Home > Articles

An Introduction to Ethical Hacking

  • Print
  • + Share This

Ethical hacking is a form of legal hacking done with the permission of an organization to help increase its security. In this sample chapter from Certified Ethical Hacker (CEH) Version 9 Cert Guide, 2nd Edition, explore the fundamental principles of the security triad—confidentiality, integrity, and availability.

This chapter is from the book

This chapter introduces you to the world of ethical hacking. Ethical hacking is a form of legal hacking done with the permission of an organization to help increase its security. This chapter discusses many of the business aspects of penetration (pen) testing. How should a pen test be performed, what types can be performed, what the legal requirements are, and what type of report should be delivered are all basic items that you need to know before you perform any type of security testing. However, first, you need to review some security basics. That’s right, as my mom always said, “You must walk before you can run!” This chapter starts with a discussion of confidentiality, integrity, and availability. Next, it moves on to the subject of risk analysis, and it finishes up with the history of hacking and a discussion of some of the pertinent laws.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz allows you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 1-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”

Table 1-1 “Do I Know This Already?” Section-to-Question Mapping

Foundation Topics Section

Questions

Security Fundamentals

1

Security Testing

8–10

Hacker and Cracker Descriptions

3, 4, 7

Ethical Hackers

5

Test Plans–Keeping It Legal

6

Ethics and Legality

2

  1. What are the three main tenants of security?

    1. Confidentiality, integrity, and availability

    2. Authorization, authentication, and accountability

    3. Deter, delay, and detect

    4. Acquire, authenticate, and analyze

  2. Which of the following laws pertains to accountability for public companies relating to financial information?

    1. FISMA

    2. SOX

    3. 18 U.S.C. 1029

    4. 18 U.S.C. 1030

  3. Which type of testing occurs when individuals know the entire layout of the network?

    1. Black box

    2. Gray box

    3. White box

    4. Blind testing

  4. Which type of testing occurs when you have no knowledge of the network?

    1. Black box

    2. Gray box

    3. White box

    4. Blind testing

  5. Which form of testing occurs when insiders are not informed of the pending test?

    1. Black box

    2. Gray box

    3. White box

    4. Blind testing

  6. How is ethical hacking different from simple hacking?

    1. Ethical hackers never launch exploits.

    2. Ethical hackers have written permission.

    3. Ethical hackers act with malice.

    4. Ethical hackers have permission.

  7. Which type of hacker is considered a good guy?

    1. White hat

    2. Gray hat

    3. Black hat

    4. Suicide hacker

  8. Which type of hacker is considered unethical?

    1. White hat

    2. Gray hat

    3. Black hat

    4. Brown hat

  9. Which type of hacker will carry out an attack even if the result could be a very long prison term?

    1. White hat

    2. Gray hat

    3. Black hat

    4. Suicide hacker

  10. Which type of hacker performs both ethical and unethical activities?

    1. White hat

    2. Gray hat

    3. Black hat

    4. Suicide hacker

  • + Share This
  • 🔖 Save To Your Account