![Page 1: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/1.jpg)
Ethical Hacking &Information Security
Justin David G. PinedaAsia Pacific College
![Page 2: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/2.jpg)
Topics for today: Is there such thing as ethical hacking? What is information security? What are issues that need to be
addressed? Information security as a discipline Do we need a cybercrime law?
Is there such thing as ethical hacking? What is information security? What are issues that need to be
addressed? Information security as a discipline Do we need a cybercrime law?
![Page 3: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/3.jpg)
About: Justin David Pineda Lecturer at Asia Pacific College Currently, Sr. Application Security
Specialist at The Coca-ColaCompany
In the past: Security Analyst,SilverSky
BS Computer Science, DLSU Certifications earned: Certified Ethical Hacker (CEH) CompTIA Security+ ISO 27002 Foundation Cisco Certified Network Associate IBM DB2 Academic Associate Microsoft Technology Associate
(MTA) Security
Lecturer at Asia Pacific College Currently, Sr. Application Security
Specialist at The Coca-ColaCompany
In the past: Security Analyst,SilverSky
BS Computer Science, DLSU Certifications earned: Certified Ethical Hacker (CEH) CompTIA Security+ ISO 27002 Foundation Cisco Certified Network Associate IBM DB2 Academic Associate Microsoft Technology Associate
(MTA) Security
![Page 4: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/4.jpg)
Is there such thing as ethicalhacking?
Is there such thing as ethicalhacking?
![Page 5: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/5.jpg)
Is there such thing as ethical hacking? A hacker exploits weaknesses in a
computer system. Hacking or cracking which refers
to unauthorized access into orinterference in a computersystem… (RA 8792, E-CommerceLaw)
Someone with an advancedunderstanding of computers andcomputer networks… (A Guide tothe World of Computer Wizards)
Ex. Hacking with a Pringles tube(from BBC News)
A hacker exploits weaknesses in acomputer system.
Hacking or cracking which refersto unauthorized access into orinterference in a computersystem… (RA 8792, E-CommerceLaw)
Someone with an advancedunderstanding of computers andcomputer networks… (A Guide tothe World of Computer Wizards)
Ex. Hacking with a Pringles tube(from BBC News)
![Page 6: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/6.jpg)
What separates good from bad hackers? They both exploit weaknesses in a computer system or
network. The difference is – permission
and scope.
White hat – good guys Black hat – bad guys Gray hat – good in the morning; bad in the evening
With this definition, what’s the classification ofAnonymous?
They both exploit weaknesses in a computer system ornetwork.
The difference is – permissionand scope.
White hat – good guys Black hat – bad guys Gray hat – good in the morning; bad in the evening
With this definition, what’s the classification ofAnonymous?
![Page 7: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/7.jpg)
Hacking trend…
![Page 8: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/8.jpg)
Steps in Hacking1. Reconnaissance2. Scanning3. Gaining Access4. Maintaining Access5. Covering Tracks
1. Reconnaissance2. Scanning3. Gaining Access4. Maintaining Access5. Covering Tracks
![Page 9: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/9.jpg)
Reconnaissance Observation Research about your target Start from online tools Netcraft Archive Web Data Extractor
Job opportunities
Observation Research about your target Start from online tools Netcraft Archive Web Data Extractor
Job opportunities
![Page 10: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/10.jpg)
Scanning Look for open
opportunities nmap, hping
![Page 11: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/11.jpg)
Firewalking
![Page 12: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/12.jpg)
Gaining & Maintaining Access Password Guessing Privilege Escalation Executing Malicious Codes Copying files
![Page 13: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/13.jpg)
Covering Tracks Delete or modify audit trails
![Page 14: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/14.jpg)
What is information security?What is information security?
![Page 15: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/15.jpg)
What is information security? Protection of information systems against unauthorized
access to or modification of information, whether instorage, processing or transit, and against the denial ofservice to authorized users or the provision of service tounauthorized users, including those measures necessaryto detect, document, and counter such threats. (U.S.National Information Systems Security)
Protection of information systems against unauthorizedaccess to or modification of information, whether instorage, processing or transit, and against the denial ofservice to authorized users or the provision of service tounauthorized users, including those measures necessaryto detect, document, and counter such threats. (U.S.National Information Systems Security)
![Page 16: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/16.jpg)
The CIA triad
![Page 17: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/17.jpg)
The CIA Triad explained Confidentiality – Protection against unauthorized access. Integrity – Protection against unauthorized modification. Availability – Protection against Denial of Service (DoS)
![Page 18: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/18.jpg)
Examples:
![Page 19: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/19.jpg)
Remember the 3-way handshake!
![Page 20: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/20.jpg)
Information Security vs. IT Security Information Security has many domains. Access control, telecommunications and network security,
Information security governance and risk management,Software development security, Cryptography, Securityarchitecture and design, Operations security, Businesscontinuity and disaster recovery planning, Legal, regulations,investigations and compliance, Physical (environmental) security– from CISSP’s domains on ISC2
IT Security only focuses on software and hardwaretechnologies.
Information Security has many domains. Access control, telecommunications and network security,
Information security governance and risk management,Software development security, Cryptography, Securityarchitecture and design, Operations security, Businesscontinuity and disaster recovery planning, Legal, regulations,investigations and compliance, Physical (environmental) security– from CISSP’s domains on ISC2
IT Security only focuses on software and hardwaretechnologies.
![Page 21: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/21.jpg)
Defense in Depth
![Page 22: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/22.jpg)
Definition of Protection Past & Present PROTECTION = PREVENTION
Example: Gate, Network Firewall
Problem: What if the thief climbs over the gate? Problem 2: What if there is a DoS attempt in a web
server on port 80.
PROTECTION = PREVENTION
Example: Gate, Network Firewall
Problem: What if the thief climbs over the gate? Problem 2: What if there is a DoS attempt in a web
server on port 80.
![Page 23: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/23.jpg)
Definition of Protection Past & Present PROTECTION = PREVENTION + (DETECTION +
INCIDENT RESPONSE)
Example: Motion detector tools, anti-virus for host device,Intrusion Detection System (IDS) for network.
![Page 24: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/24.jpg)
Reality Check You cannot eliminate all risks. You do not have a lot of money to buy all controls to
mitigate the risks. You need to prioritize.
![Page 25: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/25.jpg)
Least Privilege A user/program must be able to access only the
information and resources that are necessary for itslegitimate purpose.
It is the essence of all domains in information security
![Page 26: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/26.jpg)
Separation of Duties (SOD) The concept of having more than one person required to
complete a task. Keys to the kingdom Example: How payroll is computed, approved, delivered
etc.
![Page 27: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/27.jpg)
Policies HR Policies Clean desk policy Acceptable Use Policy Internet policy Data security policy Password Policy
HR Policies Clean desk policy Acceptable Use Policy Internet policy Data security policy Password Policy
![Page 28: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/28.jpg)
Physical Security Natural barriers Authentication (something to you know, something that
you have, something that you are) Gates and dogs Guards
Natural barriers Authentication (something to you know, something that
you have, something that you are) Gates and dogs Guards
![Page 29: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/29.jpg)
Network Security Firewalls Intrusion Detection Systems (IDS) Unified Threat Management (UTM) Data Loss Prevention (DLP)
![Page 30: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/30.jpg)
Host Security Port Security Anti-virus User access (standard, admin, super admin)
![Page 31: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/31.jpg)
Application Security Encryption Patches, hotfixes
![Page 32: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/32.jpg)
What issues need to be addressed?What issues need to be addressed?
![Page 33: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/33.jpg)
Focus on 2 critical issues Social Engineering Web Application Attacks
![Page 34: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/34.jpg)
Social Engineering Social engineering is the hacker/attacker's clever
manipulation of the natural human tendency to trust toobtain information that will allow him to gainunauthorized access to a valued system. (SocialEngineering Fundamentals)
90% of successful hacking activities are done using socialengineering.
Social engineering is the hacker/attacker's clevermanipulation of the natural human tendency to trust toobtain information that will allow him to gainunauthorized access to a valued system. (SocialEngineering Fundamentals)
90% of successful hacking activities are done using socialengineering.
![Page 35: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/35.jpg)
Steps in Social Engineering Information Gathering Stalk in social networking sites Mail-outs Forensic analysis Facebook apps
Developing Relationships Cognitive biases (returning the favor, share interests)
Exploitation People become less reasonable when in state of shock or
strong affect.
Information Gathering Stalk in social networking sites Mail-outs Forensic analysis Facebook apps
Developing Relationships Cognitive biases (returning the favor, share interests)
Exploitation People become less reasonable when in state of shock or
strong affect.
![Page 36: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/36.jpg)
Types of Social Engineering Attacks Physical Shoulder surfing Dumpster diving (ex. Argo) Tailgating War driving, chalking, walking
etc.
Online Phishing Pharming Spear phishing Vishing
Physical Shoulder surfing Dumpster diving (ex. Argo) Tailgating War driving, chalking, walking
etc.
Online Phishing Pharming Spear phishing Vishing
![Page 37: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/37.jpg)
Countermeasures Create, implement and harden security policies People easily forget policies. It needs enforcement.
Comply with physical security standards Are doors locked? Do security guards check all students for
ID?
Security Awareness Training for employees This should be done periodically.
Resistance Training for specified employees Social Engineering Land Mines (SANS, David Gragg) Call-back policy, key questions, bogus questions
Incident Response
Create, implement and harden security policies People easily forget policies. It needs enforcement.
Comply with physical security standards Are doors locked? Do security guards check all students for
ID?
Security Awareness Training for employees This should be done periodically.
Resistance Training for specified employees Social Engineering Land Mines (SANS, David Gragg) Call-back policy, key questions, bogus questions
Incident Response
![Page 38: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/38.jpg)
Web Application Attacks A lot of people are using the Internet and doing
transactions there. A lot of websites are not checked whether it is safe for
users to use. It’s possible that applications follow proper coding
standards but versions/functions are vulnerable.
A lot of people are using the Internet and doingtransactions there.
A lot of websites are not checked whether it is safe forusers to use.
It’s possible that applications follow proper codingstandards but versions/functions are vulnerable.
![Page 39: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/39.jpg)
Usual attacks: SQL Injection Cross Site Scripting (XSS) Session Hijacking Directory Traversal Cross Site Request Forgery (CSRF)
Web Goat demonstration Download it here -
https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
SQL Injection Cross Site Scripting (XSS) Session Hijacking Directory Traversal Cross Site Request Forgery (CSRF)
Web Goat demonstration Download it here -
https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
![Page 40: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/40.jpg)
Web Application Security Advice Include security in all SDLC steps. Refer to the Open Web Application Security Project
(OWASP) when writing web applications.https://www.owasp.org/
Use both source code analyzer and vulnerability scannerto check the status of your application.
Include security in all SDLC steps. Refer to the Open Web Application Security Project
(OWASP) when writing web applications.https://www.owasp.org/
Use both source code analyzer and vulnerability scannerto check the status of your application.
![Page 41: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/41.jpg)
Information Security as a DisciplineInformation Security as a Discipline
![Page 42: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/42.jpg)
Information Security as a Discipline InfoSec is a relatively new field. It is starting to grow because a lot of businesses are
transitioning to online. Virtual money is same as physical money. There are still few professionals who are in this field. Supply is low, demand is high. CS and IT major courses are good infosec foundations. You can opt to choose infosec in thesis.
InfoSec is a relatively new field. It is starting to grow because a lot of businesses are
transitioning to online. Virtual money is same as physical money. There are still few professionals who are in this field. Supply is low, demand is high. CS and IT major courses are good infosec foundations. You can opt to choose infosec in thesis.
![Page 43: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/43.jpg)
Security Certifications CompTIA – Security+ EC-Council – Certified Ethical
Hacker, Certified SecurityAnalyst, Certified Hacking &Forensics Investigator etc.
SANS – GIAC Certified ReverseEngineering Malware, IncidentHandler, Intrusion Analyst etc.
ISACA – Certified InformationSystems Auditor etc.
ISC2 – Certified InformationSystems Security Professional(CISSP), etc.
CompTIA – Security+ EC-Council – Certified Ethical
Hacker, Certified SecurityAnalyst, Certified Hacking &Forensics Investigator etc.
SANS – GIAC Certified ReverseEngineering Malware, IncidentHandler, Intrusion Analyst etc.
ISACA – Certified InformationSystems Auditor etc.
ISC2 – Certified InformationSystems Security Professional(CISSP), etc.
![Page 44: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/44.jpg)
Do we need a cybercrime law?Do we need a cybercrime law?
![Page 45: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/45.jpg)
Do we need a cybercrime law? Of course, we need one. R.A. 10175 or Cybercrime Prevention Act is a mixture of
several issues. Cybercrime Law should not only focus on the limitation
of Freedom of Expression. Cybercrime Law should protect the people.
Of course, we need one. R.A. 10175 or Cybercrime Prevention Act is a mixture of
several issues. Cybercrime Law should not only focus on the limitation
of Freedom of Expression. Cybercrime Law should protect the people.
![Page 46: Ethical Hacking & Information Security - WordPress.com · 04-12-2014 · PROTECTION = PREVENTION + (DETECTION + ... Online Phishing ... t_Project. Web Application Security Advice](https://reader034.vdocuments.net/reader034/viewer/2022051601/5ada554a7f8b9ae1768d05db/html5/thumbnails/46.jpg)
What kind of cybercrime law do we need? A law that compels for-profit organizations like banks to
follow certain best standards to protect client data foundin bank accounts.
A law that compels telecom companies to ensure thatdata that pass their infrastructure are sent and receivedto the intended recipients.
A law that compels government offices to securely storepersonal data that are found in their computer system.
A law that compels for-profit organizations like banks tofollow certain best standards to protect client data foundin bank accounts.
A law that compels telecom companies to ensure thatdata that pass their infrastructure are sent and receivedto the intended recipients.
A law that compels government offices to securely storepersonal data that are found in their computer system.