Recomendados
Más contenido relacionado
Más de primeteacher32
Más de primeteacher32 (20)
Último
Último (20)
Penetration Testing and Ethical Hacking
- 1. Penetration Testing and Ethical Hacking
- 2. Who Are the Attackers? • White hat hackers (Hacker) - “Ethical attackers” who received permission to probe system for any weaknesses • Black hat hackers - Attackers who violated computer security for personal gain or to inflict malicious damage • Gray hat hackers – Attackers who would break into a computer system without permission and then publically disclose vulnerability
- 3. What is Pen Testing? • A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities.These vulnerabilities may exist in operating systems, service and application flaws, improper configurations, or risky end- user behavior. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as, end-user adherence to security policies. • Penetration tests are typically performed using manual or automated technologies to systematically compromise servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure. • Once vulnerabilities have been successfully exploited on a particular system, testers may attempt to use the compromised system to launch subsequent exploits at other internal resources, specifically by trying to incrementally achieve higher levels of security clearance and deeper access to electronic assets and information via privilege escalation. • Information about any security vulnerabilities successfully exploited through penetration testing is typically aggregated and presented to IT and network systems managers to help those professionals make strategic conclusions and prioritize related remediation efforts.The fundamental purpose of penetration testing is to measure the feasibility of systems or end-user compromise and evaluate any related consequences such incidents may have on the involved resources or operations.
- 4. What is Ethical Hacking • Question:What constitutes ethical hacking? • For hacking to be deemed ethical, the hacker must obey the following rules: • Expressed (often written) permission to probe the network and attempt to identify potential security risks. • You respect the individual's or company's privacy. • You close out your work, not leaving anything open for you or someone else to exploit at a later time. • You let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software or hardware, if not already known by the company.
Notas del editor
- Attackers are people who try to gain unauthorized access to your computer. This is normally done through the use of a 'backdoor' program installed on your machine. You can protect yourself from these by using a firewall and a good up-to-date anti-virus program. You would normally get such a backdoor program by opening an E-mail attachment containing the backdoor program. It is normal for such a backdoor program to send out more copies of itself to everyone in your address book, so it is possible for someone you know to unintentionally send you a malicious program. A few backdoor programs can work with any e-mail program by sitting in memory and watching for a connection to a mail server, rather than actually running from within a specific mail program. These programs automatically attach themselves to any e-mail you send, causing you to unintentionally send out malicious programs to your friends and associates. Why do hackers hack? To a hacker, breaking into someone’s computer is simply a challenge. They may not specifically intend to do damage to the computer. The thrill of simply gaining access is often enough. Hackers often try to show off their skills to the world by hacking into government computers, or as revenge against another user or agency. FAMOUS CASES Kevin Mitnick was arrested for stealing credit card numbers and for gaining illegal entry into numerous systems via the internet. Ed Cummings was the first person in the United States to be imprisoned for possession of a red box. The charges The grand jury charged that he "knowingly and with intent to defraud did possess and have custody and control of a telecommunications instrument, that had been modified and altered to obtain unauthorized use of telecommunicatio n services through the use of public telephones" on or about March 13 and 15 of 1995. He was also charged with "being in possession of hardware and software used for altering and modifying telecommunications instruments to obtain unauthorized access to telecommunications service." Craig Neidorf, an employee of Bellsouth, was arrested for distributing information that was thought to have been illegally obtained from the company. A pre-law student at the University of Missouri and the editor of Phrack Magazine, was questioned first at home, then had his house searched, a nd then was called in for questioning by the U.S. Attorney's Office in Chicago in 1990 in which he complied willingly.
- Written agreement(contract) of what is to be tested, on and off limits No release of malicious content