.png){kind=logo}
Hands-On Ethical Hacking and Network Defense, 4e Rob S.Wilson (Solu�ons Manual All Chapters, 100% Original Verified, A+ Grade) 1 / 4
Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
1
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.Solution and Answer Guide Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network Defense, 4 th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview Table of Contents Hands-On Activities ....................................................................................................................................... 1 Activity 1-1: Determining the Corporate Need for IT Security Professionals ............................................. 1 Activity 1-2: Examining the Top 25 Most Dangerous Software Flaws....................................................... 2 Activity 1-3: Identifying Computer Statutes in Your State or Country ...................................................... 2 Activity 1-4: Examining Federal and International Computer Crime Laws ................................................ 3 Review Questions .......................................................................................................................................... 3 Case Projects ................................................................................................................................................. 8 Case Project 1-1: Determining Legal Requirements for Penetration Testing ............................................ 8 Case Project 1-2: Researching Hacktivists at Work ................................................................................... 9 Ethical Hacking for Life: Module 1 Ethical Hacking Overview ...................................................................... 10 Grading Rubric for Ethical Hacking for Life .............................................................................................. 11 Reflection: Module 1 ................................................................................................................................... 11 Grading Rubric for Reflection .................................................................................................................. 11
Hands-On Activities
Activity 1-1: Determining the Corporate Need for IT Security
Professionals
Time Required: 10 minutes
Objective: Examine corporations looking to employ IT security professionals.
Description: Many companies are eager to employ or contract security testers for their corporate networks. In this activity, you search the Internet for job postings, using the keywords “IT Security,” and read some job descriptions to determine the IT skills (as well as any non-IT skills) most companies want an applicant to possess. 2 / 4
Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
2
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
- Start your web browser and go to indeed.com.
- In the What search box, type IT Security. In the Where search box, enter the name of a major
- Note the number of jobs. Select three to five job postings and read the job description in each
- When you’re finished, exit your web browser.
city near you, and then press Enter.
posting.
Answer: Student should complete activity in their web browser. No submitted response is required.
Activity 1-2: Examining the Top 25 Most Dangerous
Software Flaws
Time Required: 15 minutes
Objective: Examine the SANS list of the most common network exploits.
Description: As fast as IT security professionals attempt to correct network vulnerabilities, someone creates new exploits, and network security professionals must keep up to date on these exploits. In this activity, you examine some current exploits used to attack networks. Don’t worry—you won’t have to memorize your findings. This activity simply gives you an introduction to the world of network security.
- Start your web browser and go to www.sans.org.
- Under Resources, click the Top 25 Programming Errors link. (Because websites change
- Read the contents of the Top 25 list. (This document changes often to reflect the many new
- Investigate the first few flaws by clicking the CWE-# link. For each flaw, note the description,
- When you’re finished, exit your web browser.
frequently, you might have to search to find this link.)
exploits created daily.) The Top 25 list is also known as the Top 25 Most Dangerous Software Errors. Links in the list explain the scoring system and framework used to rank these errors.
applicable platform, and consequences.
Answer: Student should complete activity in their web browser. No submitted response is required.
Activity 1-3: Identifying Computer Statutes in Your State
or Country
Time Required: 30 minutes
Objective: Learn what laws might prohibit you from conducting a network penetration test in your state or country.Description: For this activity, you use Internet search engines to gather information on computer crime in your state or country (or a location selected by your instructor). You have been hired by ExecuTech, a security consulting company, to gather information on any new statutes or laws that might affect the 3 / 4
Solution and Answer Guide: Michael T. Simpson, Nicholas D. Antill, Robert S. Wilson, Hands-On Ethical Hacking and Network Defense, 4th Edition, ISBN: 9780357509753; Module 01: Ethical Hacking Overview
3
© 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.security testers it employs. Write a one-page memo to Liang Choi, director of security and operations, listing applicable statutes or laws and offering recommendations to management. For example, you might note in your memo that conducting a denial-of-service attack on a company’s network is illegal because your state’s penal code prohibits this type of attack unless authorized by the owner.Answer: Answers will vary. The memo should include state laws that might affect how a penetration test could be conducted as well as problems that might arise because of state laws. The memo could also ask that management draw up a contract addressing any risks or possible network degradation that might occur during testing.
Activity 1-4: Examining Federal and International Computer
Crime Laws
Time Required: 30 minutes
Objective: Increase your understanding of U.S. federal and international laws related to computer crime.Description: For this activity, use Internet search engines to gather information on U.S. Code, Title 18, Sec. 1030, which covers fraud and related activity in connection with computers. Also, research the Convention on Cybercrime (the Budapest Convention). Write a summary explaining how these laws can affect ethical hackers and security testers.Answer: Answers will vary. The summary should mention some key elements, such as (a)(2) “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains ….” Section (g) states: “Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator.” The summary might also mention the possibility of a lawsuit. Students need to understand that this federal law addresses government computers and financial systems. Students should mention what nations are part of the Convention on Cybercrime (Budapest Convention).Review Questions
- The U.S. Department of Justice defines a hacker as which of the following?
- A person who accesses a computer or network without the owner’s permission
- A penetration tester
- A person who uses phone services without payment
- A person who accesses a computer or network system with the owner’s permission
- / 4
.png)