Ethical Hacking and Network Defence 1.pptx

J
Janani SAssistant Professor um Kamaraj College of Engineering and Technology
ETHICAL HACKING AND
NETWORK DEFENSE
~ S. Janani, Assistant Professor/CSE
Kamaraj College of Engineering and Technology
Unit Contents
 Understanding the importance of security
 Concept of ethical hacking and essential
Terminologies- Threat, Attack, Vulnerabilities,
Target of Evaluation, Exploit
 Phases involved in hacking
Introduction
 Ethical Hacking
 Hackers
 Why Hacking
 Types of Hackers
 What should do after hacked
 Hacking stages
 Need of Ethical Hacking
 Skills required for Ethical Hacking
Ethical Hacking
 Ethical Hacking is an authorized practice of
bypassing system security to identify potential
data breaches and threats in a network
 Evaluate target systems security and report
back to the owners about the bugs found
 Neither damage the system nor steal
information
Hackers
 A person who enjoys learning details of a
programming language or system
 A person who enjoys actually doing
programming rather theorizing about it
 A person capable of appreciating someone
else’s hacking
 A person who picks up programming quickly
 A person who is expert at a particular
programming language or system
Why hacking
 Just for fun
 Show off
 Hack others system secretly
 Notify many people their thought
 Steal important information
 Destroy enemy’s computer network during the
war
Types of hackers
 Black hat hacker
 White hat hacker
 Grey hat hacker
 Black hat hacker
 Extraordinary computing skills resorting to malicious or
destructive activities
 Use their knowledge and skill for their own personal gain
and probably hurting others
 White hat hacker
 Professing hacker skills and using them for defensive
purposes
 Use their knowledge and skill for the good of others and for
the common good
 Grey hat hacker
 Who work both offensively and defensively at various times
What should do after hacked
 Shut down or turn off the system
 Separate the system form network
 Restore the system with the backup or reinstall
all the programs
 Intimate the professional
Hacking stages
 Foot printing
 Scanning
 Gaining Access
 Maintaining Access
 Foot printing
 Whatis lookup
 NS lookup
 IP lookup
• Scanning
 Port scanning
 Network scanning
 Fingerprinting
 Fire walking
• Gaining Access
 Password attacks
 Social Engineering
 Viruses
• Maintaining Access
 OS backdoors
 Trojan
 Clears Tracks
Need of Ethical Hacking
 Protection form possible external attacks
Skills required for Ethical
Hacking
 Microsoft
 Linux
 Firewall
 Routers
 Mainframes
 Network protocol
 Project Management
Understanding the importance of
security
 Security relates to the protection of valuable
assets against unavailability, loss, misuse,
disclosure or damage.
 In this context, valuable assets are the information
recorded on, processed by, stored in, shared by,
transmitted from or retrieved from any medium.
 The information must be protected against harm
from threats leading to different types of impacts,
such as loss, inaccessibility, alteration or wrongful
disclosure
 Threats include errors and omissions, fraud,
accidents, and intentional damage.
How Cyber Crimes Affect
Information Security
 According to Cisco, the number of connected
devices could increase to 50 billion by 2020
 Since these connected devices contain a huge
volume of data that need to be protected,
cybercrime could become a major threat to every
business in the world
 Although cybersecurity initiatives are being
undertaken by national and international
governments, ultimately it is organizations that are
responsible for protecting their own data
 As a result, businesses are now focusing on
developing secure systems that enhance
information security
Need for Information Security
1) To prevent data breaches
A data breach resulting in the loss of critical
business information is quite common. Due to a
large amount of data stored on company
servers, businesses often become the main
target of cyber-criminals if the network is
unprotected. The breaches involving business
secrets, confidential health information, and
intellectual property can greatly impact the
overall health of a business
2) To check for compromised credentials and
broken authentication
Data breaches and other cyber attacks are
usually a result of lax authentication, weak
passwords, and poor certificate or key
management. Companies often struggle with
assigning permissions to appropriate users or
departments, resulting in identity theft.
3) To avoid account hijacking
Phishing, fraud, and software exploitations are
still very common. Companies relying on cloud
services are especially at risk because they are
an easy target for cybercriminals, who can
eavesdrop on activities, modify data and
manipulate transactions. These third-party
applications can be used by attackers to launch
other attacks as well
4) To mitigate cyber threats from malicious
insiders
An existing or former employee, a cunning
business partner, a system administrator or an
intruder can destroy the whole information
infrastructure or manipulate data for their own
purpose. Therefore, it is the responsibility of an
organization to take effective measures to
control the encryption process and keys.
Effective monitoring, logging, and auditing
activities are extremely important to keep
everything under control
Types of Information Security
Controls
There are three different types of information
security controls used to protect data.
 Physical Control: Physical controls are the
simplest form of information security. These
are the things that can actually be touch and
seen, such as password-protected locks to
avoid unauthorized entry to a secure server
room, alarm systems, fences and more
 Administrative Control: These controls mainly
involve manual efforts to ensure data security. These
include enforcing policies, standards, guidelines and
following procedures to ensure business continuity
and data protection. Some of the examples of
administrative controls include disaster recovery
plans, internet usage policies and termination
procedures.
 Technical Control: These controls are considered the
most effective of all because they make use of the
latest technologies and systems to limit access to
information. Some of the examples of technical
controls include firewalls, anti-virus software, file
permissions, access control lists and cutting-edge
data security technologies that are hard to penetrate.
Concept of ethical hacking
 same software tools and techniques as
malicious hackers to find the security
weakness in computer networks and systems
 apply the necessary fix or patch to prevent the
malicious hacker from gaining access to the
data
 never-ending cycle as new weaknesses are
constantly being discovered in computer
systems and patches are created by the
software vendors to mitigate the risk of attack.
 Ethical hackers are usually security professionals
or network penetration testers who use their
hacking skills and toolsets for defensive and
protective purposes
 The term cracker describes a hacker who uses
their hacking skills and toolset for destructive or
offensive purposes such as disseminating viruses
or performing denial-of service (DoS) attacks to
compromise or bring down systems and networks
 these hackers are sometimes paid to damage
corporate reputations or steal or reveal credit card
information, while slowing business processes
and compromising the integrity of the organization
1 von 23

Recomendados

Module 3-cyber security von
Module 3-cyber securityModule 3-cyber security
Module 3-cyber securitySweta Kumari Barnwal
542 views12 Folien
Ethical hacking and social engineering von
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
921 views12 Folien
Introduction to Hacking von
Introduction to HackingIntroduction to Hacking
Introduction to HackingRishabha Garg
2.5K views25 Folien
Ethical Hacking Certification Course von
Ethical Hacking Certification CourseEthical Hacking Certification Course
Ethical Hacking Certification CourseNovel Vista
59 views2 Folien
Network Security Fundamentals von
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
16.1K views96 Folien
Computing safety von
Computing safetyComputing safety
Computing safetytitoferrus
80 views32 Folien

Más contenido relacionado

Similar a Ethical Hacking and Network Defence 1.pptx

ppt on securities.pptx von
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
24 views12 Folien
ethical hacking report von
 ethical hacking report ethical hacking report
ethical hacking reportAkhilesh Patel
545 views25 Folien
Introduction To Ethical Hacking von
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hackingchakrekevin
2.5K views26 Folien
Ethical hacking von
Ethical hackingEthical hacking
Ethical hackingMohammad Affan
9.9K views24 Folien
Data protection and security von
Data protection and securityData protection and security
Data protection and securitynazar60
75 views16 Folien
Ashar Shaikh A-84 SEMINAR.pptx von
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxasharshaikh8
5 views19 Folien

Similar a Ethical Hacking and Network Defence 1.pptx(20)

Introduction To Ethical Hacking von chakrekevin
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
chakrekevin2.5K views
Data protection and security von nazar60
Data protection and securityData protection and security
Data protection and security
nazar6075 views
Ashar Shaikh A-84 SEMINAR.pptx von asharshaikh8
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptx
asharshaikh85 views
attack vectors by chimwemwe.pptx von JenetSilence
attack vectors  by chimwemwe.pptxattack vectors  by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence22 views
Implications of Misuse and Cyber Security.pdf von srtwgwfwwgw
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdf
srtwgwfwwgw120 views
Information Systems.pptx von KnownId
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId17 views
Cybersecurity Interview Questions and Answers.pdf von Jazmine Brown
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
Jazmine Brown85 views
Domain 1 of CEH v11 Information Security and Ethical Hacking.pptx von Infosectrain3
Domain 1 of CEH v11  Information Security and Ethical Hacking.pptxDomain 1 of CEH v11  Information Security and Ethical Hacking.pptx
Domain 1 of CEH v11 Information Security and Ethical Hacking.pptx
Infosectrain395 views
Essentials Of Security von xsy
Essentials Of SecurityEssentials Of Security
Essentials Of Security
xsy1.5K views

Más de Janani S

Career Domain 2022-23.pptx von
Career Domain 2022-23.pptxCareer Domain 2022-23.pptx
Career Domain 2022-23.pptxJanani S
88 views72 Folien
Joy of Programming von
Joy of ProgrammingJoy of Programming
Joy of ProgrammingJanani S
103 views17 Folien
Getting QWERTYfied von
Getting QWERTYfiedGetting QWERTYfied
Getting QWERTYfiedJanani S
63 views25 Folien
Information theory von
Information theoryInformation theory
Information theoryJanani S
110 views17 Folien
Euclid algorithm and congruence matrix von
Euclid algorithm and congruence matrixEuclid algorithm and congruence matrix
Euclid algorithm and congruence matrixJanani S
454 views25 Folien
Fermat and euler theorem von
Fermat and euler theoremFermat and euler theorem
Fermat and euler theoremJanani S
557 views20 Folien

Más de Janani S(15)

Career Domain 2022-23.pptx von Janani S
Career Domain 2022-23.pptxCareer Domain 2022-23.pptx
Career Domain 2022-23.pptx
Janani S88 views
Joy of Programming von Janani S
Joy of ProgrammingJoy of Programming
Joy of Programming
Janani S103 views
Getting QWERTYfied von Janani S
Getting QWERTYfiedGetting QWERTYfied
Getting QWERTYfied
Janani S63 views
Information theory von Janani S
Information theoryInformation theory
Information theory
Janani S110 views
Euclid algorithm and congruence matrix von Janani S
Euclid algorithm and congruence matrixEuclid algorithm and congruence matrix
Euclid algorithm and congruence matrix
Janani S454 views
Fermat and euler theorem von Janani S
Fermat and euler theoremFermat and euler theorem
Fermat and euler theorem
Janani S557 views
Modular arithmetic von Janani S
Modular arithmeticModular arithmetic
Modular arithmetic
Janani S1.2K views
Classical encryption techniques von Janani S
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
Janani S465 views
Cool Coding von Janani S
Cool CodingCool Coding
Cool Coding
Janani S67 views
Unit iii von Janani S
Unit iiiUnit iii
Unit iii
Janani S557 views
Multicore and shared multi processor von Janani S
Multicore and shared multi processorMulticore and shared multi processor
Multicore and shared multi processor
Janani S36 views
Kf sensor1 von Janani S
Kf sensor1Kf sensor1
Kf sensor1
Janani S613 views
Digital signature von Janani S
Digital signatureDigital signature
Digital signature
Janani S136 views
Distributed file system von Janani S
Distributed file systemDistributed file system
Distributed file system
Janani S144 views
Peer to peer services von Janani S
Peer to peer servicesPeer to peer services
Peer to peer services
Janani S25 views

Último

Design and analysis of a new undergraduate Computer Engineering degree – a me... von
Design and analysis of a new undergraduate Computer Engineering degree – a me...Design and analysis of a new undergraduate Computer Engineering degree – a me...
Design and analysis of a new undergraduate Computer Engineering degree – a me...WaelBadawy6
52 views4 Folien
IWISS Catalog 2022 von
IWISS Catalog 2022IWISS Catalog 2022
IWISS Catalog 2022Iwiss Tools Co.,Ltd
24 views66 Folien
Literature review and Case study on Commercial Complex in Nepal, Durbar mall,... von
Literature review and Case study on Commercial Complex in Nepal, Durbar mall,...Literature review and Case study on Commercial Complex in Nepal, Durbar mall,...
Literature review and Case study on Commercial Complex in Nepal, Durbar mall,...AakashShakya12
45 views115 Folien
Machine Element II Course outline.pdf von
Machine Element II Course outline.pdfMachine Element II Course outline.pdf
Machine Element II Course outline.pdfodatadese1
6 views2 Folien
Update 42 models(Diode/General ) in SPICE PARK(DEC2023) von
Update 42 models(Diode/General ) in SPICE PARK(DEC2023)Update 42 models(Diode/General ) in SPICE PARK(DEC2023)
Update 42 models(Diode/General ) in SPICE PARK(DEC2023)Tsuyoshi Horigome
18 views16 Folien
Electronic Devices - Integrated Circuit.pdf von
Electronic Devices - Integrated Circuit.pdfElectronic Devices - Integrated Circuit.pdf
Electronic Devices - Integrated Circuit.pdfbooksarpita
11 views46 Folien

Último(20)

Design and analysis of a new undergraduate Computer Engineering degree – a me... von WaelBadawy6
Design and analysis of a new undergraduate Computer Engineering degree – a me...Design and analysis of a new undergraduate Computer Engineering degree – a me...
Design and analysis of a new undergraduate Computer Engineering degree – a me...
WaelBadawy652 views
Literature review and Case study on Commercial Complex in Nepal, Durbar mall,... von AakashShakya12
Literature review and Case study on Commercial Complex in Nepal, Durbar mall,...Literature review and Case study on Commercial Complex in Nepal, Durbar mall,...
Literature review and Case study on Commercial Complex in Nepal, Durbar mall,...
AakashShakya1245 views
Machine Element II Course outline.pdf von odatadese1
Machine Element II Course outline.pdfMachine Element II Course outline.pdf
Machine Element II Course outline.pdf
odatadese16 views
Update 42 models(Diode/General ) in SPICE PARK(DEC2023) von Tsuyoshi Horigome
Update 42 models(Diode/General ) in SPICE PARK(DEC2023)Update 42 models(Diode/General ) in SPICE PARK(DEC2023)
Update 42 models(Diode/General ) in SPICE PARK(DEC2023)
Electronic Devices - Integrated Circuit.pdf von booksarpita
Electronic Devices - Integrated Circuit.pdfElectronic Devices - Integrated Circuit.pdf
Electronic Devices - Integrated Circuit.pdf
booksarpita11 views
MSA Website Slideshow (16).pdf von msaucla
MSA Website Slideshow (16).pdfMSA Website Slideshow (16).pdf
MSA Website Slideshow (16).pdf
msaucla39 views
An approach of ontology and knowledge base for railway maintenance von IJECEIAES
An approach of ontology and knowledge base for railway maintenanceAn approach of ontology and knowledge base for railway maintenance
An approach of ontology and knowledge base for railway maintenance
IJECEIAES12 views
CHI-SQUARE ( χ2) TESTS.pptx von ssusera597c5
CHI-SQUARE ( χ2) TESTS.pptxCHI-SQUARE ( χ2) TESTS.pptx
CHI-SQUARE ( χ2) TESTS.pptx
ssusera597c520 views
STUDY OF SMART MATERIALS USED IN CONSTRUCTION-1.pptx von AnnieRachelJohn
STUDY OF SMART MATERIALS USED IN CONSTRUCTION-1.pptxSTUDY OF SMART MATERIALS USED IN CONSTRUCTION-1.pptx
STUDY OF SMART MATERIALS USED IN CONSTRUCTION-1.pptx
AnnieRachelJohn25 views
cloud computing-virtualization.pptx von RajaulKarim20
cloud computing-virtualization.pptxcloud computing-virtualization.pptx
cloud computing-virtualization.pptx
RajaulKarim2082 views
9_DVD_Dynamic_logic_circuits.pdf von Usha Mehta
9_DVD_Dynamic_logic_circuits.pdf9_DVD_Dynamic_logic_circuits.pdf
9_DVD_Dynamic_logic_circuits.pdf
Usha Mehta21 views
13_DVD_Latch-up_prevention.pdf von Usha Mehta
13_DVD_Latch-up_prevention.pdf13_DVD_Latch-up_prevention.pdf
13_DVD_Latch-up_prevention.pdf
Usha Mehta9 views
Art of Writing Research article slide share.pptx von sureshc91
Art of Writing Research article slide share.pptxArt of Writing Research article slide share.pptx
Art of Writing Research article slide share.pptx
sureshc9114 views
Extensions of Time - Contract Management von brainquisitive
Extensions of Time - Contract ManagementExtensions of Time - Contract Management
Extensions of Time - Contract Management
brainquisitive15 views

Ethical Hacking and Network Defence 1.pptx

  • 1. ETHICAL HACKING AND NETWORK DEFENSE ~ S. Janani, Assistant Professor/CSE Kamaraj College of Engineering and Technology
  • 2. Unit Contents  Understanding the importance of security  Concept of ethical hacking and essential Terminologies- Threat, Attack, Vulnerabilities, Target of Evaluation, Exploit  Phases involved in hacking
  • 3. Introduction  Ethical Hacking  Hackers  Why Hacking  Types of Hackers  What should do after hacked  Hacking stages  Need of Ethical Hacking  Skills required for Ethical Hacking
  • 4. Ethical Hacking  Ethical Hacking is an authorized practice of bypassing system security to identify potential data breaches and threats in a network  Evaluate target systems security and report back to the owners about the bugs found  Neither damage the system nor steal information
  • 5. Hackers  A person who enjoys learning details of a programming language or system  A person who enjoys actually doing programming rather theorizing about it  A person capable of appreciating someone else’s hacking  A person who picks up programming quickly  A person who is expert at a particular programming language or system
  • 6. Why hacking  Just for fun  Show off  Hack others system secretly  Notify many people their thought  Steal important information  Destroy enemy’s computer network during the war
  • 7. Types of hackers  Black hat hacker  White hat hacker  Grey hat hacker
  • 8.  Black hat hacker  Extraordinary computing skills resorting to malicious or destructive activities  Use their knowledge and skill for their own personal gain and probably hurting others  White hat hacker  Professing hacker skills and using them for defensive purposes  Use their knowledge and skill for the good of others and for the common good  Grey hat hacker  Who work both offensively and defensively at various times
  • 9. What should do after hacked  Shut down or turn off the system  Separate the system form network  Restore the system with the backup or reinstall all the programs  Intimate the professional
  • 10. Hacking stages  Foot printing  Scanning  Gaining Access  Maintaining Access
  • 11.  Foot printing  Whatis lookup  NS lookup  IP lookup • Scanning  Port scanning  Network scanning  Fingerprinting  Fire walking • Gaining Access  Password attacks  Social Engineering  Viruses • Maintaining Access  OS backdoors  Trojan  Clears Tracks
  • 12. Need of Ethical Hacking  Protection form possible external attacks
  • 13. Skills required for Ethical Hacking  Microsoft  Linux  Firewall  Routers  Mainframes  Network protocol  Project Management
  • 14. Understanding the importance of security  Security relates to the protection of valuable assets against unavailability, loss, misuse, disclosure or damage.  In this context, valuable assets are the information recorded on, processed by, stored in, shared by, transmitted from or retrieved from any medium.  The information must be protected against harm from threats leading to different types of impacts, such as loss, inaccessibility, alteration or wrongful disclosure  Threats include errors and omissions, fraud, accidents, and intentional damage.
  • 15. How Cyber Crimes Affect Information Security  According to Cisco, the number of connected devices could increase to 50 billion by 2020  Since these connected devices contain a huge volume of data that need to be protected, cybercrime could become a major threat to every business in the world  Although cybersecurity initiatives are being undertaken by national and international governments, ultimately it is organizations that are responsible for protecting their own data  As a result, businesses are now focusing on developing secure systems that enhance information security
  • 16. Need for Information Security 1) To prevent data breaches A data breach resulting in the loss of critical business information is quite common. Due to a large amount of data stored on company servers, businesses often become the main target of cyber-criminals if the network is unprotected. The breaches involving business secrets, confidential health information, and intellectual property can greatly impact the overall health of a business
  • 17. 2) To check for compromised credentials and broken authentication Data breaches and other cyber attacks are usually a result of lax authentication, weak passwords, and poor certificate or key management. Companies often struggle with assigning permissions to appropriate users or departments, resulting in identity theft.
  • 18. 3) To avoid account hijacking Phishing, fraud, and software exploitations are still very common. Companies relying on cloud services are especially at risk because they are an easy target for cybercriminals, who can eavesdrop on activities, modify data and manipulate transactions. These third-party applications can be used by attackers to launch other attacks as well
  • 19. 4) To mitigate cyber threats from malicious insiders An existing or former employee, a cunning business partner, a system administrator or an intruder can destroy the whole information infrastructure or manipulate data for their own purpose. Therefore, it is the responsibility of an organization to take effective measures to control the encryption process and keys. Effective monitoring, logging, and auditing activities are extremely important to keep everything under control
  • 20. Types of Information Security Controls There are three different types of information security controls used to protect data.  Physical Control: Physical controls are the simplest form of information security. These are the things that can actually be touch and seen, such as password-protected locks to avoid unauthorized entry to a secure server room, alarm systems, fences and more
  • 21.  Administrative Control: These controls mainly involve manual efforts to ensure data security. These include enforcing policies, standards, guidelines and following procedures to ensure business continuity and data protection. Some of the examples of administrative controls include disaster recovery plans, internet usage policies and termination procedures.  Technical Control: These controls are considered the most effective of all because they make use of the latest technologies and systems to limit access to information. Some of the examples of technical controls include firewalls, anti-virus software, file permissions, access control lists and cutting-edge data security technologies that are hard to penetrate.
  • 22. Concept of ethical hacking  same software tools and techniques as malicious hackers to find the security weakness in computer networks and systems  apply the necessary fix or patch to prevent the malicious hacker from gaining access to the data  never-ending cycle as new weaknesses are constantly being discovered in computer systems and patches are created by the software vendors to mitigate the risk of attack.
  • 23.  Ethical hackers are usually security professionals or network penetration testers who use their hacking skills and toolsets for defensive and protective purposes  The term cracker describes a hacker who uses their hacking skills and toolset for destructive or offensive purposes such as disseminating viruses or performing denial-of service (DoS) attacks to compromise or bring down systems and networks  these hackers are sometimes paid to damage corporate reputations or steal or reveal credit card information, while slowing business processes and compromising the integrity of the organization