• Choose a category
• All
• Classic-Fiction

Official

Certified Ethical Hacker

Review Guide

Introduction to

Ethical Hacking,

Ethics, and Legality

CEH EXAM OBJECTIVES COVERED IN THIS CHAPTER:

✓ Understanding Ethical Hacking Terminology

✓ Identifying Different Types of Hacking Technologies

✓ Understanding the Different Phases Involved in Ethical Hacking and Listing the Five Stages of Ethical Hacking

✓ What Is Hacktivism?

✓ Listing Different Types of Hacker Classes

✓ Defining the Skills Required to Become an Ethical Hacker

✓ What Is Vulnerability Research?

✓ Describing the Ways to Conduct Ethical Hacking

✓ Understanding the Legal Implications of Hacking

✓ Understanding 18 U.S.C. § 1029 and 1030 U.S. Federal Law

Most people think hackers have extraordinary skill and knowledge that allow them to hack into computer systems and find valuable information. The term hacker conjures up images of a young computer whiz who types a few commands at a computer screen-and poof! The computer spits back account numbers or other confidential data. In reality, a good hacker just has to understand how a computer system works and know what tools to employ in order to find a security weakness.

The realm of hackers and how they operate is unknown to most computer and security professionals. The goal of this chapter is to introduce you to the world of the hacker and to define the terms that will be tested on the Certified Ethical Hacker (CEH) exam.

Understanding Ethical Hacking

Terminology

Being able to understand and define terminology is an important part of a CEH's responsibility. In this section, we'll discuss a number of terms you need to be familiar with.

A threat is an environment or situation that could lead to a potential breach of security. Ethical hackers look for and prioritize threats when performing a security analysis.

In computer security, an exploit is a piece of software that takes advantage of a bug, glitch, or vulnerability, leading to unauthorized access, privilege escalation, or denial of service on a computer system.

There are two methods of classifying exploits:

A remote exploit works over a network and exploits security vulnerabilities without any prior access to the vulnerable system.

A local exploit requires prior access to the vulnerable system to increase privileges.

An exploit is a defined way to breach the security of an IT system through a vulnerability.

A vulnerability is an existence of a software flaw, logic design, or implementation error that can lead to an unexpected and undesirable event executing bad or damaging instructions to the system.

A target of evaluation is a system, program, or network that is the subject of a security analysis or attack.

An attack occurs when a system is compromised based on a vulnerability. Many attacks are perpetuated via an exploit. Ethical hackers use tools to find systems that may be vulnerable to an exploit because of the operating system, network configuration, or applications installed on the systems, and prevent an attack. This book provides you the toolset necessary to become an ethical hacker.

In addition to knowing these terms, it's also important to identify the differences between an ethical hacker and a malicious hacker, and to understand what ethical hackers do.

Identifying Different Types of

Hacking Technologies

Many methods and tools exist for locating vulnerabilities, running exploits, and compromising systems. Trojans, backdoors, sniffers, rootkits, exploits, buffer overflows, and SQL injection are all technologies that can be used to hack a system or network. These technologies and attack methods will each be discussed in later chapters. Many are so complex that an entire chapter is devoted to explaining the attack and applicable technologies.

Most hacking tools exploit weaknesses in one of the following four areas:

Operating systems Many systems administrators install operating systems with the default settings, resulting in potential vulnerabilities that remain unpatched.

Applications