission Employed by companies to perform penetration tests Penetration test vs. Security test Penetration test Legal attempt to break into a company’s network to find its weakest link Tester only reports findings Security test More than an attempt to break in; also includes analyzing company’s security policy and procedures Tester offers solutions to secure or protect the network Penetration test & Security test Programming languages used by experienced penetration testers Practical Extraction and Report Language (Perl) C Tiger box Collection of OSs and hacking tools Helps penetration testers and security testers conduct .
