Description: This video is part of the computer/information/cyber security and ethical hacking lecture series; by Z. Cliffe Schreuders at Leeds Beckett University. Laboratory work sheets, slides, and other open educational resources are available at http://z.cliffe.schreuders.org.
The slides themselves are creative commons licensed CC-BY-SA, and images used are licensed as individually attributed.
Topics covered in this lecture include:
hat are ethics?
What do you think of when you hear the term “ethics”?
More than...
Feelings?
Feelings = right and wrong?
Religion?
Atheists?
Societal norms?
Nazis?
More than...
Law = ethics?
Legal but unethical? (Previously slavery)
Illegal but ethical? (Drinking alcohol during the Prohibition in the US?)
Ethics is
Ethics is the study of moral beliefs and actions
Finding out what people believe is moral
Methods for deciding which actions are moral
Can be a code of conduct
Human rights
Human rights are inherently entitled fundamental rights
Right to life
Freedom from injury
Freedom from slavery
Personal liberty
Freedom of thought and expression
Privacy
Standards of ethics supported by well-founded reasons
How to decide if something is ethical?
Virtue ethics: there are a set of virtues/rules that should be applied
Hedonism: maximise pleasure, minimise pain
Various interpretations
Utilitarianism: maximise the overall good to the society
Whatever action maximises the aggregate good
How to decide if something is ethical?
Consequentialism: the ends justify the means, its the outcome that matters
State consequentialism: order, wealth, population of a state
Deontology: “duty ethics”, what matters is the rules or duties the person was following and the actions taken
Ends do not justify means, the motives and actions are what is important (for example, it is always best to tell the truth no matter the consequences)
How to decide if something is ethical?
Ethical egoism: the right to do what is in a person's self-interest
Ethical altruism: the obligation to help others
Applied ethics
How do you apply these concepts to make decisions?
Consider these questions in terms of ethics and/or legality
Please try to make sure both sides of the argument are presented
Hack back
You identify from your log files the IP address of someone attacking your system. The attack is ongoing.
Is it ok to:
Lookup the IP address? Discover their location / ISP?
Port scan the system?
If you find a vulnerability, attack back?
You manage to identify the attacker, what do you do?
Pen test scope
You are hired to do a security test of a company's web app and web server. You suspect that the database server, which is hosted by another company is vulnerable.
Is it ok to do a pen test on this system?
Ethically, when is it ok to try to break into a system?
Grey hat hacker
A self-professed “white hat hacker” contacts you out of the blue with details of how he managed to attack your servers. He made some modifications and accessed some data, to demonstrate the attack.
Is he acting ethically?
What should you do?
You are looking to employ more to work on the security team. Would you hire him?
Hiring crackers
You are hiring people to work for your company. Would you hire a convicted hacker?
Why / under what circumstances?
Scanning
Is it ethical to scan a network you don’t control?
Ping?
Port scan?
Banner grab?
Vulnerability analysis?
Is it ethical to publish a list of the results to the Internet?
MITM employees
Is it ethical to allow network administrators to inspect the Internet traffic of employees?
Is it ethical to require employees to install your own CA certificate on their work computers? (This enables MITM against encrypted connections.)
How about on their home computers?
Internet census
The Carna Botnet was created by an anonymous author, it spread via insecure devices (with default passwords) it scanned the entire IPv4 Internet. The results were published online.
Was this ethical?
Would it be ethical to use the results for your own research?
Zmap can also scan the entire IPv4 Internet
Is this ethical?
Data in the wild
If data has been collected using illegal or unethical means, is it ethical to later analyse that data?
For example, the results from medical experiments conducted by Nazi Germany
Tor
For More Information Please Visit:- http://z.cliffe.schreuders.org/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.