Chapter 1 Introduction to Ethical Hacking Flashcards Preview

Ethical Hacker > Chapter 1 Introduction to Ethical Hacking > Flashcards

Flashcards in Chapter 1 Introduction to Ethical Hacking Deck (27)
Loading flashcards...
1
Q

Hackers need 3 things to carry out a crime

A
  1. Motive (Goal)
  2. Method
  3. Vulnerabilty
2
Q

Types of Hackers

A
  1. Script Kiddies - limited or no training & know how to use only basic techniques or tools
  2. White-Hat hackers - ethical hackers; given all information
  3. Gray-hat hackers - good/bad; limited information
  4. black-hat hackers - bad guys; low or no level of knowledge
  5. suicide hackers - not stealthy(sneaky or cautious), not worried about getting caught
  6. Hacktivist - any action an attacker uses to push or promote political agenda
3
Q

Pen Testing

A

structured & methodical means of investigating, uncovering, attacking, & reporting on the strengths & weaknesses of a target system

4
Q

Hack Value

A

notion among hackers that soemthing is worth doing or is interesting

5
Q

TOE

A

A target of evaluation is a system or resource that is being evalued for vulnerabilities

6
Q

Exploit

A

defined way to breach the security of a system

7
Q

Attack

A

act of targeting & actively engaging a TOE

8
Q

Zero Day

A

threat or vulnerability that is unknown to developers & has not been addressed

9
Q

Threat

A

a potential violation of security

10
Q

Vulnerability

A

weakness in a system that can be attacked & used as an entry point into an environment

11
Q

Daisy Chaining

A

performing several hacking attacks in sequence then backtrack to cover tracks

12
Q

CIA triad

A

Ethical hackers try to preserve what is known as the CIA triad

  1. Confidentiality - safeguarding of information & keeping it away from those not authorized to possess it (examples to preserve: permissions & encryptions)
  2. Integrity - keeping information in a format that is true & correct to its original purposes, meaning that the data the receiver accesses is the data the creator intended them to have
  3. Availability - keeping information & resources available to those who need to use it
13
Q

Opposite of CIA triad, DAD

A

As an ethical hacker, we want to prevent unauthorized

  1. Disclosure - revealing/accessing of information to outside party
  2. Alteration - changing information
  3. Disruption - access to information has been lost
14
Q

Hacking Methodology

A

refers to the step-by-step approach used by an agressor to attack a target such as a computer NW

  1. Footprinting - using primarily passive methods of gaining information from a target prior to performing the later active methods;
    • Keep interaction to a minimum to avoid detection
  2. Scanning - take information extracted from footprinting phase & use it to taget your attack more precisely, instead of blundering around aimlessly; gaining additional information
  3. Enumeration - create active connection with system & perform queries; only in intranet environment
  4. System Hacking - plan & execute attack
  5. Escalate privileges
  6. Covering tracks - removing evidence of your presence in a system
  7. Planting back doors - may want to come back later
15
Q

Ethical hackers follow a very similar process hackers do except

A

ethical hackers need permisions prior to starting the 1st phase, and will need to generate a report that will need to be presented at the end of the process

16
Q

Types of attacks

A
  1. insider attack
  2. outsider attack
  3. stolen equipment attack - aggressor steal a piece of equipment & uses it to gain access or extract information from it
  4. social engineering attack - pen tester targets the users of a system seeking to extract needed information; exploiting trust inherent in human nature
17
Q

Vulnerability research vs Ethical Hacking?

A

Vulnerability - passively uncovers security issues

Ethical Hacking - actively looks for vulnerabilities

18
Q

worm

A

standalone malware self-replicating

19
Q

trojan horse

A

relies on social engineering

program that breaches security of a computer system while performing harmless functions

20
Q

virus

A

depenent on existing program & spreads to other computers and usually has a detrimental effect such as destroying data, etc

21
Q

rootkit

A

set of SW tools designed to allow unauthorized access without being detected

22
Q

NW intrusions

A

a form of digital trespassing where a user has unauthorized access

23
Q

Fraud

A

the deception of another or parties to elicit information or access

24
Q

SW piracy

A

the possession, duplication, or distribution of SW in violation of a license agreement, or the act of removing copy protection or other license-enforcing mechanisms

25
Q

Dumpster Diving

A

is the oldest & simplest way to gather material that has been discarded & left unsecure

26
Q

Embezzlement

A

is a form of financial fraud that involves theft or redirection of funds as a result of violtating a position of trust

27
Q

DOS & DDOS

A

Denial of service & distributed denial of service attacks are ways to overload a system’s resources so it canont provide required services to legimate users