Chapter 8 - 04 - Discuss Ethical Hacking Concepts - 02_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
CompTIA
Tags
Related
- Certified Cybersecurity Technician Information Security Attacks Exam 212-82 PDF
- IoT Security - Introduction to IoT Security PDF
- Computer Hackers PDF
- NPTEL Online Certification Courses: Ethical Hacking Lecture Notes PDF
- Advance Persistent Threat Hacking (ATP) Introduction PDF
- Ethics for the Information Age Ninth Edition Chapter 7 PDF
Full Transcript
Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Scope’and Limitations of Ethical Hacking Scope Limitations Q Ethical hacking is a crucial component of risk assessment, auditing, counter fraud, and information systems security best practices QO Itis use...
Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Scope’and Limitations of Ethical Hacking Scope Limitations Q Ethical hacking is a crucial component of risk assessment, auditing, counter fraud, and information systems security best practices QO Itis used to identify risks and highlight remedial actions. It also reduces ICT costs by resolving vulnerabilities Q Unless the businesses already know what they are looking for and why they are hiring an outside vendor to hack systems in the first place, chances are there would not be much to gain from the experience O An ethical hacker can only help the organization to better understand its security system; it is up to the organization to place the right safeguards on the network Copyright © by All Rights Reserved. Reproduction is Strictly Prohibited. Scope and Limitations of Ethical Hacking Security experts broadly categorize computer crimes into two categories: crimes facilitated by a computer and those in which the computer is the target. Ethical hacking is a structured and organized security assessment, usually as part of a penetration test or security audit, and is a crucial component of risk assessment, auditing, counter fraud, and information systems security best practices. It is used to identify risks and highlight remedial actions. It is also used to Technology (ICT) costs by resolving vulnerabilities. Ethical hackers determine the scope of the reduce security Information assessment and Communications according to the client’s security concerns. Many ethical hackers are members of a “Tiger Team.” A tiger team works together to perform a full-scale test covering all aspects of the network, as well as physical and system intrusion. An ethical hacker should know the penalties of unauthorized hacking into a system. No ethical hacking activities associated with a network-penetration test or security audit should begin before receiving a signed legal document giving the ethical hacker express permission to perform the hacking activities from the target organization. Ethical hackers must be judicious with their hacking skills and recognize the consequences of misusing those skills. The ethical hacker must follow certain rules to fulfill their ethical and moral obligations. They must do the following: * Gain authorization from the client permission to perform the test. Module 08 Page 1090 and have a signed contract giving the tester Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Maintain confidentiality Agreement when Exam 212-82 performing the test and follow a Nondisclosure (NDA) with the client for the confidential information disclosed during the test. The information gathered might contain sensitive information, and the ethical hacker must not disclose any information about the test or the confidential company data to a third party. Perform the test up to but not beyond the agreed-upon limits. For example, ethical hackers should perform DoS attacks only if they have previously agreed upon this with the client. Loss of revenue, goodwill, and worse consequences could befall an organization whose servers or applications are unavailable to customers because of the testing. The following steps provide a framework for performing a security audit of an organization, which will help in ensuring that the test is organized, efficient, and ethical: Talk to the client and discuss the needs to be addressed during the testing Prepare and sign NDA documents with the client Organize an ethical hacking team and prepare the schedule for testing Conduct the test Analyze the results of the testing and prepare a report Present the report findings to the client However, there are limitations too. Unless the businesses first know what they are looking for and why they are hiring an outside vendor to hack their systems in the first place, chances are there would not be much to gain from experience. An ethical hacker, thus, can only help the organization to better understand its security system. It is up to the organization to place the right safeguards on the network. Module 08 Page 1091 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Assessment Techniques and Tools Exam 212-82 Skills of an Ethical Hacker Technical Skills Non-Technical Skills In-depth knowledge of major operating environments such as Windows, Unix, Linux, and Macintosh In-depth knowledge of networking concepts, technologies, and related hardware and software » A computer expert adept at technical. domains » Knowledgeable about security areas and related issues > “High technical” knowledge for launching sophisticated attacks The ability to learn and adopt new technologies quickly Strong work ethics and good problem solving and communication skills » Committed to the organization’s security policies » An awareness of local standards and laws Skills of an Ethical Hacker It is essential for an ethical hacker to acquire the knowledge and skills to become an expert hacker and to use this knowledge in a lawful manner. The technical and non-technical skills to be a good ethical hacker are discussed below: = Technical Skills @) In-depth knowledge of major operating environments, such as Windows, Unix, Linux, and Macintosh In-depth knowledge of networking concepts, technologies, and related hardware and software A computer expert adept at technical domains = o The knowledge of security areas and related issues O High technical knowledge of how to launch sophisticated attacks Non-Technical Skills o The ability to quickly learn and adapt new technologies (@) A strong work ethic and good problem solving and communication skills Commitment to an organization’s security policies An awareness of local standards and laws Module 08 Page 1092 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.