|
Who is Ethical Hacker ?
|
An ethical hacker is a computer and network expert who attacks a security
system on behalf of its owners, seeking vulnerabilities that a malicious
hacker could exploit. To test a security system, ethical hackers use the
same methods as their less principled counterparts, but report problems
instead of taking advantage of them. Ethical hacking is also known as
penetration testing, intrusion testing, and red teaming. An ethical
hacker is sometimes called a white hat, a term that comes from old
Western movies, where the "good guy" wore a white hat and the "bad guy"
wore a black hat.
One of the first examples of ethical hackers at work was in the 1970s,
when the United States government used groups of experts called red
teams to hack its own computer systems. According to Ed Skoudis,
Vice President of Security Strategy for Predictive Systems' Global
Integrity consulting practice, ethical hacking has continued to
grow in an otherwise lackluster IT industry, and is becoming
increasingly common outside the government and technology sectors
where it began. Many large companies, such as IBM, maintain employee
teams of ethical hackers.
In a similar but distinct category, a hacktivist is more of a
vigilante: detecting, sometimes reporting (and sometimes exploiting)
security vulnerabilities as a form of social activism.
|
|
IS Port Scanning Legal ?
|
Port scanning remains a questionable, legal subject. There is little
debate that it's usually the first step in an attack. By itself,
it may not constitute an attack. It's not very different than going
from house to house knocking on doors. As a question of its legality,
the Georgia District Court case of "Moulton vs. VC3," the judge declared
a port scan in the case legal because it did not "impair the integrity
or availability of the network." The judge ruled that since there was
no damage to the target, it could not be illegal.
Not all states, service providers, or organizations share that view.
Some ISP's will terminate the service of individuals performing port
scans. Prudence is the best course of action. It's best not to
perform a port scan without the consent of the network owner. It's
interesting to note that if you search on "port scanning," the
popup ads displayed tend to be those of law firms and legal aid providers!
|
|
How is Ethical Hacking Performed ?
|
|
Primarily, ethical hackers are employed in groups to perform
penetration tests. These groups are commonly referred to as
"Red Teams." These individuals are being paid by the organization
to poke, prod, and determine the overall level of security.
Again, what is important here is that they have been given written
permission to perform this test and have detailed boundaries to
work within. Don't be lulled into believing that the penalties for
illegal penetration are low, it is a felony!
|
|
What is on the Test ?
|
The Certified Ethical Hacker exam consists of 21 domains covered in 50 questions.
It has a two-hour time limit. These questions are multiple choice.
During the test, you are allowed to mark questions if you're not sure of
an answer and return for later review. The format of the questions is
choose one or choose all that apply. The domains were compiled to evaluate
the full range of security testing. One must also demonstrate how hacker
tools work and demonstrate knowledge of professional security tools, as
well as how these tools are utilized.
The 21 domains are as follows:
1. Ethics and Legal Issues
2. Footprinting
3. Scanning
4. Enumeration
5. System Hacking
6. Trojans and Backdoors
7. Sniffers
8. Denial of Service
9. Social Engineering
10. Session Hijacking
11. Hacking Web Servers
12. Web Application Vulnerabilities
13. Web Based Password Cracking Techniques
14. SQL Injection
15. Hacking Wireless Networks
16. Virus and Worms
17. Hacking Novell
18. Hacking Linux
19. IDS, Firewalls, and Honeypots
20. Buffer Overflows
21. Cryptography
These domains comprise a full body of ethical hacking knowledge.
It's good that the exams first domain is centered on ethics and legal issues.
This is an important domain. Always make sure you have written consent to perform
any type of penetration test or security audit.
|
|
Security Testing Methodologies
|
All security-testing methodologies have similar elements.
These include: Plan, Organize, Gather Information, Test,
Analyze, and Report. To learn more about security testing,
review the following documents.
Octave - Operationally Critical Threat, Asset, and Vulnerability Evaluation
OSSTMM - Open Source Testing Methodology Manual
NIST sp800-26 - Self assessment guide for information technology
NIST sp800-42 - Security Testing
TRAWG - Threat and Risk Assessment Working Guide
|
|
