Overview: What is Ethical Hacking?

Bryson Payne
A free video tutorial from Bryson Payne
Best-Selling Author & Professor w/students in 163 countries
4.6 instructor rating • 4 courses • 52,510 students

Learn more from the full course

Real-World Ethical Hacking: Hands-on Cybersecurity

Protect yourself, gain the hottest new job skills, and learn the tricks the bad guys use - with Kali Linux & Metasploit!

10:51:43 of on-demand video • Updated July 2020

  • Secure your computer, your network, and your data from 99% of all attacks on the Internet.
  • Test for security vulnerabilities using the tricks the bad guys use.
  • Find and fix weaknesses and harden your computer's security.
  • Avoid phishing, viruses, ransomware, and online scams.
  • Keep yourself safe online, at home, at school, or at work.
English [Auto] Let's begin the course with an important question what is ethical hacking. Well it just means we're testing systems for weaknesses with the explicit permission of the owner. That means the person who controls or owns that computer that network that system has given explicit permission to test using ethical hacking techniques. These are the same techniques and tools that an attacker might use to find vulnerabilities we'll learn about Kalli Linux middes Floyd and we'll use lots of platforms from Linux to PC Windows desktops to Mac and even Android devices. And depending on the type of ethical hacking you're doing you can either recommend. And sometimes if you're working for the same company apply the fixes and improvements to secure systems and networks above all ethical hacking is practical useful and its hands on will actually perform the hacks and then we'll learn how to secure against them. What we're trying to do in security is protect what we call the CIA triad or the security triad confidentiality. That means that we protect information from unauthorized access that can be insiders or outsiders who just don't have the permission to access certain materials integrity. That means that we're trying to protect our data or our systems front from unauthorized modification and then availability that means that we have timely access to the information by the right people means. Well an example of a loss of availability might be a denial of service attack where all the internet is shut down because of heavy traffic. A problem with integrity could be someone who's gone in and modified files change to data and a record or deleted log files to delete signs of hacking and any loss of confidentiality just means that someone else can see data that they're not supposed to see. There are lots of different types of attackers. You have outsiders and insiders as threats. So outsiders can be your competitors. They can be black hat and gray hat hackers white hacker is what we're learning to be that someone who uses ethical tools and means to test systems a grey hacker sits sort of in between. They they usually state a positive purpose but they can use some of the techniques that they shouldn't be using. That just means that they're trying something and don't have full Lothaire ization or using illegal techniques as part of their trade. And black hat it's no hole but a no holds barred. They can use any techniques any means to get into a system organized crime terrorists foreign governments military law enforcement. There are lots of outsiders that might want to peek into your network or worse than insider threats come in the form of customers suppliers vendors business partners. Think about contractors that come on your web on your company's premises. Consultants and then of course your employees disgruntled current employees former employees or even employees who don't mean to do something wrong just human error can be an example of an insider threat. That's why the training that will talk about unethical hacking is very important that keeps our good people from accidentally doing something bad. There are lots of good reasons not to become an attacker. You're going to learn about ethical hacking and hacking is not necessarily a bad term. We just associate it with the bad hackers and attackers because of the media. But being an attacker is illegal in most countries here in the United States. U.S. codes Title 18 Section 10:30 and others contain the Computer Fraud and computer Abuse Act. We've got the USA Patriot Act that determines who can see what information Homeland Security Act if there's any suspicion of terrorism the Protect Act you can go to the Department of Justice's Web site cybercrime dot gov and see lots of good resources and information on what's legal and what's illegal. When it comes to cybercrime. Just to give a short version unauthorized access or use of any computer or network or system is illegal. A good example in the real world would be finding a key on the sidewalk. That's the same as finding a vulnerability like somebody left a password in plain text out on the Internet. That's a vulnerability finding that is not illegal. If you just see a key on the sidewalk even sometimes if you pick the key up it may not be illegal but if you try that key on a door and walk into a house or walk into a business you've committed unlawful entry. Let's the same spirit with all of the computer laws when we try to exploit a vulnerability that's like opening the door and walking into the premises. That is an unauthorized access or an unlawful entry. You didn't have to break anything it's breaking and entering but it's still an all out unlawful entry unauthorized access. And remember that even unintentional attacks are illegal too if you try some of the techniques that can create a network flood for example on a network that you don't have explicit permission to test like a coffee shop a library. Your work your school if you take down the network that is illegal as well even an unintentional attack can break the law. There are reasons that we said the ethical hacking using the tools that actual hackers or bad attackers use. And that's because we want to evaluate the systems that we're defending just like an attacker would. We also want to be able to implement countermeasures or put something in place that will keep that attack from being successful. And then we also want to better understand the implications of the decisions we make. If we turn off security in one area or lessen the security so that we make work easier then we can unintentionally bring in additional vulnerabilities and allow other threats onto our network. So we just need to be able to make those decisions between usability and security and find the right balance for our organization. One of the things we do to protect a system and a network and our data from Access. First of all prevention is just putting in place techniques that cause attacks to fail. So a good firewall will block a portion of attacks. Good anti-virus will block another portion of the tax. Training will help block a lot of attacks that employees or or users on your network might fall for. Then we put in place a bug prevention detection. Those are techniques that can determine when someone is attacking your network and detect that something has occurred and report it so that your security team can begin working on that last stage which is recovery recovery just means techniques that stop attacks and then assess and repair any damage that's caused ransomware attacks are pretty prevalent these days. A good backup can be your first line of defense to making sure that ransomware doesn't affect your network as badly as it has many in the world. So we need multiple layers of security. We call this a layered approach because we we don't rely on just a firewall just anti-virus just training we put all of those types of things and more in place on our networks. Prevention detection and recovery. And there's good news and bad news when it comes to the types of threats on our networks. First of all a 2015 HP cyber risk report showed that almost half 44 percent of all breaches in 2015 came from known vulnerabilities that were 2 to 4 years old. That means that there had been patches for most of these problems for over two years and they were still successful. Almost half of the time 44 percent of those breaches came from attacks that a patch had been available for and by a patch would just mean updating your systems. In fact the Australian Signals Directorate that's like the Australian NSA found that 85 percent of breaches were preventable in a certain year. And I think this applies almost all the time just by doing four things. That's application white listing so restricting which programs can run on your computer not installing new software all the time and putting in place measures that will keep new software from installing itself then patching applications. That means updating office updating Java updating your Adobe Flash or anything else that you may be using then patching operating systems like your Windows Updates doing software updates on your Mac or your Linux and then restricting administrative privileges. That just means account controls for your everyday computer use. You probably don't need to be an administrator so use sign in with a user account and then you reserve the administrative account level or you elevate your privileges only when you need to do things to administer or to to maintain the computer. Just those four things can make an 85 percent impact in the number of attacks that are successful or unsuccessful coming into your network. Let me wrap up this brief introduction with a couple of disclaimers. While many of the examples that you're going to see in this course came from exercises we actually performed with real students in the national cyber warrior Academy. This online course is not sponsored or endorsed by the NSA or the University of North Georgia. All opinions expressed here are my own and the techniques and tools demonstrated in this course can cause serious damage if misused either intentionally or unintentionally. So please proceed with caution. Be careful where you use these techniques and tools. Do it only on a system that you own or you have your parents or your employer's explicit permission to test. You need written permission in the case where you're going to run something on a network or on a computer system that you do not personally own or pay for. You need to practice these tools and techniques in a virtual environment like we're going to learn to do so that these tools don't cause unintentional damage on the network or on the system you're touching across this course. We're going to learn how to hack everything from Mac PC Linux computers all the way to Android devices even car hacking as a part of this course. So you're going to get exposed to a lot of tools and techniques in a very short period of time. Take your time work through each section and feel free to explore each of the tools that we're going to use We'll set up a safe and network environment so that you can do that. But first we're going to start with a practical example of real world ethical hacking. We're going to hack into a Windows computer with just to reboot to two commands are two special key combinations and four commands that have to be typed at the command line. You're going to see how to get into a Windows machine to retrieve old files to set up a new user account when you might have forgotten the password. It's a very practical real world hands on example. And we'll start it next.