Difference between revisions of "SANS 560 Notes"

From SkullSecurity
Jump to navigation Jump to search
Line 1: Line 1:
'''Sans 560: Network Penetration and Ethical Hacking'''
'''560.1 Sans 560: Network Penetration and Ethical Hacking'''
==Definitions==
==Definitions==
* Threat: Agent That can Cause harm
* Threat: Agent That can Cause harm
Line 23: Line 23:
** time
** time
** methods
** methods
== Public/Free methodologies ==
* Open Source Security Testing Methodology Manual( [http://www.isecom.org/osstmm/] )

Revision as of 16:41, 30 July 2008

560.1 Sans 560: Network Penetration and Ethical Hacking

Definitions

  • Threat: Agent That can Cause harm
  • Vulnerability: A flaw that can be exploited
  • Risk: Overlap of Vulnerability and threat
  • Exploit: Code/Technique used by a threat on a vulnerability
  • Active attack: manipulates target
  • Passive Attack: Does not manipulate target
  • Ethical Hacking: Using attack techniques to find flaws with permission, to improve security ( aka white hat hacker )
  • Penetration testing: An attempt to gain entry to a network
  • Security Assessments/Vulnerability Assessment: Finding vulnerabilities
  • Security Audit: Comparing findings against a set of standards
  • Phases of an attack
    • Recon
    • Scanning
    • Exploitation
  • Pentesting limitations:
    • Scope
    • Time
    • Methods
  • Pentester limitations:
    • scope
    • time
    • methods

Public/Free methodologies

  • Open Source Security Testing Methodology Manual( [1] )