Chapter 1Ethical Hacking Overview

ObjectivesAfter reading this chapter and completing the

exercises, you will be able to:Describe the role of an ethical hackerDescribe the Role Of Security And Penetration

TestersDescribe the Penetration-Testing

Methodologies

2

Introduction to Ethical HackingEthical hackers

Hired by companies to perform penetration testsPenetration test

Attempt to break into a company’s network to find the weakest link

Security testMore than a break in attempt; includes

analyzing company’s security policy and procedures

Vulnerabilities are reported

3

The Role of Security and Penetration TestersHackers

Access computer system or network without authorization Breaks the law; can go to prison

CrackersBreak into systems to steal or destroy data

U.S. Department of Justice calls both hackers

Ethical hackerPerforms most of the same activities with

owner’s permission

4

The Role of Security and Penetration Testers (cont’d.)Script kiddies or packet monkeys

Younger, inexperienced hackers who copy codes from knowledgeable hackers

Programming languages used by experienced penetration testersPractical Extraction and Report Language

(Perl)C language

ScriptSet of instructions Runs in sequence to perform tasks

5

The Role of Security and Penetration Testers (cont’d.)Tiger box

Collection of toolsUsed for conducting vulnerability assessments

and attacks

6

Penetration-Testing MethodologiesWhite box model

Tester is told about network topology and technology

Tester is permitted to interview IT personnel and company employees Makes tester’s job a little easier

Black box modelStaff does not know about the testTester is not given details about technologies used

Burden is on tester to find detailsTests security personnel’s ability to detect an attack

7

8

Figure 1-1 A sample floor plan

Penetration-Testing Methodologies (cont’d.)Gray box model

Hybrid of the white and black box modelsCompany gives tester partial information (e.g.,

OSs are used, but no network diagrams)

9

SummaryCompanies hire ethical hackers to perform

penetration testsPenetration tests discover vulnerabilities in a

networkSecurity tests are performed by a team of

people with varied skillsPenetration test models

White box modelBlack box modelGray box model

10