Since I have gone over what I belive to be the merits of self-studying security, I have decided to go over some of the materials covered when trying to get certified in security, specifically the CEH (certified ethical hacker)
Currently the cost for an exam voucher is $500 which will allow you to take the test.
If you are choosing to self-study and take this exam, they do ask for 2 years of demonstrable proof that you have, or do, work in the computer security field before allowing you, which seems to me a bit backwards, since you would be trying to get the certificate to get employment. But that’s a prerequisite and needs to be abided by.
On top of this you also need to fill out a CEH exam eligibility application and pay a non-refundable fee of $100.
If you have decided this is still something you would like lets get started, the first basic things they need you to know about or have knowledge in:
Terminology – Some basic keywords with definitions, this is the basics of basic, you should know these without having to really think about it.
Factors that support security are:
Authenticity – The confirmation of the origin and identity of an information source.
Identification – A user claiming an identity to an information system.
Authentication – The confirmation and reconciliation of evidence of a user’s identity.
Accountability – Assigning responsibility for a user’s actions
Privacy – Protection of individually identifiable information.
Organizational Security Policy – The control of access to information and the personnel authorized to receive it.
Things that need to be taken into account as a security professional:
Threat – An event or activity that has the potential to cause harm to information systems or networks.
Vulnerability – A weakness or lack of safeguard that can be exploited by a threat.
Risk – The potential for harm or loss and the probability that a threat will materialize
Attack – An action against an information system or network that attempts to violate the security policy.
Target of evaluation – An IT product, element, or system designated to have a security evaluation.
Exploit – A means of exploiting a weakness or vulnerability in an IT system.
Types – Different types of hackers and related descriptions.
Originally a “hacker” was not a negative term, it was simply someone intellectually curious and wanted to learn as much as possible about a system. In MIT at the model railroad club when someone discovered an ingenious or unusual way of solving a problem is was referred to as a “hack” this term spilled over into computer culture, and is now an everyday term (we now have “food hackers” and multiple other psudo-hackers)
Cracker – Due to the term “hacker” getting negative connotations many people tried to lobby for the term “cracker” to identify a malicious hacker, someone with high technical skill who uses them for illegal or immoral means. This never really got adopted, instead we define people by the colour of their hat.
Black hat – Someone who uses their skills with malicious intent, generally for money or personal gain.
Grey hat – Some one who hacks out of curiosity or to learn, not doing anything malicious, however not legal either… the type of hacker who breaks in to a website and emails the owner with what they discovered.
White hat – A hacker who uses their knowledge for good, patching systems, securing IT and generally helping out (ethical hacking)
Phreaker – One of the subcultures “hacking” evolved from, a phreaker is someone who plays with and explores the phone network, PBX’s, exchanges and other phone systems.
Script kiddie – A relatively new phenomenon within the hacking culture, this is someone with few skills who uses publicly available tools or exploits to attack systems.
Cyber terrorist – An individual who works for a government or terrorist group that is engaged in sabotage, espionage, financial theft and attacks on a nations critical infrastructure.
Hacktivist – (a portmanteau of hack and activism) is the use of computers and computer networks as a means of protest to promote political ends.
1. Preparation – Contract terms are agreed upon and signed which details work performed, schedules, deliverables, and resources to be provided to the pentesting team. The contract should also protect the team against prosecution for their activities and contain a non-disclosure agreement.
2. Conduct -The ethical hacking activities are conducted, vulnerabilities identified, and a technical report written.
3. Conclusion – The results are communicated to the employer along with remediation recommendations. The recommendations are usually acted upon by the organization.
Categories for testing
Full knowledge (whitebox) – The team has as much knowledge as possible about the network and computing resources to be evaluated.
Partial knowledge (greybox) – The testing team has knowledge that might be relevant to a specific type of attack by a person internal to the organization.
Zero knowledge (blackbox) – The testing team is provided with no information and begins the testing by gathering information on it’s own initiative.
Ethical hacking obligations
Protect information uncovered – Gaining access to an organizations intellectual property and other sensitive information should be protected to the highest degree possible and not be divulged to anyone, either purposely or inadvertently.
Limitation of liability – Although modification or loss of data is something you should be trained not to do of course accidents do happen. There should be a limitation of liability to the penetration tester incase the worst case scenario does happen.
Remain with the scope of the assignment – This should be agreed upon beforehand and agreed with the organization. The penetration tester should remain within the bounds of the agreement. This should include the methods used and extent of any tests performed.
Develop a test plan – This should be developed beforehand and also agreed by both parties. The plan should include: the scope of the test, resources to be tested, Support provided by the hiring party, times for the testing, location of testing, the type of test (whitebox, greybox, blackbox), the extent of the penetration, individuals to contact in the event of the problem, and deliverables.
Comply with relevant laws and regulations – Even though you are being hired by a company to “break in” to their computers and systems, you must comply with the law and laws imposed on the company being tested.