CHAPTER 1 INTRODUCTION TO HACKING, ETHICS AND LEGALITY

Get Started. It's Free
or sign up with your email address
Rocket clouds
CHAPTER 1 INTRODUCTION TO HACKING, ETHICS AND LEGALITY by Mind Map: CHAPTER 1  INTRODUCTION TO HACKING, ETHICS AND LEGALITY

1. Define ethical hacking

1.1. Ethical hacking and ethical hacker are terms used to describe hacking performed by a company or individual to help identify potential threats on a computer or network.

2. ethical hacker

2.1. An ethical hacker is an individual hired to hack into a system to identify and repair potential vulnerabilities, effectively preventing exploitation by malicious hackers.

3. system hacking

3.1. System hacking is the way hackers get access to individual computers on a network.

4. system hacking cycle

4.1. system hacking cycle

5. crackers VS hackers

6. testing types:

6.1. White Box

6.1.1. Refers to a software application used to measure the internal behaviors of a currently running program. Developed in the early 1970's, when using the white box the user must have an understanding of the design of the program and requires a black box for a complete test.

6.2. Black Box

6.2.1. Device commonly used in the early 1970's, a black box, is a testing technique where the individual testing the program examines the input and outputs of the program. This person does not need to know about the inner workings of the program, just a basic understanding of how the program works to ensure the program functions properly.

6.3. Grey Box

6.3.1. The testing of software with limited knowledge of its internal workings. Gray box testing is an ethical hacking technique where the hacker has to use limited information to identify the strengths and weaknesses of a target's security network

7. types of hacker

7.1. (Script Kiddie) Script Kiddies don’t really care about hacking into systems and stealing things. They simply copy code and use it for a virus, SQLi or something else. Script Kiddies will never hack for themselves, they will just download some overused software (such as LOIC or Metasploit) and watch a YouTube video on how to use it. A very common Script Kiddie attack would be a DOS (Denial of Service) or DDOS (Distributed Denial of Service), where they flood an IP with so much useless information that it collapses, preventing other people from using it.

7.2. (White Hat) White Hat hackers are also known as ethical hackers, and they’re the good guys of the hacker world. They help you remove viruses, perform pen tests and generally help people understand where their vulnerabilities are and fix them.

7.3. (Black Hat) Black Hat hackers, or ‘crackers’ are the types of people you often hear about on the news and from businesses trying to sell cyber services. They find banks and big companies with weak security systems and steal credit card information, confidential data or money. Their methods are varied but actually fairly basic most of the time.

7.4. (Grey Hat) As with everything in this world, nothing is just black and white. Grey Hat hackers don’t steal information or money like Black Hat hackers (though they may sometimes deface a website for fun), nor do they help people out like white hack hackers.

7.5. (Green Hat) Green Hat hackers are the babies of the hacker world. They are new to the game and mainly use script, like Script Kiddies, but they have aspirations of becoming full blown hackers. They are often found asking questions of fellow hackers and listening with childlike curiosity.

7.6. (Red Hat) Red Hat hackers are the vigilantes of the hacker world. They’re like white hats in the sense that they put a stop to Black hat attacks, but they are downright scary in how they do it. Instead of reporting the malicious hacker they find lurking inside a business, they shut them down by uploading viruses, DoSing and accessing their computer to destroy it form the inside out. Red hats use many different aggressive methods to force the cracker out and potentially even kill their computer.

7.7. (Blue Hat) If a Script Kiddie ever took revenge, he would become a Blue Hat Hacker. Blue Hat hackers will seek vengeance on anyone who has made them angry. Most Blue Hat hackers are fairly new to the hacking world, but unlike green hats they have no desire to learn.

8. ways to conduct ethical hacking

8.1. Step 1: Formulating Your Plan

8.1.1. Approval for ethical hacking is essential. Make what you're doing known and visible at least to the decision makers. Obtaining sponsorship of the project is the first step.

8.2. Step 2: Do Some Recon

8.2.1. Find out what your target is doing. What are you up against? Size up your opponent (or rather thing) before you launch your attack. You can do some reconnaissance work by analyzing the network traffic of the target.

8.3. Step 3: Launch the Attack

8.3.1. Time and patience are important. Be careful when you're performing your ethical hacking tests. A hacker in your network or a seemingly benign employee looking over your shoulder may watch what's going on and use this information against you.

8.3.1.1. 1. Search the Internet for your organization's name, your computer and network system names, and your IP addresses. 2. Narrow your scope, targeting the specific systems you're testing.Whether you're assessing physical security structures or Web applications, a casual assessment can turn up a lot of information about your systems. 3. Further narrow your focus with a more critical eye. Perform actual scans and other detailed tests to uncover vulnerabilities on your systems. 4. Perform the attacks and exploit any vulnerabilities you've found, if that's what you choose to do.

8.4. Step 4: Evaluate the Results

8.4.1. Assess your results to see what you uncovered, assuming that the vulnerabilities haven't been made obvious before now. This is where knowledge counts. Evaluating the results and correlating the specific vulnerabilities discovered is a skill that gets better with experience. You'll end up knowing your systems much better than anyone else.

9. rules in ethical hacking

9.1. Expressed (often written) permission to probe the network and attempt to identify potential security risks.

9.2. You respect the individual's or company's privacy.

9.3. You close out your work, not leaving anything open for you or someone else to exploit at a later time.

9.4. You let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software or hardware, if not already known by the company.