22-05-2012, 02:09 PM
Chapter 1 - Ethical Hacking Overview
Ethical Hacking Overview.ppt (Size: 2.65 MB / Downloads: 319)
Introduction to Ethical Hacking
Ethical hackers
Employed by companies to perform penetration tests
Penetration test
Legal attempt to break into a company’s network to find its weakest link
Tester only reports findings, does not solve problems
Security test
More than an attempt to break in; also includes analyzing company’s security policy and procedures
Tester offers solutions to secure or protect the network
White box model
Tester is told everything about the network topology and technology
Network diagram
Tester is authorized to interview IT personnel and company employees
Makes tester’s job a little easier
Black box model
Company staff does not know about the test
Tester is not given details about the network
Burden is on the tester to find these details
Tests if security personnel are able to detect an attack
Gray box model
Hybrid of the white and black box models
Company gives tester partial information
SysAdmin, Audit, Network, Security (SANS)
Offers certifications through Global Information Assurance Certification (GIAC)
Top 20 list
One of the most popular SANS Institute documents
Details the most common network exploits
Suggests ways of correcting vulnerabilities
Web site
Laws involving technology change as rapidly as technology itself
Find what is legal for you locally
Laws change from place to place
Be aware of what is allowed and what is not allowed
Ethical Hacking Overview.ppt (Size: 2.65 MB / Downloads: 319)
Introduction to Ethical Hacking
Ethical hackers
Employed by companies to perform penetration tests
Penetration test
Legal attempt to break into a company’s network to find its weakest link
Tester only reports findings, does not solve problems
Security test
More than an attempt to break in; also includes analyzing company’s security policy and procedures
Tester offers solutions to secure or protect the network
White box model
Tester is told everything about the network topology and technology
Network diagram
Tester is authorized to interview IT personnel and company employees
Makes tester’s job a little easier
Black box model
Company staff does not know about the test
Tester is not given details about the network
Burden is on the tester to find these details
Tests if security personnel are able to detect an attack
Gray box model
Hybrid of the white and black box models
Company gives tester partial information
SysAdmin, Audit, Network, Security (SANS)
Offers certifications through Global Information Assurance Certification (GIAC)
Top 20 list
One of the most popular SANS Institute documents
Details the most common network exploits
Suggests ways of correcting vulnerabilities
Web site
Laws involving technology change as rapidly as technology itself
Find what is legal for you locally
Laws change from place to place
Be aware of what is allowed and what is not allowed