2. Ethical Hacking and Penetration Testing Flashcards
What is ethical hacking?
Ethical hacking is an authorized attempt to gain access to a computer system, application and data. This attempt may result in a report being made.
What is a penetration test?
A penetration test is a legal attempt to break into a company’s network to find its vulnerabilties. The tester reports findings, but may not solve problems.
What is a penetration + security test?
A penetration + security test is more than an attempt to break in - it also involves analyzing company security policy and procedure. The tester often offers solutions to secure or protect the network.
What are the goals of a penetration test?
The goals of a penetration test are to:
- Determine the feasibility of a particular set of attack methods.
- Indentify high-risk vulnerabilites from a combination of lower-risk vulnerabilities in a sequence.
- Identify vulnerailities that might not be able to be indentified by automated network or application vulnerability scanning software.
- Assess the impact in the case of an successful attack.
- Test response to an attack.
- Provide evidence to support increased investment into cybersecurity.
- Report to system owner.
What is the white-box penetration testing model?
The white-box penetration testing model is where the tester is told everything about the network topology and techology in advance of the test. The tester is permitted to interview IT personnel and staff and overall makes the testers job a bit easier.
What is the black-box penetration testing model?
The black-box penetration testing model is where the tester is told nothing in advance about the network that they are attempting to gain access to. Company staff are not told about the attack and the test attempts to test if security personnel are able to detect the attack as it happens.
What is the grey-box penetration testing model?
The grey-box peneration testing model is a hybrid of the black-box and white-box models where the tester is given partial information by the company they are hired by.
What cannot you do legally?
You cannot legally:
- Access a computer without permission.
- Install worms or viruses
- Perform denial of service attacks.
- Deny users access to network resources
Ensure your actions do not effect day-to-day operations! Contracts can be good when doing a pen test as it’s good business and may be useful in court!
What is a tiger team?
A tiger team are individuals with specific expertise that test system security.
What is a tiger box?
A tiger box is a collection of OS’s and hacking tools, usually on a laptop, used by security and penetration testers to conduct vulnerability assessments and attacks.
What are the 5 basic steps of a hacker?
The 5 steps taken by a hacker are:
- Reconnaissance - Information Gathering
- Scanning - Getting details about a system
- Gaining access - Via Vulnerabilities
- Maintaining Access - Installing Malware
- Clearing Tracks - Deleting / altering logs
