Chapter 1 Introduction to Ethical Hacking

Question 1

Hackers need 3 things to carry out a crime

Answer 1

1. Motive (Goal)
2. Method
3. Vulnerabilty

Question 2

Types of Hackers

Answer 2

1. Script Kiddies - limited or no training & know how to use only basic techniques or tools
2. White-Hat hackers - ethical hackers; given all information
3. Gray-hat hackers - good/bad; limited information
4. black-hat hackers - bad guys; low or no level of knowledge
5. suicide hackers - not stealthy(sneaky or cautious), not worried about getting caught
6. Hacktivist - any action an attacker uses to push or promote political agenda

Question 3

Pen Testing

Answer 3

structured & methodical means of investigating, uncovering, attacking, & reporting on the strengths & weaknesses of a target system

Question 4

Hack Value

Answer 4

notion among hackers that soemthing is worth doing or is interesting

Question 5

TOE

Answer 5

A target of evaluation is a system or resource that is being evalued for vulnerabilities

Question 6

Exploit

Answer 6

defined way to breach the security of a system

Question 7

Attack

Answer 7

act of targeting & actively engaging a TOE

Question 8

Zero Day

Answer 8

threat or vulnerability that is unknown to developers & has not been addressed

Question 9

Threat

Answer 9

a potential violation of security

Question 10

Vulnerability

Answer 10

weakness in a system that can be attacked & used as an entry point into an environment

Question 11

Daisy Chaining

Answer 11

performing several hacking attacks in sequence then backtrack to cover tracks

Question 12

CIA triad

Answer 12

Ethical hackers try to preserve what is known as the CIA triad

1. Confidentiality - safeguarding of information & keeping it away from those not authorized to possess it (examples to preserve: permissions & encryptions)
2. Integrity - keeping information in a format that is true & correct to its original purposes, meaning that the data the receiver accesses is the data the creator intended them to have
3. Availability - keeping information & resources available to those who need to use it

Question 13

Opposite of CIA triad, DAD

Answer 13

As an ethical hacker, we want to prevent unauthorized

1. Disclosure - revealing/accessing of information to outside party
2. Alteration - changing information
3. Disruption - access to information has been lost

Question 14

Hacking Methodology

Answer 14

refers to the step-by-step approach used by an agressor to attack a target such as a computer NW

1. Footprinting - using primarily passive methods of gaining information from a target prior to performing the later active methods;
   
   • Keep interaction to a minimum to avoid detection
2. Scanning - take information extracted from footprinting phase & use it to taget your attack more precisely, instead of blundering around aimlessly; gaining additional information
3. Enumeration - create active connection with system & perform queries; only in intranet environment
4. System Hacking - plan & execute attack
5. Escalate privileges
6. Covering tracks - removing evidence of your presence in a system
7. Planting back doors - may want to come back later

Question 15

Ethical hackers follow a very similar process hackers do except

Answer 15

ethical hackers need permisions prior to starting the 1st phase, and will need to generate a report that will need to be presented at the end of the process

Question 16

Types of attacks

Answer 16

1. insider attack
2. outsider attack
3. stolen equipment attack - aggressor steal a piece of equipment & uses it to gain access or extract information from it
4. social engineering attack - pen tester targets the users of a system seeking to extract needed information; exploiting trust inherent in human nature

Question 17

Vulnerability research vs Ethical Hacking?

Answer 17

Vulnerability - passively uncovers security issues

Ethical Hacking - actively looks for vulnerabilities

Question 18

worm

Answer 18

standalone malware self-replicating

Question 19

trojan horse

Answer 19

relies on social engineering

program that breaches security of a computer system while performing harmless functions

Question 20

virus

Answer 20

depenent on existing program & spreads to other computers and usually has a detrimental effect such as destroying data, etc

Question 21

rootkit

Answer 21

set of SW tools designed to allow unauthorized access without being detected

Question 22

NW intrusions

Answer 22

a form of digital trespassing where a user has unauthorized access

Question 23

Fraud

Answer 23

the deception of another or parties to elicit information or access

Question 24

SW piracy

Answer 24

the possession, duplication, or distribution of SW in violation of a license agreement, or the act of removing copy protection or other license-enforcing mechanisms

Question 25

Dumpster Diving

Answer 25

is the oldest & simplest way to gather material that has been discarded & left unsecure

Question 26

Embezzlement

Answer 26

is a form of financial fraud that involves theft or redirection of funds as a result of violtating a position of trust

Question 27

DOS & DDOS

Answer 27

Denial of service & distributed denial of service attacks are ways to overload a system’s resources so it canont provide required services to legimate users