ETHICAL HACKING

avatar
Created by
Lucia Rufo

Subdecks (1)

Cards (36)

  • Ethical Hacking (Pen Testing)

    • Tests computers and networks for security vulnerabilities
    • Tests to help prevent malicious attacks by identifying vulnerabilities to help harden systems
  • Pen testing can only happen with the system owners permission!
  • Types of Hackers
    • White Hat: Security experts
    • Black Hat: The bad guys. Undertake illegal activities
    • Grey Hat: bit of both
  • Internal Threats
    • Interns
    • Contractors
    • Employees
  • Vulnerabilities
    • End users – social engineering and manipulation of users
    • Theft of equipment such as hard disks, USB drives, laptops etc.
    • Dumpster Diving
    • Insecure network infrastructure
    • Insecure wireless routers
    • Weak network protocols
    • Use of unencrypted network analysers
    • Poorly configured operating systems and applications
    • Weak encryption
    • Missing updates and patches
    • Weak passwords
    • Default user accounts
    • Poor file system security
    • Open ports
    • Poorly configured applications and associated protocols (HTTP, SMTP)
    • Poorly configured firewalls
    • VOIP
    • Insecure files
  • How Hackers Maintain Anonymity
    • Stolen dial-up and VPN accounts
    • Public computers
    • Open wireless networks
    • Internet proxies or anonymity services
    • Anonymous email accounts – like mail.com
    • Unsecured computers
    • Clients or servers on the victim's own network
  • Ethical hacking
    Exploitation of systems with the EXPLICIT permission of the systems owner order to determine its vulnerabilities and weaknesses
  • Penetration testing (Red Teaming)

    Exploitation of systems with the EXPLICIT permission of the systems owner order to determine its vulnerabilities and weaknesses
  • Ethical hacking
    • Performed by a company or individual to help identify potential threats on computers or networks
    • An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers
    • This information is then used by the organisation to improve the system security, to minimize or eliminate any potential attacks
  • Ethical hacker
    An individual who is trusted to attempt to penetrate an organisation's networks and/or computer systems using the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner and with written agreement from the system owner