SlideShare ist ein Scribd-Unternehmen logo
1 von 21
Downloaden Sie, um offline zu lesen
Ethical Hacking
Ethical hacking
Hacker Terms
•Hacking - showing computer expertise.
•Cracking - breaking security on software or
systems
•Phreaking - cracking telecom networks
•Spoofing - faking the originating IP address in a
datagram
•Denial of Service (DoS) - flooding a host with
sufficient network traffic so that it can’t respond
anymore
•Port Scanning - searching for vulnerabilities
Legal and ethical questions?
♦ What is Ethical Hacking?
♦ Who are ethical hackers?
♦ Attack exploit the vulnerabilities
♦ Being prepared
♦ Kinds of testing
♦ Final Report
♦ Ethical hacking-commandments
♦ Suggestion
Hacking through the ages
♦ 1969 - Unix ‘hacked’ together
♦ 1971 - Cap ‘n Crunch phone exploit discovered
♦ 1988 - Morris Internet worm crashes 6,000 servers
♦ 1994 - $10 million transferred from CitiBank accounts
♦ 1995 - Kevin Mitnick sentenced to 5 years in jail
♦ 2000 - Major websites succumb to DDoS
♦ 2000 - 15,700 credit and debit card numbers stolen from Western Union
(hacked while web database was undergoing maintenance)
♦ 2001 Code Red
– exploited bug in MS IIS to penetrate & spread
– probes random IPs for systems running IIS
– had trigger time for denial-of-service attack
– 2nd
wave infected 360000 servers in 14 hours
♦ Code Red 2 - had backdoor installed to allow remote control
♦ Nimda -used multiple infection mechanisms email, shares, web client, IIS
♦ 2002 – Slammer Worm brings web to its knees by attacking MS SQL Server
Types of hacker
♦ Professional hackers
– Black Hats – the Bad Guys
– White Hats – Professional Security Experts
♦ Script kiddies
– Mostly kids/students
• User tools created by black hats,
– To get free stuff
– Impress their peers
– Not get caught
♦ Underemployed Adult Hackers
– Former Script Kiddies
• Can’t get employment in the field
• Want recognition in hacker community
• Big in eastern European countries
♦ Ideological Hackers
– hack as a mechanism to promote some political or ideological purpose
– Usually coincide with political events
Gaining access
♦ Front door
– Password guessing
– Password/key stealing
♦ Back doors
– Often left by original developers as debug and/or diagnostic tools
– Forgot to remove before release
♦ Trojan Horses
– Usually hidden inside of software that we download and install
from the net (remember nothing is free)
– Many install backdoors
♦ Software vulnerability exploitation
– Often advertised on the OEMs web site along with security
patches
– Fertile ground for script kiddies looking for something to do
Back doors & Trojans
♦ e.g. Whack-a-mole / NetBus
♦ Cable modems / DSL very vulnerable
♦ Protect with Virus Scanners, Port Scanners,
Personal Firewalls
Software vulnerability exploitation
♦ Buffer overruns
♦ HTML / CGI scripts
♦ Poor design of web applications
– Javascript hacks
– PHP/ASP/ColdFusion URL hacks
♦ Other holes / bugs in software and services
♦ Tools and scripts used to scan ports for vulnerabilities
Password guessing
♦ Default or null passwords
♦ Password same as user name (use finger)
♦ Password files, trusted servers
♦ Brute force
– make sure login attempts audited!
Ethical Hacking
♦ Independent computer security
Professionals breaking into the
computer systems.
♦ Neither damage the target
systems nor steal information.
♦ Permission is obtain from target.
♦ Part of an overall security
program.
Ethical Hackers but not Criminal
Hackers
♦ Completely trustworthy.
♦ Strong programming and computer
networking skills.
♦ Learn about the system and trying to
find its weaknesses.
♦ Techniques of Criminal hackers-
Detection-Prevention.
♦ Published research papers or released
security software.
♦ No Ex-hackers.
Who are ethical hackers?
♦ An ethical hacker is a computer and
networking expert who systematically
attempts to penetrate a computer system
or network on behalf of its owners for the
purpose of finding security
vulnerabilities that a malicious hacker
could potentially exploit.
♦ It posses same skills, mindset and tools of
hacker but attack are done in non-
destructive manner
♦ Any organization that has a network connected to
the Internet or provides an online service should
consider subjecting it to a penetration test. Various
standards such as the Payment Card Industry Data
Security Standard require companies to conduct
penetration testing from both an internal and
external perspective on an annual basis and after
any significant change in the infrastructure or
applications. Many large companies, such as IBM,
maintain employee teams of ethical hackers, while
there are plenty of firms that offer ethical hacking
as a service.
Attack-exploit the vulnerabilities
♦ Exploiting implementation of HTTP, SMTP
protocols.
♦ SQL injection.
♦ Spamming.
♦ Gaining access to application database.
♦ Free exploits from hacker website.
♦ Internally develpoed.
Being Prepared
♦ Identification of target-company websites, mail
servers, etc.
♦ Does anyone at the target What can an intruder do
with that information?
♦ Notice the intruder's attempts or successes?
♦ Signing of contract
1. Time window for attacks.
2. Total time for testing.
3. Prior knowledge of the system.
4. Key people who are made aware of the testing.
Kinds of Testing
♦ Remote Network
♦ Remote dial-up network
♦ Local network
♦ Stolen laptop computer
♦ Social engineering
♦ Physical entry
1.Total outsider
2.Semi-outsider
3.Valid user
Final Report
♦ Collection of all discoveries made during
evaluation.
♦ Specific advice on how to close the
vulnerabilities.
♦ Testers techniques never revealed.
♦ Delivered directly to an officer of the client
organization in hard-copy form.
♦ Steps to be followed by clients in future.
Ethical hacking-commandments
♦ Working ethically
1. Trustworthiness
2. Misuse for personal gain.
♦ Respecting privacy
♦ Not crashing the system.
Suggestions?
Ethical hacking

Weitere ähnliche Inhalte

Was ist angesagt?

Ethical hacking a research paper
Ethical hacking a research paperEthical hacking a research paper
Ethical hacking a research paperBilal Hameed
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolschrizjohn896
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking pptSHAHID ANSARI
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hackingSunny Sundeep
 
Hacking and Ethical Hacking
Hacking and Ethical HackingHacking and Ethical Hacking
Hacking and Ethical HackingMasih Karimi
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptShravan Sanidhya
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...Edureka!
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
 
Penetration testing
Penetration testing Penetration testing
Penetration testing PTC
 
Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Gopal Rathod
 
Full seminar report on ethical hacking
Full seminar report on ethical hackingFull seminar report on ethical hacking
Full seminar report on ethical hackingGeorgekutty Francis
 
Career in Ethical Hacking
Career in Ethical Hacking Career in Ethical Hacking
Career in Ethical Hacking neosphere
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hackingVishal Kumar
 

Was ist angesagt? (20)

Ethical hacking a research paper
Ethical hacking a research paperEthical hacking a research paper
Ethical hacking a research paper
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Cse ethical hacking ppt
Cse ethical hacking pptCse ethical hacking ppt
Cse ethical hacking ppt
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hacking and Ethical Hacking
Hacking and Ethical HackingHacking and Ethical Hacking
Hacking and Ethical Hacking
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
 
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
What is Ethical Hacking? | Ethical Hacking for Beginners | Ethical Hacking Co...
 
Introduction to Hacking
Introduction to HackingIntroduction to Hacking
Introduction to Hacking
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
 
Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575
 
Full seminar report on ethical hacking
Full seminar report on ethical hackingFull seminar report on ethical hacking
Full seminar report on ethical hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Career in Ethical Hacking
Career in Ethical Hacking Career in Ethical Hacking
Career in Ethical Hacking
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
 

Ähnlich wie Ethical hacking

Trends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yoursTrends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yoursMotherGuardians
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testingchampubhaiya8
 
Complete notes security
Complete notes securityComplete notes security
Complete notes securityKitkat Emoo
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0Q Fadlan
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks  - Ed Adams, President, Security InnovationWfh security risks  - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
It security the condensed version
It security  the condensed version It security  the condensed version
It security the condensed version Brian Pichman
 
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsCybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsSecureDocs
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for businessDaniel Thomas
 

Ähnlich wie Ethical hacking (20)

Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
 
Trends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yoursTrends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yours
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
 
Hackers
HackersHackers
Hackers
 
Hackers Cracker Network Intruder
Hackers Cracker Network IntruderHackers Cracker Network Intruder
Hackers Cracker Network Intruder
 
How to become Hackers .
How to become Hackers .How to become Hackers .
How to become Hackers .
 
Complete notes security
Complete notes securityComplete notes security
Complete notes security
 
Ethical hacking by shivam
Ethical hacking by shivamEthical hacking by shivam
Ethical hacking by shivam
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Web security
Web securityWeb security
Web security
 
9 - Security
9 - Security9 - Security
9 - Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks  - Ed Adams, President, Security InnovationWfh security risks  - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
It security the condensed version
It security  the condensed version It security  the condensed version
It security the condensed version
 
Introduction to ceh
Introduction  to cehIntroduction  to ceh
Introduction to ceh
 
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From CyberthreatsCybersecurity: Malware & Protecting Your Business From Cyberthreats
Cybersecurity: Malware & Protecting Your Business From Cyberthreats
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 

Mehr von Ravi Rajput

Audio visual round fun quiz competition
Audio visual round fun quiz competitionAudio visual round fun quiz competition
Audio visual round fun quiz competitionRavi Rajput
 
Mozilla Firefox 10 Principles
Mozilla Firefox 10 PrinciplesMozilla Firefox 10 Principles
Mozilla Firefox 10 PrinciplesRavi Rajput
 
Presentation over Wi-Fi technology
Presentation over Wi-Fi technologyPresentation over Wi-Fi technology
Presentation over Wi-Fi technologyRavi Rajput
 
UTU Syllabus for CSE & IT 2nd year
UTU Syllabus for CSE & IT 2nd yearUTU Syllabus for CSE & IT 2nd year
UTU Syllabus for CSE & IT 2nd yearRavi Rajput
 
Syllabus cs and_IT 2nd year UTU( Uttarakhand technical university)
Syllabus cs and_IT 2nd year UTU( Uttarakhand technical university)Syllabus cs and_IT 2nd year UTU( Uttarakhand technical university)
Syllabus cs and_IT 2nd year UTU( Uttarakhand technical university)Ravi Rajput
 
Computer network unit 1 notes
Computer network unit  1 notesComputer network unit  1 notes
Computer network unit 1 notesRavi Rajput
 

Mehr von Ravi Rajput (20)

Audio visual round fun quiz competition
Audio visual round fun quiz competitionAudio visual round fun quiz competition
Audio visual round fun quiz competition
 
Mozilla Firefox 10 Principles
Mozilla Firefox 10 PrinciplesMozilla Firefox 10 Principles
Mozilla Firefox 10 Principles
 
Presentation over Wi-Fi technology
Presentation over Wi-Fi technologyPresentation over Wi-Fi technology
Presentation over Wi-Fi technology
 
UTU Syllabus for CSE & IT 2nd year
UTU Syllabus for CSE & IT 2nd yearUTU Syllabus for CSE & IT 2nd year
UTU Syllabus for CSE & IT 2nd year
 
Syllabus cs and_IT 2nd year UTU( Uttarakhand technical university)
Syllabus cs and_IT 2nd year UTU( Uttarakhand technical university)Syllabus cs and_IT 2nd year UTU( Uttarakhand technical university)
Syllabus cs and_IT 2nd year UTU( Uttarakhand technical university)
 
Computer network unit 1 notes
Computer network unit  1 notesComputer network unit  1 notes
Computer network unit 1 notes
 
Cs gate-2012
Cs gate-2012Cs gate-2012
Cs gate-2012
 
Cs gate-2011
Cs gate-2011Cs gate-2011
Cs gate-2011
 
Gate-Cs 2010
Gate-Cs 2010Gate-Cs 2010
Gate-Cs 2010
 
Gate-Cs 2009
Gate-Cs 2009Gate-Cs 2009
Gate-Cs 2009
 
Gate-Cs 2008
Gate-Cs 2008Gate-Cs 2008
Gate-Cs 2008
 
Cs 2008(1)
Cs 2008(1)Cs 2008(1)
Cs 2008(1)
 
Gate-Cs 2007
Gate-Cs 2007Gate-Cs 2007
Gate-Cs 2007
 
Gate-Cs 2006
Gate-Cs 2006Gate-Cs 2006
Gate-Cs 2006
 
Cs 2003
Cs 2003Cs 2003
Cs 2003
 
Cs 2002
Cs 2002Cs 2002
Cs 2002
 
Cs 2001
Cs 2001Cs 2001
Cs 2001
 
gate-Cs 2000
gate-Cs 2000gate-Cs 2000
gate-Cs 2000
 
Gate-Cs 1999
Gate-Cs 1999Gate-Cs 1999
Gate-Cs 1999
 
Gate-Cs 1998
Gate-Cs 1998Gate-Cs 1998
Gate-Cs 1998
 

Kürzlich hochgeladen

nvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptxnvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptxjasonsedano2
 
me3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part Ame3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part Akarthi keyan
 
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...Amil baba
 
Graphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesGraphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesDIPIKA83
 
cloud computing notes for anna university syllabus
cloud computing notes for anna university syllabuscloud computing notes for anna university syllabus
cloud computing notes for anna university syllabusViolet Violet
 
UNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptxUNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptxrealme6igamerr
 
Nodal seismic construction requirements.pptx
Nodal seismic construction requirements.pptxNodal seismic construction requirements.pptx
Nodal seismic construction requirements.pptxwendy cai
 
Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...
Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...
Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...amrabdallah9
 
Renewable Energy & Entrepreneurship Workshop_21Feb2024.pdf
Renewable Energy & Entrepreneurship Workshop_21Feb2024.pdfRenewable Energy & Entrepreneurship Workshop_21Feb2024.pdf
Renewable Energy & Entrepreneurship Workshop_21Feb2024.pdfodunowoeminence2019
 
Mohs Scale of Hardness, Hardness Scale.pptx
Mohs Scale of Hardness, Hardness Scale.pptxMohs Scale of Hardness, Hardness Scale.pptx
Mohs Scale of Hardness, Hardness Scale.pptxKISHAN KUMAR
 
Guardians and Glitches: Navigating the Duality of Gen AI in AppSec
Guardians and Glitches: Navigating the Duality of Gen AI in AppSecGuardians and Glitches: Navigating the Duality of Gen AI in AppSec
Guardians and Glitches: Navigating the Duality of Gen AI in AppSecTrupti Shiralkar, CISSP
 
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...Sean Meyn
 
Modelling Guide for Timber Structures - FPInnovations
Modelling Guide for Timber Structures - FPInnovationsModelling Guide for Timber Structures - FPInnovations
Modelling Guide for Timber Structures - FPInnovationsYusuf Yıldız
 
sdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdf
sdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdfsdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdf
sdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdfJulia Kaye
 
Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...
Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...
Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...Amil baba
 
Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...sahb78428
 
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docxSUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docxNaveenVerma126
 

Kürzlich hochgeladen (20)

nvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptxnvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptx
 
me3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part Ame3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part A
 
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
 
Graphics Primitives and CG Display Devices
Graphics Primitives and CG Display DevicesGraphics Primitives and CG Display Devices
Graphics Primitives and CG Display Devices
 
cloud computing notes for anna university syllabus
cloud computing notes for anna university syllabuscloud computing notes for anna university syllabus
cloud computing notes for anna university syllabus
 
UNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptxUNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptx
 
Nodal seismic construction requirements.pptx
Nodal seismic construction requirements.pptxNodal seismic construction requirements.pptx
Nodal seismic construction requirements.pptx
 
Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...
Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...
Strategies of Urban Morphologyfor Improving Outdoor Thermal Comfort and Susta...
 
Renewable Energy & Entrepreneurship Workshop_21Feb2024.pdf
Renewable Energy & Entrepreneurship Workshop_21Feb2024.pdfRenewable Energy & Entrepreneurship Workshop_21Feb2024.pdf
Renewable Energy & Entrepreneurship Workshop_21Feb2024.pdf
 
Lecture 4 .pdf
Lecture 4                              .pdfLecture 4                              .pdf
Lecture 4 .pdf
 
Mohs Scale of Hardness, Hardness Scale.pptx
Mohs Scale of Hardness, Hardness Scale.pptxMohs Scale of Hardness, Hardness Scale.pptx
Mohs Scale of Hardness, Hardness Scale.pptx
 
Guardians and Glitches: Navigating the Duality of Gen AI in AppSec
Guardians and Glitches: Navigating the Duality of Gen AI in AppSecGuardians and Glitches: Navigating the Duality of Gen AI in AppSec
Guardians and Glitches: Navigating the Duality of Gen AI in AppSec
 
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
 
Modelling Guide for Timber Structures - FPInnovations
Modelling Guide for Timber Structures - FPInnovationsModelling Guide for Timber Structures - FPInnovations
Modelling Guide for Timber Structures - FPInnovations
 
Présentation IIRB 2024 Marine Cordonnier.pdf
Présentation IIRB 2024 Marine Cordonnier.pdfPrésentation IIRB 2024 Marine Cordonnier.pdf
Présentation IIRB 2024 Marine Cordonnier.pdf
 
sdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdf
sdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdfsdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdf
sdfsadopkjpiosufoiasdoifjasldkjfl a asldkjflaskdjflkjsdsdf
 
Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...
Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...
Best-NO1 Best Rohani Amil In Lahore Kala Ilam In Lahore Kala Jadu Amil In Lah...
 
計劃趕得上變化
計劃趕得上變化計劃趕得上變化
計劃趕得上變化
 
Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...Clutches and brkesSelect any 3 position random motion out of real world and d...
Clutches and brkesSelect any 3 position random motion out of real world and d...
 
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docxSUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
SUMMER TRAINING REPORT ON BUILDING CONSTRUCTION.docx
 

Ethical hacking

  • 3. Hacker Terms •Hacking - showing computer expertise. •Cracking - breaking security on software or systems •Phreaking - cracking telecom networks •Spoofing - faking the originating IP address in a datagram •Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore •Port Scanning - searching for vulnerabilities
  • 4. Legal and ethical questions? ♦ What is Ethical Hacking? ♦ Who are ethical hackers? ♦ Attack exploit the vulnerabilities ♦ Being prepared ♦ Kinds of testing ♦ Final Report ♦ Ethical hacking-commandments ♦ Suggestion
  • 5. Hacking through the ages ♦ 1969 - Unix ‘hacked’ together ♦ 1971 - Cap ‘n Crunch phone exploit discovered ♦ 1988 - Morris Internet worm crashes 6,000 servers ♦ 1994 - $10 million transferred from CitiBank accounts ♦ 1995 - Kevin Mitnick sentenced to 5 years in jail ♦ 2000 - Major websites succumb to DDoS ♦ 2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked while web database was undergoing maintenance) ♦ 2001 Code Red – exploited bug in MS IIS to penetrate & spread – probes random IPs for systems running IIS – had trigger time for denial-of-service attack – 2nd wave infected 360000 servers in 14 hours ♦ Code Red 2 - had backdoor installed to allow remote control ♦ Nimda -used multiple infection mechanisms email, shares, web client, IIS ♦ 2002 – Slammer Worm brings web to its knees by attacking MS SQL Server
  • 6. Types of hacker ♦ Professional hackers – Black Hats – the Bad Guys – White Hats – Professional Security Experts ♦ Script kiddies – Mostly kids/students • User tools created by black hats, – To get free stuff – Impress their peers – Not get caught ♦ Underemployed Adult Hackers – Former Script Kiddies • Can’t get employment in the field • Want recognition in hacker community • Big in eastern European countries ♦ Ideological Hackers – hack as a mechanism to promote some political or ideological purpose – Usually coincide with political events
  • 7. Gaining access ♦ Front door – Password guessing – Password/key stealing ♦ Back doors – Often left by original developers as debug and/or diagnostic tools – Forgot to remove before release ♦ Trojan Horses – Usually hidden inside of software that we download and install from the net (remember nothing is free) – Many install backdoors ♦ Software vulnerability exploitation – Often advertised on the OEMs web site along with security patches – Fertile ground for script kiddies looking for something to do
  • 8. Back doors & Trojans ♦ e.g. Whack-a-mole / NetBus ♦ Cable modems / DSL very vulnerable ♦ Protect with Virus Scanners, Port Scanners, Personal Firewalls
  • 9. Software vulnerability exploitation ♦ Buffer overruns ♦ HTML / CGI scripts ♦ Poor design of web applications – Javascript hacks – PHP/ASP/ColdFusion URL hacks ♦ Other holes / bugs in software and services ♦ Tools and scripts used to scan ports for vulnerabilities
  • 10. Password guessing ♦ Default or null passwords ♦ Password same as user name (use finger) ♦ Password files, trusted servers ♦ Brute force – make sure login attempts audited!
  • 11. Ethical Hacking ♦ Independent computer security Professionals breaking into the computer systems. ♦ Neither damage the target systems nor steal information. ♦ Permission is obtain from target. ♦ Part of an overall security program.
  • 12. Ethical Hackers but not Criminal Hackers ♦ Completely trustworthy. ♦ Strong programming and computer networking skills. ♦ Learn about the system and trying to find its weaknesses. ♦ Techniques of Criminal hackers- Detection-Prevention. ♦ Published research papers or released security software. ♦ No Ex-hackers.
  • 13. Who are ethical hackers? ♦ An ethical hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit. ♦ It posses same skills, mindset and tools of hacker but attack are done in non- destructive manner
  • 14. ♦ Any organization that has a network connected to the Internet or provides an online service should consider subjecting it to a penetration test. Various standards such as the Payment Card Industry Data Security Standard require companies to conduct penetration testing from both an internal and external perspective on an annual basis and after any significant change in the infrastructure or applications. Many large companies, such as IBM, maintain employee teams of ethical hackers, while there are plenty of firms that offer ethical hacking as a service.
  • 15. Attack-exploit the vulnerabilities ♦ Exploiting implementation of HTTP, SMTP protocols. ♦ SQL injection. ♦ Spamming. ♦ Gaining access to application database. ♦ Free exploits from hacker website. ♦ Internally develpoed.
  • 16. Being Prepared ♦ Identification of target-company websites, mail servers, etc. ♦ Does anyone at the target What can an intruder do with that information? ♦ Notice the intruder's attempts or successes? ♦ Signing of contract 1. Time window for attacks. 2. Total time for testing. 3. Prior knowledge of the system. 4. Key people who are made aware of the testing.
  • 17. Kinds of Testing ♦ Remote Network ♦ Remote dial-up network ♦ Local network ♦ Stolen laptop computer ♦ Social engineering ♦ Physical entry 1.Total outsider 2.Semi-outsider 3.Valid user
  • 18. Final Report ♦ Collection of all discoveries made during evaluation. ♦ Specific advice on how to close the vulnerabilities. ♦ Testers techniques never revealed. ♦ Delivered directly to an officer of the client organization in hard-copy form. ♦ Steps to be followed by clients in future.
  • 19. Ethical hacking-commandments ♦ Working ethically 1. Trustworthiness 2. Misuse for personal gain. ♦ Respecting privacy ♦ Not crashing the system.