ZuoTi.Pro
Question

Put yourself in the shoes of an attacker for a moment. Do you believe you would...

Put yourself in the shoes of an attacker for a moment. Do you believe you would be following a methodology like the OSSTMM or the Pentesting Execution Standard? Would you use a more rudimentary identify, scan, enumerate, attack methodology? Would you use no methodology at all other than blindly launching attacks in hopes of having something stick? Explain your decision and consider what sort of attacker might use which approach if there is a difference. Provide at least 2 resources to support your response

engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

The attackers can be classified as –

(a) Ethical hacker (a certified hacker who uses penetration testing techniques),

(b) Joyriders (attacker is doing it for amusement),

(c) Accidental attacker (network administrator),

(d) Spies (want to steal information to sell it later),

(e) Destructors (want to ruin computer systems, delete data), etc.

Being an attacker, one would like to try all the possible methodologies or no methodology at all. But, the choice depends on the type of attacker.

Different methodologies can be used by the attacker depending on the type of attacker.  

  • The OSSTMM (Open Source Security Testing Methodology Manual) or the Pen testing Execution Standard Methodology: The aim of this methodology is to set forth a standard for internet security testing.
  • A set of steps (i.e. Information Collection, Active Testing, Data Analysis, and Gap Analysis) is followed to test the security of the client's site.
  • The "Gap Analysis" step informs about the enhancements needed in the system under test. This methodology is used by the certified pen-test providers (ethical hackers).
  • Rudimentary identify, scan, enumerate, and attack methodology: In this methodology, attacker identifies the target, scan the system for open ports, search for the systems with known weakness, and plan the attack. A common attack is DDoS (Distributed Denial of Service).
  • Without using any methodology (blindly launching attacks): This type of attack is usually done by naive attackers.
  • I would like to follow the standard methodology (i.e. OSSTMM, Pen-test execution standard) to become an ethical hacker. By doing this I would get the knowledge and experience of hacking without breaking any laws.
0 0
Add a comment
Know the answer?
Add Answer to:
Put yourself in the shoes of an attacker for a moment. Do you believe you would...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • Put yourself in the shoes of a company president: The extremely successful launch of a new...

    Put yourself in the shoes of a company president: The extremely successful launch of a new product has resulted in an additional $5 million in unexpected operating cash flows. You can think of several ways to use the extra $5 million. One alternative is to pay out a special dividend to the shareholders. As president, you are accountable to the board of directors, which is elected by the shareholders. Rather than pay a dividend, you could repurchase shares of the...

  • Please read the article and answer about questions. You and the Law Business and law are...

    Please read the article and answer about questions. You and the Law Business and law are inseparable. For B-Money, the two predictably merged when he was negotiat- ing a deal for his tracks. At other times, the merger is unpredictable, like when your business faces an unexpected auto accident, product recall, or government regulation change. In either type of situation, when business owners know the law, they can better protect themselves and sometimes even avoid the problems completely. This chapter...

  • Actions that damage a company and its employees should be stamped out, everyone would agree. But ...

    Actions that damage a company and its employees should be stamped out, everyone would agree. But should the people responsible be stamped out, too? HBR CASE STUDY The Reign of Zero Tolerance by Ben Gerson "Mr. Pemberton?" manager. The guards had radioed her that the "Yes, that's me," Simon replied distractedly, his back turned. target wasn't putting up much resistance. "Your personal belongings will be messen The two burly gentlemen who had suddenly gered to your home later today," Sallie...

  • And there was a buy-sell arrangement which laid out the conditions under which either shareholder could...

    And there was a buy-sell arrangement which laid out the conditions under which either shareholder could buy out the other. Paul knew that this offer would strengthen his financial picture…but did he really want a partner?It was going to be a long night. read the case study above and answer this question what would you do if you were Paul with regards to financing, and why? ntroductloh Paul McTaggart sat at his desk. Behind him, the computer screen flickered with...

  • 2) What were some of the key challenges they encountered? How did they overcome them? 3)...

    2) What were some of the key challenges they encountered? How did they overcome them? 3) What were some of the key takeaways they learned to use in the future? When I assumed the leadership of Heinz’s Asia/Pacific business, in 1993, the company’s revenues from that part of the world were hardly a blip—and I’d never visited most of the countries in the region. I made my first trip there soon after I took the job, and it really opened...

  • Discussion questions 1. What is the link between internal marketing and service quality in the ai...

    Discussion questions 1. What is the link between internal marketing and service quality in the airline industry? 2. What internal marketing programmes could British Airways put into place to avoid further internal unrest? What potential is there to extend auch programmes to external partners? 3. What challenges may BA face in implementing an internal marketing programme to deliver value to its customers? (1981)ǐn the context ofbank marketing ths theme has bon pururd by other, nashri oriented towards the identification of...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT