Chapter 1 Introduction to Ethical Hacking Flashcards
Hackers need 3 things to carry out a crime
- Motive (Goal)
- Method
- Vulnerabilty
Types of Hackers
- Script Kiddies - limited or no training & know how to use only basic techniques or tools
- White-Hat hackers - ethical hackers; given all information
- Gray-hat hackers - good/bad; limited information
- black-hat hackers - bad guys; low or no level of knowledge
- suicide hackers - not stealthy(sneaky or cautious), not worried about getting caught
- Hacktivist - any action an attacker uses to push or promote political agenda
Pen Testing
structured & methodical means of investigating, uncovering, attacking, & reporting on the strengths & weaknesses of a target system
TOE
A target of evaluation is a system or resource that is being evalued for vulnerabilities
Exploit
defined way to breach the security of a system
Attack
act of targeting & actively engaging a TOE
Zero Day
threat or vulnerability that is unknown to developers & has not been addressed
Threat
a potential violation of security
Vulnerability
weakness in a system that can be attacked & used as an entry point into an environment
Daisy Chaining
performing several hacking attacks in sequence then backtrack to cover tracks
CIA triad
Ethical hackers try to preserve what is known as the CIA triad
- Confidentiality - safeguarding of information & keeping it away from those not authorized to possess it (examples to preserve: permissions & encryptions)
- Integrity - keeping information in a format that is true & correct to its original purposes, meaning that the data the receiver accesses is the data the creator intended them to have
- Availability - keeping information & resources available to those who need to use it
Opposite of CIA triad, DAD
As an ethical hacker, we want to prevent unauthorized
- Disclosure - revealing/accessing of information to outside party
- Alteration - changing information
- Disruption - access to information has been lost
Hacking Methodology
refers to the step-by-step approach used by an agressor to attack a target such as a computer NW
-
Footprinting - using primarily passive methods of gaining information from a target prior to performing the later active methods;
- Keep interaction to a minimum to avoid detection
- Scanning - take information extracted from footprinting phase & use it to taget your attack more precisely, instead of blundering around aimlessly; gaining additional information
- Enumeration - create active connection with system & perform queries; only in intranet environment
- System Hacking - plan & execute attack
- Escalate privileges
- Covering tracks - removing evidence of your presence in a system
- Planting back doors - may want to come back later
Ethical hackers follow a very similar process hackers do except
ethical hackers need permisions prior to starting the 1st phase, and will need to generate a report that will need to be presented at the end of the process
Types of attacks
- insider attack
- outsider attack
- stolen equipment attack - aggressor steal a piece of equipment & uses it to gain access or extract information from it
- social engineering attack - pen tester targets the users of a system seeking to extract needed information; exploiting trust inherent in human nature