Week 1 - Overview Flashcards
Motive
For the thrill of it or for criminal purposes.
Revenge, disgruntled current or former employees .
Financial gain through theft of financial information.
Corporate proprietary information, which can be sold.
Acts of terrorism, stating political statements against governments, etc.
Ethical Hacking
Professionals who work to identify loopholes and vulnerabilities on systems, report it to the vendor or owner of the system, and also, at times, help them fix it.
Penetration Testing
A more professional term used to describe what an ethical hacker does.
It’s a legal attempt to break into a company’s network to find its weakest link
The tester only reports findings, does not solve problems.
Vulnerability Assessment
At times organizations might want to only identify the vulnerabilities that exist in their systems without actually exploiting it and gaining access.
The end result is a report prioritizing the vulnerabilities found, with the most severe ones on the top and the ones posing lesser risk lower in the report.
Security Audits
A systematic procedure that is used to measure the state of a system/network and company’s security policies and procedures against a predetermined set of standards.
Hackers
Access computer system or network without authorization.
Breaks the law; can go to prison.
Black Hat, White Hat, and Gray Hat.
Suicide, State Sponsored.
Crackers
Break into systems to steal or destroy data.
U.S. Department of Justice calls both hackers.
Ethical Hacker
Performs most of the same activities with owner’s permission
Script Kiddies
Younger, inexperienced hackers who copy codes from knowledgeable hackers.
Packet Monkey
Blocking sites through DDOS attacks.
Cyber Terrorists
Attackers who have ideological motivation.
Hacktivists
Another group motivated by ideology.
State-Sponsored Attackers
Attackers supported by governments for launching computer.
Languages used
Perl, C, C++, Python, JavaScript, Visual Basic, SQL, etc.
Tiger box
Collection of OS’s and hacking tools.
Usually on a laptop.
Helps penetration testers and security testers conduct vulnerabilities assessments and attacks.
White Box Model
Tester is told everything about the network topology and technology:
Network diagrams.
Equipment types.
Authorized to interview employees.
Makes testers job easier.
Black Box Model
Staff does not know about the test.
Tester is not given details about technologies used.
Burden is on tester to find details.
Tests security personnel’s ability to detect an attack.
Gray Box Model
Hybrid of the white and black box models.
Company gives tester partial information (e.g. OSs are used, but no network diagrams).
