Ethical Hacking Summary PDF

Summary

This document provides a summary of ethical hacking concepts, including its definition, objectives, and process. It details penetration testing models and physical security measures. The content covers key aspects of information security, including ethical hacking techniques and certifications.

Full Transcript

Ethical Hacking Summary

Key Concepts in Ethical Hacking:

1. Definition of Ethical Hacking:

Ethical hacking involves breaking into systems legally with permission from the target's owner to

identify vulnerabilities and security weaknesses.

2. Objectives of Ethical Hacking:

- Conduct authorized security investigations.

- Assess security posture, report vulnerabilities, and recommend fixes.

- Ethical hackers use similar tools and methods as attackers but do so in a non-destructive

manner.

3. Penetration Testing:

- Involves examining systems, discovering vulnerabilities, and reporting findings.

- Ethical hackers deliver a report with specific advice for fixing vulnerabilities.

4. Ethical Hacking Process:

- Reconnaissance: Gather information on the target.

- Scanning and Enumeration: Identify open ports, services, and vulnerabilities.

- Gaining Access: Exploit vulnerabilities to enter the system.

- Maintaining Access: Set up backdoors for future access.

- Covering Tracks: Hide any signs of intrusion.

5. Penetration Testing Models:

- White Box Testing: Tester has full knowledge of the system.
 - Black Box Testing: Tester has no prior knowledge of the system.

- Gray Box Testing: Tester has partial knowledge of the system.

6. Physical Access Exploits:

- Techniques like tailgating and lock bumping can give attackers physical access to systems.

7. Defense Against Physical Access:

- Implement physical security measures like badges, biometrics, and surveillance systems.

8. Certifications:

- Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Certified

Information Systems Security Professional (CISSP), among others.