...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are critically...
Words: 6103 - Pages: 25
...EC-Council CEH v7 Course Outline Course Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50 Who Should Attend This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Duration 5 days (9:00 – 5:00) Certification The Certified Ethical Hacker exam 312-50 may be taken on the last day of the training (optional). Students need to pass the online Prometric exam to receive CEH certification. Page 2 EC-Council Legal Agreement Ethical Hacking and Countermeasures course mission is to educate...
Words: 458 - Pages: 2
...Hands-On Ethical Hacking and Network Defense Second Edition Chapter 3 Network and Computer Attacks Objectives • After this lecture and completing the exercises, you will be able to : – Describe the different types of malicious software and what damage they can do – Describe methods of protecting against malware attacks – Describe the types of network attacks – Identify physical security attacks and vulnerabilities Hands-On Ethical Hacking and Network Defense, Second Edition 2 Malicious Software (Malware) • Network attacks prevent a business from operating – Malicious software (malware) • Virus • Worm • Trojan program – Goals • • • • Destroy data Corrupt data Shutdown a network or system Make money 3 Hands-On Ethical Hacking and Network Defense, Second Edition Viruses • Virus attaches itself to a file or program – Needs host to replicate – Does not stand on its own – No foolproof prevention method • Antivirus programs – Detection based on virus signatures • Signatures are kept in virus signature file • Must update periodically • Some offer automatic update feature Hands-On Ethical Hacking and Network Defense, Second Edition 4 Table 3-1 Common computer viruses Hands-On Ethical Hacking and Network Defense, Second Edition 5 Viruses (cont’d.) • Encoding using base 64 – – – – – – – – Typically used to reduce size of e-mail attachments Also, used to encrypt (hide) suspicious code. Represents zero to 63 using six bits A is 000000… Z is 011001 Create groups of four characters...
Words: 1394 - Pages: 6
...CHAPTER 7 INFORMATION SYSTEM CONTROLS for SYSTEMS RELIABILITY SUGGESTED ANSWERS TO DISCUSSION QUESTIONS 7.1 1. Encryption is the final layer of preventative controls in that encrypting data provides a barrier against an intruder who has obtained access to company data. Encryption employing a digital signature and a public key infrastructure (PKI) can also strengthen authentication procedures and helps to ensure and verify the validity of e-business transactions. The digital signature is some sort of identifying information about the signer that is encrypted with the signer’s private key. This identifying information can only be decrypted using the corresponding public key. Since a private key is only known to it’s owner, only the owner can hold both the public and the private key and be the creator of the digital signature. Thus, digital signatures can be used to authenticate a particular party involved in a transaction as being the creator of a document. This provides for non-repudiation: the creator of the digital signature cannot deny having signed a document.. A digital certificate is an electronic document that is digitally signed by a trusted third party that certifies the identity of the owner of a pair of public and private keys. The PKI is a system that is used to process and manage the public and private keys used in digital signatures and digital certificates. An organization that handles digital certificates is called a certificate...
Words: 5091 - Pages: 21
...is just a cracker who is getting paid. Answer: C Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target. QUESTION 2: What does the term "Ethical Hacking" mean? A. Someone who is hacking for ethical reasons. B. Someone who is using his/her skills for ethical reasons. C. Someone who is using his/her skills for defensive purposes. D. Someone who is using his/her skills for offensive purposes. Answer: C Explanation: Ethical hacking is only about defending your self or your employer against malicious persons by using the same techniques and skills. QUESTION 3: Who is an Ethical Hacker? A. A person whohacksfor ethical reasons B. A person whohacksfor an ethical cause C. A person whohacksfor defensive purposes D. A person whohacksfor offensive purposes Answer: C Explanation: The Ethical hacker is a security professional who applies his hacking skills for defensive purposes. Actualtests.com - The Power of Knowing 312-50 QUESTION 4: What is "Hacktivism"? A. Hacking for a cause B. Hacking ruthlessly C. An association which groups activists D. None of the above Answer: A Explanation: The term was coined by author/critic Jason Logan...
Words: 34575 - Pages: 139
...Hacking Countermeasures & Techniques Distributed Denial of Service (DDoS) Best Practices Guide to Counter DDoS attacks: This Guide will cover Best Practices to counter DDoS attacks like the attack on the Universities Registration System Server (RSS) by infected computers (Bots). The attack by rogue software installed on computers located in University Computer Labs resulted in the shutting down web access to the RSS system. Coordinated by a central controller these Bots established web connections (HTTP protocol) to the RSS using up all available bandwidth. This prevented students from accessing the Web site/server for legitimate traffic during the attack. (Schifreen, R. (2006)) This is considered a Consumption of Resources attack using up all the resources of RSS bandwidth. (Specht, S. M., & Lee, R. B. (2004)) These best practices would help prevent and/or reduce the effects of such attacks. Industry best practices to counter DDoS attacks start with documentation that addresses procedures to be followed before, during, and after an attack. (Schifreen, R. (2006)) The establishment of a Security Incident Response Team (SIPT) trained to react to incidents reduces damage and duration of outages. Best practices include; training, network configuration, patch management, access control lists, encryption, intrusion detection, intrusion prevention, and traffic shaping. (Cunningham, B, Dykstra, T, Fuller, E, Gatford, C, Gold, A, Hoagberg, M, Hubbard, A, Little, C, Manzuik, S,...
Words: 1240 - Pages: 5
...P ra c t i c a l ve ri f i c a t i o n & s a fe g u a rd tools for C/C++ F Michaud . R. Carbone DRDC Valcartier Defence R&D Canada – Valcartier Technical Report DRDC Valcartier TR 2006-735 November 2007 Practical verification & safeguard tools for C/C++ F. Michaud R. Carbone DRDC Valcartier DRDC Valcartier Technical Report DRDC Valcartier TR 2006-735 November 2007 Principal Author Approved by Yves van Chestein Head/IKM Approved for release by Christian Carrier Chief Scientist c Her Majesty the Queen in Right of Canada as represented by the Minister of National Defence, 2007 c Sa Majest´ la Reine (en droit du Canada), telle que repr´sent´e par le ministre de la e e e D´fense nationale, 2007 e Abstract This document is the final report of an activity that took place in 2005-2006. The goal of this project was first to identify common software defects related to the use of the C and C++ programming languages. Errors and vulnerabilities created by these defects were also investigated, so that meaningful test cases could be created for the evaluation of best-ofbreed automatic verification tools. Finally, when relevant, best practices were inferred from our experiments with these tools. ´ ´ Resume Ce document est le rapport final d’un projet de recherche qui a eu lieu en 2005-2006. Le but de ce projet ´tait avant tout d’identifier les d´fauts logiciels courants li´s ` l’utilisation des e e e a langages de programmation C et C++. Les erreurs et vuln´rabilit´s...
Words: 22394 - Pages: 90
...LOT2 Task 2 5/24/2013 Best Practices in Prevention of DoS/DDoS Attacks This guide is meant to describe best practices for the detection and prevention of denial of service attacks, such as the event that recently occurred at the university. It was determined that based on current security guidelines and current controls in place, the university was still severely vulnerable from an internal aspect and all identified gaps need to be addressed and resolved. Each control described below will provide a more in depth look at the overall strategy of how a network should be protected but still allow for the functionality that is required to maintain normal operations. Know the Signs of an Attack An essential part of network security is knowing what the characteristics of an attack are, so they can be countered or prevented. When the university suffered an overwhelming internal DDoS attack, it required administrators to reevaluate its security guidelines based on what was known about the attack. As seen at the time of attack, certain characteristics were: Network performance unusually slow Website was unavailable for at least 24 hours Thousands of bogus HTTP packets sent to internal web server Taking these factors into account, it can be safe to say it was an actual attack rather than just legitimate network usage. Now that it is known what such an event would look like, identifying similar attacks in the future will be much easier and may allow for limited down...
Words: 1264 - Pages: 6
...EC-Council Press | The Experts: EC-Council EC-Council’s mission is to address the need for well educated and certified information security and e-business practitioners. EC-Council is a global, member based organization comprised of hundreds of industry and subject matter experts all working together to set the standards and raise the bar in Information Security certification and education. EC-Council certifications are viewed as the essential certifications needed where standard configuration and security policy courses fall short. Providing a true, hands-on, tactical approach to security, individuals armed with the knowledge disseminated by EC-Council programs are securing networks around the world and beating the hackers at their own game. The Solution: EC-Council Press The EC-Council | Press marks an innovation in academic text books and courses of study in information security, computer forensics, disaster recovery, and end-user security. By repurposing the essential content of EC-Council’s world class professional certification programs to fit academic programs, the EC-Council | Press was formed. With 8 Full Series, comprised of 27 different books, the EC-Council | Press is set to revolutionize global information security programs and ultimately create a new breed of practitioners capable of combating this growing epidemic of cybercrime and the rising threat of cyber war. This Certification: C|EH – Certified Ethical Hacker Certified Ethical Hacker is a certification...
Words: 61838 - Pages: 248
...Penetration testing Penetration testing A Hands-On Introduction to Hacking by Georgia Weidman San Francisco Penetration testing. Copyright © 2014 by Georgia Weidman. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Printed in USA First printing 18 17 16 15 14 123456789 ISBN-10: 1-59327-564-1 ISBN-13: 978-1-59327-564-8 Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Mertsaloff/Shutterstock Interior Design: Octopod Studios Developmental Editor: William Pollock Technical Reviewer: Jason Oliver Copyeditor: Pamela Hunt Compositor: Susan Glinert Stevens Proofreader: James Fraleigh Indexer: Nancy Guenther For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com Library of Congress Cataloging-in-Publication Data Weidman, Georgia. Penetration testing : a hands-on introduction to hacking / Georgia Weidman. pages cm Includes index. ISBN 978-1-59327-564-8 (paperback) -- ISBN 1-59327-564-1 (paperback) 1. Penetration testing (Computer security) 2. Kali Linux. 3. Computer hackers. QA76.9.A25W4258 2014 005.8'092--dc23 2014001066...
Words: 117203 - Pages: 469
...Blackjacking Security Threats to BlackBerry® Devices, PDAs, and Cell Phones in the Enterprise Daniel Hoffman Wiley Publishing, Inc. Blackjacking Blackjacking Security Threats to BlackBerry® Devices, PDAs, and Cell Phones in the Enterprise Daniel Hoffman Wiley Publishing, Inc. Blackjacking: Security Threats to BlackBerrys, PDAs, and Cell Phones in the Enterprise Published by Wiley Publishing, Inc. 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2007 by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-0-470-12754-4 Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: The publisher and the author make...
Words: 83592 - Pages: 335
...within the last two weeks. Answer: B Explanation: 2 QUESTION NO: 4 Which of the following devices is BEST suited for servers that need to store private keys? A. Hardware security module B. Hardened network firewall C. Solid state disk drive D. Hardened host firewall Answer: A Explanation: QUESTION NO: 5 All of the following are valid cryptographic hash functions EXCEPT: A. RIPEMD. B. RC4. C. SHA-512. D. MD4. Answer: B Explanation: QUESTION NO: 6 Which of the following can prevent an unauthorized person from accessing the network by plugging into an open network jack? A. 802.1x B. DHCP C. 802.1q D. NIPS Answer: A Explanation: 3 QUESTION NO: 7 A targeted email attack sent to Sara, the company’s Chief...
Words: 14377 - Pages: 58
...Lab #10 Securing the Network with an Intrusion Detection System (IDS) Introduction Nearly every day there are reports of information security breaches and resulting monetary losses in the news. Businesses and governments have increased their security budgets and undertaken measures to minimize the loss from security breaches. While cyberlaws act as a broad deterrent, internal controls are needed to secure networks from malicious activity. Internal controls traditionally fall into two major categories: prevention and detection. Intrusion prevention systems (IPS) block the IP traffic based on the filtering criteria that the information systems security practitioner must configure. Typically, the LAN-to-WAN domain and Internet ingress/egress point is the primary location for IPS devices. Second to that would be internal networks that have or require the highest level of security and protection from unauthorized access. If you can prevent the IP packets from entering the network or LAN segment, then a remote attacker can’t do any damage. A host-based intrusion detection system (IDS) is installed on a host machine, such as a server, and monitors traffic to and from the server and other items on the system. A network-based IDS deals with traffic to and from the network and does not have access to directly interface with the host. Intrusion detection systems are alert-driven, but they require the information systems security practitioner to configure them properly. An IDS provides...
Words: 3209 - Pages: 13
...support throughout this project. The technical editor, Steve Johnson, provided some good feedback throughout the project. If you have the paperback copy of the book in your hand, you’re enjoying some excellent composite editing work done by Susan Veach. I’m extremely grateful for all the effort Karen Annett put into this project. She’s an awesome copy editor and proofer and the book is tremendously better due to all the work she’s put into it. While I certainly appreciate all the feedback everyone gave me, I want to stress that any technical errors that may have snuck into this book are entirely my fault and no reflection on anyone who helped. I always strive to identify and remove every error, but they still seem to sneak in. About the Author Darril Gibson is the CEO of YCDA, LLC (short for You Can Do Anything). He has contributed to more than 35 books as the sole author, a coauthor, or a technical editor. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications, including CompTIA A+, Network+, Security+, and CASP; (ISC)2 SSCP and CISSP; Microsoft MCSE and MCITP, and ITIL Foundations. In response to repeated requests, Darril created the http://gcgapremium.com/ site where he provides study materials for several certification exams, including the Security+ exam. Darril regularly posts blog...
Words: 125224 - Pages: 501
...THREAT MODELING AND ITS USAGE IN MITIGATING SECURITY THREATS IN AN APPLICATION Thesis Submitted in partial fulfillment of the requirements for the degree of MASTER OF TECHNOLOGY in COMPUTER SCIENCE & ENGINEERING - INFORMATION SECURITY by EBENEZER JANGAM (07IS02F) DEPARTMENT OF COMPUTER ENGINEERING NATIONAL INSTITUTE OF TECHNOLOGY KARNATAKA SURATHKAL, MANGALORE-575025 JULY, 2009 Dedicated To My Family, Brothers & Suraksha Group Members DECLARATION I hereby declare that the Report of the P.G Project Work entitled "THREAT MODELING AND ITS USAGE IN MITIGATING SECURITY THREATS IN AN APPLICATION" which is being submitted to the National Institute of Technology Karnataka, Surathkal, in partial fulfillment of the requirements for the award of the Degree of Master of Technology in Computer Science & Engineering - Information Security in the Department of Computer Engineering, is a bonafide report of the work carried out by me. The material contained in this report has not been submitted to any University or Institution for the award of any degree. ……………………………………………………………………………….. (Register Number, Name & Signature of the Student) Department of Computer Engineering Place: NITK, SURATHKAL Date: ............................ CERTIFICATE This is to certify that the P.G Project Work Report entitled " THREAT MODELING AND ITS USAGE IN MITIGATING SECURITY THREATS IN AN APPLICATION" submitted by Ebenezer Jangam (Register Number:07IS02F)...
Words: 18945 - Pages: 76
