SlideShare ist ein Scribd-Unternehmen logo

Introduction To Ethical Hacking

C
chakrekevin

Introduction To Ethical Hacking

Technologie
1 von 26
INTRODUCTION TO ETHICAL HACKING -By Kevin Chakre
ESSENTIAL TERMINOLOGY 1. Hack Value: It is the notion among hackers that something doing is interesting or worthwhile. 2. Exploit: A piece of software that takes advantages of a bug, glitch or vulnerability that leads to unauthorized access, privilege escalation or denial of service on computer systems and networks. 3. Vulnerability: Existence of software flaw, logic design or implementation error that could lead an operation system or an application to attack or misuse. 4. Target of Evaluation: An IT system, product or network that is the subject of security analysis or attacks.
ESSENTIAL TERMINOLOGY 5. Zero Day attacks: A computer threats that tries to exploit computer system vulnerabilities that are undisclosed to others or undisclosed to the software developers 6. Daisy Chaining: Hackers who get away with database theft usually complete their task, then backtrack to cover their tracks by destroying logs etc. 9. Attacks: An action or an event that might compromise security. 10. Threat: An environment or a situation that might lead to potential breach of security.
ELEMENTS OF INFORMATION SECURITY  Security is a state of well being of information and infrastructure in which the possibility of theft, tampering and disruption of information and services is kept low or tolerable. It relies upon the five major elements of information security. 1. Confidentiality: Confidentiality is the assurance that the information is accessible only to those authorized to have access. Confidentiality breaches may occur due to improper data handling or hacking attempt. 2. Integrity: Integrity is the trustworthiness of data and resources in terms of preventing improper and unauthorized changes the assurance that the information can be relied upon to be sufficiently accurate for its purpose.
ELEMENTS OF INFORMATION SECURITY 3. Availability: Is the assurance that the system responsible for delivering, storing or processing information is available to authorized users when required. 4. Authenticity: Authenticity refers to characteristics of a communication, document or any data that ensures the quality of being genuine and not corrupted from the original. Major roles of authentication includes that the user is claiming he or she to be, this is done by biometrics or smart cards, digital certificates etc. 5. Repudiation: Refers to ensure that the party to a contract or a communication cannot later deny the authenticity of their signature on a document or sending the message that their originated. It is a way to guarantee that the sender of the message cannot later deny having sent the message and the recipient cannot deny having received the message.
THE SECURITY, FUNCTIONALITY AND USABILITY TRIANGLE  Level of Security in any system can be defined by the strength of the three components: Security(Restrictions) Moving the ball towards security means less of other two. Functionality(Features) Usability(GUI)
TOP INFORMATION SECURITY ATTACKS VECTOR  Attack vector is a path or mean by which an attacker can gain access to information system to perform malicious activities.  The following are the possible top attacks vector from which an attacker can attack information system: Virtualization and cloud computing Organized cyber crime Unpatched software Targeted Malwares Botnets
TOP INFORMATION SECURITY ATTACKS VECTOR Compliance to Government laws and regulations Network Applications Lack of cyber security professionals Mobile device security Complexity of Computer Infrastructure Hacktivism Internal Threats
Attack • Attacks=Motives(Goal)+Method+ Vulnerability. Goals • Disrupting business continuity, information theft, data manipulations, or taking revenge. Motives• Something Valuable-Data or Money Objectives• Exploit vulnerabilities MOTIVES, GOALS AND OBJECTIVES OF INFORMATION SECURITY ATTACKS
Natural Threats • Natural Disaster • Flood • Famines • Earthquakes • Hurricanes Physical Threats • Loss of damage of system resources • Physical Intrusion • Sabotage, espionage and errors Human Threats • Hackers • Insiders • Social Engineering • Lack of Knowledge and Awareness INFORMATION SECURITY THREATS  Information Security Threats are broadly classified into three categories:
Network Threats • Information Gathering • Sniffing and Spoofing • Session Hijacking • ARP Poisoning • DOS and SQL Injection Attacks • MITM Attacks Host Threats • Malware Attacks • Password Attacks • Unauthorized access • DOS Attacks • Privilege Escalation • Password Attacks Application Threats • Buffer Overflow • Auditing and Logging Issues • Information Disclosure • Cryptography Attacks INFORMATION SECURITY THREATS
INFORMATION WARFARE  Information Warfare or Info-War refers to the use of Information and Communicative technologies(ICT) to take competitive advantages over an opponent. 1. Defensive Information warfare: refers to all the strategies and actions to defend against attacks on ICT Assets. 2. Offensive Information warfare: refers to information warfare that involves attacks against ICT assets over an opponent.
IPV6 SECURITY THREATS  Compared to IPv4, IPv6 has an improved security mechanism that assures a higher level of security and confidentiality for the information transferred over a network.  However , IPv6 is still vulnerable. It still possesses information security threats that include. 1. Auto configuration threats 2. Unavailability Reputation based protection 3. Incompatibility logging systems 4. Rate Limiting Problem 5. Default IPv6 activation 6. Complexity of Network Management tasks
IPV6 SECURITY THREATS 7. Complexity in Vulnerability Assessment 8. Overloading of Perimeter Security controls 9. IPv4 to IPv6 Translation Issues 10. Security Information and Event Management (SIEM) problems 11. Denial of Services(DOS) 12. Trespassing
HACKING VS ETHICAL HACKING  Hacking: Hacking refers to exploitation and exploration of computer software or hardware to gain unauthorized access to perform malicious activities.  Ethical Hacking: Ethical Hacking refers to exploration and exploitation of the computer software and hardware to make it more secure and ease of use.
Rep utati on Business Loss Loss Of Revenues Compromise Information EFFECTS OF HACKING ON BUSINESS  Theft of Customers Personal Information  Hacking used to steal and distribute data  Botnet can be used to launch DDos leading to business Downtime  Attackers may steal corporate information and sell To competitors and leak info to rivals
WHO IS A HACKER?  A hacker is a person who illegally break into system or network without any authorization to steal or destroy sensitive data or to perform malicious attacks. Hackers may be motivated by a multitude of reasons: 1. Intelligent individuals with excellent computer skills with the ability to explore into the computer software and hardware. 2. For some hackers hacking is a hobby to see how many computer systems or network they can compromise. 3. Their intention can either be to gain knowledge or to poke around to do illegal things. 4. Some hack with malicious intent such as stealing business data, credit card information, social security numbers, email password, etc.
HACKER CLASSES 1. Black Hat: Individuals with excellent computer skills who resort to malicious activities are also known as crackers. 2. White Hat: Individuals professing hackers skills and using them for defensive purposes are know as security consultants. 3. Grey Hat: Individuals who work both offensively and defensively at various times. 4. Suicide Hackers: Individuals who aim to bring down critical information for a cause and are not worried about facing 30 years in jail for their actions.
HACKER CLASSES 5. Script Kiddies: Individuals who depend on other hacking skills or tools. Unskilled hackers. 6. Spy Hackers: Hackers who are employed by the organization to spy on their competitors and gain trade secrets. 7. Cyber Terrorists: Group with religious or political motives to create fear by large scale disruption of computer networks. 8. State Sponsored Hackers: Hackers employed by the government to penetrate and gain top-secret information and to damage information systems of other governments.
HACKTIVISM  Hacktivism is an act of promoting political agenda by hacking, especially by defacing or disabling websites.  It thrives in the environment where information is easily accessible.  Aims at sending a message through their hacking activities and gain visibility for a cause.  Common targets include government agencies, multinational corporations or any other entity perceived as bad or wrong be these group of individuals.
Information Gathering Scanning Gaining Access Reporting Vulnerability Information Gathering Scanning Gaining Access Maintaining Access Clearing Tracks HACKING PHASES  Ethical Hacking Phase:  Malicious Hacking Phase:
Operating System Attacks • OS vulnerabilities Application Level Attacks • No Complete Testing Misconfiguration attacks • Default Setting or Misconfigured Shrink Wrap Codes Attacks • Default Scripts (Vulnerabilites) TYPES OF ATTACKS ON A SYSTEM  There are several ways an attacker can attacks information system. The attacker must be able to exploit a weakness or vulnerability in a system.
Hacker Skills Platform Knowledge Network Knowledge Computer Expert Security Knowledge Technical Knowledge Programming Skills SKILLS OF AN ETHICAL HACKER
VULNERABILITY RESEARCH  Vulnerability Research is the process of discovering vulnerabilities and design flaw that will open and operating system and its application to attack or misuse.  Vulnerabilities are classified based on severity level(low, medium or high) and exploit range (local or remote)  An administration needs vulnerability research: 1. To gather information about security treads, threats and attacks 2. To find weakness and alert the network administrator before a network attack 3. To get information that help to prevent security problems 4. To know how to recover form a network attack.
PENETRATION TESTING  Penetration Testing is a method of completely evaluating the security of an information system or network by simulating an attack from malicious source.  Types of Penetration testing: 1. Black box testing: no knowledge of the computer infrastructure and network. 2. White box testing: complete knowledge 3. Grey box testing: partial knowledge
“IF YOU KNOW YOURSELF BUT NOT YOUR ENEMY, FOR VERY VICTORY GAINED YOU WILL ALSO SUFFER A DEFEAT” -Sun Tzu (Art of War)

Empfohlen

Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
waqasahmad1995
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacks
Stefan Fodor
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 

Empfohlen

Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniques
waqasahmad1995
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
 
Side channel attacks
Side channel attacksSide channel attacks
Side channel attacks
Stefan Fodor
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
Suvrat Jain
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
Akshay Kale
 
Network Security
Network Security Network Security
Network Security
Abdul Qadir Pattal
 
Cyber security
Cyber securityCyber security
Cyber security
vishakha bhagwat
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Prabhat kumar Suman
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Eric Vanderburg
 
Firewall
FirewallFirewall
Firewall
nayakslideshare
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
Bhavya Chawla
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
Vicky Fernandes
 
Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber Attacks
Rubal Sagwal
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
IGZ Software house
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
Accenture
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
hassanmughal4u
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
 
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Netpluz Asia Pte Ltd
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Tharindu Kalubowila
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Anuja Herath
 
Hackers
HackersHackers
Hackers
guesta04f59b
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 

Was ist angesagt? (20)

Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Network Security
Network Security Network Security
Network Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
 
Firewall
FirewallFirewall
Firewall
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber Attacks
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
Network security threats and solutions
Network security threats and solutionsNetwork security threats and solutions
Network security threats and solutions
 
cyber security
cyber securitycyber security
cyber security
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
 
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Andere mochten auch

4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
Ana Meskovska
 
Workshop: Gathering User Insight
Workshop: Gathering User InsightWorkshop: Gathering User Insight
Workshop: Gathering User Insight
Darren Kall
 
Lorrie Cranor - Usable Privacy & Security
Lorrie Cranor - Usable Privacy & SecurityLorrie Cranor - Usable Privacy & Security
Lorrie Cranor - Usable Privacy & Security
Amy Lenzo
 
Usable security it isn't secure if people can't use it mwux 2 jun2012
Usable security it isn't secure if people can't use it mwux 2 jun2012Usable security it isn't secure if people can't use it mwux 2 jun2012
Usable security it isn't secure if people can't use it mwux 2 jun2012
Darren Kall
 
Cracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless NetworksCracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless Networks
guestf2e41
 

Andere mochten auch (18)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Hackers
HackersHackers
Hackers
 
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015 Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
Hacker's Practice Ground - Wall of Sheep workshops - Defcon 2015
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
 
Workshop: Gathering User Insight
Workshop: Gathering User InsightWorkshop: Gathering User Insight
Workshop: Gathering User Insight
 
Lorrie Cranor - Usable Privacy & Security
Lorrie Cranor - Usable Privacy & SecurityLorrie Cranor - Usable Privacy & Security
Lorrie Cranor - Usable Privacy & Security
 
Usable security it isn't secure if people can't use it mwux 2 jun2012
Usable security it isn't secure if people can't use it mwux 2 jun2012Usable security it isn't secure if people can't use it mwux 2 jun2012
Usable security it isn't secure if people can't use it mwux 2 jun2012
 
(Un)usable Security
(Un)usable Security(Un)usable Security
(Un)usable Security
 
Usable security
Usable securityUsable security
Usable security
 
Cracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless NetworksCracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless Networks
 
Investing With NBFC
Investing With NBFCInvesting With NBFC
Investing With NBFC
 
Erb business plan by c.ouzouni
Erb business plan by c.ouzouniErb business plan by c.ouzouni
Erb business plan by c.ouzouni
 
Managing Me - Finding Harmony in Skills and Self
Managing Me - Finding Harmony in Skills and SelfManaging Me - Finding Harmony in Skills and Self
Managing Me - Finding Harmony in Skills and Self
 
Презентация ДЗОЛ Юность г. Артём
Презентация ДЗОЛ Юность г. АртёмПрезентация ДЗОЛ Юность г. Артём
Презентация ДЗОЛ Юность г. Артём
 
Surviving the trainwreck andrew hackman full_3
Surviving the trainwreck andrew hackman full_3Surviving the trainwreck andrew hackman full_3
Surviving the trainwreck andrew hackman full_3
 
Untitled Presentation
Untitled PresentationUntitled Presentation
Untitled Presentation
 
№5
№5№5
№5
 
Measuring Digital Advertising
Measuring Digital Advertising Measuring Digital Advertising
Measuring Digital Advertising
 

Ähnlich wie Introduction To Ethical Hacking

Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
prosunghosh7
 
Top 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdfTop 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdf
AnanthReddy38
 

Ähnlich wie Introduction To Ethical Hacking (20)

Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical Hacking
 
Computer security
Computer securityComputer security
Computer security
 
Introduction of ethical hacking.........
Introduction of ethical hacking.........Introduction of ethical hacking.........
Introduction of ethical hacking.........
 
IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdf
 
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONSE-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
 
Hacking.pptx
Hacking.pptxHacking.pptx
Hacking.pptx
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptx
 
Ethical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptxEthical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptx
 
Top 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdfTop 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdf
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Cyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptxCyber Security and Data Privacy in Information Systems.pptx
Cyber Security and Data Privacy in Information Systems.pptx
 

Kürzlich hochgeladen

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Kürzlich hochgeladen (20)

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 

Introduction To Ethical Hacking

  • 2. ESSENTIAL TERMINOLOGY 1. Hack Value: It is the notion among hackers that something doing is interesting or worthwhile. 2. Exploit: A piece of software that takes advantages of a bug, glitch or vulnerability that leads to unauthorized access, privilege escalation or denial of service on computer systems and networks. 3. Vulnerability: Existence of software flaw, logic design or implementation error that could lead an operation system or an application to attack or misuse. 4. Target of Evaluation: An IT system, product or network that is the subject of security analysis or attacks.
  • 3. ESSENTIAL TERMINOLOGY 5. Zero Day attacks: A computer threats that tries to exploit computer system vulnerabilities that are undisclosed to others or undisclosed to the software developers 6. Daisy Chaining: Hackers who get away with database theft usually complete their task, then backtrack to cover their tracks by destroying logs etc. 9. Attacks: An action or an event that might compromise security. 10. Threat: An environment or a situation that might lead to potential breach of security.
  • 4. ELEMENTS OF INFORMATION SECURITY  Security is a state of well being of information and infrastructure in which the possibility of theft, tampering and disruption of information and services is kept low or tolerable. It relies upon the five major elements of information security. 1. Confidentiality: Confidentiality is the assurance that the information is accessible only to those authorized to have access. Confidentiality breaches may occur due to improper data handling or hacking attempt. 2. Integrity: Integrity is the trustworthiness of data and resources in terms of preventing improper and unauthorized changes the assurance that the information can be relied upon to be sufficiently accurate for its purpose.
  • 5. ELEMENTS OF INFORMATION SECURITY 3. Availability: Is the assurance that the system responsible for delivering, storing or processing information is available to authorized users when required. 4. Authenticity: Authenticity refers to characteristics of a communication, document or any data that ensures the quality of being genuine and not corrupted from the original. Major roles of authentication includes that the user is claiming he or she to be, this is done by biometrics or smart cards, digital certificates etc. 5. Repudiation: Refers to ensure that the party to a contract or a communication cannot later deny the authenticity of their signature on a document or sending the message that their originated. It is a way to guarantee that the sender of the message cannot later deny having sent the message and the recipient cannot deny having received the message.
  • 6. THE SECURITY, FUNCTIONALITY AND USABILITY TRIANGLE  Level of Security in any system can be defined by the strength of the three components: Security(Restrictions) Moving the ball towards security means less of other two. Functionality(Features) Usability(GUI)
  • 7. TOP INFORMATION SECURITY ATTACKS VECTOR  Attack vector is a path or mean by which an attacker can gain access to information system to perform malicious activities.  The following are the possible top attacks vector from which an attacker can attack information system: Virtualization and cloud computing Organized cyber crime Unpatched software Targeted Malwares Botnets
  • 8. TOP INFORMATION SECURITY ATTACKS VECTOR Compliance to Government laws and regulations Network Applications Lack of cyber security professionals Mobile device security Complexity of Computer Infrastructure Hacktivism Internal Threats
  • 9. Attack • Attacks=Motives(Goal)+Method+ Vulnerability. Goals • Disrupting business continuity, information theft, data manipulations, or taking revenge. Motives• Something Valuable-Data or Money Objectives• Exploit vulnerabilities MOTIVES, GOALS AND OBJECTIVES OF INFORMATION SECURITY ATTACKS
  • 10. Natural Threats • Natural Disaster • Flood • Famines • Earthquakes • Hurricanes Physical Threats • Loss of damage of system resources • Physical Intrusion • Sabotage, espionage and errors Human Threats • Hackers • Insiders • Social Engineering • Lack of Knowledge and Awareness INFORMATION SECURITY THREATS  Information Security Threats are broadly classified into three categories:
  • 11. Network Threats • Information Gathering • Sniffing and Spoofing • Session Hijacking • ARP Poisoning • DOS and SQL Injection Attacks • MITM Attacks Host Threats • Malware Attacks • Password Attacks • Unauthorized access • DOS Attacks • Privilege Escalation • Password Attacks Application Threats • Buffer Overflow • Auditing and Logging Issues • Information Disclosure • Cryptography Attacks INFORMATION SECURITY THREATS
  • 12. INFORMATION WARFARE  Information Warfare or Info-War refers to the use of Information and Communicative technologies(ICT) to take competitive advantages over an opponent. 1. Defensive Information warfare: refers to all the strategies and actions to defend against attacks on ICT Assets. 2. Offensive Information warfare: refers to information warfare that involves attacks against ICT assets over an opponent.
  • 13. IPV6 SECURITY THREATS  Compared to IPv4, IPv6 has an improved security mechanism that assures a higher level of security and confidentiality for the information transferred over a network.  However , IPv6 is still vulnerable. It still possesses information security threats that include. 1. Auto configuration threats 2. Unavailability Reputation based protection 3. Incompatibility logging systems 4. Rate Limiting Problem 5. Default IPv6 activation 6. Complexity of Network Management tasks
  • 14. IPV6 SECURITY THREATS 7. Complexity in Vulnerability Assessment 8. Overloading of Perimeter Security controls 9. IPv4 to IPv6 Translation Issues 10. Security Information and Event Management (SIEM) problems 11. Denial of Services(DOS) 12. Trespassing
  • 15. HACKING VS ETHICAL HACKING  Hacking: Hacking refers to exploitation and exploration of computer software or hardware to gain unauthorized access to perform malicious activities.  Ethical Hacking: Ethical Hacking refers to exploration and exploitation of the computer software and hardware to make it more secure and ease of use.
  • 16. Rep utati on Business Loss Loss Of Revenues Compromise Information EFFECTS OF HACKING ON BUSINESS  Theft of Customers Personal Information  Hacking used to steal and distribute data  Botnet can be used to launch DDos leading to business Downtime  Attackers may steal corporate information and sell To competitors and leak info to rivals
  • 17. WHO IS A HACKER?  A hacker is a person who illegally break into system or network without any authorization to steal or destroy sensitive data or to perform malicious attacks. Hackers may be motivated by a multitude of reasons: 1. Intelligent individuals with excellent computer skills with the ability to explore into the computer software and hardware. 2. For some hackers hacking is a hobby to see how many computer systems or network they can compromise. 3. Their intention can either be to gain knowledge or to poke around to do illegal things. 4. Some hack with malicious intent such as stealing business data, credit card information, social security numbers, email password, etc.
  • 18. HACKER CLASSES 1. Black Hat: Individuals with excellent computer skills who resort to malicious activities are also known as crackers. 2. White Hat: Individuals professing hackers skills and using them for defensive purposes are know as security consultants. 3. Grey Hat: Individuals who work both offensively and defensively at various times. 4. Suicide Hackers: Individuals who aim to bring down critical information for a cause and are not worried about facing 30 years in jail for their actions.
  • 19. HACKER CLASSES 5. Script Kiddies: Individuals who depend on other hacking skills or tools. Unskilled hackers. 6. Spy Hackers: Hackers who are employed by the organization to spy on their competitors and gain trade secrets. 7. Cyber Terrorists: Group with religious or political motives to create fear by large scale disruption of computer networks. 8. State Sponsored Hackers: Hackers employed by the government to penetrate and gain top-secret information and to damage information systems of other governments.
  • 20. HACKTIVISM  Hacktivism is an act of promoting political agenda by hacking, especially by defacing or disabling websites.  It thrives in the environment where information is easily accessible.  Aims at sending a message through their hacking activities and gain visibility for a cause.  Common targets include government agencies, multinational corporations or any other entity perceived as bad or wrong be these group of individuals.
  • 21. Information Gathering Scanning Gaining Access Reporting Vulnerability Information Gathering Scanning Gaining Access Maintaining Access Clearing Tracks HACKING PHASES  Ethical Hacking Phase:  Malicious Hacking Phase:
  • 22. Operating System Attacks • OS vulnerabilities Application Level Attacks • No Complete Testing Misconfiguration attacks • Default Setting or Misconfigured Shrink Wrap Codes Attacks • Default Scripts (Vulnerabilites) TYPES OF ATTACKS ON A SYSTEM  There are several ways an attacker can attacks information system. The attacker must be able to exploit a weakness or vulnerability in a system.
  • 24. VULNERABILITY RESEARCH  Vulnerability Research is the process of discovering vulnerabilities and design flaw that will open and operating system and its application to attack or misuse.  Vulnerabilities are classified based on severity level(low, medium or high) and exploit range (local or remote)  An administration needs vulnerability research: 1. To gather information about security treads, threats and attacks 2. To find weakness and alert the network administrator before a network attack 3. To get information that help to prevent security problems 4. To know how to recover form a network attack.
  • 25. PENETRATION TESTING  Penetration Testing is a method of completely evaluating the security of an information system or network by simulating an attack from malicious source.  Types of Penetration testing: 1. Black box testing: no knowledge of the computer infrastructure and network. 2. White box testing: complete knowledge 3. Grey box testing: partial knowledge
  • 26. “IF YOU KNOW YOURSELF BUT NOT YOUR ENEMY, FOR VERY VICTORY GAINED YOU WILL ALSO SUFFER A DEFEAT” -Sun Tzu (Art of War)