SlideShare ist ein Scribd-Unternehmen logo

Chapter 2

Als PPT, PDF herunterladen
S
shahhardik27
Technologie
1 von 26
ON T Ethical Hacking TI A AU ER C K C ORK HA W 1 Intelligent Quotient System Pvt. Ltd.
Introduction to Ethical Hacking  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network 2
What is Hacking?  Hacking is an act of penetrating computer systems to gain knowledge about the system and how it works.  Hacking is the act of gaining access without legal authorization to a computer or computer network or network resources. 3
Who is an Hacker?  Hackers are actually computer enthusiasts who know a lot about computers and computer networks and use this knowledge with a criminal intent.  Hacker: is person who uses his hacking skills and tool sets for destructive or offensive purposes such as disseminating viruses or performing DoS attacks to compromise or bring down systems and networks.  Hackers are sometimes paid to damage corporate reputations or steal or reveal credit-card information 4
What is Ethical Hacking?  Ethical hacking is the use of hacking knowledge to attempt to enter a network to find its loopholes and back doors.  It is often referred to as ‘legalized hacking’ and yes it is indeed legal and can even reap a lot of profits for highly skilled individuals.
Who is Ethical Hacker? ■ Ethical hackers typically have very strong programming and computer networking skill ■ Ethical hackers who stay a step ahead of malicious hackers must be computer systems experts who are very knowledgeable about Computer programming, Networking and operating systems. 6
Roll of Hacker  Ethical hackers are motivated by different reasons, but their purpose is usually the same as that of crackers:  Find out the frequent weaknesses in the security of target systems.  They’re trying to determine what an intruder can see on a targeted network or system, and what the hacker can do with that information.  This process of testing the security of a system or network is known as a penetration test. 7 Intelligent Quotient System Pvt. Ltd.
Roll of Hacker  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission 8
Why perform an ethical hack?  To determine flaws and vulnerabilities  To provide a quantitative metric for evaluating systems and networks  To measure against pre-established baselines  To determine risk to the organization  To design mitigating controls 9 Intelligent Quotient System Pvt. Ltd.
Skills Required Becoming an Ethical Hacker  Criminal mindset  Thorough knowledge about Computer programming, Networking and operating systems. highly targeted platforms (such as Windows, Unix, and Linux), etc.  Patience, persistence, and immense perseverance 10 Intelligent Quotient System Pvt. Ltd.
Levels in Ethical Hacking 11 Intelligent Quotient System Pvt. Ltd.
Ethical Hacking Steps 12 Intelligent Quotient System Pvt. Ltd.
Footprinting  Definition: the gathering of information about a potential system or network.  Attacker’s point of view  Identify potential target systems  Identify which types of attacks may be useful on target systems  Defender’s point of view  Know available tools  Vulnerability analysis: know what information you’re giving away, what weaknesses you have. 13 Intelligent Quotient System Pvt. Ltd.
Footprinting  Gathering information of target information Internet Domain name, network blocks, IP addresses open to Net, TCP and UDP services running, ACLs, IDSes Intranet Protocols (IP,NETBIOS), internal domain names, etc Remote access Phone numbers, remote control, telnet, authentication Extranet Connection origination, destination, type, access control 14 Intelligent Quotient System Pvt. Ltd.
Scanning  After obtaining a list of network and IP addresses scanning starts:  ping sweeps (active machines): user pinger in Windows and nmap in Linux/UNIX. This is an example of pinger.  TCP port scanning (open ports in active machines): SYN and connect scans work with most hosts. SYN is stealthier and may not be logged.  In Windows NT use SuperScan and in Linux/UNIX use nmap. See an example of SuperScan. BUT, hackers use scripts with binary files, not graphical tools. 15 Intelligent Quotient System Pvt. Ltd.
More in Scanning  OS detection (stack fingerprinting):  probe the TCP/IP stack, because it varies with OSs. Requires at least one listening port to make determination.  why is it important? There are hacker tools OS and Net device specific. In Linux/UNIX use nmap with -O. You can use the Netcraft site to check the OS of a host running a Web server.  OS detection (passive signatures):  monitoring the traffic the operating system can be detected, among other things. Siphon is a recent Linux/UNIX tool.  Once the OS is identified enumeration can take place. 16 Intelligent Quotient System Pvt. Ltd.
Types of Scanning Scanning Type Purpose Port scanning Determines open ports and services Network scanning IP addresses Vulnerability scanning Presence of known weaknesses
Scanning Methodology Check for Live System Check for Open Ports Service Identification Banner Grabbing / OS Fingerprinting
Scanning Methodology Vulnerability Scanning Draw Network Diagrams of Vulnerable Hosts Prepare Proxies Attack
Scanning Tools ■ Nmap ■ Nessus ■ SNMP Scanner ■ THC-Scan ■ Netscan ■ IPSecScan
Enumeration  Enumeration occurs after scanning and is the process of gathering and compiling usernames, machine names, network resources, shares, and services.  It also refers to actively querying or connecting to a target system to acquire this information.
Enumeration Steps Hackers need to be methodical in their approach to hacking. The following steps are an example of those a hacker might perform in preparation for hacking a target system:  1. Extract usernames using enumeration.  2. Gather information about the host using null sessions.  3. Perform Windows enumeration using the Superscan tool.  4. Acquire the user accounts using the tool GetAcct.  5. Perform SNMP port scanning.
SQL injection  SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.  The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
SQL injection  During a SQL injection attack, malicious code is inserted into a web form field or the website’s code to make a system execute a command shell or other arbitrary commands.  Just as a legitimate user enters queries and additions to the SQL database via a web form, the hacker can insert commands to the SQL server through the same web form field.
Wireless Hacking Techniques  Cracking encryption and authentication mechanism  Eavesdropping or sniffing  Denial of Service  AP masquerading or spoofing  MAC spoofing
Securing Your Wireless Network  Use Strong Encryption Protocol  Don’t Announce Yourself-Disable SSID  Change Default Administrator Passwords and Usernames  Limit Access To Your Access Point  Do Not Auto-Connect to Open Wi-Fi Networks  Assign Static IP Addresses to Devices  Enable Firewalls On Each Computer and the Router  Position the Router or Access Point Safe

Empfohlen

Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
Animesh Behera
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With Gflixacademy
Gaurav Mishra
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networks
Mehrdad Jingoism
 
Paper sharing_Edge based intrusion detection for IOT devices
Paper sharing_Edge based intrusion detection for IOT devicesPaper sharing_Edge based intrusion detection for IOT devices
Paper sharing_Edge based intrusion detection for IOT devices
YOU SHENG CHEN
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
Q Fadlan
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
Vishwanath Badiger
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
whitehat 'People'
 

Empfohlen

Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
Animesh Behera
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With Gflixacademy
Gaurav Mishra
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
Sheetal Verma
 
Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networks
Mehrdad Jingoism
 
Paper sharing_Edge based intrusion detection for IOT devices
Paper sharing_Edge based intrusion detection for IOT devicesPaper sharing_Edge based intrusion detection for IOT devices
Paper sharing_Edge based intrusion detection for IOT devices
YOU SHENG CHEN
 
Web hacking 1.0
Web hacking 1.0Web hacking 1.0
Web hacking 1.0
Q Fadlan
 
Intrusion Prevention System
Intrusion Prevention SystemIntrusion Prevention System
Intrusion Prevention System
Vishwanath Badiger
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1
whitehat 'People'
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
Loay Elbasyouni
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
amiable_indian
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...
Eng. Mohammed Ahmed Siddiqui
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
Okehie Collins
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And Prevention
Nicholas Davis
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for network
Eng. Mohammed Ahmed Siddiqui
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Pradeep Sharma
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
Bikrant Gautam
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Mohit Belwal
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
Mustafash79
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Umesh Dhital
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Devil's Cafe
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Roshan Ranabhat
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Sweta Sharma
 
Ethical hacking by shivam
Ethical hacking by shivamEthical hacking by shivam
Ethical hacking by shivam
Shivam Ðreamchazer
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
MSA Technosoft
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
Netwax Lab
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
Shruthi Reddy
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
shahhardik27
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
shahhardik27
 

Weitere ähnliche Inhalte

Was ist angesagt?

Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
Loay Elbasyouni
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...
Eng. Mohammed Ahmed Siddiqui
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
Okehie Collins
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And Prevention
Nicholas Davis
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
Bikrant Gautam
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Umesh Dhital
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Sweta Sharma
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
MSA Technosoft
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
Netwax Lab
 

Was ist angesagt? (20)

Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...Intrusion detection and prevention system for network using Honey pots and Ho...
Intrusion detection and prevention system for network using Honey pots and Ho...
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
 
Intrusion Detection And Prevention
Intrusion Detection And PreventionIntrusion Detection And Prevention
Intrusion Detection And Prevention
 
Introduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for networkIntroduction to Intrusion detection and prevention system for network
Introduction to Intrusion detection and prevention system for network
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Ethical hacking by shivam
Ethical hacking by shivamEthical hacking by shivam
Ethical hacking by shivam
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8
 

Ähnlich wie Chapter 2

Penetration testing
Penetration testing Penetration testing
Penetration testing
PTC
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
ssuserde23af
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
Harish Chaudhary
 

Ähnlich wie Chapter 2 (20)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt324515851-Ethical-Hacking-Ppt-Download4575.ppt
324515851-Ethical-Hacking-Ppt-Download4575.ppt
 
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt324515851-Ethical-Hacking-Ppt-Download4575A.ppt
324515851-Ethical-Hacking-Ppt-Download4575A.ppt
 
Presentation1
Presentation1Presentation1
Presentation1
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptxMateri Keamanan Siber Prinsip Keamanan Jaringan.pptx
Materi Keamanan Siber Prinsip Keamanan Jaringan.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 

Kürzlich hochgeladen

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Kürzlich hochgeladen (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Chapter 2

  • 1. ON T Ethical Hacking TI A AU ER C K C ORK HA W 1 Intelligent Quotient System Pvt. Ltd.
  • 2. Introduction to Ethical Hacking  Ethical hackers  Employed by companies to perform penetration tests  Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings  Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network 2
  • 3. What is Hacking?  Hacking is an act of penetrating computer systems to gain knowledge about the system and how it works.  Hacking is the act of gaining access without legal authorization to a computer or computer network or network resources. 3
  • 4. Who is an Hacker?  Hackers are actually computer enthusiasts who know a lot about computers and computer networks and use this knowledge with a criminal intent.  Hacker: is person who uses his hacking skills and tool sets for destructive or offensive purposes such as disseminating viruses or performing DoS attacks to compromise or bring down systems and networks.  Hackers are sometimes paid to damage corporate reputations or steal or reveal credit-card information 4
  • 5. What is Ethical Hacking?  Ethical hacking is the use of hacking knowledge to attempt to enter a network to find its loopholes and back doors.  It is often referred to as ‘legalized hacking’ and yes it is indeed legal and can even reap a lot of profits for highly skilled individuals.
  • 6. Who is Ethical Hacker? ■ Ethical hackers typically have very strong programming and computer networking skill ■ Ethical hackers who stay a step ahead of malicious hackers must be computer systems experts who are very knowledgeable about Computer programming, Networking and operating systems. 6
  • 7. Roll of Hacker  Ethical hackers are motivated by different reasons, but their purpose is usually the same as that of crackers:  Find out the frequent weaknesses in the security of target systems.  They’re trying to determine what an intruder can see on a targeted network or system, and what the hacker can do with that information.  This process of testing the security of a system or network is known as a penetration test. 7 Intelligent Quotient System Pvt. Ltd.
  • 8. Roll of Hacker  Hackers  Access computer system or network without authorization  Breaks the law; can go to prison  Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers  Ethical hacker  Performs most of the same activities but with owner’s permission 8
  • 9. Why perform an ethical hack?  To determine flaws and vulnerabilities  To provide a quantitative metric for evaluating systems and networks  To measure against pre-established baselines  To determine risk to the organization  To design mitigating controls 9 Intelligent Quotient System Pvt. Ltd.
  • 10. Skills Required Becoming an Ethical Hacker  Criminal mindset  Thorough knowledge about Computer programming, Networking and operating systems. highly targeted platforms (such as Windows, Unix, and Linux), etc.  Patience, persistence, and immense perseverance 10 Intelligent Quotient System Pvt. Ltd.
  • 11. Levels in Ethical Hacking 11 Intelligent Quotient System Pvt. Ltd.
  • 12. Ethical Hacking Steps 12 Intelligent Quotient System Pvt. Ltd.
  • 13. Footprinting  Definition: the gathering of information about a potential system or network.  Attacker’s point of view  Identify potential target systems  Identify which types of attacks may be useful on target systems  Defender’s point of view  Know available tools  Vulnerability analysis: know what information you’re giving away, what weaknesses you have. 13 Intelligent Quotient System Pvt. Ltd.
  • 14. Footprinting  Gathering information of target information Internet Domain name, network blocks, IP addresses open to Net, TCP and UDP services running, ACLs, IDSes Intranet Protocols (IP,NETBIOS), internal domain names, etc Remote access Phone numbers, remote control, telnet, authentication Extranet Connection origination, destination, type, access control 14 Intelligent Quotient System Pvt. Ltd.
  • 15. Scanning  After obtaining a list of network and IP addresses scanning starts:  ping sweeps (active machines): user pinger in Windows and nmap in Linux/UNIX. This is an example of pinger.  TCP port scanning (open ports in active machines): SYN and connect scans work with most hosts. SYN is stealthier and may not be logged.  In Windows NT use SuperScan and in Linux/UNIX use nmap. See an example of SuperScan. BUT, hackers use scripts with binary files, not graphical tools. 15 Intelligent Quotient System Pvt. Ltd.
  • 16. More in Scanning  OS detection (stack fingerprinting):  probe the TCP/IP stack, because it varies with OSs. Requires at least one listening port to make determination.  why is it important? There are hacker tools OS and Net device specific. In Linux/UNIX use nmap with -O. You can use the Netcraft site to check the OS of a host running a Web server.  OS detection (passive signatures):  monitoring the traffic the operating system can be detected, among other things. Siphon is a recent Linux/UNIX tool.  Once the OS is identified enumeration can take place. 16 Intelligent Quotient System Pvt. Ltd.
  • 17. Types of Scanning Scanning Type Purpose Port scanning Determines open ports and services Network scanning IP addresses Vulnerability scanning Presence of known weaknesses
  • 18. Scanning Methodology Check for Live System Check for Open Ports Service Identification Banner Grabbing / OS Fingerprinting
  • 19. Scanning Methodology Vulnerability Scanning Draw Network Diagrams of Vulnerable Hosts Prepare Proxies Attack
  • 20. Scanning Tools ■ Nmap ■ Nessus ■ SNMP Scanner ■ THC-Scan ■ Netscan ■ IPSecScan
  • 21. Enumeration  Enumeration occurs after scanning and is the process of gathering and compiling usernames, machine names, network resources, shares, and services.  It also refers to actively querying or connecting to a target system to acquire this information.
  • 22. Enumeration Steps Hackers need to be methodical in their approach to hacking. The following steps are an example of those a hacker might perform in preparation for hacking a target system:  1. Extract usernames using enumeration.  2. Gather information about the host using null sessions.  3. Perform Windows enumeration using the Superscan tool.  4. Acquire the user accounts using the tool GetAcct.  5. Perform SNMP port scanning.
  • 23. SQL injection  SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.  The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
  • 24. SQL injection  During a SQL injection attack, malicious code is inserted into a web form field or the website’s code to make a system execute a command shell or other arbitrary commands.  Just as a legitimate user enters queries and additions to the SQL database via a web form, the hacker can insert commands to the SQL server through the same web form field.
  • 25. Wireless Hacking Techniques  Cracking encryption and authentication mechanism  Eavesdropping or sniffing  Denial of Service  AP masquerading or spoofing  MAC spoofing
  • 26. Securing Your Wireless Network  Use Strong Encryption Protocol  Don’t Announce Yourself-Disable SSID  Change Default Administrator Passwords and Usernames  Limit Access To Your Access Point  Do Not Auto-Connect to Open Wi-Fi Networks  Assign Static IP Addresses to Devices  Enable Firewalls On Each Computer and the Router  Position the Router or Access Point Safe