1 - Ethical Hacking Concepts

Question 1

Define an ethical hacker

Answer 1

Ethical hackers conduct penetration tests for companies. Companies sometimes hire ethical hackers to break into the company’s network to find the weakest link in the network or network system.

Question 2

Define a security hacker

Answer 2

Security testers do more than attempt to break in; they analyze the company’s security policy and procedures and report any vulnerability to management.

Question 3

What are the penetration testing methodologies?

Answer 3

White Box Model
Black Box Model
Gray Box Model

Question 4

What is a white box Model

Answer 4

The tester is told what network topology and technology the company is using and is given permission to interview IT personnel and company employees.
EG. the company might print the tester a network diagram showing all the company’s routers, switches, firewalls and IDSs.

Question 5

What is a black box model

Answer 5

Opposite of white box. Management don’t tell their staff a penetration test is being conducted. Nor do they give the tester any diagrams or describe what technologies the company is using. Management want to see the security tester’s ability to detect an attack.

Question 6

What is a Gray box model

Answer 6

Hybrid of white and black. Company gives tester partial information.
EG. they might get information about which Oss are used but not get an network diagrams.

Question 7

What can you do legally?

Answer 7

Laws involving computer technology change as rapidly as technology itself, keep abreast of what’s happening in your area.
Laws vary from state to state and country to country – You should be aware of what these are.

Question 8

What can’t you do legally?

Answer 8

You cannot carry out illegal actions such as:

• Accessing a computer without permission
• Destroying data without permission
• Copying information without permission
• Installing works or viruses
• Denying users access to network resources