1. Ethical Hacking Overview

Hackers

Access computer or networks without the authorization of the owner.

Crackers

Break into systems to steal or destroy data.

Ethical Hacker

Performs similar activities as a hacker, but with permission from the owner or company. Also called “penetration tester”.

Script Kiddies

Individuals who copy code or use tools without understanding how they work. Refers to younger, inexperienced people.

White Box Model

Testing approach in which the tester is given information such as the network topology and the technology used. The tester is permitted to interact with IT personnel and company employees.

Black Box Model

Staff is not aware of this test. Tester is not given diagrams or details about the technologies used. This tests security personnel’s ability to detect an attack.

Gray Box Model

Hybrid of the black and white box model. The company gives partial information to the tester.

Security+

The minimum certification. The prerequisite is Network+ level of knowledge.

PenTest+

Advanced certification that tests skills on planing and scoping an assessment, understand legal and compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and report results.

OSCP

An advanced certification that requires students to demonstrate hands-on abilities. It covers network and application exploits.

CEH

Places you on a read team that conducts penetration testing.

OPST

Uses the Open Source Security Testing Methodology Manual as its standardized methodology.

CISSP

Not geared towards technical IT professionals. Tests security-related managerial skills.