SlideShare a Scribd company logo

Ethical hacking Chapter 1 - Overview - Eric Vanderburg

Download as PPTX, PDF
Eric Vanderburg
Eric Vanderburg

The document discusses ethical hacking and the role of ethical hackers. Ethical hackers are employed by companies to perform penetration tests to find vulnerabilities in a company's network. There are different penetration testing models like white box, black box, and gray box. Security testers can earn certifications from programs like CEH, CISSP, and OPST. Ethical hackers must understand what activities are legally allowed like penetration testing and what are not, such as installing viruses, as laws vary by location. It is important for ethical hackers to have a contract in place when performing security tests for a company.

1 of 23
Downloaded 64 times
Ethical Hacking CHAPTER 1 – OVERVIEW ERIC VANDERBURG
Objectives  Describe the role of an ethical hacker  Describe what you can do legally as an ethical hacker  Describe what you cannot do as an ethical hacker
Introduction to Ethical Hacking  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network
The Role of Security and Penetration Testers  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission
The Role of Security and Penetration Testers (cScoriptn kidtdiniesu ore padck)et monkeys  Young inexperienced hackers  Copy codes and techniques from knowledgeable hackers  Programming languages used by experienced penetration testers  Practical Extraction and Report Language (Perl)  C  Script  Set of instructions that runs in sequence
The Role of Security and Penetration Testers (cTigoer nbotxinued)  Collection of OSs and hacking tools  Helps penetration testers and security testers conduct vulnerabilities assessments and attacks
Penetration-Testing Methodologies  White box model  Tester is told everything about the network topology and technology  Tester is authorized to interview IT personnel and company employees  Makes tester job a little easier  Black box model  Company staff does not know about the test  Tester is not given details about the network  Burden is on the tester to find these details  Tests if security personnel are able to detect an attack
Penetration-Testing Methodologies (continued)  Gray box model  Hybrid of the white and black box models  Company gives tester partial information
Certification Programs for Network Security Personnel  Certification programs available in almost every area of network security  Other certifications that help prepare for these certifications  CompTIA Security+  Network+
Certified Ethical Hacker (CEH)  Developed by the International Council of Electronic Commerce Consultants (EC-Council)  Based on 21 domains (subject areas)  Web site  www.eccouncil.org  Red team  Conducts penetration tests  Composed of people with varied skills
OSSTMM Professional Security Tester (OPST)  Designated by the Institute for Security and Open Methodologies (ISECOM)  Based on the Open Source Security Testing Methodology Manual (OSSTMM)  Written by Peter Herzog  Consists of 5 domains  Web site  www.isecom.org
Certified Information Systems Security Professional (CISSP)  Issued by the International Information Systems Security Certifications Consortium (ISC2)  Usually more concerned with policies and procedures  Consists of 10 domains  Web site  www.isc2.org
SANS Institute  SysAdmin, Audit, Network, Security (SANS)  Offers certifications through Global Information Assurance Certification (GIAC)  Top 20 list  One of the most popular SANS Institute documents  Details the most common network exploits  Suggests ways of correcting vulnerabilities  Web site  www.sans.org
What You Can Do Legally  Laws involving technology change as rapidly as technology itself  Find what is legal for you locally  Laws change from place to place  Be aware of what is allowed and what is not allowed
Laws of the Land  Tools on your computer might be illegal to possess  Contact local law enforcement agencies before installing hacking tools  Written words are open to interpretation  Governments are getting more serious about punishment for cybercrimes
Is Port Scanning Legal?  Some states deem it legal  Not always the case  Federal Government does not see it as a violation  Allows each state to address it separately  Read your ISP’s “Acceptable Use Policy”  IRC “bot”  Program that sends automatic responses to users  Gives the appearance of a person being present
Federal Laws  Federal computer crime laws are getting more specific  Cover cybercrimes and intellectual property issues  Computer Hacking and Intellectual Property (CHIP)  New government branch to address cybercrimes and intellectual property issues
What You Cannot Do Legally  Accessing a computer without permission is illegal  Other illegal actions  Installing worms or viruses  Denial of Service attacks  Denying users access to network resources  Be careful your actions do not prevent customers from doing their jobs
Get It in Writing  Using a contract is just good business  Contracts may be useful in court  Books on working as an independent contractor  The Computer Consultant’s Guide by Janet Ruhl  Getting Started in Computer Consulting by Peter Meyer  Internet can also be a useful resource  Have an attorney read over your contract before sending or signing it
Ethical Hacking in a Nutshell  What it takes to be a security tester  Knowledge of network and computer technology  Ability to communicate with management and IT personnel  Understanding of the laws  Ability to use necessary tools
Summary  Companies hire ethical hackers to perform penetration tests  Penetration tests discover vulnerabilities in a network  Security tests are performed by a team of people with varied skills  Penetration test models:  White box model  Black box model  Gray box model  Security testers can earn certifications
Summary (continued)  Certifications  CEH  CISSP  OPST  Sans Institute  Be aware of what you are legally allowed or not allowed to do  Laws change from place to place  ISPs usually have an “Acceptable Use Policy”
Summary (continued)  State and federal laws should be understood before conducting a security test  Get it in writing  Use a contract  Have an attorney read the contract

Recommended

Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Eric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Eric Vanderburg
 
Ethical hacking Chapter 5 - Physical Information Gathering - Eric Vanderburg
Ethical hacking Chapter 5 - Physical Information Gathering - Eric VanderburgEthical hacking Chapter 5 - Physical Information Gathering - Eric Vanderburg
Ethical hacking Chapter 5 - Physical Information Gathering - Eric Vanderburg
Eric Vanderburg
 
Ch05 Network Defenses
Ch05 Network DefensesCh05 Network Defenses
Ch05 Network Defenses
Information Technology
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric VanderburgEthical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
Ethical hacking Chapter 9 - Linux Vulnerabilities - Eric Vanderburg
Eric Vanderburg
 
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric VanderburgEthical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Ethical hacking chapter 8 - Windows Vulnerabilities - Eric Vanderburg
Eric Vanderburg
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
koolkampus
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)
Wail Hassan
 
Network and web security
Network and web securityNetwork and web security
Network and web security
Nitesh Saitwal
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Network Security
Network SecurityNetwork Security
Network Security
Raymond Jose
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)
Wail Hassan
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
Intruders detection
Intruders detectionIntruders detection
Intruders detection
Ehtisham Ali
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
AfiqEfendy Zaen
 
Network Security
Network SecurityNetwork Security
Network Security
VIKAS SINGH BHADOURIA
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Viraj Kansara
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security concepts
sonuagain
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking Overview
Sam Bowne
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
Netwax Lab
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer Attacks
Sam Bowne
 
Windows network security
Windows network securityWindows network security
Windows network security
Information Technology
 
Certified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book SummaryCertified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book Summary
udemy course
 
Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6
HCL Technologies
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
waqasahmad1995
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
srivijaymanickam
 
Ch01
Ch01Ch01
Ch01
phanleson
 
Ch01
Ch01Ch01
Ch01
phanleson
 

More Related Content

What's hot (20)

Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)
Wail Hassan
 
Network and web security
Network and web securityNetwork and web security
Network and web security
Nitesh Saitwal
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Network Security
Network SecurityNetwork Security
Network Security
Raymond Jose
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)
Wail Hassan
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
Intruders detection
Intruders detectionIntruders detection
Intruders detection
Ehtisham Ali
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
AfiqEfendy Zaen
 
Network Security
Network SecurityNetwork Security
Network Security
VIKAS SINGH BHADOURIA
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Viraj Kansara
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security concepts
sonuagain
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking Overview
Sam Bowne
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
Netwax Lab
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer Attacks
Sam Bowne
 
Windows network security
Windows network securityWindows network security
Windows network security
Information Technology
 
Certified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book SummaryCertified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book Summary
udemy course
 
Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6
HCL Technologies
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
waqasahmad1995
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
srivijaymanickam
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)
Wail Hassan
 
Network and web security
Network and web securityNetwork and web security
Network and web security
Nitesh Saitwal
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Network Security
Network SecurityNetwork Security
Network Security
Raymond Jose
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)
Wail Hassan
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
Intruders detection
Intruders detectionIntruders detection
Intruders detection
Ehtisham Ali
 
Network Security Chapter 7
Network Security Chapter 7Network Security Chapter 7
Network Security Chapter 7
AfiqEfendy Zaen
 
Network Security
Network SecurityNetwork Security
Network Security
VIKAS SINGH BHADOURIA
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Viraj Kansara
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security concepts
sonuagain
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking Overview
Sam Bowne
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
Netwax Lab
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer Attacks
Sam Bowne
 
Windows network security
Windows network securityWindows network security
Windows network security
Information Technology
 
Certified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book SummaryCertified Ethical Hacking - Book Summary
Certified Ethical Hacking - Book Summary
udemy course
 
Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6
HCL Technologies
 
Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
waqasahmad1995
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
srivijaymanickam
 

Similar to Ethical hacking Chapter 1 - Overview - Eric Vanderburg (20)

Ch01
Ch01Ch01
Ch01
phanleson
 
Ch01
Ch01Ch01
Ch01
phanleson
 
Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Ethical Hacking and Network Defense
Ethical Hacking and Network Defense
Rishab garg
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
ssuser5162c9
 
CEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertCEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expert
jmbrrvgzhr
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
monacofamily
 
The Role of Security and Penetration Testers
The Role of Security and Penetration TestersThe Role of Security and Penetration Testers
The Role of Security and Penetration Testers
yasirabdullah15
 
Foot printing and Reconnaissance Techniques
Foot printing and Reconnaissance TechniquesFoot printing and Reconnaissance Techniques
Foot printing and Reconnaissance Techniques
yasirabdullah15
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
Sam Bowne
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Binit Kumar
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Sanu Subham
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKING
Drm Kapoor
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
forensicsnation
 
FNC Corporate Protect
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
forensicsnation
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
forensicsnation
 
Overview of Penetration Testing Phases.pdf
Overview of Penetration Testing Phases.pdfOverview of Penetration Testing Phases.pdf
Overview of Penetration Testing Phases.pdf
Rosy G
 
Advanced pc security final exam results
Advanced pc security final exam resultsAdvanced pc security final exam results
Advanced pc security final exam results
Dale Vick
 
Penetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt itPenetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt it
TestingXperts
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hacking
joeymar143
 
New_Delhi_31072015_CMA_Amit_Kumar_1.pdf forensic
New_Delhi_31072015_CMA_Amit_Kumar_1.pdf forensicNew_Delhi_31072015_CMA_Amit_Kumar_1.pdf forensic
New_Delhi_31072015_CMA_Amit_Kumar_1.pdf forensic
PreciousChineka
 
Ch01
Ch01Ch01
Ch01
phanleson
 
Ch01
Ch01Ch01
Ch01
phanleson
 
Ethical Hacking and Network Defense
Ethical Hacking and Network Defense Ethical Hacking and Network Defense
Ethical Hacking and Network Defense
Rishab garg
 
ch01.ppt
ch01.pptch01.ppt
ch01.ppt
ssuser5162c9
 
CEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expertCEH Hacking Overview from beginner to expert
CEH Hacking Overview from beginner to expert
jmbrrvgzhr
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
monacofamily
 
The Role of Security and Penetration Testers
The Role of Security and Penetration TestersThe Role of Security and Penetration Testers
The Role of Security and Penetration Testers
yasirabdullah15
 
Foot printing and Reconnaissance Techniques
Foot printing and Reconnaissance TechniquesFoot printing and Reconnaissance Techniques
Foot printing and Reconnaissance Techniques
yasirabdullah15
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
Sam Bowne
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Binit Kumar
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Sanu Subham
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKING
Drm Kapoor
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
forensicsnation
 
FNC Corporate Protect
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
forensicsnation
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
forensicsnation
 
Overview of Penetration Testing Phases.pdf
Overview of Penetration Testing Phases.pdfOverview of Penetration Testing Phases.pdf
Overview of Penetration Testing Phases.pdf
Rosy G
 
Advanced pc security final exam results
Advanced pc security final exam resultsAdvanced pc security final exam results
Advanced pc security final exam results
Dale Vick
 
Penetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt itPenetration testing 5 reasons Why Organizations Should Adopt it
Penetration testing 5 reasons Why Organizations Should Adopt it
TestingXperts
 
29386971 hacking
29386971 hacking29386971 hacking
29386971 hacking
joeymar143
 
New_Delhi_31072015_CMA_Amit_Kumar_1.pdf forensic
New_Delhi_31072015_CMA_Amit_Kumar_1.pdf forensicNew_Delhi_31072015_CMA_Amit_Kumar_1.pdf forensic
New_Delhi_31072015_CMA_Amit_Kumar_1.pdf forensic
PreciousChineka
 

More from Eric Vanderburg (20)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Eric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
Eric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Eric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Eric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
Eric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
Eric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Eric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
Eric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
Eric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
Eric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Eric Vanderburg
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Eric Vanderburg
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Eric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
Eric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Eric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Eric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
Eric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
Eric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Eric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
Eric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
Eric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
Eric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Eric Vanderburg
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Eric Vanderburg
 

Recently uploaded (20)

Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes Partner Innovation Updates for May 2025
ThousandEyes
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 

Ethical hacking Chapter 1 - Overview - Eric Vanderburg

  • 1. Ethical Hacking CHAPTER 1 – OVERVIEW ERIC VANDERBURG
  • 2. Objectives  Describe the role of an ethical hacker  Describe what you can do legally as an ethical hacker  Describe what you cannot do as an ethical hacker
  • 3. Introduction to Ethical Hacking  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network
  • 4. The Role of Security and Penetration Testers  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission
  • 5. The Role of Security and Penetration Testers (cScoriptn kidtdiniesu ore padck)et monkeys  Young inexperienced hackers  Copy codes and techniques from knowledgeable hackers  Programming languages used by experienced penetration testers  Practical Extraction and Report Language (Perl)  C  Script  Set of instructions that runs in sequence
  • 6. The Role of Security and Penetration Testers (cTigoer nbotxinued)  Collection of OSs and hacking tools  Helps penetration testers and security testers conduct vulnerabilities assessments and attacks
  • 7. Penetration-Testing Methodologies  White box model  Tester is told everything about the network topology and technology  Tester is authorized to interview IT personnel and company employees  Makes tester job a little easier  Black box model  Company staff does not know about the test  Tester is not given details about the network  Burden is on the tester to find these details  Tests if security personnel are able to detect an attack
  • 8. Penetration-Testing Methodologies (continued)  Gray box model  Hybrid of the white and black box models  Company gives tester partial information
  • 9. Certification Programs for Network Security Personnel  Certification programs available in almost every area of network security  Other certifications that help prepare for these certifications  CompTIA Security+  Network+
  • 10. Certified Ethical Hacker (CEH)  Developed by the International Council of Electronic Commerce Consultants (EC-Council)  Based on 21 domains (subject areas)  Web site  www.eccouncil.org  Red team  Conducts penetration tests  Composed of people with varied skills
  • 11. OSSTMM Professional Security Tester (OPST)  Designated by the Institute for Security and Open Methodologies (ISECOM)  Based on the Open Source Security Testing Methodology Manual (OSSTMM)  Written by Peter Herzog  Consists of 5 domains  Web site  www.isecom.org
  • 12. Certified Information Systems Security Professional (CISSP)  Issued by the International Information Systems Security Certifications Consortium (ISC2)  Usually more concerned with policies and procedures  Consists of 10 domains  Web site  www.isc2.org
  • 13. SANS Institute  SysAdmin, Audit, Network, Security (SANS)  Offers certifications through Global Information Assurance Certification (GIAC)  Top 20 list  One of the most popular SANS Institute documents  Details the most common network exploits  Suggests ways of correcting vulnerabilities  Web site  www.sans.org
  • 14. What You Can Do Legally  Laws involving technology change as rapidly as technology itself  Find what is legal for you locally  Laws change from place to place  Be aware of what is allowed and what is not allowed
  • 15. Laws of the Land  Tools on your computer might be illegal to possess  Contact local law enforcement agencies before installing hacking tools  Written words are open to interpretation  Governments are getting more serious about punishment for cybercrimes
  • 16. Is Port Scanning Legal?  Some states deem it legal  Not always the case  Federal Government does not see it as a violation  Allows each state to address it separately  Read your ISP’s “Acceptable Use Policy”  IRC “bot”  Program that sends automatic responses to users  Gives the appearance of a person being present
  • 17. Federal Laws  Federal computer crime laws are getting more specific  Cover cybercrimes and intellectual property issues  Computer Hacking and Intellectual Property (CHIP)  New government branch to address cybercrimes and intellectual property issues
  • 18. What You Cannot Do Legally  Accessing a computer without permission is illegal  Other illegal actions  Installing worms or viruses  Denial of Service attacks  Denying users access to network resources  Be careful your actions do not prevent customers from doing their jobs
  • 19. Get It in Writing  Using a contract is just good business  Contracts may be useful in court  Books on working as an independent contractor  The Computer Consultant’s Guide by Janet Ruhl  Getting Started in Computer Consulting by Peter Meyer  Internet can also be a useful resource  Have an attorney read over your contract before sending or signing it
  • 20. Ethical Hacking in a Nutshell  What it takes to be a security tester  Knowledge of network and computer technology  Ability to communicate with management and IT personnel  Understanding of the laws  Ability to use necessary tools
  • 21. Summary  Companies hire ethical hackers to perform penetration tests  Penetration tests discover vulnerabilities in a network  Security tests are performed by a team of people with varied skills  Penetration test models:  White box model  Black box model  Gray box model  Security testers can earn certifications
  • 22. Summary (continued)  Certifications  CEH  CISSP  OPST  Sans Institute  Be aware of what you are legally allowed or not allowed to do  Laws change from place to place  ISPs usually have an “Acceptable Use Policy”
  • 23. Summary (continued)  State and federal laws should be understood before conducting a security test  Get it in writing  Use a contract  Have an attorney read the contract