Scribd
Upload
533 views14 pages

Hacking

This document discusses ethical hacking and network defense. It defines ethical hacking as legal penetration testing performed with a company's permission to find weak points in their network security. It distinguishes ethical hackers from criminals, outlines various security certifications, and discusses the importance of having a contract when performing penetration tests to protect oneself legally. The document also presents some hands-on projects students can do to learn ethical hacking techniques and get course credit.

Uploaded by

hacking h
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
533 views14 pages

Hacking

This document discusses ethical hacking and network defense. It defines ethical hacking as legal penetration testing performed with a company's permission to find weak points in their network security. It distinguishes ethical hackers from criminals, outlines various security certifications, and discusses the importance of having a contract when performing penetration tests to protect oneself legally. The document also presents some hands-on projects students can do to learn ethical hacking techniques and get course credit.

Uploaded by

hacking h
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

Ethical Hacking

and Network
Defense
Contact Information
 Sam Bowne
 Email: [email protected]
 Website: samsclass.info

 All materials from this talk are already


on that website
 Download them and use them freely
Hands-On Ethical Hacking and Network Defense 2
Isn’t Hacking a Crime?

3
Ethical Hacking
 Ethical hackers
 Employed by companies
to perform penetration
tests
 Penetration test
 Legal attempt to break into
a company’s network to
find its weakest link
 Tester only reports
findings, does not harm
the company
Penetration Testers
 Hackers
 Access computer system or network without
authorization
 Breaks the law; can go to prison

 Crackers
 Break into systems to steal or destroy data
 U.S. Department of Justice calls both hackers

 Ethical hacker
 Performs most of the same activities but with
owner’s permission 5
Penetration Testers

 Script kiddies or packet monkeys


 Young inexperienced hackers
 Copy codes and techniques from
knowledgeable hackers
 Experienced penetration testers use
Perl, C, Assembler, or other languages
to code exploits

6
Security Credentials
 CompTIA offers Security+ certification,
a basic familiarity with security
concepts and terms

7
OSSTMM Professional
Security Tester (OPST)
 Designated by the
Institute for
Security and Open
Methodologies
(ISECOM)
 Based on the Open
Source Security
Testing
Methodology
Manual (OSSTMM) 8
Certified Information
Systems Security
Professional (CISSP)

 Issued by the International Information


Systems Security Certifications
Consortium (ISC2)
 Usually more concerned with policies and
procedures than technical details
 Web site
 www.isc2.org
9
Certified Ethical Hacker (CEH)

 But see Run Away From The CEH


Certification
 Link at samsclass.info 10
What You Cannot Do Legally
 Accessing a computer without permission
is illegal
 Other illegal actions
 Installing worms or viruses
 Denial of Service attacks

 Denying users access to network resources

 Possession of others’ passwords can be


a crime
 See Password theft
 Link at samsclass.info

11
Get Out of Jail Free Card
 When doing a penetration test, have a
written contract giving you permission
to attack the network
 Using a contract is just good business
 Contracts may be useful in court
 Have an attorney read over your contract
before sending or signing it

12
Projects
 To get credit for this session, do any one of
these:
 Project 1: Using The Metasploit Framework
to take over a vulnerable computer remotely
 Project 2: : Using Ophcrack to crack
Windows passwords with Rainbow tables
 Project 3: Using a Keylogger to record
keystrokes (including passwords)

13
CNIT 123: Ethical Hacking and
Network Defense
 3-unit course
 Offered face-to-face next semester
 Face-to-face and online sections in
Spring 2008

14

You might also like