Tuesday, May 5, 2009

Ethical Hacking

You're devoted to making your network secure. You've applied all the latest patches, updated your virus software, installed an intrusion-detection system, and double-checked the rules on the firewall(s). Nevertheless, you're still dogged by nagging questions. Have you done enough? Do you know all the weaknesses in your network? Are you truly safe from attackers? How can you know?

One way to know the enemy is to think like the enemy. To protect your network from hackers, you must think like one. In other words, you must learn to hack. Of course, hacking is illegal, so you must become part of a new breed called the ethical hacker.

What is ethical hacking?
The term ethical hacking, according to the EC-Council (International Council of Electronic Commerce Consultants), refers to security professionals who apply their hacking skills for defensive purposes. An ethical hacker is someone who attempts to hack a system or network in order to expose vulnerabilities. Ethical hackers work for the particular company they're attempting to hack, providing the company with details of their work.

The EC-Council is an organization specializing in training and certification for e-business consultants. It offers certification in a number of areas related to e-business. The Certified Ethical Hacker is one of the latest additions to its offerings.


How does one become an ethical hacker?
The EC-Council has put together a training course and associated certification for becoming an ethical hacker. The course is titled "Ethical Hacking and Countermeasures" and runs five days. The training consists of instructor-led comprehensive course material combined with hands-on laboratory exercises utilizing a wide assortment of hacking tools. Below is an outline of the topics covered:

  • Foot-printing—Foot-printing is the process of gathering information about a machine or company you want to attack.
  • Scanning—Scanning is the technique administrators are probably most familiar with. A port scanner is used against a target to determine what TCP and UDP ports are open on a system.
  • Enumeration—The process of enumeration takes advantage of weaknesses in protocols, such as NetBIOS, to provide information about a network (e.g., users, groups, shares, and computer names).
  • System-hacking—This module examines the techniques used to penetrate a system, such as password cracking, keystroke logging, and privilege escalation.
  • Trojans and back doors—This module examines various Trojan and back-door programs, such as Back Orifice, and the methods used to trick users into installing the programs.
  • Sniffers—Sniffing involves capturing network traffic using a tool such as Ethereal or NetMonitor. Once the traffic is captured, it can be analyzed for sensitive information such as passwords.
  • Denial of Service (DoS)—DoS is one of the most popular types of Web site attacks. This module explains how the attack works and explains countermeasures.
  • Social engineering—Social engineering is the process of gathering information from computer users by deceiving them and causing them to give out passwords or other information. There are no software tools to prevent this type of attack. This can be combatted only with user training and education.
  • Session-hijacking—Session-hijacking is the process of “stealing” another user's TCP session. Once a legitimate user has established a session, the hacker can take over and "become" that user.
  • Hacking Web servers—This module explores the techniques for attacking Web servers. It primarily delves into the vulnerabilities in Internet Information Services (IIS), since it is the most popular target.
  • Web application vulnerabilities—This module examines the vulnerabilities in Web-based applications.
  • Web-based password-cracking—This module explains the various Web-based authentication schemes and the weaknesses of each.
  • SQL injection—This explores the weaknesses of SQL Server and explains the techniques and countermeasures for hacking SQL Server.
  • Hacking wireless networks—Wireless network hacking has received much attention over the last several years as wireless networks grow in popularity. This module explains the various techniques and countermeasures involved in securing a wireless network.
  • Viruses—This module discusses some of the more popular viruses that have infected systems over the last few years, gives insight into how the viruses operate, and discusses antivirus software.
  • Novell and Linux hacking—Although most of the course focuses on weaknesses in the Microsoft OS, this module specifically examines hacking non-Microsoft systems such as Novell and Linux.
  • Evading IDS and firewalls—This module examines IDS systems, firewalls, and honeypots, and explains the techniques used in each for protecting a network. It also examines the techniques for evading such systems and the countermeasures.
  • Buffer overflows—Probably the most exploited weaknesses in software are buffer overflows. This module explains buffer overflow attacks and countermeasures.
  • Cryptography—This module looks at the various methods of data encryption used over the Internet and examines the efforts required to crack them.

20 comments:

逆円助 said...

さあ、今夏も新たな出会いを経験してみませんか?当サイトは円助交際の逆、つまり女性が男性を円助する『逆円助交際』を提供します。逆円交際を未経験の方でも気軽に遊べる大人のマッチングシステムです。年齢上限・容姿・経験一切問いません。男性の方は無料で登録して頂けます。貴方も新たな出会いを経験してみませんか

メル友募集 said...

最近仕事ばかりで毎日退屈してます。そろそろ恋人欲しいです☆もう夏だし海とか行きたいな♪ k.c.0720@docomo.ne.jp 連絡待ってるよ☆

家出 said...

最近TVや雑誌で紹介されている家出掲示板では、全国各地のネットカフェ等を泊り歩いている家出娘のメッセージが多数書き込みされています。彼女たちはお金がないので掲示板で知り合った男性の家にでもすぐに泊まりに行くようです。あなたも書き込みに返事を返してみませんか

動物占い said...

あなたの性格を、動物に例えて占っちゃいます。もしかしたらこんな動物かも!?動物占いをうまく使って、楽しい人間関係を築いてください

家出 said...

家出中の女性や泊まる所が無い女性達がネットカフェなどで、飲み放題のドリンクで空腹を満たす生活を送っています。当サイトはそんな女性達をサポートしたいという人たちと困っている女性たちの為のサイトです

セレブラブ said...

セレブ女性との割り切りお付き合いで大金を稼いでみませんか?女性に癒しと快楽、男性に謝礼とお互い満たしあえる当サイト、セレブラブはあなたの登録をお待ちしております。

夏フェス!! said...

夏フェス一緒に行ってくれる人募集!!夏の思い出一緒につくろぉ☆ megumi-0830@docomo.ne.jp 連絡してね♪

無料ゲーム said...

あなたのゲーマー度を無料ゲーム感覚で測定します。15個の質問に答えるだけの簡単測定で一度遊んでみませんか?ゲームが得意な人もそうでない人もぜひどうぞ。

素人 said...

Hな女性たちは素人ホストを自宅やホテルに呼び、ひとときの癒しを求めていらっしゃいます。当サイトでは男性ホスト様の人員が不足しており、一日3~4人の女性の相手をするホストもおられます。興味を持たれた方は当サイトにぜひお越しください

出会い系 said...

実は出会い系には…関係者用入り口があるのを知っていますか?広告主やスポンサー用に用意されたIDではサクラや業者が立ち入ることが出来ないようになっているのです。当サイトでは極秘に入手した関係者用URLが公開されています

逆援助 said...

男性はお金、女性は快楽を得る逆援助に興味はありませんか?お金を払っても性的欲求を満たしたいセレブ達との割り切り1日のお付き合いで当サイトでは大金を得ることができます。無料登録なのでアルバイト感覚でOK、詳しくはTOPページでどうぞ。

友達募集 said...

ホムペ完成記念!私の事みんなに知ってもらいたくて頑張りましたぁ。色々とご感想をお待ちしているので思った事を意見してください。メアドはほむぺにのせてありますぅ!★ fan.jna@docomo.ne.jp

家出 said...

夏休みで気軽に家出する女子○生が急増しています。しかし家出したはいいものの泊る所やお金が無い彼女たちは、掲示板などで泊めてくれる男性を探す子も多いようです。当掲示板にも夏休みに入ってから通常の3倍以上のメッセージが寄せられています

人妻 said...

今最もアツイバイトは人妻とのセフレ契約です。当サイトではお金を払ってでもセフレがほしい人妻が集まり、男性会員様との逆援生活を待っています。当サイトで欲求不満の女性との出会いをしてみませんか

素人 said...

素人ホストでは、男性のテクニック次第で女性会員様から高額な謝礼がもらえます。欲求不満な人妻や、男性と出会いが無い女性達が当サイトで男性を求めていらっしゃいます。興味のある方はTOPページからどうぞ

友達募集中 said...

少し魅惑な自分をネットだから公開してみました。普段言えない事など、思い切って告白しているプロフなので興味ある方はぜひ除いてみてください連絡待ってまぁす。 hinyaaaaa@docomo.ne.jp

Anonymous said...

Go to my blog http://tunneltosecrets.blogspot.com

Anonymous said...

Hello everyone!
I would like to burn a theme at this forum. There is such a nicey, called HYIP, or High Yield Investment Program. It reminds of financial piramyde, but in rare cases one may happen to meet a company that really pays up to 2% daily not on invested money, but from real profits.

For several years , I earn money with the help of these programs.
I don't have problems with money now, but there are heights that must be conquered . I make 2G daily, and I started with funny 500 bucks.
Right now, I'm very close at catching at last a guaranteed variant to make a sharp rise . Visit my web site to get additional info.

http://theinvestblog.com [url=http://theinvestblog.com]Online Investment Blog[/url]

Smith said...

Hey Thanks a lot for sharing such a nice and valuable article on Ethical Hacking, i had gone through the article and very interesting, In my opinion the most interesting job in the field of computers is being an Ethical Hacker,it has a vast demand present now.
By the way for more information on Professional Training and Certification for Ethical Hacker from EC-Council check this link: http://www.eccouncil.org/certification/certified_ethical_hacker.aspx

Anonymous said...

w4gw4eg