Ethical Hacking

Descripcin:
Este curso est diseado para capacitar a profesionales y tcnicos en TI en las tcnicas y herramientas disponibles,
usadas por los hackers para realizar un ataque desde Internet, y conocer en detalle las contramedidas para enfrentar
cada una de las acciones realizadas en cada procedimiento.
Objetivo:
Proporcionar al participante los conocimientos tericos-prcticos que permita desarrollar las competencias
necesarias realizar un proceso controlado de Hacking que permite conocer las vulnerabilidades y de esta
manera tomar las medidas preventivas en contra de agresiones maliciosas, valindose para ello de los tests de
intrusin, que evalan la seguridad tcnica de los sistemas de informacin, redes de datos, aplicaciones web y
servidores expuestos.
Competencias:
Comprende un ataque a servidores y estaciones de trabajo a travs de Internet
Realiza una prueba de penetracin
Utiliza las herramientas idneas para realizar un proceso de Ethical Hacking
Conoce la metodologa OSSTMM desarrollada por ISECOM para tests de seguridad
Entiende el funcionamiento de los ataques ms comunes desde Internet
Comprende cmo protegerse de los ataque implementando medida de seguridad
Reconoce las ventajas de la tecnologa y los peligros al no tener una cultura de seguridad
http://www.cibertec.edu.pe/2/modulos/JER/JER_Interna.aspx?ARE=2&PFL=2&JER=5956
Ethical Hacking es basicamente lo mismo que "hackear" solo que con propositos "buenos", en
otras palabras sirve para hacer inspecciones a los sistemas y poder asi detectar fallas en los
protocolos seguridad informatica que se esten utilizando, se puede implementar haciendo o
simulando ataques que podria sufrir la empresa y/o sus sistemas pero hechos premeditadamente
por un especialista en seguridad informatica que puede ser interno o externo (outsourcing) a la
compaia.
http://es.answers.yahoo.com/question/index?qid=20100223224800AAzpmmH
1.2 Quines son los ETHICAL HACKERS?
Ethical Hackers son redes de computadoras y expertos que atacan sistemas informticos en nombre de sus
propietarios, con los mismos mtodos que sus homlogos, en busca de posibles fallas de seguridad con la
finalidad de brindar un informe de todas las vulnerabilidades encontradas que podran ser aprovechadas por
los piratas informticos.
Para tales fines los ethical hackers han desarrollado lo que se conoce como pruebas de penetracin, (PEN-
TEST por sus siglas en ingls).
2. Tests de intrusin.
Una prueba de penetracin es un paso previo natural a todo anlisis de fallas de seguridad o riesgo para una
organizacin. A diferencia de un anlisis de vulnerabilidades, una prueba de penetracin se enfoca en la
comprobacin y clasificacin de las mismas; y no en el impacto que estas tienen sobre la organizacin.


http://www.monografias.com/trabajos71/ethical-hacking-test-intrusion-metodologias/ethical-hacking-test-
intrusion-metodologias.shtml#ixzz2bdm2JqKo
Is hacking ethical?
The definition of hacker has changed radically over the years. With the aid of the
mass media, the word has developed a negative connotation rather than the
positive one it used to have. Add ethical in front ofhacker, and it's even more
confusing.

For the purposes of this article, I'll define those hackers with malicious intent as
"crackers." Hackers can be categorized into the following three buckets:
1. Hacktivists: Those who hack as a form of political activism.
2. Hobbyist hackers: Those who hack to learn, for fun or to share with other hobbyists.
3. Research and security hackers: Those concerned with discovering security vulnerabilities
and writing the code fixes.

The act is a declaration by Congress that improving the security and privacy of sensitive information in federal
computer systems is in the public interest. The threat of cyberterrorism has increased focus on this piece of
legislation, as well as the more recent USA Patriot Act.

As a result of increased anxiety over terrorist threats, federal and state laws have changed to make it an
offense to "break and enter" a private or public network without permission. Federal law has required
companies to comply with privacy requirements, business controls and corporate governance standards.
These laws have brought pressure to bear on our increasing responsibility to secure the infrastructure and
have made it more difficult for hackers to practice their hacktivism, hobbies or research.

Technology has also affected hacking activities. In response to legislation about privacy, business controls and
terrorism, companies interested in capitalizing on the opportunities that exist have developed and
manufactured sophisticated security hardware and software. The increased sophistication of these products
has made the job of the hacker more difficult, and the casual hacker may stupidly get caught when attempting
to circumvent a complex security system.

Education and awareness campaigns have also made an impact on hacking activities. Companies and
government agencies have become more aware of security issues. Some train their employees on security-
conscious use of their computers. The famous hacker Kevin Mitnick declared that social engineering was his
primary tool.
Where have all the hackers gone? Have they gone more underground or taken "real" jobs? There is continuing
debate over the ethics of hiring a former cracker, especially one with a criminal record, and placing him in a
position of responsibility in a security capacity. I suspect that this is going to continue to be a difficult debate.
Since the laws have become stricter, hacktivists and hobbyists are at risk of being labeled crackers.
What should our response be to crackers, who focus on hacking for personal gain and whose intent is to steal,
threaten and destroy? Throw them in jail and throw away the key! What should our response be to the three
categories of hackers? Do the First and Fourth Amendments of the U.S. Constitution protect hacktivism? Is
there a way that hobbyists can work with the community to serve their interests, maintain their integrity and
gain the trust of the public and private sector? Can we embrace the hobbyists and separate the crackers from
the mix and treat the two groups differently? Can we educate our children on the differences, emphasizing right
from wrong while supporting and promoting passion, creativity and freedom?

Is hacking ethical? It is if viewed within the context of the three definitions offered: hacktivist, hobbyist and
researcher. We have the right in this country to protest, and if our activism takes a digital or electronic form, we
have the right to do so. But don't take my word for it, explore this excellent article by Dorothy E. Denning at
Georgetown University, "Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing
Foreign Policy." It will make you think.
I believe hackers have a lot to offer. They provide a balance of power by virtue of their creativity and technical
skills. I think we need to protect and recognize them and find ways of working together.

Yes, I do believe that hacking -- when properly defined -- is an ethical activity. And yes, I do believe that
understanding our freedoms and rights and protecting all that's good in our society while preventing all that's
bad is the right approach.
http://www.computerworld.com/s/article/91549/Is_hacking_ethical_?taxonomyId=17&pageNum
ber=2
Where Are the Ethics in Hacking?
"What the Australian researcher did is not ethical hacking," says Jay Bavisi, President of EC-
Council, a global certification and training organization for ethical hackers. "A lot of people don't
understand the difference betweenhacking and ethical hacking."
Hacker: simply a person who invades or interferes with another system with the intent to cause
harm, without having any permission from the system owner.
Ethical hacker: a professional hired by an organization to review its security posture from the
eyes of the hacker. Ethical hackers test vulnerabilities of the systems.
Penetration tester: a professional who goes a step beyond the ethical hacker and provides an
active analysis of the system for any potential vulnerabilities that could result from poor or
improper system configuration, either known and unknown hardware or software flaws, or
operational weaknesses. These professionals are largely involved in remediation. The whole
process involves a written consent and rules of engagement from the client, which clearly spell
what they can or cannot do, "This is basically our 'get out of jail free' card," Bavisi says.

"In the past there was the opportunity to be a hacker, to do inappropriate things and then
people would employ you. In the future that is not going to be the case, as neither the industry
nor the buying community will accept individuals who have operated illegally," Glover says.
The industry has matured, he says, and because of that the bar of entry is much higher for
prospective testers. In this case, he adds that if Heinrich were to be a member of a
professional organization like CREST, he would be immediately removed for his actions.
There are ethics and morals involved when ethical hackers take up such contracts or positions.
They clearly understand their limits dictated by the letter of authorization where the client
specifies the scope of engagement. For instance, the servers that can or cannot be tested, the
IP range ethical hackers can use etc. These professionals are aware of the legal framework
and understand the requirement for full disclosure to the client. "Without permission, no ethical
hacker will touch the job and go beyond the scope in any form. This is standard security
practice," Bavisi says.
The latest incident is just an example of a bad hacker, adds Grossman. "The researcher made
a rather common mistake of demonstrating a live vulnerability on stage without permission.
Would I have done it? No!"
One of the key lessons in this case is the need for better education within the industry to
highlight the differences among hackers, ethical hackers and penetration testers.
"People must understand the difference between a cop and a thief," Bavisi says.
http://www.bankinfosecurity.com/blogs/where-are-ethics-in-hacking-p-954/op-1