24-04-2012, 03:29 PM
Ethical Hacking and Network Defense
hacking.ppt (Size: 538 KB / Downloads: 79)
Introduction to Ethical Hacking
Ethical hackers
Employed by companies to perform penetration tests
Penetration test
Legal attempt to break into a company’s network to find its weakest link
Tester only reports findings, does not harm the company
The Role of Security and Penetration Testers
Hackers
Access computer system or network without authorization
Breaks the law; can go to prison
Crackers
Break into systems to steal or destroy data
U.S. Department of Justice calls both hackers
Ethical hacker
Performs most of the same activities but with owner’s permission
OSSTMM Professional Security Tester (OPST)
Designated by the Institute for Security and Open Methodologies (ISECOM)
Based on the Open Source Security Testing Methodology Manual (OSSTMM)
Get Out of Jail Free Card
When doing a penetration test, have a written contract giving you permission to attack the network
Using a contract is just good business
Contracts may be useful in court
Have an attorney read over your contract before sending or signing it