Difference between revisions of "SANS 560 Notes"
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
'''Sans 560: Network Penetration and Ethical Hacking''' | '''560.1 Sans 560: Network Penetration and Ethical Hacking''' | ||
==Definitions== | ==Definitions== | ||
* Threat: Agent That can Cause harm | * Threat: Agent That can Cause harm | ||
Line 23: | Line 23: | ||
** time | ** time | ||
** methods | ** methods | ||
== Public/Free methodologies == | |||
* Open Source Security Testing Methodology Manual( [http://www.isecom.org/osstmm/] ) |
Revision as of 16:41, 30 July 2008
560.1 Sans 560: Network Penetration and Ethical Hacking
Definitions
- Threat: Agent That can Cause harm
- Vulnerability: A flaw that can be exploited
- Risk: Overlap of Vulnerability and threat
- Exploit: Code/Technique used by a threat on a vulnerability
- Active attack: manipulates target
- Passive Attack: Does not manipulate target
- Ethical Hacking: Using attack techniques to find flaws with permission, to improve security ( aka white hat hacker )
- Penetration testing: An attempt to gain entry to a network
- Security Assessments/Vulnerability Assessment: Finding vulnerabilities
- Security Audit: Comparing findings against a set of standards
- Phases of an attack
- Recon
- Scanning
- Exploitation
- Pentesting limitations:
- Scope
- Time
- Methods
- Pentester limitations:
- scope
- time
- methods
Public/Free methodologies
- Open Source Security Testing Methodology Manual( [1] )