New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

ISAT-316-940 - Information Assurance I [WEEK 1 CHAPTER 1 NOTES]

by: Jacob Notetaker

ISAT-316-940 - Information Assurance I [WEEK 1 CHAPTER 1 NOTES] ISAT-316-940

Marketplace > Southern Illinois University Carbondale > Information technology > ISAT-316-940 > ISAT 316 940 Information Assurance I WEEK 1 CHAPTER 1 NOTES
Jacob Notetaker
View Full Document for 0 Karma

View Full Document


Unlock These Notes for FREE

Enter your email below and we will instantly email you these Notes for Information Assurance I

(Limited time offer)

Unlock Notes

Already have a StudySoup account? Login here

Unlock FREE Class Notes

Enter your email below to receive Information Assurance I notes

Everyone needs better class notes. Enter your email and we will send you notes for this class for free.

Unlock FREE notes

About this Document

These notes cover the first week of material. They include an in depth and simplified summary of the material discussed in both the class presentation and the book "Hands on Ethical Hacking and Def...
Information Assurance I
Dr. Leslie Fife
Class Notes
information, information technology, hacking, Networking




Popular in Information Assurance I

Popular in Information technology

This 2 page Class Notes was uploaded by Jacob Notetaker on Wednesday September 7, 2016. The Class Notes belongs to ISAT-316-940 at Southern Illinois University Carbondale taught by Dr. Leslie Fife in Fall 2016. Since its upload, it has received 7 views. For similar materials see Information Assurance I in Information technology at Southern Illinois University Carbondale.

Similar to ISAT-316-940 at SIU

Popular in Information technology


Reviews for ISAT-316-940 - Information Assurance I [WEEK 1 CHAPTER 1 NOTES]


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 09/07/16
Chapter 1 Book and Lecture Notes Tuesday, September 6, 2016 9:36 PM BOOK NOTES for "Hands on Ethical Hacking and Network Defense" Chapter 1: Ethical Hacking Overview Chapter Description: "Ethical Hacking Overview" defines what an ethical hacker can and can't do legally. This chapter also describes the roles of security and penetration testers and reviews certifications that are current at the time of publication. Chapter Purpose: • Describe the role of an ethical hacker. • Describe what you CAN do as an ethical hacker. • Describe what you CAN'T do as an ethical hacker. Part 1 - Intro to Ethical Hacking Part 2 - What Can You Do Legally? Part 3 - What You Cannot Do Legally Definitions: Definitions: Definitions: ○ Ethical Hacker - A person who legally conducts penetration test to a company's or person's ○ Port Scanning - a mechanism used by hackers usually as a tool to scan a network for open ports to ○ Consulting Contracts - a written agreement of understanding between the tester and the client network for the purpose of making it more secure. gain access to them. It is also used by administrators to verify security policies of a Network. stating what is not allowed and what is allowed to be performed or operated. ○ Penetration Tests - The process of an Ethical Hacker breaking into a company's network to find "weak links" in the network system. ○ Security Testing - A step above penetration testing in that it combines ethics and procedural testing along with penetration tests. ○ Hacker - an individual who illegally breaks into a network system. ○ Cracker - an individual who illegally breaks into a network system to steal or destroy data. ○ Script Kiddy/Packet Monkey - young or inexperienced hackers. Who copy code from experienced programmers to break into networks instead of making it themselves. ○ Script - a set of programmedinstructions that run in a sequence to perform a task. The Role of Security and PenetrationTesters The Laws of the Land • Companies hire certified information technology specialists to "break in" to their networks.  Depending on where you live, certain hacking tools may be illegal to own on a computer at work Get it in Writing • These specialists are called "Ethical Hackers" • What is and isn't ethical in the world of technical communicationsis always up for debate. • These specialists also examine security policies and procedures and report any faults in them. or in your household.  Local law enforcement agencies are knowledgeable on the subject of what is and isn't legal to • It is VITAL for people going into this field to understand what isn't legal to do when performing • Security Testers do what penetration testers do along with ethical testing. This process allows for own. your job. companies to be aware of where things need to be better secured and where an attack is likely to  Current laws again unethical penetration are usually vague and generalized since the law-making • As a result, most people get these codes of conduct in writing before beginning any job. come from. system is unable to keep up with quickly growing technical field. • These agreements of understanding are known as CONSULTING CONTRACTS. • Penetration Testers merely find the weak points of a network while Security Testers find and FIX  It is important for companies and their employeesto know such laws to perform their jobs safely. these weak points. Is Port Scanning Legal? What are the specific jobs of a PenetrationTester?  Port scanning is the action of using a mechanism to scan for open and vulnerable ports inside of a • Perform vulnerability tests in the internet, intranet, and wireless environments. company or department network. This can be illegal and unethical depending on where the action • Discover and scan for open ports and services. takes place. • Perform exploits to gain or expand various points of access. • Application penetration testing.  This depends on where you live as some states declare it non-threatening while others consider it a criminal offense. • Client interaction.  The US Constitution currently has no say in port scanning specifically and therefore the federal • Produce technical reports on findings. government has taken no action at a constitutional enforcement level. • Communicate findings through debriefing with client. • Participate in the research for solutions.  It is still very much illegal to penetrate national security databases and such actions have and will continue to land offenders in a federal prison for sentences up to 10 years. • Participate in knowledge sharing. PenetrationTesting Methodologies. ISP Contracts and the Need to Know (These are methodologies commonlyused by penetration testers to do their job)  Internet Service Providers have user contracts that state what actions may not be done over the network infrastructure you are under. • White box model  It is vital to understand these user contracts to establish your own policies as a security tester. ○ Tester is told about network topology and network technology used. ○ Tester is given permission to interview IT personnel and company employees. ○ This background information makes for a much easier and straightforward penetration test. Federal Laws that are a Need to Know  The Computer Fraud and Abuse Act • Black box model ○ It is a federal crime to access information illegally. ○ Staff is NOT made aware of penetration test. ○ The tester is NOT given any topologies or network diagrams.  Electronic CommunicationPrivacy Act ○ It is illegal to intercept any communication. ○ The tester is NOT made aware of the technology used by the company.  US Patriot Act (Sec 217) ○ This model puts much of the burden on the tester but allows for a more diverse testing environment and tests the company's ability to defend against an unexpected attack. ○ This amends chapter 119 of title 18 US Code • Grey box model  Homeland Security Act of 2002 ○ Sentencing guidelines for offenders of cybercrime. ○ A HYBRID of the black and white box models. ○ The company gives PARTIAL information to the penetration tester.  The Computer Fraud and Abuse Act ○ This model allows for a slightly more specified test. ○ It is a federal offense to manufacture or own any device or software that can be used to illegally hack.  Stored Wire and Electronic Communications and Transactional Records Act Certification Programs for Network Security Personnel • Certified Ethical Hacker (CEH) ○ This law defines what "Unauthorized Access" is. ○ Developed by the international council of electronic commerce consultations (EC-Council) ○ Test is multiple choice and contains 22 domains of study. ○ Must be familiar with a vast amount of information. ○ Passing the exam and landing a job may put you on what is called a "Red Team" whose job is to conduct penetration tests. • Open Source Security Testing Methodology Manual (OSSTMM) Professional Security Tester ○ Certification under the Institute for Security and Open Methodologies (ISECOM) ○ Certification to be a Security Professional ○ Uses the OSSTMM manual for training ○ Exam requires not only multiple choice knowledge but also the ability to conduct security testing. • Certified Information Systems Security Professional (CISSP) ○ Issued by the International Information Systems Security Certification Consortium (ISC^2) ○ Not really geared towards the IT Professional, but is still a standard for the security profession ○ Rather than IT skills it tests managerial skills ○ Requires 5 years work experience before taking the exam ○ Exam covers 10 domains of study • Where does one go for these exams? ○ SANS Institute - The SysAdmin, Audit, Network, Security (SANS) Institute offers all the necessary training and study materials.Its research documents cost nothing. • Which certification is the best? ○ All certifications are valuable and can be detrimental to a career in the field of Network Security. ○ Basically what this book is saying is that with every certification under your belt, it is a definite pay raise and promotion material. ○ Having these certifications (along with experience) makes for an impressive resume. LECTURE NOTES for Week 1 **This week, the lecture and presentation covered the objectives already discussed in chapter 1 of the book. The following objectives were discussed: • The role of an ethical hacker • What can be legally done as an ethical hacker • What cannot be done legally as an ethical hacker Summary • Companies hire ethical hackers to perform penetration tests. • The purpose of a penetration test is to figure out defects and vulnerabilities in a network. • Companies have entire teams and departments of various skills to perform these penetration tests. • There are 3 penetration test models: ○ White Box Model ○ Black Box Model ○ Gray Box Model • There are a variety of certifications security testers may (and should) acquire: ○ CEH ○ CISSP ○ OPST • It is important to be aware of what you can and cannot do as a tester Acceptable use policies New Section 1 Page 1 ○ Acceptable use policies ○ Limitations in tool use ○ A variety of laws outlay the legalities of tests and also dictate consequences of illegal actions ○ Have an attorney read the contract New Section 1 Page 2


Buy Material

Are you sure you want to buy this material for

0 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Jennifer McGill UCSF Med School

"Selling my MCAT study guides and notes has been a great source of side revenue while I'm in school. Some months I'm making over $500! Plus, it makes me happy knowing that I'm helping future med students with their MCAT."

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

Parker Thompson 500 Startups

"It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.