login as: root
root@192.168.XXXX's password:
Last login: Wed Nov 23 17:56:56 2011 from 192.168.52.41
[root@citsn2 ~]# su - oracle
[oracle@citsn2 ~]$ . oraenv
ORACLE_SID = [XXXX] ?
The Oracle base for ORACLE_HOME=/u01/app/oracle/product/11.1.0/db_1 is /u01/app/ oracle
[oracle@XXXX ~]$
[oracle@XXXX bin]$ ./rman target system/*******
Recovery Manager: Release 11.2.0.1.0 - Production on Thu Nov 24 08:57:41 2011
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
connected to target database: XXXX (DBID=80161685)
RMAN> show all;
using target database control file instead of recovery catalog
RMAN configuration parameters for database with db_unique_name XXXX are:
CONFIGURE RETENTION POLICY TO REDUNDANCY 1; # default
CONFIGURE BACKUP OPTIMIZATION OFF; # default
CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default
CONFIGURE CONTROLFILE AUTOBACKUP OFF; # default
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '%F'; # default
CONFIGURE DEVICE TYPE DISK PARALLELISM 1 BACKUP TYPE TO BACKUPSET; # default
CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE MAXSETSIZE TO UNLIMITED; # default
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
CONFIGURE COMPRESSION ALGORITHM 'BASIC' AS OF RELEASE 'DEFAULT' OPTIMIZE FOR LOAD TRUE ; # default
CONFIGURE ARCHIVELOG DELETION POLICY TO NONE; # default
CONFIGURE SNAPSHOT CONTROLFILE NAME TO '/u01/app/oracle/product/11.1.0/db_1/dbs/snapcf_XXXX.f'; # default
RMAN> CONFIGURE CONTROLFILE AUTOBACKUP ON;
new RMAN configuration parameters:
CONFIGURE CONTROLFILE AUTOBACKUP ON;
new RMAN configuration parameters are successfully stored
RMAN> CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '/u01/Backups/cf%F';
new RMAN configuration parameters:
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '/u01/Backups/cf%F';
new RMAN configuration parameters are successfully stored
RMAN> show all;
RMAN configuration parameters for database with db_unique_name XXXX are:
CONFIGURE RETENTION POLICY TO REDUNDANCY 1; # default
CONFIGURE BACKUP OPTIMIZATION OFF; # default
CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default
CONFIGURE CONTROLFILE AUTOBACKUP ON;
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '/u01/Backups/cf%F';
CONFIGURE DEVICE TYPE DISK PARALLELISM 1 BACKUP TYPE TO BACKUPSET; # default
CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE MAXSETSIZE TO UNLIMITED; # default
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
CONFIGURE COMPRESSION ALGORITHM 'BASIC' AS OF RELEASE 'DEFAULT' OPTIMIZE FOR LOAD TRUE ; # default
CONFIGURE ARCHIVELOG DELETION POLICY TO NONE; # default
CONFIGURE SNAPSHOT CONTROLFILE NAME TO '/u01/app/oracle/product/11.1.0/db_1/dbs/snapcf_OWIMAGE.f'; # default
RMAN> CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
new RMAN configuration parameters:
CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
new RMAN configuration parameters are successfully stored
RMAN> show all;
RMAN configuration parameters for database with db_unique_name XXXX are:
CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
CONFIGURE BACKUP OPTIMIZATION OFF; # default
CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default
CONFIGURE CONTROLFILE AUTOBACKUP ON;
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '/u01/Backups/cf%F';
CONFIGURE DEVICE TYPE DISK PARALLELISM 1 BACKUP TYPE TO BACKUPSET; # default
CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE MAXSETSIZE TO UNLIMITED; # default
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
CONFIGURE COMPRESSION ALGORITHM 'BASIC' AS OF RELEASE 'DEFAULT' OPTIMIZE FOR LOAD TRUE ; # default
CONFIGURE ARCHIVELOG DELETION POLICY TO NONE; # default
CONFIGURE SNAPSHOT CONTROLFILE NAME TO '/u01/app/oracle/product/11.1.0/db_1/dbs/snapcf_XXXX.f'; # default
RMAN> exit
Recovery Manager complete.
[root@citsn2 ~]# su - oracle
[oracle@citsn2 XXXX]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Thu Nov 24 09:59:58 2011
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> create tablespace rman_tbs datafile '/u02/oracle/oradata/XXXX/rman_tbs01.dbf' size 100M autoextend on extent management local segment space management auto;
Tablespace created.
SQL> create user rman identified by rman001 default tablespace rman_tbs temporary tablespace temp;
User created.
SQL> grant connect,resource,recovery_catalog_owner to rman;
Grant succeeded.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@citsn2 OWIMAGE]$ ./rman catalog rman/rman001
-bash: ./rman: No such file or directory
[oracle@citsn2 OWIMAGE]$ cd $ORACLE_HOME/bin
[oracle@citsn2 bin]$ ./rman catalog rman/password
Recovery Manager: Release 11.2.0.1.0 - Production on Thu Nov 24 10:01:24 2011
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
connected to recovery catalog database
RMAN> create catalog
recovery catalog created
RMAN> exit
Recovery Manager complete.
[oracle@citsn2 bin]$ ./rman catalog rman/password@XXXX target /
Recovery Manager: Release 11.2.0.1.0 - Production on Thu Nov 24 10:02:33 2011
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
connected to target database: XXXX (DBID=8XXXX85)
connected to recovery catalog database
RMAN> register database
2> ;
database registered in recovery catalog
starting full resync of recovery catalog
full resync complete
RMAN> exit
Recovery Manager complete.
[oracle@citsn2 bin]$ ./rman catalog rman/******@XXXX target /
Recovery Manager: Release 11.2.0.1.0 - Production on Thu Nov 24 10:03:44 2011
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
connected to target database: XXXX (DBID=8XXXX85)
connected to recovery catalog database
RMAN> show all;
RMAN configuration parameters for database with db_unique_name XXXX are:
CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
CONFIGURE BACKUP OPTIMIZATION OFF; # default
CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default
CONFIGURE CONTROLFILE AUTOBACKUP ON;
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '/u01/Backups/cf%F';
CONFIGURE DEVICE TYPE DISK PARALLELISM 1 BACKUP TYPE TO BACKUPSET; # default
CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE MAXSETSIZE TO UNLIMITED; # default
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
CONFIGURE COMPRESSION ALGORITHM 'BASIC' AS OF RELEASE 'DEFAULT' OPTIMIZE FOR LOAD TRUE ; # default
CONFIGURE ARCHIVELOG DELETION POLICY TO NONE; # default
CONFIGURE SNAPSHOT CONTROLFILE NAME TO '/u01/app/oracle/product/11.1.0/db_1/dbs/snapcf_OWIMAGE.f'; # default
RMAN> configure channel device type disk format '/u01/Backups/rmancits1_%U';
new RMAN configuration parameters:
CONFIGURE CHANNEL DEVICE TYPE DISK FORMAT '/u01/Backups/rmancits1_%U';
new RMAN configuration parameters are successfully stored
starting full resync of recovery catalog
full resync complete
RMAN> show all;
RMAN configuration parameters for database with db_unique_name XXXX are:
CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
CONFIGURE BACKUP OPTIMIZATION OFF; # default
CONFIGURE DEFAULT DEVICE TYPE TO DISK; # default
CONFIGURE CONTROLFILE AUTOBACKUP ON;
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '/u01/Backups/cf%F';
CONFIGURE DEVICE TYPE DISK PARALLELISM 1 BACKUP TYPE TO BACKUPSET; # default
CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE CHANNEL DEVICE TYPE DISK FORMAT '/u01/Backups/rmancits1_%U';
CONFIGURE MAXSETSIZE TO UNLIMITED; # default
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
CONFIGURE COMPRESSION ALGORITHM 'BASIC' AS OF RELEASE 'DEFAULT' OPTIMIZE FOR LOAD TRUE ; # default
CONFIGURE ARCHIVELOG DELETION POLICY TO NONE; # default
CONFIGURE SNAPSHOT CONTROLFILE NAME TO '/u01/app/oracle/product/11.1.0/db_1/dbs/snapcf_XXXX.f'; # default
RMAN>
Wednesday, December 7, 2011
Components of Penetration test report
Components of Penetration test report are as below
Introduction
Global targets
Global target Summary
Attack Flow Diagram
Global target Summary Report
External Network Assessment
Introduction
Detailed targets
Detailed target Results
Known Network Layout
Internal DMZ Network Assessment
Introduction
Detailed targets
Detailed target Results
Known network layout
Internal Management Network Assessment
Introduction
Detailed targets
Detailed target Results
Known network layout
Social Engineering
Domain Controller
Recommendations
Conclusions
Appendix
Scoping is one of the more significant and frequently overlooked elements of a penetration test. If the test implies our Internet connection like almost penetration tests do ), then explicitly define which network addresses are to be examined, which web hosts, which mail systems and so on. As well specify which systems we do not need examined. exclusion could be :
Crucial production systems
Systems belonging to clients
Remote access systems - modems, VPN devices, etc
We may as well need to except some types of examinations, such as Denial of Service ( DoS ) runs, and war-dialing examinations which call in a number of phone lines searching modems. These tests are really likely to be disruptive to convention operation
Introduction
Global targets
Global target Summary
Attack Flow Diagram
Global target Summary Report
External Network Assessment
Introduction
Detailed targets
Detailed target Results
Known Network Layout
Internal DMZ Network Assessment
Introduction
Detailed targets
Detailed target Results
Known network layout
Internal Management Network Assessment
Introduction
Detailed targets
Detailed target Results
Known network layout
Social Engineering
Domain Controller
Recommendations
Conclusions
Appendix
Scoping is one of the more significant and frequently overlooked elements of a penetration test. If the test implies our Internet connection like almost penetration tests do ), then explicitly define which network addresses are to be examined, which web hosts, which mail systems and so on. As well specify which systems we do not need examined. exclusion could be :
Crucial production systems
Systems belonging to clients
Remote access systems - modems, VPN devices, etc
We may as well need to except some types of examinations, such as Denial of Service ( DoS ) runs, and war-dialing examinations which call in a number of phone lines searching modems. These tests are really likely to be disruptive to convention operation
Tuesday, July 12, 2011
Network Vulnerability Assessment work out steps
· Finding all the hosts on the network
· Fingerprinting their Operating systems
· Detecting open ports on the system
· Mapping the ports to various network services
· Detecting the version of the services running
· Mapping the service version to various discovered security vulnerabilities
· Verifying if the service on the host is actually vulnerable to an attack or
if it has been patched
· Fingerprinting their Operating systems
· Detecting open ports on the system
· Mapping the ports to various network services
· Detecting the version of the services running
· Mapping the service version to various discovered security vulnerabilities
· Verifying if the service on the host is actually vulnerable to an attack or
if it has been patched
How an organization can meet its ethical and legal obligation by security assessment and penetration testing?
In order to offer a robust and adaptable assessment measured, it is essential that we realize necessary measures needed in general to protect organizational information assets. This lets in several technical, operational and managerial prospects to protect the confidentiality, integrity, and availability of the organization system and its data. These assesses are required to achieve organizational objectives, protect information assets, fulfill legal obligations, and protect interest of several stakeholders.
In order to protect organizational information, companies frequently take appraises to assure the availability, confidentiality and integrity of information or to assure approach for authorized individuals only. These quantifies include security concepts, authorization concepts and firewall systems of rules. Nevertheless, building these sorts of security systems is no assured that the legal essentials are met. Instead, the system’s compliance with the legal essentials and conditions must be assured for all individual case. Penetration tests are an appropriate means of verifying the strength of such criteria in certain area
In order to protect organizational information, companies frequently take appraises to assure the availability, confidentiality and integrity of information or to assure approach for authorized individuals only. These quantifies include security concepts, authorization concepts and firewall systems of rules. Nevertheless, building these sorts of security systems is no assured that the legal essentials are met. Instead, the system’s compliance with the legal essentials and conditions must be assured for all individual case. Penetration tests are an appropriate means of verifying the strength of such criteria in certain area
safeguards to ensure that an ethical hacker does not turn malicious
When executing ethical hacking is the correct thing from a security viewpoint, much conduct may unintentionally produce avoidable legal and contractual exposure while advanced precautions are not taken.
The legal responsibilities based on what information and processes are at issue and what methods may be applied will be influenced by who will carry the testing. Whenever the testing is done by a third party, then further analysis and dissimilar contract provisions may be at issue. For instance, a third-party ethical hacker might not be a broker or otherwise be authorized with the same rights of the company. As an outcome, what a company employee might allow could be disallowed when a third party does the correct conduct. As well, laws or contracts may prohibit or make additional necessaries for third-party disclosures, needing further steps or measures to cut down exposure. There should be an express written realizing between the company and the ethical hacker as to the scope and whatever bounds of the engagement.
The legal responsibilities based on what information and processes are at issue and what methods may be applied will be influenced by who will carry the testing. Whenever the testing is done by a third party, then further analysis and dissimilar contract provisions may be at issue. For instance, a third-party ethical hacker might not be a broker or otherwise be authorized with the same rights of the company. As an outcome, what a company employee might allow could be disallowed when a third party does the correct conduct. As well, laws or contracts may prohibit or make additional necessaries for third-party disclosures, needing further steps or measures to cut down exposure. There should be an express written realizing between the company and the ethical hacker as to the scope and whatever bounds of the engagement.
Sunday, June 19, 2011
Metasploit Commands
Help (or '?') – shows the existing commands in msfconsole
show exploits – shows the exploits we can run
show payloads – shows the various payload options we can execute on the exploited system such as spawn a command shell, uploading programs to run.
info exploit [exploit name] – shows a description of a particular exploit name along with its various options and requirements
info payload [payload name] – shows a description of a particular payload name along with its various options and requirements
use [exploit name] – instructs msfconsole to enter into a particular exploit's environment
show options – shows the various parameters for the specific exploit we're functioning with
show payloads – shows the payloads compatible with the specific exploit we're working with
set PAYLOAD – allows we to set the specific payload for exploit
show targets – shows the existing target OSs and applications that can be exploited
set TARGET – allows we to select our specific target OS/application
set RHOST – allows we to set our target host's IP address
set LHOST – allows we to set the local host's IP address for the reverse communications needed to open the reverse command shell
back – allows us to exit the present exploit environment we've loaded and go back to the main msfconsole prompt
show exploits – shows the exploits we can run
show payloads – shows the various payload options we can execute on the exploited system such as spawn a command shell, uploading programs to run.
info exploit [exploit name] – shows a description of a particular exploit name along with its various options and requirements
info payload [payload name] – shows a description of a particular payload name along with its various options and requirements
use [exploit name] – instructs msfconsole to enter into a particular exploit's environment
show options – shows the various parameters for the specific exploit we're functioning with
show payloads – shows the payloads compatible with the specific exploit we're working with
set PAYLOAD – allows we to set the specific payload for exploit
show targets – shows the existing target OSs and applications that can be exploited
set TARGET – allows we to select our specific target OS/application
set RHOST – allows we to set our target host's IP address
set LHOST – allows we to set the local host's IP address for the reverse communications needed to open the reverse command shell
back – allows us to exit the present exploit environment we've loaded and go back to the main msfconsole prompt
Security management plan reduces the disaster risks
Security management plan offers an efficient way to deploy information security inside the organization. Its approach supports trade goals and provides a manner to demonstrate compliance with associated regulatory & statutory requirements. Moreover, the service reduces cost, time & resources for security management plan permit the organization to concentrate on other activities. A disaster can be a natural or man-made hazard. A natural disaster is a result when a natural hazard (ie Sunami or earthquake) affects humans and the build surroundings. Man-made disasters are disasters consequential from man-made hazards.
Disaster recovery phases
1. Activation Phase: In this phase, the disaster effects are assessed and announced.
The activation phase involves:
• Notification procedures
• Damage assessment
• Disaster recovery activation planning
2. Execution Phase: Recovery operations begin just following the disaster recovery plan has been activated, suitable operations staff has been notified and suitable teams have been mobilized. The activities of this phase concentrate on bringing up the disaster recovery system. Depending on the recovery strategies define in the plan; these functions could contain momentary manual processing, recovery and operation on an alternate system, or relocation and recovery at an alternate site.
3. Reconstitution Phase: In this phase the original system is restored and execution phase procedures are stopped.
The following main activities arise in this phase:
• Shut down the incident system
• Terminate incident operations
• make sure that all needed infrastructure services, such as power, water, telecommunications, security, environmental controls, office equipment, and supplies, are outfitted
• Secure, eliminate, and relocate all sensitive materials at the incident site
• Place for operations staff to return to the original facility
• Constantly monitor the site or facility's fitness for reoccupation
• confirm that the site is free from after effects of the disaster and that there are no more threats
• create connectivity among internal and external systems
• Test system operations to ensure full functionality
• Install system hardware, software, and firmware
The activation phase involves:
• Notification procedures
• Damage assessment
• Disaster recovery activation planning
2. Execution Phase: Recovery operations begin just following the disaster recovery plan has been activated, suitable operations staff has been notified and suitable teams have been mobilized. The activities of this phase concentrate on bringing up the disaster recovery system. Depending on the recovery strategies define in the plan; these functions could contain momentary manual processing, recovery and operation on an alternate system, or relocation and recovery at an alternate site.
3. Reconstitution Phase: In this phase the original system is restored and execution phase procedures are stopped.
The following main activities arise in this phase:
• Shut down the incident system
• Terminate incident operations
• make sure that all needed infrastructure services, such as power, water, telecommunications, security, environmental controls, office equipment, and supplies, are outfitted
• Secure, eliminate, and relocate all sensitive materials at the incident site
• Place for operations staff to return to the original facility
• Constantly monitor the site or facility's fitness for reoccupation
• confirm that the site is free from after effects of the disaster and that there are no more threats
• create connectivity among internal and external systems
• Test system operations to ensure full functionality
• Install system hardware, software, and firmware
Ethical and legal obligation by security assessment and penetration testing
Ethical and legal obligation by security assessment and penetration testing
In order to offer a robust and adaptable assessment measured, it is essential that we realize necessary measures needed in general to protect organizational information assets. This lets in several technical, operational and managerial prospects to protect the confidentiality, integrity, and availability of the organization system and its data. These assesses are required to achieve organizational objectives, protect information assets, fulfill legal obligations, and protect interest of several stakeholders.
In order to protect organizational information, companies frequently take appraises to assure the availability, confidentiality and integrity of information or to assure approach for authorized individuals only. These quantifies include security concepts, authorization concepts and firewall systems of rules. Nevertheless, building these sorts of security systems is no assured that the legal essentials are met. Instead, the system’s compliance with the legal essentials and conditions must be assured for all individual case. Penetration tests are an appropriate means of verifying the strength of such criteria in certain area
Ethical and legal obligations of an ethical hacker that bound his action. What are the safeguards to ensure that an ethical hacker does not turn maliciousWhen executing ethical hacking is the correct thing from a security viewpoint, much conduct may unintentionally produce avoidable legal and contractual exposure while advanced precautions are not taken.
The legal responsibilities based on what information and processes are at issue and what methods may be applied will be influenced by who will carry the testing. Whenever the testing is done by a third party, then further analysis and dissimilar contract provisions may be at issue. For instance, a third-party ethical hacker might not be a broker or otherwise be authorized with the same rights of the company. As an outcome, what a company employee might allow could be disallowed when a third party does the correct conduct. As well, laws or contracts may prohibit or make additional necessaries for third-party disclosures, needing further steps or measures to cut down exposure. There should be an express written realizing between the company and the ethical hacker as to the scope and whatever bounds of the engagement.
In order to offer a robust and adaptable assessment measured, it is essential that we realize necessary measures needed in general to protect organizational information assets. This lets in several technical, operational and managerial prospects to protect the confidentiality, integrity, and availability of the organization system and its data. These assesses are required to achieve organizational objectives, protect information assets, fulfill legal obligations, and protect interest of several stakeholders.
In order to protect organizational information, companies frequently take appraises to assure the availability, confidentiality and integrity of information or to assure approach for authorized individuals only. These quantifies include security concepts, authorization concepts and firewall systems of rules. Nevertheless, building these sorts of security systems is no assured that the legal essentials are met. Instead, the system’s compliance with the legal essentials and conditions must be assured for all individual case. Penetration tests are an appropriate means of verifying the strength of such criteria in certain area
Ethical and legal obligations of an ethical hacker that bound his action. What are the safeguards to ensure that an ethical hacker does not turn maliciousWhen executing ethical hacking is the correct thing from a security viewpoint, much conduct may unintentionally produce avoidable legal and contractual exposure while advanced precautions are not taken.
The legal responsibilities based on what information and processes are at issue and what methods may be applied will be influenced by who will carry the testing. Whenever the testing is done by a third party, then further analysis and dissimilar contract provisions may be at issue. For instance, a third-party ethical hacker might not be a broker or otherwise be authorized with the same rights of the company. As an outcome, what a company employee might allow could be disallowed when a third party does the correct conduct. As well, laws or contracts may prohibit or make additional necessaries for third-party disclosures, needing further steps or measures to cut down exposure. There should be an express written realizing between the company and the ethical hacker as to the scope and whatever bounds of the engagement.
Different techniques of footprinting and how they can be used as a baseline for other stages of hacking
Web Search: Scan the web for:
· Phone Numbers, Contact Names, electronic mail Addresses, and individual Details
· Current Events
· Mergers, scandals, layoffs, etc. create security holes
· Privacy or Security Policies, and Technical Details Indicating the Types of Security Mechanisms in Place
· Extract data from Usenet
· Review Groups.google.com
· Search for Employee Resumes
· Perform Google Hacking
Whois is a database that holds registration records of whole available domain names. Holds thrall information on each internet web site, containing domain name, company name and its destination, administrator name, administrator contact data, technical contact data, and when the name was registered. The Whois customer is accessible by default on UNIX/LINUX based system and essential to be downloaded for the windows OS. Armed with this data an individual could go to the yellow pages and find more about the WWW site.
Traceroute essentially does what its name means. It traces the packet and reads the route in which it takes. It is commonly used to detect network troubles.
NSLookup admits us to query the DNS database from whatever computer on the network. This may also be used to determine which computers are with the network and what are there uses in the network infrastructure. It is as well used to exhibits all current TCP/UDP connections, and to list the routing table which are significant to decide the activities the OS has been doing.
· Phone Numbers, Contact Names, electronic mail Addresses, and individual Details
· Current Events
· Mergers, scandals, layoffs, etc. create security holes
· Privacy or Security Policies, and Technical Details Indicating the Types of Security Mechanisms in Place
· Extract data from Usenet
· Review Groups.google.com
· Search for Employee Resumes
· Perform Google Hacking
Whois is a database that holds registration records of whole available domain names. Holds thrall information on each internet web site, containing domain name, company name and its destination, administrator name, administrator contact data, technical contact data, and when the name was registered. The Whois customer is accessible by default on UNIX/LINUX based system and essential to be downloaded for the windows OS. Armed with this data an individual could go to the yellow pages and find more about the WWW site.
Traceroute essentially does what its name means. It traces the packet and reads the route in which it takes. It is commonly used to detect network troubles.
NSLookup admits us to query the DNS database from whatever computer on the network. This may also be used to determine which computers are with the network and what are there uses in the network infrastructure. It is as well used to exhibits all current TCP/UDP connections, and to list the routing table which are significant to decide the activities the OS has been doing.
Saturday, June 18, 2011
The direct and indirect consequences of email hacking in an organization
In several countries, email hacking is classed as a third-degree felony. This is a critical violation that can direct to prison time and hefty fines, even as a initiative conviction. If we have accessed some other person's email, we may be shocked while we observe that they have chosen to press charges against us. Nevertheless, it is their legal right to push charges if they want, even if you have a present-day or historical relationship to the person. Family, friends, exes, present partners, coworkers, and others have been committed with email hacking.
If you have accessed some other individual's email for the use of defrauding him or her, or to obtain property (documents, photos, files, and so on.) from him or her, the charge may be advanced to a second-degree felony under law.
Penalties
For a third-degree felony judgment of conviction, an email hacker can anticipate to face the following penalties
• Up to 5 years in prison
• Up to $5,000 in fines
A charge that has been elevated to a second-degree felony may contain the following penalties if guilty:
• Up to 15 years in prison
• Up to $10,000 in fines
As well these court-ordered penalties, you will be needed to register as a criminal with the state. This can negatively affect your individual and professional reputation and can make it hard for you to discover or keep a occupation, apply to school, or assure a loan. It is therefore significant to look up with a outlaw defense attorney as soon as you find out that you have been charged with email hacking. An knowledgeable criminal attorney will fight to guard your case and will assure that your legitimate rights are saved throughout your continuing.
If you have accessed some other individual's email for the use of defrauding him or her, or to obtain property (documents, photos, files, and so on.) from him or her, the charge may be advanced to a second-degree felony under law.
Penalties
For a third-degree felony judgment of conviction, an email hacker can anticipate to face the following penalties
• Up to 5 years in prison
• Up to $5,000 in fines
A charge that has been elevated to a second-degree felony may contain the following penalties if guilty:
• Up to 15 years in prison
• Up to $10,000 in fines
As well these court-ordered penalties, you will be needed to register as a criminal with the state. This can negatively affect your individual and professional reputation and can make it hard for you to discover or keep a occupation, apply to school, or assure a loan. It is therefore significant to look up with a outlaw defense attorney as soon as you find out that you have been charged with email hacking. An knowledgeable criminal attorney will fight to guard your case and will assure that your legitimate rights are saved throughout your continuing.
Subscribe to:
Posts (Atom)
Posts
