Hands-On Ethical Hacking and Network Defense
1. Black Box 2. White Box 3. Gray Box
Computer Fraud Abuse Act
This law makes it a federal crime to access classified information or financial information without authorization.
Electronic Communication Privacy Act
These laws make it illegal to intercept any communication, regardless of how it was transmitted.
Certified Ethical Hacker (CEH)
A certification designated by the EC-Council.
Certified Information Systems Security Professional (CISSP)
Non-vendor-specific, certification issued by the International Information Systems Security Certification Consortium Inc. (ISC2)
Hackers who break into systems with the intent of doing harm or destroying data.
Users who attempt to break into a computer system or network with the owner's permission.
Global Information Assurance Certification (GIAC)
An organization founded by the SANS Institute in 1999 to validate the skills of security professionals. GIAC certifications encompass many areas of expertise in the security field.
gray box model
A hybrid of the black box and white box models for penetration testing. In
the company might give a tester some information about which OSs are running but not provide any network topology information (diagrams of routers, switched, switches, intrusion detection systems firewalls, and so forth).
A user who attempts to break into a computer system or network without authorization fromt he owner
Institute for Security and Open Methodologies (ISECOM)
A nonprofit organization that provides training and certification programs for security professionals.
Open Source Security Testing Methodology Manual (OSSTMM)
This security manual developed by Peter Herzog has become one of the most widely used security-testing methodologies to date.
OSSTMM Professional Security Tester (OPST)
An ISECOM-designated certification for penetration and security testers. See also Institute for Security and Open Methodologies (ISECOM).
A derogatory term for unskilled crackers or hackers who steal program code and use it to hack into network systems instead of creating the programs themselves.
In this test a security professional performs an attack on a network with permission from the owner to discover vulnerabilities; penetration testers are also called ethical hackers.
A group of penetration testers who work together to break into a network.
Similar to packet monkeys, a term for unskilled hackers or crackers who use scripts or programs written by others to penetrate networks.
In this test, security professionals do more than attempt to break into a
network; they also analyze security policies and procedures
report vulnerabilities to management and recommend solutions
SysAdmin Audit Network Security (SANS) Institute
Founded in 1989 this organization conducts training worldwide and offers multiple certifications through GIAC in many aspects of computer security and forensics.
white box model
A model for penetration testing in which testers can speak with company staff and are given a full description of the network topology and technology.