This document defines the role of an ethical hacker and outlines the phases of ethical hacking. An ethical hacker uses their skills to test a company's security systems and find vulnerabilities. They conduct penetration tests with the company's permission and provide a detailed report of their findings and recommendations. The goal is to identify weaknesses before malicious hackers can exploit them. Ethical hackers test internet access points, internal networks, social engineering, and physical security. Their expertise helps companies counter network attacks and harden their defenses. The phases of ethical hacking include planning, discovery of information about the company, and attacking systems to test security and confidentiality.
1. Ethical Hacker Keri Michalski-Smith Bryant & Stratton College INFT 242 Network & PC Security Fundamentals August 1st, 2009
2. Ethical Hacker Defined ∙ Use their expertise and skills to protect a company’s information security ∙ Purpose is to reveal system inadequacies and penetrate defenses ∙ Results used to implement additional tools to defend against intrusion ∙ Goal is to find system vulnerabilities before a malicious hacker ∙ Always in need as security threats are continual and ever-changing
3. Ethical Hacker Job Function ∙ Obtains explicit written permission from system owner in regards to systems tested, methods to be used, and any limitations ∙ Conducts tests based upon three type of attackers: outsider, outsider with limited access, and internal user ∙ Systematically documents processes used and recommendations in detailed report
4. Tools Used By Ethical hacker Intrusion detecting monitoring software and tools used to: ∙ Scan log files ∙ Detect port scans ∙ Ethernet sniffing ∙ Network mapping ∙ Scan registry or configuration files
5. Ethical Hacker Testing conducted on: ∙ Internet access to connect to firewalls, web servers, routers, and filters ∙ Internal attack on firewalls, web servers, server, and e-mail systems ∙ Social engineering attack utilizing staff’s job functions and helpfulness to obtain confidential information ∙ Fraud through physical access impersonating as employee ∙ Theft of key employee’s laptop revealing confidential information
6. Importance of Ethical Hacker: ∙ Considered a necessity not a luxury given today’s exposure to attacks ∙ Valuable method for counteracting intrusion along with security policies already in place ∙ Expertise and familiarity with latest network attack strategies ∙ Contracted Ethical Hacker from outside source considered better due to lack of bias, as they have no preconceived notions about system strengths or weaknesses
7. Phases of Ethical hacking Planning Stage ∙ Time and cost considerations determine what will be tested ∙ Determinations made upon which information exposure poses the greatest risks
8. Phases of Ethical hacking Discovery Phase Information gathered about company through ∙ Company website ∙ Press releases ∙ Job listings that often reveal employee names, e-mail addresses and even network diagrams ∙ Blogs and discussion forums revealing specific technical issues and methodologies used by company’s IT department ∙ Hardware and software tools All information gathered used to find vulnerabilities in company’s architecture, policies, and processes to reveal weak configurations and unsecure systems
9. Phases of Ethical hacking Attack Phase ∙ All vulnerabilities indentified in discovery phase are exploited ∙ Information confidentiality, integrity, availability, and accountability are all subjected to ethical attack ∙ Attempts to gain system access, escalate privileges, system browsing, and gain access without detection