• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
(WKLFDO\ue000+DFNLQJ
Student Guide

\u00a9 Copyright 2000 Internet Security Systems, Inc.
All rights reserved.
This product and related documentation are protected by copyright and distribution

under licensing restricting their use, copy, and distribution. No part of this
documentation may be reproduced in any form or by any means without prior written
authorization of Internet Security Systems, Inc. While every precaution has been taken in

the preparation of this document, Internet Security System, Inc. assumes no
responsibility for errors or omissions. This document is published with the
understanding that Internet Security Systems, Inc. and its authors are supplying
information but are not attempting to render engineering or other professional services.
This document and features herein are subject to change without notice.

Internet Security Systems, Inc.
6600 Peachtree-Dunwoody Road
Building 300
Atlanta, GA 30328

888-263-8739
http://www.iss.net/
Please direct any comments concerning ISS courseware tot ra in in g@ is s .n e t.
Print Date: September 21, 2000
Ethical Hacking
iii
&RQWHQWV
Module 1: Welcome to the Class!
Getting Acquainted.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
...With the Instructor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
...With Others in the Class. .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . ..1
Getting the Most Out of this Course.... .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . ..2
The Instructor\u2019s Role. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . ..2
Your Role. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. ... . .. . .. . .. . ..2
About this Course.. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . ..3
Course Objectives.. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . ..3
Using this Training Guide. .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . ..4
Course Outline. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
About Internet Security Systems. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . ..6

How ISS Started.. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . ..6 Company Growth. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6 ISS Products.. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . ..7 Security Management Solutions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8 The ISS X-Force. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Consulting and Educational Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Security Assessment Services (SAS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 ANSA - The Adaptive Network Security Alliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10 Contact Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Module 2: Legal And HR Issues
About This Module. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Purpose of this Module.. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .15
Module Objectives.. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .15
Legal and HR Issues. .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .16

Introduction.. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .16 Legal Issues.. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .16 International Cyber Crime. .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .16 Computer Fraud. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 Computer Forgery. .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .17 Damage to Computer Data or Computer Programmes. .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .17 Computer Sabotage.. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .18 Unauthorized Access. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .18 Unauthorized Interception. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Data Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 How much hacking is there?. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .19 Why Should We Care?. .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .20 UK Computer Misuse Act, 1990. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20 1990 Chapter 18.. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .20

Objectives Review.. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .24
Module 3: Why Perform Ethical Hacking?
About This Module. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Purpose of this Module.. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .25
Module Objectives.. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .. .. . .. . .. . .. . .. .. . .. . .. . .. . .. . .25
Ethics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...