Chapter 8 - 04 - Discuss Ethical Hacking Concepts - 02_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
OCREd
Tags
Related
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Scope’and Limitations of Ethical Hacking...
Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Scope’and Limitations of Ethical Hacking Scope Limitations Q Ethical hacking is a crucial Q Unless the businesses already know component of risk assessment, what they are looking for and why auditing, counter fraud, and they are hiring an outside vendor information systems security best to hack systems in the first place, practices chances are there would not be much to gain from the experience QO Itis used to identify risks and highlight remedial actions. It also O An ethical hacker can only help the reduces ICT costs by resolving organization to better understand its vulnerabilities security system; it is up to the organization to place the right safeguards on the network Copyright © by All Rights Reserved. Reproduction is Strictly Prohibited. Scope and Limitations of Ethical Hacking Security experts broadly categorize computer crimes into two categories: crimes facilitated by a computer and those in which the computer is the target. Ethical hacking is a structured and organized security assessment, usually as part of a penetration test or security audit, and is a crucial component of risk assessment, auditing, counter fraud, and information systems security best practices. It is used to identify risks and highlight remedial actions. It is also used to reduce Information and Communications Technology (ICT) costs by resolving vulnerabilities. Ethical hackers determine the scope of the security assessment according to the client’s security concerns. Many ethical hackers are members of a “Tiger Team.” A tiger team works together to perform a full-scale test covering all aspects of the network, as well as physical and system intrusion. An ethical hacker should know the penalties of unauthorized hacking into a system. No ethical hacking activities associated with a network-penetration test or security audit should begin before receiving a signed legal document giving the ethical hacker express permission to perform the hacking activities from the target organization. Ethical hackers must be judicious with their hacking skills and recognize the consequences of misusing those skills. The ethical hacker must follow certain rules to fulfill their ethical and moral obligations. They must do the following: * Gain authorization from the client and have a signed contract giving the tester permission to perform the test. Module 08 Page 1090 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Maintain confidentiality when performing the test and follow a Nondisclosure Agreement (NDA) with the client for the confidential information disclosed during the test. The information gathered might contain sensitive information, and the ethical hacker must not disclose any information about the test or the confidential company data to a third party. Perform the test up to but not beyond the agreed-upon limits. For example, ethical hackers should perform DoS attacks only if they have previously agreed upon this with the client. Loss of revenue, goodwill, and worse consequences could befall an organization whose servers or applications are unavailable to customers because of the testing. The following steps provide a framework for performing a security audit of an organization, which will help in ensuring that the test is organized, efficient, and ethical: Talk to the client and discuss the needs to be addressed during the testing Prepare and sign NDA documents with the client Organize an ethical hacking team and prepare the schedule for testing Conduct the test Analyze the results of the testing and prepare a report Present the report findings to the client However, there are limitations too. Unless the businesses first know what they are looking for and why they are hiring an outside vendor to hack their systems in the first place, chances are there would not be much to gain from experience. An ethical hacker, thus, can only help the organization to better understand its security system. It is up to the organization to place the right safeguards on the network. Module 08 Page 1091 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Assessment Techniques and Tools Skills of an Ethical Hacker Technical Skills Non-Technical Skills In-depth knowledge of major The ability to learn and adopt new operating environments such as technologies quickly Windows, Unix, Linux, and Macintosh Strong work ethics and good problem In-depth knowledge of networking solving and communication skills concepts, technologies, and related hardware and software » Committed to the organization’s security policies » A computer expert adept at technical. » An awareness of local standards and laws domains » Knowledgeable about security areas and related issues > “High technical” knowledge for launching sophisticated attacks Skills of an Ethical Hacker It is essential for an ethical hacker to acquire the knowledge and skills to become an expert hacker and to use this knowledge in a lawful manner. The technical and non-technical skills to be a good ethical hacker are discussed below: = Technical Skills @) In-depth knowledge of major operating environments, such as Windows, Unix, Linux, and Macintosh In-depth knowledge of networking concepts, technologies, and related hardware and software A computer expert adept at technical domains o The knowledge of security areas and related issues O High technical knowledge of how to launch sophisticated attacks = Non-Technical Skills o The ability to quickly learn and adapt new technologies (@) A strong work ethic and good problem solving and communication skills Commitment to an organization’s security policies An awareness of local standards and laws Module 08 Page 1092 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.
