ethical hacking a licence to hack
DESCRIPTION
ETHICAL HACKING A LICENCE TO HACK. Submitted By: Usha Kalkal M.Tech (1 st Sem ) Information technology . NEED OF ETHICAL HACKING. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/1.jpg)
ETHICAL HACKINGA LICENCE TO HACK
Submitted By: Usha Kalkal
M.Tech(1st Sem) Information technology
![Page 2: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/2.jpg)
Companies are worried about the possibility of being “hacked” and potential customers are worried about maintaining control of personal information.
Ethical Hacking is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them.
To catch a thief ,think like a thief.
NEED OF ETHICAL HACKING
![Page 3: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/3.jpg)
A Person who enjoys learning the details of computer systems and how to stretch their capabilities.
One who program enthusiastically.
Enjoys programming rather than just theorizing about it.
WHO IS A HACKER
![Page 4: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/4.jpg)
Kind of Hackers Old School Hackers: 1960s style Stanford or MIT hackers. Do not have
malicious intent, but do have lack of concern for privacy and proprietary information. They believe the Internet was designed to be an open system.
Script Kiddies or Cyber-criminals: Between 12-30; bored in school; get caught due to bragging online; intent is to vandalize or disrupt systems.
Professional Criminals or Crackers: Make a living by breaking into systems and selling the information.
Coders and Virus Writers: See themselves as an elite; programming background and write code but won’t use it themselves; have their own networks called “zoos”; leave it to others to release their code into “The Wild” or Internet.
![Page 5: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/5.jpg)
EFFECT OF ATTACKS ON VARIOUS SITES
Source: CERT-India
January - 2005June 01, 2004 to Dec.31, 2004
Domains No of Defacements
.com 922
.gov.in 24
.org 53
.net 39
.biz 12
.co.in 48
.ac.in 13
.info 3
.nic.in 2
.edu 2
other 13
Total 1131
Defacement Statistics for Indian Websites
![Page 6: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/6.jpg)
Source: CERT/CCTotal Number of Incidents
INCREMENT IN ATTACKS WITH TIME
![Page 7: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/7.jpg)
Ethical hacking is a scheme of having independent computer security professionals who attempt to break into the system to find vulnerabilities in the system.
Dynamic process.
Also known as penetration testing.
Neither damage the target systems nor steal information.
Evaluate target systems security and report back to owners about the vulnerabilities found.
INTRODUCTION
![Page 8: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/8.jpg)
8
The Role of Security and Penetration Testers
Hackers◦ Access computer system or network without
authorization◦ Breaks the law; can go to prison
Crackers◦ Break into systems to steal or destroy data◦ U.S. Department of Justice calls both hackers
Ethical hacker◦ Performs most of the same activities but with owner’s
permission
![Page 9: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/9.jpg)
Someone who is Skilled
Programming and networking skills Installation and maintenance skills System management skills
Knowledgeable Hardware and software
Trustworthy Patient and Persistent Certified
The “Ethical Hacker”
![Page 10: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/10.jpg)
10
Get Out of Jail Free Card
When doing a penetration test, have a written contract giving you permission to attack the network
Using a contract is just good business Contracts may be useful in court Have an attorney read over your contract
before sending or signing it
![Page 11: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/11.jpg)
Black Hat Hacker: Use knowledge for personal gain.
White Hat Hacker: Use skills for defensive purposes.
Grey Hat Hacker: Work both offensively & defensively.
TYPES OF HACKER
![Page 12: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/12.jpg)
Five steps of hacking:
1. Footprinting2. Scanning and enumeration3. Gaining access4. Maintaining access5. Clearing tracks
METHODOLOGY OF HACKING
![Page 13: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/13.jpg)
• ObjectiveTarget Address range, namespace, acquisition and information gathering are essential to a surgical attack.• Techniques & Tools1. Open source search2. Samspade3. Email tracker & visual route
FOOTPRINTING
![Page 14: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/14.jpg)
• Objective Make blue print of target network.• Techniques & Tools1. War dialing2. Pinger3. Port Scanning4. Nmap(Network Mapper)5. Enumeration
SCANNING & ENUMERATION
![Page 15: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/15.jpg)
• Objective Enough data has been gathered at this point to make an
informed attempt to access the target.• Techniques & Tools1. Password eavesdropping2. LoftCrack3. Priviledge Escalation4. Metaspoilt5. Man in Middle Attack
GAINING ACCESS
![Page 16: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/16.jpg)
• Objective Now hacker is inside the system. Next aim is to make an
easier path to get in when he comes next time.• Techniques & Tools1. Key Stroke Logger 2. Create rogue user accounts3. Infect startup files4. Install monitoring mechanisms5. Wrappers6. Replace applications with trojans7. Elitewrap
MAINTAINING ACCESS
![Page 17: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/17.jpg)
• Objective Once total ownership of the target is secured, hiding the
fact that hacker is here from system administrators becomes paramount.
• Techniques & Tools1. Auditpol.exe2. Eslave3. Evidence Eliminator4. Winzapper
CLEARING TRACKS
![Page 18: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/18.jpg)
Viruses, Trojan Horses,
and Worms
SocialEngineering
AutomatedAttacks
Accidental Breaches in
Security Denial ofService (DoS)
OrganizationalAttacks
RestrictedData
Different kinds of system attacks
![Page 19: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/19.jpg)
SITE BEFORE ATTACK
![Page 20: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/20.jpg)
SITE AFTER ATTACK
![Page 21: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/21.jpg)
Helps in closing the open holes in the system network
Provides security to banking and financial establishments
Prevents website defacements An evolving technique
ADVANTAGES
![Page 22: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/22.jpg)
All depends upon the trustworthiness of the ethical hacker.
Hiring professionals is expensive.
DISADVANTAGES
![Page 23: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/23.jpg)
Main aim of seminar is to make you understand that there are so many tools through which a hacker can get in to a system.
Various needs from various perspectives: Student: A student should understand that no software is
made with zero Vulnerabilities. Professionals: Professionals should understand that
business is directly related to Security. So they should make new software with vulnerabilities as less as possible.
Users: If software is highly secure but user is unaware of security then it would be like a secured building with all doors open by insider.
CONCLUSION
![Page 24: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/24.jpg)
REFERENCES
1. http://netsecurity.about.com2. http://researchweb.watson.ibm.com3. http://www.eccouncil.org4. http://www.ethicalhacker.net5. http://www.infosecinstitute.com6. http://searchsecurity.techtarget.com
![Page 25: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/25.jpg)
THANK YOU
![Page 26: ETHICAL HACKING A LICENCE TO HACK](https://reader036.vdocument.in/reader036/viewer/2022062400/56816874550346895ddee665/html5/thumbnails/26.jpg)
QUERIES?