Ethical Hacking Midterm 1 - From the Slides

What is an Ethical Hacker?

Someone who is hired by companies to perform penetration tests

What is a penetration test?

An attempt to break into a company's network to find the weakest link

What is a security test?

This is more than a break-in attempt. It includes analyzing company's security policy and procedures. Vulnerabilities are reported.

What is an ethical hacker's role?

An ethical hacker's role is to perform most of the same activities as a hacker but with the owners permission.

What is a hackers role?

They access a computer system or network without authorization. They can go to prison.

What is a script kiddy or a packet monkey?

A younger, inexperienced hacker who copies codes from knowledgeable hackers.

What do experienced penetration testers use?

Programming Languages and Scripts

What is a tiger box?

A collection of tools used for conducting vulnerability assessments and attacks.

What is a white box model?

A tester is told about network topology and technology. The tester is permitted to interview IT personnel and company employees.

What is a Gray Box model?

Hybrid of the white and black box models. Company gives tester partial information such as operating systems but no network diagrams.

What's a minimum certification?

Security+ or equivalent

Who developed the Certified Ethical Hacker?

eecouncil, International Council of Electronic Commerce Consultants

What is the CISSP?

Certified Information Systems Security Professional? It tests security-related managerial skills.

What is GIAC?

Global Information Assurance Certification?

What is a danger of certification exams?

Memorization

What is CHIP?

Computer Hacking and Intellectual Property. It is a new government ranch to address computer hacking and intellectual property crimes.

What are some illegal actions?

Accessing a computer without permission, destroying data without permission, copying information without permission, install worms or viruses, denying users access to network resources

Skills needed to become an ethical hacker

Knowledge of network and computer technology, Ability to communicate with management and IT personnel, an understanding of the laws in your location, and ability to use necessary tools

1970

Homebrew computer club created blue boxes to hack into phone systems

What is a security Tester?

Breaks in and analyzes company's security policy and procedures. Vulnerabilities are reported.

Is Port Scanning Legal

Federal Government does not see it as a violation--Allows each state to address it separately.

TCP/IP Stack

NITA - Network, Internet, Transport, and Application

What are the two components of IP addresses

Network and Host Address

What is the range for class A IP's?

1 -126

What is the range for Class B IP's?

128-191

What is the range for class c?

... 192-223

How many possible ports are there?

65535

What is the TCP three-way handshake?

SYN, SYN-ACK, ACK

What port is SMTP

Port 25

What port is FTP

Port 20, 21

What port is SSH

22

What port for DNS

53

What port is HTTP?

80

What port POP3

110

What port is RPC

135

What port for netbios and file share

139

LDAP port

389

RDP Port

3389

What port MySQL DB server

3306

What port is SMB

445