Professional Documents
Culture Documents
A Presentation On Ethical Hacking
A Presentation On Ethical Hacking
Contents
What is Hacking and its Effects? Who is a Hacker and its types? What is Ethical Hacking? Phases of Hacking
Reconnaissance Scanning Gaining Access Maintaining Access Covering Tracks
DDoS Attacks
Internet Traffic
Who is a Hacker?
Hacker is a word that has two meanings: Traditionally, a hacker is someone
who likes to tinker with software or electronic systems. enjoy exploiting and learning how computer systems operate. love discovering new ways to work electronically.
Hacker Motivations
Black Hat Hackers to get paid White Hat Hackers good guys Script Kiddies fame seekers Hacktivists Spy Hackers steal trade secrets Cyber Terrorists to spread fear and terror State Sponsored Hackers He who controls the Web controls the world
Ethical Hacking
Introduction
Introduction
Ethical Hackers employ the same tools and techniques as the intruders. They neither damage the target systems nor steal information. The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them.
Areas To Be Tested
Application Servers
Firewalls and Security Devices Network Security Wireless Security
Phases of Hacking
1. Reconnaissance
2. Scanning 3. Gaining Access
4. Maintaining Access
5. Clearing Tracks
Reconnaissance
Information Gathering Sniffing the Network Social Engineering Types:
Active Reconnaissance probing the network
Risky, raises suspicion
Scanning
Examining the Network - Enumeration Tools:
Dialers Port Scanners Network Mappers Vulnerability Scanners Search for:
Computer names, IP Addresses, user accounts
Gaining Access
Real hacking happens here Discovered vulnerabilities are exploited Examples:
Stack-based buffer overflows Denial of Service (DoS) Session Hijacking
Maintaining Access
For future exploitation Harden the System: backdoors, trojans, rootkits Owned system Zombie System
Covering Tracks
To avoid detection To continue using owned system To remove evidence of hacking To avoid legal action Examples:
Removing log files Removing IDS alarms Steganography
Ethical Hackers OS
Conclusion
Never underestimate the attacker or overestimate our existing policies. A company may be target not just for its information but for its various transactions. To protect against an attack, understanding where the systems are vulnerable is necessary. Ethical Hacking helps companies first comprehend their risk and then, manage them.
Conclusion
Always security professionals are one step behind the hackers and crackers. Plan for the unplanned attacks. The role of Ethical Hacking in security is to provide customers with awareness of how they could be attacked and why they are targeted.
Security, though a pain is necessary.
Bibliography
http://www.cert.org http://www.eccouncil.org http://www.ethicalhacker.net http://www.astalavista.com http://hack-o-crack.blogspot.in http://www.offensive-security.org
Any Queries??