...VLT2 - Security Policies and Standards - Best Practices Course of Study This course supports the assessments for VLT2. The course covers 3 competencies and represents 3 competency units. Introduction Overview The skills and knowledge measured by performance assessment VLT2 are derived from a survey of information security professionals from around the world and are also based on the many different information security and assurance frameworks (ISO 27001/2, COBIT, ITL, etc.). The results of this survey were used in weighing the subject areas and ensuring that the weighting is representative of the relative importance of the content. The Security Policy and Standards subdomain focuses on creating organizational security activities and policies; assessing information security risk; and implementing and auditing information security management programs, information assurance certification programs, and security ethics. Watch the following video for an introduction to this course: Competencies This course provides guidance to help you demonstrate the following 3 competencies: Competency 427.3.2: Controls and Countermeasures The graduate evaluates security threats and identifies and applies security controls based on analyses and industry standards and best practices. Competency 427.3.3: Security Audits The graduate evaluates the practice of defining and implementing a security audit and conducts an information security audit using industry best practices. Competency 427...
Words: 4354 - Pages: 18
...Hands-On Ethical Hacking and Network Defense Second Edition Chapter 3 Network and Computer Attacks Objectives • After this lecture and completing the exercises, you will be able to : – Describe the different types of malicious software and what damage they can do – Describe methods of protecting against malware attacks – Describe the types of network attacks – Identify physical security attacks and vulnerabilities Hands-On Ethical Hacking and Network Defense, Second Edition 2 Malicious Software (Malware) • Network attacks prevent a business from operating – Malicious software (malware) • Virus • Worm • Trojan program – Goals • • • • Destroy data Corrupt data Shutdown a network or system Make money 3 Hands-On Ethical Hacking and Network Defense, Second Edition Viruses • Virus attaches itself to a file or program – Needs host to replicate – Does not stand on its own – No foolproof prevention method • Antivirus programs – Detection based on virus signatures • Signatures are kept in virus signature file • Must update periodically • Some offer automatic update feature Hands-On Ethical Hacking and Network Defense, Second Edition 4 Table 3-1 Common computer viruses Hands-On Ethical Hacking and Network Defense, Second Edition 5 Viruses (cont’d.) • Encoding using base 64 – – – – – – – – Typically used to reduce size of e-mail attachments Also, used to encrypt (hide) suspicious code. Represents zero to 63 using six bits A is 000000… Z is 011001 Create groups of four characters...
Words: 1394 - Pages: 6
...Chapter 1 Ethical Hacking Overview Describe the role of an ethical hacker Describe what you can do legally as an ethical hacker Describe what you cannot do as an ethical hacker Hands-On Ethical Hacking and Network Defense 2 Ethical hackers Employed by companies to perform penetration tests Penetration test Legal attempt to break into a company’s network to find its weakest link Tester only reports findings, does not solve problems Security test More than an attempt to break in; also includes analyzing company’s security policy and procedures Tester offers solutions to secure or protect the network Hands-On Ethical Hacking and Network Defense 3 Hackers Access computer system or network without authorization Breaks the law; can go to prison Crackers Break into systems to steal or destroy data U.S. Department of Justice calls both hackers Ethical hacker Performs most of the same activities but with owner’s permission Hands-On Ethical Hacking and Network Defense 4 Script kiddies or packet monkeys Young inexperienced hackers Copy codes and techniques from knowledgeable hackers Experienced penetration testers write programs or scripts using these languages Practical Extraction and Report Language (Perl), C, C++, Python, JavaScript, Visual Basic, SQL, and many others Script Set of instructions that runs in sequence Hands-On Ethical Hacking...
Words: 1129 - Pages: 5
...Chapter-1 1.0 Introduction With the tremendous advancement of Internet, different aspects of it are achieving the highest peak of growth. An example of it is e-commerce. More and more computers get connected to the Internet, wireless devices and networks are booming and sooner or later, nearly every electronic device may have its own IP address. The complexity of networks is increasing, the software on devices gets more sophisticated and user friendly – interacting with other devices and people are a main issues. At the same time, the complexity of the involved software grows, life cycles are getting shorter and maintaining high quality is difficult. Most users want (or need) to have access to information from all over the world around the clock. Highly interconnected devices which have access to the global network are the consequence. As a result, privacy and security concerns are getting more important. In a word, information is money. There is a serious need to limit access to personal or confidential information – access controls are needed. Unfortunately most software is not bug free due to their complexity or carelessness of their inventors. Some bugs may have a serious impact on the access controls in place or may even open up some unintended backdoors. Security therefore is a hot topic and quite some effort is spent in securing services, systems and networks. On the internet, there is a silent war going on between the good and the bad guys – between the ones...
Words: 8365 - Pages: 34
...Importance of ethical hacking Chapter 1 Introduction Ethical hacking is an emerging tools used by most of the organizations for testing network security. The security risks and vulnerabilities in a network can be recognized with the help of ethical hacking. This research completely concentrates on ethical hacking, problems that may occur while hacking process is in progress and various ethical hacking tools available for organizations. Information is the important source for any organizations while executing business operations. Organizations and government agencies have to adopt ethical hacking tools in order secure important documents and sensitive information (Harold F. Tipton and Micki Krause, 2004). Ethical hacker professionals have to be hired in order to test the networks effectively. Ethical hackers perform security measure on behalf of the organization owners. In order to bring out the ethical hacking efforts perfectly a proper plan must be executed. Ethical hacking has the ability to suggest proper security tools that can avoid attacks on the networks. Hacking tools can be used for email systems, data bases and voice over internet protocol applications in order to make communications securely. Ethical hacking can also be known as penetration testing which can be used for networks, applications and operating systems (Jeff Forristal and Julie Traxler, 2001). Using hacking tools is a best method for identifying the attacks before it effect the entire organization. Ethical hackers...
Words: 9223 - Pages: 37
...------------------------------------------------- Lab Assignment for Chapter 3 Performing a Vulnerability Assessment Course Name and Number: Student Name: Student Number: Instructor Name: Onook Oh Submission Due by: 11:59PM on February 3rd, 2015 ------------------------------------------------- Overview To complete the Lab Assignment for Chapter 3, students should first carefully read the “Introduction” information in the lab interface. And then, follow all “Steps” as described in the Lab interface. In this lab, you will use Nmap commands within Zenmap application to scan the virtual network and identify the devices on the network and the operating systems and services running on them. You also will use OpenVAS to conduct a vulnerability assessment and record the high risk vulnerabilities identified by the tool. Finally, you should use the information you gathered from the report to discover mitigations for those risks and make mitigation recommendations based on your findings ------------------------------------------------- Learning Objective of the Lab Assignment Upon completing this lab, you will be able to: * Identify risks, threats, and vulnerabilities in an IP network infrastructure using Zenmap to perform an IP host, port, and services scan. * Perform a vulnerability assessment scan on a targeted IP subnetwork using OpenVAS. * Compare the results of the Zenmap scan with a OpenVAS vulnerability assessment scan. * Assess the findings...
Words: 559 - Pages: 3
...Quiz # 1 Note’s Chapter # 1-3 Business Ethics Chapter # 1 1. Why Business Ethics? * Business decisions under great scrutiny Global financial crisis created diminished stakeholder trust Deals with questions about whether practices are acceptable No universally-accepted approach for resolving issues 2. Business Ethics * Comprises principles, values, and standards that guide behavior in the world of business 3. Principles: Specific boundaries for behavior that are universal and absolute Freedom of speech, civil liberties 4. Values: Used to develop socially enforced norms Integrity, accountability, trust, Norms: Accepted behaviors. Morals: Rules of right conduct: right/wrong 5. A Crisis in Business Ethics * Consumer trust of businesses is declining, No sector is exempt from ethical misconduct, Stakeholders determine what is ethical/unethical ,Investors Employees, Customers, Interest groups, Legal system, Community 6. Why Study Business Ethics? * Reports of unethical behavior are on the rise, Society’s evaluation of right or wrong affects its ability to achieve its business goals, Studying business ethics is a response to Sarbanes-Oxley, FSGO, and stakeholder demands for ethics initiatives, Individual ethics alone is not sufficient, Studying business ethics helps identify ethical issues to key stakeholders 7. A Timeline of Ethical and Socially Responsible Concerns * Environmental issue, Civil right issue, increased employee employer...
Words: 2345 - Pages: 10
...Chapter 5 Social, Legal, and Ethical Issues in the Information Age Teaching Objectives Students should be able to answer the following questions: 1. What ethical, social, and political issues are raised by information systems? 2. Are there specific principles for conduct that can be used to guide decisions about ethical dilemmas? 3. Why does contemporary information technology pose challenges to the protection for individual privacy and intellectual property? 4. How have information systems affected everyday life? 5. How can organizations develop corporate policies for ethical conduct? Key Terms The following alphabetical list identifies the key terms discussed in this chapter. The page number for each key term is provided. |Accountability, 154 |Intellectual property, 164 | |Carpal tunnel syndrome (CTS), 176 |Liability, 154 | |Computer abuse, 173 |Non-obvious relationship awareness (NORA), 153 | |Computer crime, 173 |Opt-in, 161 | |Computer vision syndrome (CVS), 177 |Opt-out, 161 | |Cookie, 160 ...
Words: 5310 - Pages: 22
...Chapter 5 Social, Legal, and Ethical Issues in the Information Age Teaching Objectives Students should be able to answer the following questions: 1. What ethical, social, and political issues are raised by information systems? 2. Are there specific principles for conduct that can be used to guide decisions about ethical dilemmas? 3. Why does contemporary information technology pose challenges to the protection for individual privacy and intellectual property? 4. How have information systems affected everyday life? 5. How can organizations develop corporate policies for ethical conduct? Key Terms The following alphabetical list identifies the key terms discussed in this chapter. The page number for each key term is provided. |Accountability, 154 |Intellectual property, 164 | |Carpal tunnel syndrome (CTS), 176 |Liability, 154 | |Computer abuse, 173 |Non-obvious relationship awareness (NORA), 153 | |Computer crime, 173 |Opt-in, 161 | |Computer vision syndrome (CVS), 177 |Opt-out, 161 | |Cookie, 160 ...
Words: 5310 - Pages: 22
...Chapter 5 Social, Legal, and Ethical Issues in the Information Age Teaching Objectives Students should be able to answer the following questions: 1. What ethical, social, and political issues are raised by information systems? 2. Are there specific principles for conduct that can be used to guide decisions about ethical dilemmas? 3. Why does contemporary information technology pose challenges to the protection for individual privacy and intellectual property? 4. How have information systems affected everyday life? 5. How can organizations develop corporate policies for ethical conduct? Key Terms The following alphabetical list identifies the key terms discussed in this chapter. The page number for each key term is provided. |Accountability, 154 |Intellectual property, 164 | |Carpal tunnel syndrome (CTS), 176 |Liability, 154 | |Computer abuse, 173 |Non-obvious relationship awareness (NORA), 153 | |Computer crime, 173 |Opt-in, 161 | |Computer vision syndrome (CVS), 177 |Opt-out, 161 | |Cookie, 160 ...
Words: 5310 - Pages: 22
...Assessment Test 3. Chapter 1: Getting Started with Ethical Hacking 1. Hacking: A Short History 2. What Is an Ethical Hacker? 3. Summary 4. Exam Essentials 5. Review Questions 4. Chapter 2: System Fundamentals 1. Exploring Network Topologies 2. Working with the Open Systems Interconnection Model 3. Dissecting the TCP/IP Suite 4. IP Subnetting 5. Hexadecimal vs. Binary 6. Exploring TCP/IP Ports 7. Understanding Network Devices 8. Working with MAC Addresses 9. Intrusion Prevention and Intrusion Detection Systems 10. Network Security 11. Knowing Operating Systems 12. Backups and Archiving 13. Summary 14. Exam Essentials 15. Review Questions 5. Chapter 3: Cryptography 2 1. Cryptography: Early Applications and Examples 2. Cryptography in Action 3. Understanding Hashing 4. Issues with Cryptography 5. Applications of Cryptography 6. Summary 7. Exam Essentials 8. Review Questions 6. Chapter 4: Footprinting and Reconnaissance 1. Understanding the Steps of Ethical Hacking 2. What Is Footprinting? 3. Terminology in Footprinting 4. Threats Introduced by Footprinting 5. The Footprinting Process 6. Summary 7. Exam Essentials 8. Review Questions 7. Chapter 5: Scanning Networks 1. What Is Network Scanning? 2. Checking for Live Systems 3. Checking for Open Ports 4. Types of Scans 5. OS Fingerprinting 6. Banner Grabbing 7. Countermeasures 8. Vulnerability Scanning 9. Drawing Network Diagrams 10. Using Proxies 11. Summary 12. Exam Essentials 13. Review Questions 8. Chapter 6: Enumeration of...
Words: 71242 - Pages: 285
...Course Description | This course, geared to non-attorney managers and executives, provides a broad survey of federal and state laws and judicial systems governing and/or affecting information security. Topics include the effects on information security of cyber-business regulation, doing business on the Internet, privacy laws, taxation, protection of intellectual property, electronic privacy, wiretapping, and cyber-squatting. In addition, students examine ethical issues, forensics, and evidence of cyber-crime. (No Prerequisite) | | | Terminal Course Objectives | DeVry University course content is constructed from curriculum guides developed for each course that are in alignment with specific Terminal Course Objectives (TCOs). The TCOs define the learning objectives that the student will be required to comprehend and demonstrate by course completion. The TCOs that will be covered in detail each week can be found in the Objectives section for that particular week. Whenever possible, a reference will be made from a particular assignment or discussion back to the TCO that it emphasizes. A | Given the importance of Law, Investigation, and Ethics in Computer Security, develop an understanding of the operation of the American legal system, including how the interpretation of statutes, judicial precedents, and legal reasoning affect information security. | B | Given the global nature of the Internet, evaluate how doing business on the Internet may subject you and your company...
Words: 891 - Pages: 4
...information in this eBook is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” in this eBook should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk. © Copyright 2008 Learn-How-To-Hack.net. All Rights Reserved. 2 Table of Contents A. Introduction..............................................................................................5 1. How can I use this eBook? 2. What is a hacker 3. Hacker Hierarchy 4. What does it take to become a hacker? 5. Disclaimer B. Programming............................................................................................9 1. Do I really need it? 2. Where should I start? 3. Best way to learn C. Linux.......................................................................................................12 1. What is it? 2. Choosing a distribution 3. Running Linux 4. Learning Linux D. Passwords...............................................................................................33 1. Password Cracking 2. Phishing 3. Countermeasures 4....
Words: 16651 - Pages: 67
... All of the information in this eBook is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word “Hack” or “Hacking” in this eBook should be regarded as “Ethical Hack” or “Ethical hacking” respectively. You implement the information given at your own risk. © Copyright 2008 Learn-How-To-Hack.net. All Rights Reserved. 2 Table of Contents A. Introduction..............................................................................................5 1. How can I use this eBook? 2. What is a hacker 3. Hacker Hierarchy 4. What does it take to become a hacker? 5. Disclaimer B. Programming............................................................................................9 1. Do I really need it? 2. Where should I start? 3. Best way to learn C. Linux.......................................................................................................12 1. What is it? 2. Choosing a distribution 3. Running Linux 4. Learning Linux D. Passwords...............................................................................................33 1. Password Cracking 2. Phishing 3. Countermeasures 4. More Programs E. Network...
Words: 16651 - Pages: 67
...security, computer forensics, disaster recovery, and end-user security. By repurposing the essential content of EC-Council’s world class professional certification programs to fit academic programs, the EC-Council | Press was formed. With 8 Full Series, comprised of 27 different books, the EC-Council | Press is set to revolutionize global information security programs and ultimately create a new breed of practitioners capable of combating this growing epidemic of cybercrime and the rising threat of cyber war. This Certification: C|EH – Certified Ethical Hacker Certified Ethical Hacker is a certification designed to immerse the learner in an interactive environment where they will learn how to scan, test, hack and secure information systems. Ideal candidates for the C|EH program are security professionals, site administrators, security officers, auditors or anyone who is concerned with the integrity of a network infrastructure. The goal of the Ethical Hacker is to help the organization take...
Words: 61838 - Pages: 248
