introduction to ethical hacking, ethics, and legality
TRANSCRIPT
![Page 1: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/1.jpg)
CHAPTER 1Introduction to Ethical Hacking,
Ethics, and Legality
![Page 2: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/2.jpg)
Defining Hacking Defining Ethical Hacking
Hacking for defensive purposes White Hats, Black Hats, Gray Hats
Hacktivists: Hacking for a cause Script Kiddies: Use other’s tools Testing
White Box: Know everything Black Box: Know only company name Gray Box: between white box and black box, from
inside Security Elements
CIA: Confidentiality, Integrity, Authenticity/Availability
![Page 3: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/3.jpg)
Hacking Terminology
Threat Exploit Vulnerability Target of Evaluation Attack Remote vs Local
![Page 4: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/4.jpg)
Hacking Phases
1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Covering Tracks
![Page 5: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/5.jpg)
1. Reconnaissance
Two Basic Types Passive: dumpster diving, shoulder surfing,
eavesdropping, gathering data from a whois tool, DNS, and network scanning, find active machines, open ports & apps
Active: probing, social engineering,
![Page 6: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/6.jpg)
2. Scanning
Dialers Port Scanners ICMP Scanners PING Sweeps Network Mappers SNMP Sweepers Vulnerability Scanners
![Page 7: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/7.jpg)
3. Gaining Access
Buffer overflows Denial of Service Session Hijacking
![Page 8: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/8.jpg)
4. Maintaining Access
Planting Backdoors Rootkits Trojans
Making a zombie
![Page 9: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/9.jpg)
5. Covering Tracks
Steganography Snow.exe: ASCII files Stealth: PGP files ImageHide: Text files
Tunneling Protocols ITunnel, Ptunnel
Altering Log Files Elsave, WinZapper
![Page 10: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/10.jpg)
Types of Hacking Technologies
Operating Systems Default setting, bugs
Applications Default settings, bugs
Shrink-Wrap code Enabled features that aren’t used but left open
Misconfigurations
![Page 11: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/11.jpg)
Types of Attacks Remote Network Remote Dial-Up Network Local Network Stolen Equipment Social Engineering Physical Entry Operating System Application Level Shrink wrap and malicious code attacks Misconfiguration attacks
![Page 12: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/12.jpg)
Being Ethical
Gain Authorization Maintain/follow nondisclosure agreement Maintain confidentiality Perform test – but do no evil
![Page 13: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/13.jpg)
Phases of Security Examining
EC-Council’s 3 Phrases 1. Preparation 2. Conduct 3. Conclusion
![Page 14: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/14.jpg)
Laws No U.S. laws prior to 1984 outlawing crimes
committed with or against a computer Who investigates?
Financial computer crimes -> U.S. Secret Service All other computer crimes -> Federal Bureau of
Investigation
Computer Fraud and Abuse Act – 1986 / 1996 18 U.S.C. 1030: Fraud and Related activity in
connection with computers 18 U.S.C. 1029: Fraud and Related activity in
connection with Access Devices
![Page 15: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/15.jpg)
Laws (cont) Computer Misuse Act of 1990 (United
Kingdom) Freedom of Information Act (FOIA) USA Patriot Act - 2001
![Page 16: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/16.jpg)
Laws (cont) Cyber Security Enhancement Act of 2002 SPY ACT 2007 18 U.S.C. 1028: deals with fraud related to
possession of false identification documents 18 U.S.C. 1362: Destruction of
Communication Lines, Stations, or Systems 18 U.S.C. 2510: Wire and Electronic
Communications Interception and Interception of Oral Communication
18 U.S.C. 2701: Stored wire and electronic communications, and transactional records access
![Page 17: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/17.jpg)
Laws (cont) Human Rights Act 1998 (U.K.)
judges are not allowed to override the Act. However, they can issue a declaration of incompatibility
makes available in UK courts a remedy for breach of a Convention right, without the need to go to the European Court of Human Rights.
totally abolished the death penalty in UK law. FMFIA of 1982 2004 CAN SPAM Act
![Page 18: Introduction to Ethical Hacking, Ethics, and Legality](https://reader037.vdocument.in/reader037/viewer/2022100310/56649cca5503460f94993500/html5/thumbnails/18.jpg)
Laws (cont) Federal Information Security Mgt Act
(FISMA) Privacy Act of 1974 Gov’t Paperwork Elimination Act (GPEA) Stalking Amendment Act 1999 (Australia) Equal Credit Opportunity Act (ECOA)
Prohibits creditors from collecting data from applicants, such as national origin, caste, religion