1 / 48

Ethical Hacking: Overview

Ethical Hacking: Overview. Presented By Team Neptune { Eric, Amy, Aung, Sophia, Venus Mae}. Ethical Hacking Principles Managing Incidents Exploring Security Policies Creating Security Policies SANS Web Application Security Policy. Topic Overview. Ethical Hacking Principles.

hathawayr
Download Presentation

Ethical Hacking: Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ethical Hacking: Overview Presented By Team Neptune {Eric, Amy, Aung, Sophia, Venus Mae}

  2. Ethical Hacking Principles • Managing Incidents • Exploring Security Policies • Creating Security Policies • SANS Web Application Security Policy Topic Overview

  3. Ethical Hacking Principles

  4. Ethical Hacking Principles Three Different Subcultures:

  5. Ethical Hacking Principles Black Hat Hackers • Use their Skills Unethically • Objective: • To Cause Harm • Financial Gain • Political/Social Agenda • Can be backed by Organized Crime or Nation States

  6. Ethical Hacking Principles Gray Hat Hackers • Access without permission • Malice not intended • Curious to test skills • Can potentially report vulnerabilities

  7. Ethical Hacking Principles White Hat Hackers • Supported by their Targets • Internal or Contracted Employees • Use their Skills Ethically • Look for Exploits/Vulnerabilities • Report known issues • Fix issues within in their scope

  8. Managing Incidents: Incidents vs. Disaster • There is a difference between incident and disaster. • Incidents: • Unplanned • Disrupts day-to-day activities • Disasters: • Large scale • Weeks or months of recovery • Incidents WILL become a disaster if left unchecked

  9. Managing Incidents • There shouldn’t be a delay in response so the issue doesn’t affect other areas. • BEGIN once incident has been reported. • The management incident continues until normal activity has resumed.

  10. Managing Incidents • React ASAP otherwise there could be greater costs to fix a widespread problem.

  11. Managing Incidents • Each company can set up their own set of procedures to handle incidents. • These guidelines can be fine-tuned to meet the needs of companies.

  12. Managing Incidents: Reporting • Train users to identify and log incidents. • Entries need to be made when incidents are reported (Help Desk Ticket) • Unique ID • Who reported the incident? • Description • Date & time • Priority • Location • Category and/or subcategory

  13. Managing Incidents • When responding, make a call or physically go to the site of the problem!

  14. Managing Incidents: Possible Causes • Once possible causes are identified, the priority of the incident gets modified (higher or lower). • Either it gets resolved quickly or it needs to be handed off to a technician with more experience to help solve the issue.

  15. Managing Incidents: Developing and Implementing a Solution • Minor incidents are quick to fix • Major solutions take longer to implement • Run baseline before any changes • Save device and wiring closet configurations • Rerun baseline tests to verify solutions

  16. Managing Incidents: Resolution and Documentation • Communicate areas where the company can help prevent the issue from recurring, whether it be to the customers or employees! • Process: • Close the incident • Get feedback • Include all pertinent facts • Suggest preventative actions

  17. Managing Incidents: What Makes a Strong Team? • They remain calm • Roles are assigned clearly • There is communication between the team and the customers

  18. Managing Incidents • Important keynote! • Management of incidents are reactive. • Steps should be done to approach incidents proactively.

  19. Managing Incidents: Best Practices Lastly, these are important to remember! • Maintain security policies. • Install security patches and virus updates. • Maintain access control lists. • Perform security assessments. • Analyze captured data.

  20. Exploring Security Policies

  21. Exploring Security Policies: Creating Security Plan • A Multidisciplinary approach • Defines what security controls are required • Outlines responsibilities • Reassessed on a regular basis (every 3 years)

  22. Exploring Security Policies: Guidelines • Rules of proper conduct are defined. • Clear systems boundaries are demarcated. • There are clear consequences for policy violations.

  23. Exploring Security Policies

  24. Exploring Security Policies: Classification • The level of sensitivity is assessed. • The security team identifies individuals and their level of access according to the principle of least privilege. • They are developed internally or by following a template.

  25. Exploring Security Policies: Classification Example

  26. Exploring Security Policies

  27. Exploring Security Policies

  28. Creating Security Policies

  29. Creating Security Policies Cont . . .

  30. Creating Security Policies Cont . . .

  31. Creating Security Policies Cont . . .

  32. Creating Security Policies Cont . . .

  33. Creating Security Policies Cont . . .

  34. Creating Security Policies Cont . . .

  35. Creating Security Policies Cont . . .

  36. Creating Security Policies Cont . . .

  37. SANS Web Application Security Policy 1 2 3

  38. SANS Web Application Security Policy 1 2

  39. SANS Web Application Security Policy

  40. SANS Web Application Security Policy

  41. SANS Web Application Security Policy

  42. SANS Web Application Security Policy

  43. SANS Web Application Security Policy

  44. SANS Web Application Security Policy Targeted Quick Full OWASP Testing Guide OWASP Top Ten Vulnerabilities 1 2 3

  45. SANS Web Application Security Policy Change Control Process

  46. SANS Web Application Security Policy

  47. Sources • SANS Web Application Security Policy https://www.sans.org/security-resources/policies/application-security/pdf/web-application-security-policy • Managing Incidents https://www.lynda.com/Linux-tutorials/Managing-incidents/455716/488923-4.html • Exploring Security Policies https://www.lynda.com/Linux-tutorials/Exploring-security-policies/455716/488924-4.html • Creating Security Policies https://www.lynda.com/Linux-tutorials/Creating-security-policies/455716/488925-4.html • Ethical Hacking Principles https://www.lynda.com/Linux-tutorials/Ethical-hacking-principles/455716/488921-4.html

  48. Thank You

More Related