Ethical Hacking Principles

To identify weaknesses in computer systems

Obtain written permission before hacking

Transparently report all identified weaknesses to the organization

Protecting the weaknesses in computer systems

Obtain permission from the computer system owner

Firewalls and hackers

Computers have revolutionized the nature of crimes

Policies and procedures

Allowing outside sources to initiate communication with inside systems

Creating fragments with dangerous payloads

Happily giving out useful information to attackers

To draw more attention and paying customers

Knowledge and its implementation

Ensuring employees create complex passwords = Set operating system configurations for password requirements Configuring firewall and router for protection = Read manuals, make configuration changes, implement ACLs Testing company's password policy = Obtain permission from management before conducting activities Implementing security measures without intrusion = Ensure company's security policy allows for testing activities

Use of hacking in education = Marketing strategy to attract attention Toolset used by attackers and security professionals = Mostly the same Security professionals' approach to setting up protection = Read manuals, implement ACLs, make configuration changes Ethical hacking activities and company's permission = Intrusive if not acknowledged and allowed by management

Foot printing and scanning = Identifying and mapping out a network to gather information for a potential attack Techniques for system hacking = Methods for gaining unauthorized access to a computer system or network Malware and their attacks and detect and prevent them = Understanding various types of malicious software and how to defend against them Detect and prevent the security attacks in different environments = Identifying and stopping security breaches in diverse computing environments

Midterm 1 = 7-8 weeks Quizzes = 4-11 weekly Participation labs = 14-15 weeks Final written Examination = End of semester

Essential References = Key resources necessary for understanding the course material Additional References = Supplementary materials for further exploration of the subject

Novice ethical hacker = Relies on tools developed by others to exploit specific vulnerabilities Advanced ethical hacker = Has the skill set and understanding to look at the code itself and identify possible vulnerabilities Hacker = Finds and exploits weaknesses in computer systems and/or networks to gain access Dictionary definition of hacking = The act of gaining unauthorized access to data in a system or computer

Ethical hacker's reliance on tools = Novice ethical hacker Ethical hacker's primary task = Identifying possible vulnerabilities and programming code errors Ethical hacker's skill set = Advanced ethical hacker Hacker's activity = Finding and exploiting weaknesses in computer systems and/or networks to gain access

Novice ethical hacker's approach = Using tools developed by others to exploit specific vulnerabilities Advanced ethical hacker's approach = Identifying possible vulnerabilities and programming code errors and developing ways to rid the software of these types of flaws Vendor's motivation for integrating protection mechanisms = Backlash and demand from customer bases Dictionary definition of hacking = The act of gaining unauthorized access to data in a system or computer

Ethical hacker's expertise level = Understanding to look at the code itself and identify possible vulnerabilities Vendor's response to market demands for security = Will step up to the plate when customers are willing to pay more for security Hacking according to the dictionary definition = The act of gaining unauthorized access to data in a system or computer Novice ethical hacker's reliance on others' tools = Using tools developed by others to exploit specific vulnerabilities

Advanced ethical hacker's role in software security = Developing ways to rid the software of vulnerabilities and programming code errors Vendor's integration of protection mechanisms = Due to backlash and demand from customer bases Hacker's activity according to the dictionary definition = Finding and exploiting weaknesses in computer systems and/or networks to gain access Novice ethical hacker's use of others' tools = To exploit specific vulnerabilities

Ethical hacking category according to the dictionary definition = The act of gaining unauthorized access to data in a system or computer Ethical hacker's role in identifying vulnerabilities = Advanced ethical hacker has the skill set and understanding to look at the code itself Vendor's response to market demands for security measures = Will step up only when customers are willing to pay more for security Hacker's role according to the dictionary definition = Finds and exploits weaknesses in computer systems and/or networks to gain access

Packet filtering firewall = Controls network traffic based on predetermined security rules Intrusion detection system = Monitors network or system activities for malicious activities or policy violations Proxies = Act as intermediaries between clients and servers, providing anonymity and security Encryption = Converts data into a code to prevent unauthorized access

Policies and procedures = Establish guidelines and protocols for security measures Liabilities and laws = Legal obligations and regulations governing information security Human behavior patterns = Understanding and addressing human tendencies that may pose security risks Corporate security programs and implementation = Developing and executing strategies to protect organizational assets

Antivirus software = Detects, prevents, and removes malicious software Hacks and cracks = Unauthorized attempts to exploit vulnerabilities in systems or software Packet filtering firewall = Screens incoming and outgoing network traffic based on predetermined security rules Intrusion detection systems = Monitors network or system activities for malicious activities or policy violations

Packets, firewalls, and hackers = Technical components of security measures Policies and procedures = Establishing guidelines for security protocols Human behavior patterns = Understanding and addressing security risks related to human tendencies Encryption = Converting data into a code to prevent unauthorized access

Social engineering attacks = Exploiting human psychology to gain access to systems or sensitive information ACK packets = Acknowledgment packets sent by a receiving computer to acknowledge data received successfully Established traffic = Network traffic that is part of an existing connection and has been verified as valid Cut through configuration = Method of forwarding network packets without fully checking them

Identifying weaknesses in a computer system = To uncover vulnerabilities for remediation Conducting hacking activity = To test the security of a system by simulating attacks Implementing packet filtering firewall = To control network traffic based on predetermined security rules Configuring access control lists = To regulate traffic entering the network based on specific criteria

Shon Harris, Gideon Lenkey, Allen Harper, Jonathan Ness and Chris Eagle = Gray Hat Hacking the Ethical Hackers Handbook Patrick Engebretson = The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy James Corley, Kent Backman, & Michael Simpson = Hands-On Ethical Hacking & Network Defense Not mentioned in the text = Codecademy – Python

hackaday.com = List of Open Source Software/learning website breakthesecurity.cysecurity.org = Electronic Materials eccouncil.org = Supportive References hackthissite.org = Not mentioned in the text

Get written permission from the owner of the computer system and/or computer network before hacking. = Rule 1 Protect the privacy of the organization been hacked. = Rule 2 Transparently report all the identified weaknesses in the computer system to the organization. = Rule 3 Inform hardware and software vendors of the identified weaknesses. = Not mentioned in the text

Basics of ethical hacking = Applied College Shaqra Chapter 1 Basics of the ethical hacking Ethical Hacking definition = Applied College Shaqra What is Ethical Hacking? Consequences of not being aware of tools for ACK packets = Not mentioned in the text Cut through configuration of a firewall = Not mentioned in the text

Identifying weakness in computer systems and networks = Key for accomplishing real security Abiding by specific rules and permissions = Fundamental requirement for ethical hackers before conducting any hacking activity Awareness of social engineering attacks = Potential consequence of not being aware of tools that allow for ACK packets to be generated and sent Using open source software/learning websites like Codecademy – Python = Not emphasized as a key component of information security according to the text

Marketing preference for 'hacking' over 'security professional toolset education' = 'Hacking' instead of 'security professional toolset education' Mistaken association with security when people think about it = Not mentioned in the text Focus on tools and software rather than ethical practices = Not mentioned in the text Emphasis on specialized tools rather than general-purpose programming = 'Hacking' instead of 'security professional toolset education'

Firewall configuration to review only the first fragment of a packet = Allowing in malicious traffic Awareness of social engineering attacks = Happily giving out useful information to attackers Knowledge and implementation of security measures = Accomplishing real security Tools that allow for ACK packets to be generated and sent = Initiating an attack

Outside source sending a SYN packet to initiate communication with an inside system = Preventing unauthorized communication Tools that can create fragments with dangerous payloads = Malicious traffic detection Company employees' awareness of social engineering attacks = Protecting sensitive information Knowledge and implementation of security measures = Establishing a secure environment

Identifying weaknesses in a computer system = Implementing proactive security measures Tools that allow for ACK packets to be generated and sent = Security vulnerability exploitation Awareness of social engineering attacks = Understanding potential attack vectors 'Cut through' configuration of a firewall = Increasing network performance

Real security = Knowledge coupled with effective implementation Social engineering attacks = Manipulating individuals to obtain sensitive information Malicious traffic detection = Identification and prevention of harmful network traffic Proactive security measures = Preventive actions to safeguard against potential threats

Understanding attacker techniques = Recognizing potential attacks Knowing when an attack may happen = Identifying pre-attack activities Educating network staff on security issues = Enabling effective response to security incidents Recognizing trouble when it happens = Reacting efficiently to security alarms

Ping sweep followed by port scan = Indication of imminent attack Automated security products = Identification of pre-attack activities Software's inability to make decisions = Risk of relying solely on automation Human judgment calls = Understanding contextual significance of activities

Computers' ability to outperform humans in calculations = Efficiency in repetitive tasks Humans' ability to make necessary judgment calls = Understanding nuances in security decisions Software's inability to put activities in context = Risk of decision-making reliance on software Understanding greys in life, not just 1s and 0s = Balancing human judgment with automation capabilities

Network staff's understanding of security issues = Effective response to security incidents Knowing when an attack may be imminent = Recognition of pre-attack activities Automated security products' limitations = Risks of over-reliance on automation Human ability to make necessary judgment calls = Understanding contextual significance of security incidents

Hacking = The act of gaining unauthorized access to data in a system or computer Ethical Hacking = Finding and exploiting weaknesses in computer systems and/or networks to gain access for the purpose of improving security Hackers = People who find and exploit weaknesses in computer systems and/or networks to gain access Security Flaws = Weaknesses or vulnerabilities in software that can be exploited by hackers

Using others' tools = Novice ethical hackers using tools developed by others to exploit specific vulnerabilities Developing own tools = Advanced ethical hackers identifying vulnerabilities and programming errors, and developing ways to rid the software of these flaws Understanding code = Advanced ethical hackers having the skill set and understanding to look at the code itself Exploiting vulnerabilities = Novice ethical hackers exploiting specific vulnerabilities using tools developed by others

Complexity = Not related to real security, as Applied College Shaqra Security does not like complexity Market Demand = Once the market truly demands a higher level of protection and security, vendors will step up to provide it Vendor Integration = Vendors integrating protection mechanisms mainly due to customer demand and backlash Ethical Hacking = The misconception that hacking is always unethical and illegal

Protection and Security = Level of protection and security provided by software products demanded by the market and customers willing to pay more for it Customer Demand = Customers demanding a higher level of protection and security, leading vendors to step up to provide it Vendor Response = Vendors integrating protection mechanisms due to customer demand and backlash Ethical Hacking Skills = Skill set and understanding to identify possible vulnerabilities, programming code errors, and develop ways to rid the software of these flaws

False

False

False

False

False

False

False

False

True

False

True

False

False

False

True

False

True

True

False

True

True

False

False

True

True

False