TEH3221 – ETHICAL HACKING AND SECURITY ASSESSMENT

Tutorial 1

1. Differentiate between penetration test and security test.

Pen-Test
- Legal attempt to break into a company’s network to find its weakest link
- Tester only reports findings, does not solve problems

Security test
- More than an attempt to break in; also includes analyzing company’s
security policy and procedures
- Tester offers solutions to secure or protect the network

2. Define each of the following:

(i) Hacker

- Access computer system or network without authorization

- Breaks the law; can go to prison

(ii) Cracker

- Break into systems to steal or destroy data

- U.S. Department of Justice calls both hackers

(iii) Script kiddies/ packet monkeys

- Young inexperienced hackers

- Copy codes and techniques from knowledgeable hackers

(iv) Ethical hacker

- Performs most of the same activities but with owner’s permission

(v) Red team

- A red team is an independent group that challenges an organization

to improve its effectiveness.

Lab Activity 1:

Objective: To examine the SANS list of the most common network exploits.
Description: As fast as IT security professionals attempt to correct network
vulnerabilities, someone creates new exploits. Network security professionals must
keep up to date on those exploits. In this activity, you examine some of the current
exploits used to attack networks. Do not worry – you won’t have to memorize your

Prepared by: SY Ooi

findings. This activity simply gives you an introduction to the world of network
security.

1. Start your Web browser, go to http://www.sans.org

2. Click the “Top 25 Software Errors” and “20 Coolest Jobs in InfoSec”, go
through them.
3. Subscription to SANS NewsBites, http://www.sans.org/newsletters/.

Lab Activity 2:
Objective: To install and set-up a virtual machine (Win Server 2000, XP SP3, 7,
Kali).

*Notes: Set all VM connections to “NAT” connections.

1. Start the VMware Player.

2. Navigate to all virtual images @ directory C:/tht/. You can “copy” but please
do not “cut”.
3. All the virtual machines for Windows XP SP3 now have the same name. This
will cause warning messages to appear on the desktops, and it’s confusing. So
you should change your machine’s name if necessary.
4. Click the Start button on your virtual machine’s desktop, right-click My
Computer, and click Properties. Click the Computer Name tab. Click the
Change button. Choose a name that is unique. Click OK. When a
Computer Name Changes box appears saying “You must restart…”, click
OK. In the System Properties box, click OK. In the System Settings
Change box, click Yes. Wait while your virtual computer restarts. Log in as
you did before.
5. Click the Start button on your virtual machine’s desktop, right-click My
Computer, and click Properties. Click the Computer Name tab. The "Full
computer name:" should contain the name that you chose earlier.

Show me your result. [2%]

Prepared by: SY Ooi

Preparing a Kali Linux Machine

1. Navigate to Kali Linux ISO available in the lab.

2. You may get a copy of Kali Linux ISO from http://www.kali.org/downloads/
3. Run the Kali in your VM.
4. bt login: root, password: toor.
5. Show me your result. [2%]

Prepared by: SY Ooi