The document discusses ethical hacking, including its history, types of hackers, hacking process phases, required skills, and advantages/disadvantages. Ethical hacking involves legally testing a system's security vulnerabilities to improve defenses, unlike black hat hacking which involves illegal access. The document also provides examples of hacking tools, common attack types organizations face, and discusses the Certified Ethical Hacker certification.
2. CONTENTS
INTRODUCTION
ETHICAL HACKING
HISTORY OF ETHICAL HACKING
HACKERS
TYPES OF HACKERS
PHASES OF HACKING PROCESS
WHY WE NEED ETHICAL HACKING
REQURIED SKILLS
WHAT TO DO AFTER ETHICAL HACKING
CASE STUDY
ADVANTAGE
DISADVANTAGE
CEH
FUTURE SCOPE AND CONCLUTION
3. INTRODUCTION
What is HACKING?
Why we need this?
The main purpose of this study is to
reveal the brief idea of the ethical
hacking and its affairs with the
corporate security.
What to do after hacking?
4. ETHICAL HACKING
Hacking is usually done to gain
unauthorized access to a computer
system or computer network.
Ethical hacking is legal.
Different from unethical hacking
5. HISTORY OF ETHICAL HACKING
The phrase “ethical
hacking” was first
used in 1995 by IBM
Vice president John
Patrick.
Origin of hacker
Phreaking and tiger
team
Rise of black hat
hacker
The renaissance of
the ethical hackers
12. Foot printing or Reconnaissance
It is a technique used for gathering
information about the computer
system
what kind of framework is used and
the entities they belong to.
15. Maintaining access
Hackers have to maintain the access
because if they lost the access it is
very difficult to gain the access again.
they make their own vulnerabilities to
gain the access again.
16. Clearing tracks
At last they clear the tracks so that
no one can follow his/her tracks to
gain access.
20. SOCIAL ENGINEERING
Hackers is also
someone that calls
you, pretends to
be a federal agent
and makes you
hand over your
user name and
password over the
phones, what we
know as social
engineering.
21. AUTOMTED ATTACKS
An automated
attacks is simply
when computers do
the heavy lifting in
finding vulnerable
websites to exploit
22. DENIAL OF SERVICE
It is an attack
meant shut down a
machine or
network, making an
inaccessible to its
intended user.
23. VIRUS, WORMS & TROJAN
HORSES
Virus is a computer
program usually hidden
within another program
that produces copies of
itself and insert them
into other programs or
files and usually performs
a malicious actions.
Worms are similar to
viruses.
Trojan horses is a
program that does
something undocumented
which the programmer
intended,
24. REQURIEDSKILLS OF ETHICAL HACKERS
Configuration, operation,
security settings of any OS.
Good knowledge about routers,
mainframes, network protocol.
Good knowledge about project
management.
25. WHAT TO DO AFTER ETHICAL HACKING
Patch security holes
Clear logs and hide themselves
Install rootkit
Install IRC (Internet relay chat) related programs
Install scanner program
Install exploit program
29. INSTALL IRC RELATED
PROGRAM
we can use IRC
servers
anywhere, or
set up our
own, rather
than be tied in
to centralized
messengers.
30. INSTALL SCANNER
PROGRAM
A hacking tool such
as the Netsparker
online web
vulnerability scanner
assists securities
professionals and
penetration testers
to automate a huge
chunk of their tasks
during penetration
testing.
31. INSTALL EXPLOIT
PEOGRAM
An exploit is
any attack
that takes
advantage of
vulnerabilities
in applications
or hardware
33. Ethical hacking case study: The Zomato case
Highlights how the
government should use
bug bounty
programmers
A hacker broke into the
database of Zomato,
India’s largest online
restaurant guide, and
accessed five vital
details – names, emails,
numeric user IDs, user
names and password
hashes – of around 17
million users.
34. CASE STUDY OF ETHICAL HACKING
The
Organization
What Happened
Impact
35. ADVANTAGE
To catch a thief you have to think
like a thief.
Helps to close the open holes
Provides security
Prevents website defacement
37. A Certified Ethical
Hacker is a skilled
professional who
understands and knows
how to look for
weaknesses and
vulnerabilities in target
systems and uses the
same and tools as a
malicious hacker,
but in a lawful and
legitimate manner to
assess the security
posture of a target
system(s).