14
Ethical Ethical Hacking and Hacking and Network Network Defense Defense

Ethical Hacking and Network Defense. Contact Information Sam Bowne Sam Bowne Website: Website:

Embed Size (px)

DESCRIPTION

3 Isn’t Hacking a Crime?

Citation preview

Ethical Hacking Ethical Hacking and Network and Network

Defense Defense

Contact InformationContact Information Sam BowneSam Bowne Email: Email: [email protected]@ccsf.edu Website: Website: samsclass.infosamsclass.info

All materials from this talk are already All materials from this talk are already on that websiteon that website

Download them and use them freelyDownload them and use them freelyHands-On Ethical Hacking and Network Defense 2

3

Isn’t Hacking a Crime?Isn’t Hacking a Crime?

Ethical HackingEthical Hacking Ethical hackersEthical hackers

Employed by companies to Employed by companies to perform penetration testsperform penetration tests

Penetration testPenetration test Legal attempt to break into Legal attempt to break into

a company’s network to find a company’s network to find its weakest linkits weakest link

Tester only reports findings, Tester only reports findings, does not harm the companydoes not harm the company

5

Penetration TestersPenetration Testers HackersHackers

Access computer system or network without Access computer system or network without authorizationauthorization

Breaks the law; can go to prisonBreaks the law; can go to prison

CrackersCrackers Break into systems to steal or destroy dataBreak into systems to steal or destroy data U.S. Department of Justice calls both hackersU.S. Department of Justice calls both hackers

Ethical hackerEthical hacker Performs most of the same activities but with owner’s Performs most of the same activities but with owner’s

permissionpermission

6

Penetration TestersPenetration Testers

Script kiddies or packet monkeysScript kiddies or packet monkeys Young inexperienced hackersYoung inexperienced hackers Copy codes and techniques from Copy codes and techniques from

knowledgeable hackersknowledgeable hackers Experienced penetration testers use Experienced penetration testers use

Perl, C, Assembler, or other languages Perl, C, Assembler, or other languages to code exploitsto code exploits

Security CredentialsSecurity Credentials CompTIA offers Security+ certification, CompTIA offers Security+ certification,

a basic familiarity with security a basic familiarity with security concepts and termsconcepts and terms

7

8

OSSTMM Professional OSSTMM Professional Security Tester (OPST)Security Tester (OPST)

Designated by the Designated by the Institute for Security Institute for Security and Open and Open Methodologies Methodologies (ISECOM)(ISECOM)

Based on the Open Based on the Open Source Security Source Security Testing Methodology Testing Methodology Manual (OSSTMM)Manual (OSSTMM)

9

Certified Information Certified Information Systems Security Systems Security

Professional (CISSP)Professional (CISSP)

Issued by the International Information Issued by the International Information Systems Security Certifications Consortium Systems Security Certifications Consortium (ISC(ISC22))

Usually more concerned with policies and Usually more concerned with policies and procedures than technical detailsprocedures than technical details

Web siteWeb site wwww.isc2.orgww.isc2.org

10

Certified Ethical Hacker (CEH)Certified Ethical Hacker (CEH)

But see Run Away From The CEH CertificationBut see Run Away From The CEH Certification Link at Link at samsclass.infosamsclass.info

11

What You Cannot Do LegallyWhat You Cannot Do Legally Accessing a computer without permission Accessing a computer without permission

is illegalis illegal Other illegal actionsOther illegal actions

Installing worms or virusesInstalling worms or viruses Denial of Service attacksDenial of Service attacks Denying users access to network resourcesDenying users access to network resources

Possession of others’ passwords can be Possession of others’ passwords can be a crimea crime See See Password theft Password theft

Link at Link at samsclass.infosamsclass.info

12

Get Out of Jail Free CardGet Out of Jail Free Card When doing a penetration test, have a When doing a penetration test, have a

written contract giving you permission written contract giving you permission to attack the networkto attack the network

Using a contract is just good businessUsing a contract is just good business Contracts may be useful in courtContracts may be useful in court Have an attorney read over your contract Have an attorney read over your contract

before sending or signing it before sending or signing it

ProjectsProjects To get credit for this session, do any one of To get credit for this session, do any one of

these:these: Project 1: Using The Metasploit Framework Project 1: Using The Metasploit Framework

to take over a vulnerable computer remotelyto take over a vulnerable computer remotely Project 2: : Using Ophcrack to crack Project 2: : Using Ophcrack to crack

Windows passwords with Rainbow tablesWindows passwords with Rainbow tables Project 3: Using a Keylogger to record Project 3: Using a Keylogger to record

keystrokes (including passwords)keystrokes (including passwords)

13

CNIT 123: Ethical Hacking and CNIT 123: Ethical Hacking and Network DefenseNetwork Defense

3-unit course3-unit course Offered face-to-face next semesterOffered face-to-face next semester Face-to-face and online sections in Face-to-face and online sections in

Spring 2008Spring 2008

14