Book Image

Applied Network Security

By : Arthur Salmon, Michael McLafferty, Warun Levesque
Book Image

Applied Network Security

By: Arthur Salmon, Michael McLafferty, Warun Levesque

Overview of this book

Computer networks are increasing at an exponential rate and the most challenging factor organisations are currently facing is network security. Breaching a network is not considered an ingenious effort anymore, so it is very important to gain expertise in securing your network. The book begins by showing you how to identify malicious network behaviour and improve your wireless security. We will teach you what network sniffing is, the various tools associated with it, and how to scan for vulnerable wireless networks. Then we’ll show you how attackers hide the payloads and bypass the victim’s antivirus. Furthermore, we’ll teach you how to spoof IP / MAC address and perform an SQL injection attack and prevent it on your website. We will create an evil twin and demonstrate how to intercept network traffic. Later, you will get familiar with Shodan and Intrusion Detection and will explore the features and tools associated with it. Toward the end, we cover tools such as Yardstick, Ubertooth, Wifi Pineapple, and Alfa used for wireless penetration testing and auditing. This book will show the tools and platform to ethically hack your own network whether it is for your business or for your personal home Wi-Fi.
Table of Contents (18 chapters)

Ethical hacking issues

Ethics can be different from person to person. Many times, ethics are a matter of interpretation and intent in terms of what your actions are trying to achieve. Ethical hacking can be perceived in a few different ways. For some, ethical hacking is a great and noble pursuit. It is a way to understand how a hacker thinks and attacks. Having this knowledge gives a big advantage to protecting a network from an attack.

"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."
- Sun Tzu

The majority of ethical hackers are white hat, although sometimes the methods an ethical hacker uses could be considered grey hat in application. It is important to always get clear, written permission and define the scope of what you can and cannot do while working on a network. Having written permission and a defined scope of what is expected will protect you should you ever become a scapegoat from some anomaly you have no knowledge about.

Since the 1986 Computer Fraud and Abuse Act was passed, it is illegal to access a computer without authorization and steal private government information or financial/credit card information. Breaking into a computer system is the technological version of trespassing. A hacker would say that no harm is done when they break into a computer system. People have a certain expectation of privacy. When that sense of privacy is taken away, a person loses something priceless, even if it seems intangible. There are many people who are unaware that there are different types of hacker, such as white, black, and grey hat hackers. They assume all hackers are malicious and not to be trusted. Being an ethical hacker comes with some stigmatization. An ethical hacker may cause fear and uncertainty within some people who lack this type of knowledge. That fear is often driven by the unknown, that unknown being the extent of an ethical hacker's capabilities.

As mentioned earlier, privacy is priceless. When an individual has the ability to take that away, they may be seen as a potential threat. That is why, as an ethical hacker, it is important to maintain a high ethical standard. Sometimes an ethical hacker may find themselves facing a complicated ethical situation. For example, it is not uncommon to find illegally pirated material on workplace computers such as music, movies, and games. Unless defined by the scope of the job, it may be up to the individual to inform the management about misuse of company computers and network resources. That would be more of an ethical decision made by the individual working on the network/user devices. A different twist on that scenario is finding child pornography on a workplace computer. In that situation, the network security individual who found the illegal material must immediately report it to both law enforcement and management. Failing to report something like that to law enforcement may leave the person who found it liable for criminal prosecution. An ethical hacker may have a complex role within network security, but as long as that person keeps a strong ethical standard they will be fine.