Free Essay

Ethical Hacking

In:

Submitted By adblack11
Words 843
Pages 4
One of the first aspects to consider when determining vulnerabilities are the vulnerabilities that lie within an organization- internal vulnerabilities. Vulnerability assessments allowed Jacket-X Organization to determine prevalent vulnerabilities within their organization. As observed, there were irregularities within the organizations payroll system. Although Human Resources brought it to the attention to the CIO, there was no documentation of fraudulent activity that occurred.

After reviewing the current implementation of the payroll process of Jack-X Organization, there were a couple of red flags that were brought to my attention:
• Payroll specialists and administrators both have the ability to add employees to payroll directly.
• Payroll specialists can change payroll details during validation.
• There is too much “power” given to specialists.
• Strong possibilities for false time cards to be created.
• Time cards can be modified easily.
• Payrolls that are deleted are not recorded (needed for audit).
• Direct deposit and paycheck generation systems are not linked.
• Reports are easily exported into an Excel file.

These are just some of the vulnerabilities that were noticed. To address these vulnerabilities, the following should be considered:
• Have clear and concise polices as to the extent of permissions given to specialists and administrators. If it pertains to any managerial content, they should not be able to access this content.
• Prohibit payroll details being changed during validation.
• Have some form of authentication that can verify timecards before submission.
• Prohibit specialists from validating payroll data.
• Direct deposit and paycheck generation systems should be linked. There is email notifications sent out only when paychecks are generated. I did not see anything about notification when direct deposit occurs. Therefore, a direct deposit can occur in a bank account and a check generated at the same time.
• Reports should not be allowed to be easily exported with an Excel file. This sensitive information has the capability of being stolen or intercepted into wrong hands. Strong passwords need to be enforced with all reports.

Another important aspect to consider is establishing a secure network. After reviewing the topology within Jacket-X, there appears to be an adequate secure network. There were various components within the network that helped ensure the mainframe and different servers would be protected: Intrusion Detection Prevention Systems and firewalls. While these components are not the only tools used to protect an organization, they can help mitigate vulnerabilities and threats.

After reviewing a security incident that occurred with Vice-President of Sales, Steve Forrester, there is no way to tell for sure when the worm was put on his laptop; there were many incidents when this could have occurred. What polices are in place addressing connecting to LANs? Prior to any device being connected albeit a cellphone, tablet, or a computer, there needs to a policy in place addressing this. Jacket-X is very fortunate to have an IDS in place recognized the threat and alerted Jerry Wilson, ISO. The downtime that was experienced because of lapse in judgment exhibited by Steve Forrester caused Jacket-X to not be able to operate as usual. After analysis of the situation, various measures need to be taken:
• There needs to be a verification process for laptops. They need to be returned so they can be able to be verified before connecting to WAN. These concerns need to be addressed to Steve to make sure he is fully aware of the severity of the current situation.

Audits are not always fun, but they are necessary for any business. Jacket-X will undergo an upcoming audit to determine if the IT controls in place are adequate. Within the audit will fall different aspects-- network security, protocols and services, user security, data storage security, and password security. The following concerns were addressed while preparing for the audit:
• Network activity logging currently in place is not adequate enough. It does not have the capability to keep up with the activity on the network.
• Because firewalls were blocking clients, there were ports that were intentionally being left open for the week.
• Programmers were implementing untested code to the ENTIRE network rendering the network inoperable. Also, activity logging does not record failed login attempts.
• File sharing is conducted at a centralized location.
• Password are not being stored securely

These vulnerabilities can be fixed by—
• Ensuring that activity logging is adequate.
• Do not leave ports open. Attackers can find these open ports and exploit this vulnerability.
• Do not allow untested code to be implemented on an entire network without knowing if it will be a threat; test on smaller sections. Also, all login attempts need to be recorded whether they are successful or failed.
• Conducting file sharing in one location is a recipe for disaster. Because there are a variety of users with different access to information, file sharing should ne occur where all users can access this data. Specified users should have access to certain information.
• Passwords need to be secured. Point. Blank. Period. Storing your password in an unsecure format or location is basically “handing” that information over. Policies need to be in place about password storage and removal.

Similar Documents

Free Essay

Ethical Hacking

...Chapter 1 Ethical Hacking Overview    Describe the role of an ethical hacker Describe what you can do legally as an ethical hacker Describe what you cannot do as an ethical hacker Hands-On Ethical Hacking and Network Defense 2  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings, does not solve problems  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network Hands-On Ethical Hacking and Network Defense 3  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission Hands-On Ethical Hacking and Network Defense 4  Script kiddies or packet monkeys  Young inexperienced hackers  Copy codes and techniques from knowledgeable hackers  Experienced penetration testers write programs or scripts using these languages  Practical Extraction and Report Language (Perl), C, C++, Python, JavaScript, Visual Basic, SQL, and many others  Script  Set of instructions that runs in sequence Hands-On Ethical Hacking...

Words: 1129 - Pages: 5

Premium Essay

Ethical Hacking

...Danish Jamil et al. / International Journal of Engineering Science and Technology (IJEST) IS ETHICAL HACKING ETHICAL? DANISH JAMIL Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300,Pakistan mallick251@hotmail.com MUHAMMAD NUMAN ALI KHAN Department of Computer Engineering, Sir Syed University of Engineering & Technology, Main University Road, Karachi, Sindh-75300,Pakistan mallick89@yahoo.co.uk Abstract : This paper explores the ethics behind ethical hacking and whether there are problems that lie with this new field of work. Since ethical hacking has been a controversial subject over the past few years, the question remains of the true intentions of ethical hackers. The paper also looks at ways in which future research could be looked into to help keep ethical hacking, ethical. Keywords— Ethical hacking, hacking, hackers, education and training, risk management, automated security I. INTRODUCTION Understanding the true intentions of the general public is quite a hard task these days, and it is even harder so, to understand the intentions of every single ethical hacker getting into vulnerable systems or networks. Technology is ever growing and we are encountering tools that are beneficial to the general public, but in the wrong hands can create great controversy, breaching our basic right to privacy, respect and freewill. The constant issues highlighted by the media always reporting some type...

Words: 3974 - Pages: 16

Free Essay

Ethical Hacking

...Topic #2 Research Topic – Ethical Hacking 1. http://www.networkworld.com/news/2009/042409-usenix-hacking.html This is a Network World article talking about the legal risks of ethical hacking. The article talks about whether or not ethical hackers risk prosecution themselves. The articles discusses developing a set of ethical guidelines that can be shown to the government when and if they starting taking a greater role in oversight. It mentions that it might be a good idea to work with law enforcements when it comes to ethical hacking. 2. https://www.eccouncil.org/certification/certified_ethical_hacker.aspx This site provides information about becoming a certified ethical hacker. The group doing the certifying is the International Council of E-Commerce Consultants (EC-Council). This is a member-based organization that certifies individuals in various e-business and information security skills. The site provides a great FAQ, exam info, where to get training, and the path to get certified as an ethical hacker. 3. http://www.go4expert.com/forums/forumdisplay.php?f=55 This is a great online forum for those who are ethical hackers, or interested in becoming one. The page warns that the forum is only for ethical or as a learning purpose. It gives many tips, tricks, and tutorials share amongst other ethical hackers in this online community. 4. http://www.purehacking.com/ This company offers penetration testing and other ethical hacking services for a company to...

Words: 339 - Pages: 2

Premium Essay

Ethical Hacking

...Ethical Hacking – Is There Such A Thing? Alexander Nevermind Nelson Stewart, PhD CIS 324 December 9, 2011 ABSTRACT ------------------------------------------------- When someone hears the word hacker, many things come to mind. Bad, thief, terrorist, crook and unethical are some words that may be used to describe a hacker. The reputation of a hacker is well deserved as many company networks have been compromised with viruses and spyware causing untold millions in damage, the theft of sensitive consumer information such as Social Security numbers and financial data and the unauthorized access of classified government information. To combat these issues, many companies employ individuals called ethical hackers who, by their direction and supervision look for vulnerabilities in network systems. There are naysayers who bristle at the term “ethical hacker” saying that a hacker is a hacker but those who hold such views could be missing the point. These subjects will be discussed in detail later in the text. ------------------------------------------------- Is there such a thing as “Ethical Hacking?” Define ethical hacking and support an argument in favor or against the concept. Consider who might believe/use ethical hacking and discuss if hacking, even for the purpose of protecting human rights, is ethical. You should extend the paper beyond the topics suggested in the questions within the paper description. Ethical hacking does exist, in fact, companies...

Words: 904 - Pages: 4

Premium Essay

Ethical Hacking

...2014 Ethical Hacking Ethical hacking is used to describe hacking performed by a company or individual to help identify potential threats on a computer or network. An ethical hacker works passed the system security to detect the vulnerabilities or weak points of a company’s network. Then this type of information is used to improve the company’s network from the bad hackers who exploit the company in a destructive way. In 1960s, U.S military began testing their own IT systems, but when Dan Farmer a security expert from San Francisco and a security programmer at the Netherlands University of Eindhoven had posted the techniques they used to gather information to the Usenet, that could have compromised the security of a number of target networks(Langely). Their goal was to raise the overall level of security on the internet. Dan farmer and Eindhoven were elected to share their work freely on the internet for others to learn. Eventually, they gather up the work they used and developed a program called Security Analysis Tool for Auditing Networks (Langely). This tool is used to perform an audit of the vulnerabilities of the system and how to eliminate the problem. The concept of ethical hacking started emerging in 1993 (Langely). According to some, ethical hacking does not exist and they feel hacking is just hacking, no matter how you put it. Therefore the one that is doing the hacking is a computer criminal. This is not the case, so in order for hacking it to be “ethical “you...

Words: 589 - Pages: 3

Premium Essay

Ethical Hacking

...What is Ethical Hacking Ethical hacking provides a way to determine the security of an information technology environment – at least from a technical point of view. As the name ethical hacking already tells, the idea has something to do with hacking. But what does “hacking” mean “The word hacking has two definitions. The first definition refers to the hobby/profession of working with computers. The second definition refers to breaking into computer systems. While the first definition is older and is still used by many computer enthusiasts(who refer to cyber-criminals as "crackers"), the second definition is much more commonly used.” – Definition by Internet Security Systems In the context of “ethical hacking”, hacking refers to the second definition –breaking into computer systems. It can be assumed that hacking is illegal, as breaking into a house would be. At this point, “ethical” comes into play. Ethical has a very positive touch and describes something noble which leads us to the following definition of ethical hacking: Ethical hacking describes the process of attacking and penetrating computer systems and networks to discover and point out potential security weaknesses for a client which is responsible for the attacked information technology environment. An ethical hacker is therefore a “good” hacker, somebody who uses the methods and tools of the blackhat4 community to test the security of networks and servers. The goal of an ethical hack is neither to do damage...

Words: 1321 - Pages: 6

Premium Essay

Ethical Hacking

...sensitive consumer information such as Social Security numbers and FINANCIAL data and the unauthorized access of classified government information. To combat these issues, many companies employ individuals called ethical hackers who, by their direction and supervision look for vulnerabilities in network systems. There are naysayers who bristle at the term “ethical hacker” saying that a hacker is a hacker but those who hold such views could be missing the point. These subjects will be discussed in detail later in the text. ------------------------------------------------- Is there such a thing as “Ethical Hacking?” Define ethical hacking and support an argument in favor or against the concept. Consider who might believe/use ethical hacking and discuss if hacking, even for the purpose of protecting human rights, is ethical. You should extend the paper beyond the topics suggested in the questions within the paper description. Ethical hacking does exist, in fact, companies employ individuals to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. These individuals can obtain a certification for ethical hacking. This certification is called Certified Ethical Hacker that is provided by the International Council of E-Commerce Consultants (EC-Council). Qualifications for certification are as follows: 1 Attending an accredited training...

Words: 271 - Pages: 2

Premium Essay

Ethical Hacking

... HACKING 1. Learn about hardware - basicly how your computer works. 2. Learn about different types of software. 3. Learn DOS.(learn everything possible) 4. Learn how to make a few batch files. 5. Port scanning. ( download blues port scanner if it's your first time) 6. Learn a few programming languages HTML,C++,Python,Perl.... (i'd recommend learning html as your first lang) 7. How to secure yourself (proxy,hiding ip etc) 8. FTP 9. TCP/Ip , UDP , DHCP , 10. Get your hands dirty with networking 11. Learn diassembler language (its the most basic language for understanding machine language and very useful to ubderstand when anything is disassembled and decoded) 12. Learn to use a Unix os. (a Unix system is generally loaded with networking tools as well as a few hacking tools) 13. Learn how to use Exploits and compile them. (Perl and c++ is must) ETHICAL HACKER Traditionally, a Hacker is someone who likes to play with Software or Electronic Systems. Hackers enjoy Exploring and Learning how Computer systems operate. They love discovering new ways to work electronically. Hacker is a word that has two meanings: 1-Recently, Hacker has taken on a new meaning someone who maliciously breaks into systems for personal gain. 2-Technically, these criminals are Crackers as Criminal Hackers. Crackers break into systems with malicious Intentions An ethical hacker is a computer and network expert...

Words: 2587 - Pages: 11

Premium Essay

Ethical Hacking

...As the internet is growing there has been a higher demand for network security. With the higher demand comes a new form of job known as ethical hacking. An ethical hacker is a person that conducts penetration testing on networks to test the integrity of a network for any given business or corporation (White hat (computer security)). With this technique, corporations and businesses will have the assurance they need for protecting their personal identifiable information (PII) on their network. To beat a hacker, first you must think like one. Ethical hacking is an accepted hacking method of network security systems for a particular business or corporation. Ethical Hacking has provided network security administrators with the knowledge they need to continually keep their network secure. With this method of penetration testing, you can see that there is no negative effect on a business or corporation’s network security. The ethical hacker must first receive authorization. If authorization is not obtained, ethical hacking can be considered a federal offense punishable by a prison sentence of no less than five years (Computer Hacking Law & Legal Definition). “The authorization can be as simple as an internal memo or e-mail from your boss if you're performing these tests on your own systems. If you're testing for a client, have signed contracts in place, stating the client's support and authorization” (Beaver). Once authorization has been made you will need to develop a strategy...

Words: 857 - Pages: 4

Premium Essay

Ethical Hacking

...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are critically...

Words: 6103 - Pages: 25

Premium Essay

Ethical Hacking

...Importance of ethical hacking Chapter 1 Introduction Ethical hacking is an emerging tools used by most of the organizations for testing network security. The security risks and vulnerabilities in a network can be recognized with the help of ethical hacking. This research completely concentrates on ethical hacking, problems that may occur while hacking process is in progress and various ethical hacking tools available for organizations. Information is the important source for any organizations while executing business operations. Organizations and government agencies have to adopt ethical hacking tools in order secure important documents and sensitive information (Harold F. Tipton and Micki Krause, 2004). Ethical hacker professionals have to be hired in order to test the networks effectively. Ethical hackers perform security measure on behalf of the organization owners. In order to bring out the ethical hacking efforts perfectly a proper plan must be executed. Ethical hacking has the ability to suggest proper security tools that can avoid attacks on the networks. Hacking tools can be used for email systems, data bases and voice over internet protocol applications in order to make communications securely. Ethical hacking can also be known as penetration testing which can be used for networks, applications and operating systems (Jeff Forristal and Julie Traxler, 2001). Using hacking tools is a best method for identifying the attacks before it effect the entire organization. Ethical hackers...

Words: 9223 - Pages: 37

Free Essay

Ethical Hacking

...Ethical Hacking Computer Ethics – CIS 324 Dr. Nelson Stewart June 7, 2013 INTRODUCTION When most people hear the term “hacker” they think of an evil person committing crimes by hacking into their computers to steal, destroy and/or steal identities. This is so in some cases, but not all hackers are bad. Hackers are merely curious technically skilled individuals who gain unauthorized access to computers, networks of various companies, organizations and individuals. Good hackers are considered white hat hackers. They are the ones that are hired to break into systems as a way of testing the vulnerabilities and security issues that may be present in the computer system. Bad hackers are considered black hat hackers. They are the “evil” hackers, or should I say “crackers” who hack into systems to steal identities, information, crack into software programs and create nasty viruses. What is Ethical Hacking? Ethical hacking provides a way to determine the security of an information technology environment – at least from a technical point of view. As the name ethical hacking already tells, the idea has something to do with hacking. But what does “hacking” mean? The word hacking has two definitions. The first definition refers to the hobby/profession of working with computers. The second definition refers to breaking into computer systems. While the first definition is older and is still used by many computer enthusiasts (who refer to cyber-criminals as “crackers”), the...

Words: 1280 - Pages: 6

Premium Essay

Ethical Hacking

...Chapter-1 1.0 Introduction With the tremendous advancement of Internet, different aspects of it are achieving the highest peak of growth. An example of it is e-commerce. More and more computers get connected to the Internet, wireless devices and networks are booming and sooner or later, nearly every electronic device may have its own IP address. The complexity of networks is increasing, the software on devices gets more sophisticated and user friendly – interacting with other devices and people are a main issues. At the same time, the complexity of the involved software grows, life cycles are getting shorter and maintaining high quality is difficult. Most users want (or need) to have access to information from all over the world around the clock. Highly interconnected devices which have access to the global network are the consequence. As a result, privacy and security concerns are getting more important. In a word, information is money. There is a serious need to limit access to personal or confidential information – access controls are needed. Unfortunately most software is not bug free due to their complexity or carelessness of their inventors. Some bugs may have a serious impact on the access controls in place or may even open up some unintended backdoors. Security therefore is a hot topic and quite some effort is spent in securing services, systems and networks. On the internet, there is a silent war going on between the good and the bad guys – between the ones...

Words: 8365 - Pages: 34

Premium Essay

Ethical Hacking

...Ethical hacking by C. C. Palmer The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with pornography, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization’s secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. The ethical hacking process is explained, along with many of the problems that the Global Security Analysis Lab has seen during its early years of ethical hacking for IBM clients. T he term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as: HACKER noun 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the minimum amount necessary. 2. One who programs enthusiastically...

Words: 6482 - Pages: 26

Free Essay

Ethical Hacking

...This page was intentionally left blank This page was intentionally left blank Hands-On Ethical Hacking and Network Defense Second Edition Michael T. Simpson, Kent Backman, and James E. Corley ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. This is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed. Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. The publisher reserves the right to remove content from this title at any time if subsequent rights restrictions require it. For valuable information on pricing, previous editions, changes to current editions, and alternate formats, please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword for materials in your areas of interest. Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated...

Words: 185373 - Pages: 742