Free Essay

Certified Ethical Hacking

In: Computers and Technology

Submitted By asuber
Words 1206
Pages 5
Lab #9 - Assessment Worksheet
Investigating and Responding to Security Incidents

Course Name and Number: CSS280-1501A-01 Ethical Hacking
Student Name: ***** ******
Instructor Name: ***** ******
Lab Due Date: 2/9/2015
Overview

In this lab, you acted as a member of the incident response team who had been assigned an incident response in the form of a help desk trouble ticket. You followed the phases of a security incident response to investigate the event, contain the malware, eradicate the suspicious files, re-test the system in readiness for returning it to service, and complete a detailed security incident response report in the provided template. You used AVG Anti-Virus Business Edition to scan the infected workstation and documented your findings as you proceeded.
Lab Assessment Questions & Answers

1. When you are notified that a user's workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why?
Have the user of the machine cease all activity and contain the infected machine by disconnecting from the network (unplug Ethernet cable or disable wireless), leaving it isolated but not powered off. It should be left in its steady state. This isolates the contaminated workstation from the organization’s network and Internet, as well as preventing the contamination from spreading. Logs, memory forensics, footprints, and other malicious activity must be kept in its steady state untouched until you arrive on scene. 2. When an antivirus program identifies a virus and quarantines this file, has the malware been eradicated?
No. The file is identified containing malware or a virus and moved to a non-standard location and folder, the file is renamed, may be marked hidden, and possibly encrypted.

3. What is the SANS Institute's six-step incident handling process?
PICERL short for Preparation, Identification, Containment, Eradication, Recovery and Lessons learned (SANS, 2006).

4. What is the risk of starting to contain an incident prior to completing the identification process?
You will need to have your entire help desk staff trained to recognize and quickly escalate issues to an incident team member so that a severity level can be determined. That will determine the resources necessary to respond to the incident. A simple spyware incident may only require one person to clean up and document while at the other end of the spectrum another incident may require every resource available to prevent the company from going out of business. 5. Why is it a good idea to have a security policy that defines the incident response process in your organization?
Organizations should have a policy that defines in specific terms what constitutes an information security incident, and provides a step-by-step process for all employees to follow when an incident occurs. The goal is to completely eradicate the threat from the environment. 6. The post-mortem, lessons learned step is the last in the incident response process. Why is this the most important step in the process?
The lessons learned during the debriefing can then be used to determine the changes that should be made to improve the incident response process for the next it’s put into effect.

Lab #10 - Assessment Worksheet

Securing the Network with an Intrusion Detection System (IDS)
Course Name and Number: CSS280-1501A-01 Ethical Hacking
Student Name: Allen Suber
Instructor Name: Todd Wolfe
Lab Due Date: 2/9/2015
Overview

In this lab, you configured Snort, an open source intrusion prevention and detection system, on the TargetSnort virtual machine and the Web-based IDS monitoring tool called Snorby. You also used the OpenVAS scanning tool to scan the TargetSnort virtual machine to test the Snort configuration and see exactly what circumstances trigger an IDS alert.
Lab Assessment Questions & Answers 1. What is the difference between an IDS and an IPS?
The main difference between one system and the other is the action they take when an attack is detected in its initial phases (network scanning and port scanning). * The Intrusion Detection System (IDS) provides the network with a level of preventive security against any suspicious activity. The IDS achieves this objective through early warnings aimed at systems administrators. However, unlike IPS, it is not designed to block attacks. * An Intrusion Prevention System (IPS) is a device that controls access to IT networks in order to protect systems from attack and abuse. It is designed to inspect attack data and take the corresponding action, blocking it as it is developing and before it succeeds, creating a series of rules in the corporate firewall, for example. 2. Why is it important to perform a network traffic baseline definition analysis?
So the administrator can ensure that the presence, absence, amount, direction, and frequency of the traffic are flowing correctly. Furthermore, it helps determine trends for the network which can help spot problem areas when they occur. 3. Why is a port scan detected from the same IP on a subnet an alarming alert to receive from your IDS?
It is alarming because all of the computers on the same subnet are addressed with a common, identical, bit-group in their IP address. A port scan is ‘an attack that sends client requests to a range of server port addresses on a host - with the goal of finding an active port and exploiting a known vulnerability of that service. 4. If the Snort IDS captures the IP packets off the LAN segment for examination, is this an example of promiscuous mode operation? Are these packets saved or logged?
Promiscuous mode means that the network card is configured to receive all frames, not just those which are addressed to it. Packets are logged here. 5. What is the difference between host-based IDS and network-based IDS?
A host-based system analyzes logs and consists of information regarding the status of the system, whereas a network-based system analyzes network traffic directly, consequently checking every network event. Protection and affordability compared to network-based systems, host-based systems can be more affordable – but only if the right product is selected. 6. How can you block attackers, who are performing reconnaissance and probing, with Nmap and OpenVAS port scanning and vulnerability assessment scanning tools?
Penetration Testing 7. Why is it a good idea to have host-based intrusion detection systems enabled on critical servers and workstations?
Best practices in a network environment is to have host-based intrusion detection systems enabled on critical servers and workstations to provide your network and security organization with real-time alerts and alarms pertaining to potential system compromise and/or unauthorized access.

8. Where should you implement intrusion prevention systems in your IT infrastructure?
Intrusion prevention systems are always connected inline. This requirement enables the IPS to drop select packets, and defend against an attack before it takes hold of the internal network, (Hansteen, 2008). In figure 4, the red lines are showing the network links being used to capture traffic.

References
Bejtlich, R., 2014. Top seven network traffic monitoring challenges. Retrieved from http://searchnetworking.techtarget.com/tip/Top-seven-network-traffic-monitoring-c challenges
Hansteen, P. N. M. (2008). The Book of PF: A No-nonsense Guide to the OpenBSD Firewall. San Francisco, CA: No Starch Press, Inc.

Similar Documents

Free Essay

Ceh Course

...and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50 Who Should Attend This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Duration 5 days (9:00 – 5:00) Certification The Certified Ethical Hacker exam 312-50 may be taken on the last day of the training (optional). Students need to pass the online Prometric exam to receive CEH certification. Page 2 EC-Council Legal Agreement Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these...

Words: 458 - Pages: 2

Premium Essay

Ethical Hacking

...Ethical Hacking – Is There Such A Thing? Alexander Nevermind Nelson Stewart, PhD CIS 324 December 9, 2011 ABSTRACT ------------------------------------------------- When someone hears the word hacker, many things come to mind. Bad, thief, terrorist, crook and unethical are some words that may be used to describe a hacker. The reputation of a hacker is well deserved as many company networks have been compromised with viruses and spyware causing untold millions in damage, the theft of sensitive consumer information such as Social Security numbers and financial data and the unauthorized access of classified government information. To combat these issues, many companies employ individuals called ethical hackers who, by their direction and supervision look for vulnerabilities in network systems. There are naysayers who bristle at the term “ethical hacker” saying that a hacker is a hacker but those who hold such views could be missing the point. These subjects will be discussed in detail later in the text. ------------------------------------------------- Is there such a thing as “Ethical Hacking?” Define ethical hacking and support an argument in favor or against the concept. Consider who might believe/use ethical hacking and discuss if hacking, even for the purpose of protecting human rights, is ethical. You should extend the paper beyond the topics suggested in the questions within the paper description. Ethical hacking does exist, in fact, companies...

Words: 904 - Pages: 4

Premium Essay

Security Analyst

...Contents 1. Introduction 2. Assessment Test 3. Chapter 1: Getting Started with Ethical Hacking 1. Hacking: A Short History 2. What Is an Ethical Hacker? 3. Summary 4. Exam Essentials 5. Review Questions 4. Chapter 2: System Fundamentals 1. Exploring Network Topologies 2. Working with the Open Systems Interconnection Model 3. Dissecting the TCP/IP Suite 4. IP Subnetting 5. Hexadecimal vs. Binary 6. Exploring TCP/IP Ports 7. Understanding Network Devices 8. Working with MAC Addresses 9. Intrusion Prevention and Intrusion Detection Systems 10. Network Security 11. Knowing Operating Systems 12. Backups and Archiving 13. Summary 14. Exam Essentials 15. Review Questions 5. Chapter 3: Cryptography 2 1. Cryptography: Early Applications and Examples 2. Cryptography in Action 3. Understanding Hashing 4. Issues with Cryptography 5. Applications of Cryptography 6. Summary 7. Exam Essentials 8. Review Questions 6. Chapter 4: Footprinting and Reconnaissance 1. Understanding the Steps of Ethical Hacking 2. What Is Footprinting? 3. Terminology in Footprinting 4. Threats Introduced by Footprinting 5. The Footprinting Process 6. Summary 7. Exam Essentials 8. Review Questions 7. Chapter 5: Scanning Networks 1. What Is Network Scanning? 2. Checking for Live Systems 3. Checking for Open Ports 4. Types of Scans 5. OS Fingerprinting 6. Banner Grabbing 7. Countermeasures 8. Vulnerability Scanning 9. Drawing Network Diagrams 10. Using Proxies 11. Summary 12. Exam Essentials 13. Review Questions...

Words: 71242 - Pages: 285

Premium Essay

Ethical Hacking

...Ethical Hacking 1 Running head: ETHICAL HACKING: Teaching Students to Hack Ethical Hacking: Teaching Students to Hack Regina D. Hartley East Carolina University Ethical Hacking 2 Abstract One of the fastest growing areas in network security, and certainly an area that generates much discussion, is that of ethical hacking. The purpose of this study is to examine the literature regarding how private sectors and educational institutions are addressing the growing demand for ethical hacking instruction. The study will also examine the opportunity for community colleges in providing this type of instruction. The discussion will conclude with a proposed model of ethical hacking instruction that will be used to teach a course in the summer semester of 2006 through the continuing education department at Caldwell Community College and Technical Institute within the North Carolina Community College System. Ethical Hacking 3 Ethical Hacking: Teaching Students to Hack The growing dependence and importance regarding information technology present within our society is increasingly demanding that professionals find more effective solutions relating to security concerns. Individuals with unethical behaviors are finding a variety of ways of conducting activities that cause businesses and consumers much grief and vast amounts annually in damages. As information security continues to be foremost on the minds of information technology professionals, improvements in this area are critically...

Words: 6103 - Pages: 25

Free Essay

Ethical Hacking

...Topic #2 Research Topic – Ethical Hacking 1. http://www.networkworld.com/news/2009/042409-usenix-hacking.html This is a Network World article talking about the legal risks of ethical hacking. The article talks about whether or not ethical hackers risk prosecution themselves. The articles discusses developing a set of ethical guidelines that can be shown to the government when and if they starting taking a greater role in oversight. It mentions that it might be a good idea to work with law enforcements when it comes to ethical hacking. 2. https://www.eccouncil.org/certification/certified_ethical_hacker.aspx This site provides information about becoming a certified ethical hacker. The group doing the certifying is the International Council of E-Commerce Consultants (EC-Council). This is a member-based organization that certifies individuals in various e-business and information security skills. The site provides a great FAQ, exam info, where to get training, and the path to get certified as an ethical hacker. 3. http://www.go4expert.com/forums/forumdisplay.php?f=55 This is a great online forum for those who are ethical hackers, or interested in becoming one. The page warns that the forum is only for ethical or as a learning purpose. It gives many tips, tricks, and tutorials share amongst other ethical hackers in this online community. 4. http://www.purehacking.com/ This company offers penetration testing and other ethical hacking services for a company to...

Words: 339 - Pages: 2

Free Essay

Compare and Contrast Hackers, Crackers & Ceh

...test the limits. The first computer virus, The Morris Worm, was little more than a young adult testing the boundaries of communication. In later interviews with (Morris name), he has often commented of his surprise at the results from his worm. Morris and others testing the boundaries is given the moniker “hacker," their mens rea is not malicious they simply seek to test, identify and communicate weaknesses in technology systems. The hacker label contrasts with "cracker" who seeks to discover weaknesses for personal or financial gain and is certainly malicious. Newer to the world of hackers and crackers is the certified ethical hacker. The EC-Council, responsible for the certified ethical hacker certification, distances itself from both labels and the negative connotations associated. This document will offer a comparison of crackers, hackers and the certified ethical hacker. The term hacker is said to have evolved out of MIT’s computer culture when the Tech Model Railroad Club hacked model trains to make them run faster. As Universities across the country embraced the hacker concept they remained isolated until the first year of ARPAnet in 1969, “the first transcontinental, high-speed computer network” ("Early Hackers," n.d., para. 3). For better or for worse, hacker has had quite a public history; it is the preferred label describing all activities from security research through credit card theft. For this reason, true hackers consider themselves “interested in the arcane...

Words: 880 - Pages: 4

Free Essay

Hackers: Scourge of the Internet, or Information Superhero?

...PayPal taken offline by hackers, Sony’s PlayStation Network brought to its knees, a cyber defense contractor named Stratfor had its servers hacked and corporate emails leaked. Everything that people know about hacking can be summed up in news articles written by the uninformed. Hacking is bad, and there is no arguing that… Or is there? Most of what people know of hacking comes from the news or Hollywood movies such as Hackers and Swordfish. What they see is only one facet of this fascinating, yet misunderstood world. Hacking is not the evil act that some make it out to be. Hacking can also be a good thing. Enter the White Hat, or Ethical Hackers. These are the network security professionals in which no movies are based. Ethical hacking is used to help analyze networks for security flaws, stop attacks in progress and help keep companies in compliance with government regulations such as PCI or SOX. What is Ethical Hacking? Ethical hacking sounds like an oxymoron, but it does exist and is a very handsomely paying career field. The average ethical hacker can make anywhere from $24,760 a year to $111,502 (InfoSec Institute, n.d.). It does not stop there however. Some contracts can net an ethical hacker up to $17,500 in bonuses. (Computer Hope, n.d.). The main role of the ethical hacker is to penetrate a business network in order to recognize and fix security flaws before a “Black Hat” hacker can get to it. There is no such thing as a “fully secure” network,...

Words: 2096 - Pages: 9

Premium Essay

Ethical Hacking

...sensitive consumer information such as Social Security numbers and FINANCIAL data and the unauthorized access of classified government information. To combat these issues, many companies employ individuals called ethical hackers who, by their direction and supervision look for vulnerabilities in network systems. There are naysayers who bristle at the term “ethical hacker” saying that a hacker is a hacker but those who hold such views could be missing the point. These subjects will be discussed in detail later in the text. ------------------------------------------------- Is there such a thing as “Ethical Hacking?” Define ethical hacking and support an argument in favor or against the concept. Consider who might believe/use ethical hacking and discuss if hacking, even for the purpose of protecting human rights, is ethical. You should extend the paper beyond the topics suggested in the questions within the paper description. Ethical hacking does exist, in fact, companies employ individuals to attempt to penetrate networks and/or computer systems, using the same methods as a hacker, for the purpose of finding and fixing computer security vulnerabilities. These individuals can obtain a certification for ethical hacking. This certification is called Certified Ethical Hacker that is provided by the International Council of E-Commerce Consultants (EC-Council). Qualifications for certification are as follows: 1 Attending an accredited training...

Words: 271 - Pages: 2

Premium Essay

Ethical Hacking

...2014 Ethical Hacking Ethical hacking is used to describe hacking performed by a company or individual to help identify potential threats on a computer or network. An ethical hacker works passed the system security to detect the vulnerabilities or weak points of a company’s network. Then this type of information is used to improve the company’s network from the bad hackers who exploit the company in a destructive way. In 1960s, U.S military began testing their own IT systems, but when Dan Farmer a security expert from San Francisco and a security programmer at the Netherlands University of Eindhoven had posted the techniques they used to gather information to the Usenet, that could have compromised the security of a number of target networks(Langely). Their goal was to raise the overall level of security on the internet. Dan farmer and Eindhoven were elected to share their work freely on the internet for others to learn. Eventually, they gather up the work they used and developed a program called Security Analysis Tool for Auditing Networks (Langely). This tool is used to perform an audit of the vulnerabilities of the system and how to eliminate the problem. The concept of ethical hacking started emerging in 1993 (Langely). According to some, ethical hacking does not exist and they feel hacking is just hacking, no matter how you put it. Therefore the one that is doing the hacking is a computer criminal. This is not the case, so in order for hacking it to be “ethical “you...

Words: 589 - Pages: 3

Free Essay

Hacking

...Certified Ethical Hacking - The 5 phases Every Hacker Must Follow The 5 Phases Every Hacker Must Follow Originally, to “hack” meant to possess extraordinary computer skills to extend the limits of computer systems. Hacking required great proficiency. However, today there are automated tools and codes available on the Internet that makes it possible for anyone with a will and desire, to hack and succeed. Mere compromise of the security of a system does not denote success. There are websites that insist on “taking back the net” as well as those who believe that they are doing all a favor by posting the exploit details. These can act as a detriment and can bring down the skill level required to become a successful attacker. The ease with which system vulnerabilities can be exploited has increased while the knowledge curve required to perform such exploits has shortened. The concept of the elite/super hacker is an illusion. However, hackers are generally intelligent individuals with good computer skills, with the ability to create and explore into the computer’s software and hardware. Their intention can be either to gain knowledge or to dig around to do illegal things. Attackers are motivated by the zeal to know more while malicious attackers would intend to steal data. In general, there are five phases in which an intruder advances an attack: 1. Reconnaissance 2. Scanning 3. Gaining Access 4. Maintaining Access 5. Covering Tracks For More Informaton contact EC-Council – (505)341-3228...

Words: 2322 - Pages: 10

Premium Essay

Ethical Computer Hacking Course

...memorandum to: | ict director, alpine data insight company | from: | [Your Name] | subject: | PROposal for a research project on ethical computer hacking course | date: | November 9, 2014 | | | Proposal Synopsis Ethical computer hacking is one of the most essential penetration testing tools that has been used over time. Following the previous discussions, this proposal seeks to present the viability of a research project on the Ethical Computer Hacking course. Furthermore, apart from the benefits and associated shortcomings of a course on ethical hacking as a solution, this document presents the methodology for the execution of the research project and further illuminates the qualifications of the research personnel. Project Description Over time, more businesses are increasingly integrating information systems with their core business processes to increase efficiency and the overall output. Information systems have therefore become an integral part of business processes – IT is a key driver of business and governmental processes. In fact, studies assert that both government agencies and business have migrated their data and processing units to the ‘cloud (Vacca, 2012)’. In this sense, both the security threats and attacks on information systems have increased in the same magnitude over time. Corporate data centers have become the center of interest for most security attacks. Unfortunately, even though there have been several incidences of data theft and violation...

Words: 1135 - Pages: 5

Free Essay

Certified Ethical Hacker

...http://www.ipass4sure.com 312-50 ECCouncil Certified Ethical Hacker http://www.ipass4sure.com/exams.asp?examcode=312-50 The 312-50 practice exam is written and formatted by Certified Senior IT Professionals working in today's prospering companies and data centers all over the world! The 312-50 Practice Test covers all the exam topics and objectives and will prepare you for success quickly and efficiently. The 312-50 exam is very challenging, but with our 312-50 questions and answers practice exam, you can feel confident in obtaining your success on the 312-50 exam on your FIRST TRY! ECCouncil 312-50 Exam Features - Detailed questions and answers for 312-50 exam - Try a demo before buying any ECCouncil exam - 312-50 questions and answers, updated regularly - Verified 312-50 answers by Experts and bear almost 100% accuracy - 312-50 tested and verified before publishing - 312-50 exam questions with exhibits - 312-50 same questions as real exam with multiple choice options Acquiring ECCouncil certifications are becoming a huge task in the field of I.T. More over these exams like 312-50 exam are now continuously updating and accepting this challenge is itself a task. This 312-50 test is an important part of ECCouncil certifications. We have the resources to prepare you for this. The 312-50 exam is essential and core part of ECCouncil certifications and once you clear the exam you will be able to solve the real life problems yourself.Want to take advantage of the Real 312-50...

Words: 1963 - Pages: 8

Premium Essay

Course Outline

...VLT2 - Security Policies and Standards - Best Practices Course of Study This course supports the assessments for VLT2. The course covers 3 competencies and represents 3 competency units. Introduction Overview The skills and knowledge measured by performance assessment VLT2 are derived from a survey of information security professionals from around the world and are also based on the many different information security and assurance frameworks (ISO 27001/2, COBIT, ITL, etc.). The results of this survey were used in weighing the subject areas and ensuring that the weighting is representative of the relative importance of the content. The Security Policy and Standards subdomain focuses on creating organizational security activities and policies; assessing information security risk; and implementing and auditing information security management programs, information assurance certification programs, and security ethics. Watch the following video for an introduction to this course: Competencies This course provides guidance to help you demonstrate the following 3 competencies: Competency 427.3.2: Controls and Countermeasures The graduate evaluates security threats and identifies and applies security controls based on analyses and industry standards and best practices. Competency 427.3.3: Security Audits The graduate evaluates the practice of defining and implementing a security audit and conducts an information security audit using industry best practices. Competency 427...

Words: 4354 - Pages: 18

Premium Essay

It590 Journal 4

...In Unit 4, I learned how hacking have become a huge issue with technology in today’s society. I learn three ways to capture someone username and password. You can do that by eavesdropping, dumpster diving, and social engineering. People are also hacking into users’ networks. Sidejacking is a way where hijackers capture a user cookie. I learned in details more about malware. Malware consists of virus, worm, and spyware. Viruses are a code that has been added or embedded into another application. Worm is a self-contaminated program which can spread throughout the network. Spyware is a program that communicates over the internet without user’s consent. I learned the difference between phishing and spear-phishing. Phishing is when a large scale of information is capture from various computer users. Spear-phishing is when they go through email address to select a particular group of recipients to target. I learned that you can still make money even when you are a cyber-criminal. However, it is kind of a good choice to make to give to companies that are looking for a protection shield. I had already learned about online voting which could be a quicker way to save time on manual counting. In conclusion, I have learned a variety of information that could carry me forward with my education of learning something new every time. Knowing that you can become a hacker and not charge for a crime is a serious matter. However, they must be known for an ethical hacker to be able to be...

Words: 273 - Pages: 2

Premium Essay

Tesla Ratio

...a military Cyber Warfare Officer. I am an EC-Council Certified Ethical Hacker (CEH) and Certified Network Defense Architect (CNDA). Barriers to entry: There are no extreme barriers to entry in the IT protection consulting industry. A firm will need a strong qualified staff that has not only the certifications and credentials to back up the proposed scope of work that is pitched to potential clients, but the skills and experience to execute the services advertised. The IT Information Assurance consulting field does not take a great deal of capitol to start up, but with the wave of these new firms entering the sector, it can be challenging to ascertain new clients. Barriers to exit: As with entry into the field of Cyber defense consulting, exiting this industry would not be difficult either. The only challenge that a firm might have with exiting the industry would be the ongoing investment of helping a company protect its information. If you have a running contract or agreement with a company and are currently providing them with defensive cyber operations (information assurance) services, then severing those ties may leave the client vulnerable to hackers or spillage of information. This could be mitigated by only providing consulting work, not touch labor. Customer Buying Power: The Cyber Defense industry’s buying power is increasing daily. With more and more destructive attempts and successful acts of hacking important information from companies and people on the...

Words: 626 - Pages: 3