0 valutazioniIl 0% ha trovato utile questo documento (0 voti)
145 visualizzazioni24 pagine
This document discusses ethical hacking, which involves authorized security testing to evaluate systems and identify vulnerabilities. It defines related terms like white hat and black hat hackers. Ethical hackers are skilled, knowledgeable, and trustworthy individuals who use common methods like security exploits, packet sniffers, and social engineering to test a system's defenses. Their goal is to answer questions around what an attacker can access and how to better protect systems. The document outlines security tools that ethical hackers use like firewalls, intrusion detection/prevention systems, anti-virus software, encryption, and honeypots.
This document discusses ethical hacking, which involves authorized security testing to evaluate systems and identify vulnerabilities. It defines related terms like white hat and black hat hackers. Ethical hackers are skilled, knowledgeable, and trustworthy individuals who use common methods like security exploits, packet sniffers, and social engineering to test a system's defenses. Their goal is to answer questions around what an attacker can access and how to better protect systems. The document outlines security tools that ethical hackers use like firewalls, intrusion detection/prevention systems, anti-virus software, encryption, and honeypots.
Copyright:
Attribution Non-Commercial (BY-NC)
Formati disponibili
Scarica in formato PDF, TXT o leggi online su Scribd
This document discusses ethical hacking, which involves authorized security testing to evaluate systems and identify vulnerabilities. It defines related terms like white hat and black hat hackers. Ethical hackers are skilled, knowledgeable, and trustworthy individuals who use common methods like security exploits, packet sniffers, and social engineering to test a system's defenses. Their goal is to answer questions around what an attacker can access and how to better protect systems. The document outlines security tools that ethical hackers use like firewalls, intrusion detection/prevention systems, anti-virus software, encryption, and honeypots.
Copyright:
Attribution Non-Commercial (BY-NC)
Formati disponibili
Scarica in formato PDF, TXT o leggi online su Scribd
● Terminology ● What is Ethical Hacking? ● Who are Ethical Hackers? ● What do Ethical Hackers do? ● Common methods ● Security tools ● Conclusion Terminology
● Hacker: A person who enjoys learning
the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the minimum amount necessary. Terminology
● White Hat Hacker: An ethical hacker
who breaks security but who does so for altruistic or at least non-malicious reasons. White hats generally have a clearly defined code of ethics, and will often attempt to work with a manufacturer or owner to improve discovered security weaknesses. Terminology
● Black Hat Hacker: Someone who
subverts computer security without authorization or who uses technology (usually a computer or the Internet) for terrorism, vandalism, credit card fraud, identity theft, intellectual property theft, or many other types of crime. This can mean taking control of a remote computer through a network, or software cracking. Terminology
● Cracker: A software cracker. A person
specialized in working around copy protection mechanisms in software. Note that software crackers are not involved in exploiting networks, but copy protected software. Terminology
● Script kiddie: A pejorative term for a
computer intruder with little or no skill; a person who simply follows directions or uses a cook-book approach without fully understanding the meaning of the steps they are performing. Terminology
● Hacktivist: is a hacker who utilizes
technology to announce a political message. Web vandalism is not necessarily hacktivism. What is Ethical Hacking?
● Organizations came to realize that one of
the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems. What is Ethical Hacking?
● Ethical hackers would employ the same
tools and techniques as the intruders, but they would neither damage the target systems nor steal information. Instead they would evaluate the target systems security and report back to the owners with the vulnerabilities they found and instructions for how to remedy them. Who are Ethical Hackers?
● Skilled: Ethical hackers typically have
very strong programming and computer networking skills and have been in the computer and networking business for several years. ● Knowledgeable: Hardware and software. ● Trustworthy What do Ethical Hackers do?
An ethical hacker’s evaluation of a
system’s security seeks answers to these basic questions: ● What can an intruder see on the target systems? ● What can an intruder do with that information? ● Does anyone at the target notice the intruder's attempts or successes? What do Ethical Hackers do?
● What are you trying to protect?
● How much time, effort, and money are you willing to expend to obtain adequate protection? Common methods
There are several recurring tools of the
trade used by computer criminals and security experts: ● Security exploit: A prepared application that takes advantage of a known weakness. ● Packet sniffer: An application that captures TCP/IP data packets, which can maliciously be used to capture passwords and other data while it is in transit either within the computer or over the network. Common methods
● Rootkit: A toolkit for hiding the fact that
a computer's security has been compromised. Root kits may include replacements for system binaries so that it becomes impossible for the legitimate user to detect the presence of the intruder on the system by looking at process tables. Common methods
● Social Engineering: Convincing other
people to provide some form of information about a system, often under false premises. A blatant example would be asking someone for their password or account possibly over a beer or by posing as someone else. A more subtle example would be asking for promotional material or technical references about a company's systems, possibly posing as a journalist. Common methods
● Trojan horse: These are programs
designed so that they seem to do or be one thing, such as a legitimate software, but actually are or do another. They are not necessarily malicious programs. A trojan horse can be used to set up a back door in a computer system so that the intruder can return later and gain access. Viruses that fool a user into downloading and/or executing them by pretending to be useful applications are also sometimes called trojan horses. Common methods
● Vulnerability scanner: A tool used to
quickly check computers on a network for known weaknesses. Hackers also commonly use port scanners. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and it's version number. Common methods
● Worm: Like a virus, a worm is also a self-
replicating program. The difference between a virus and a worm is that a worm does not create multiple copies of itself on one system: it propagates through computer networks. Security tools
● Firewall: a piece of hardware and/or
software which functions in a networked environment to prevent some communications forbidden by the security policy. ● Intrusion Detection System (IDS): generally detects unwanted manipulations to systems. The manipulations may take the form of attacks by skilled malicious hackers, or Script kiddies using automated tools. Security tools
● Intrusion Prevention System (IPS): a
computer security device that exercises access control to protect computers from exploitation. Intrusion prevention technology is considered by some to be an extension of intrusion detection (IDS) technology but it is actually another form of access control, like an application layer firewall. The latest Next Generation Firewalls leverage their existing deep packet inspection engine by sharing this functionality with an IPS. Security tools
● Anti-virus: software consists of
computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware). ● Encryption: used to protect your message from the eyes of others. ● Authorization: restricts access to a computer to group of users through the use of authentication systems. Security tools
● System Integrity Verifiers: Systems
that monitor system integrity to detect when critical components have changed, such as when backdoors have been added to system files. Security tools
● Honeypot: a trap set to detect, deflect
or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated, (un)protected and monitored, and which seems to contain information or a resource that would be of value to attackers. Conclusion
If you want to stop hackers from invading
your network, first you've got to invade their minds.
Hacking With Kali Linux : A Comprehensive, Step-By-Step Beginner's Guide to Learn Ethical Hacking With Practical Examples to Computer Hacking, Wireless Network, Cybersecurity and Penetration Testing