Scribd
Upload
131 views30 pages

For Seminar On Ethical Hacking

This document discusses ethical hacking and penetration testing. It defines hacking and its effects, and different types of hackers including black hat, white hat, and script kiddies. Ethical hacking involves using the same tools and techniques as criminal hackers but in a legal and responsible way to test an organization's security without causing harm. The phases of hacking are described as reconnaissance, scanning, gaining access, maintaining access, and covering tracks. Ethical hackers follow a code of ethics and help organizations identify and address vulnerabilities in their systems.

Uploaded by

itsjusttwoofus1420
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
131 views30 pages

For Seminar On Ethical Hacking

This document discusses ethical hacking and penetration testing. It defines hacking and its effects, and different types of hackers including black hat, white hat, and script kiddies. Ethical hacking involves using the same tools and techniques as criminal hackers but in a legal and responsible way to test an organization's security without causing harm. The phases of hacking are described as reconnaissance, scanning, gaining access, maintaining access, and covering tracks. Ethical hackers follow a code of ethics and help organizations identify and address vulnerabilities in their systems.

Uploaded by

itsjusttwoofus1420
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 30

Ethical Hacking

A Technical Seminar by
Vikas Bandaru
(2220212132)
GITAM University,
Hyderabad Campus
Contents

 What is Hacking and its Effects?


 Who is a Hacker and its types?
 What is Ethical Hacking?
 Phases of Hacking
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Covering Tracks
What is Hacking and its Effects?
DDoS Attacks
Internet Traffic
Who is a Hacker?

Hacker is a word that has two meanings:


 Traditionally, a hacker is someone
 who likes to tinker with software or electronic systems.
 enjoy exploiting and learning how computer systems operate.
 love discovering new ways to work electronically.
 Recently, a new meaning: someone
 who maliciously breaks into systems for personal gain.
 these criminals are crackers (criminal hackers) - with malicious
intent.
 modify, delete or steal critical information.
Hacker Motivations

 Black Hat Hackers – to get paid


 White Hat Hackers – good guys
 Script Kiddies – fame seekers
 Hacktivists
 Spy Hackers – steal trade secrets
 Cyber Terrorists – to spread fear and terror
 State Sponsored Hackers – “He who controls the
Web controls the world”
What’s the solution?
Ethical Hacking
Introduction

 Ethical Hacking – also known as


Penetration Testing
White Hat Hacking
Intrusion Testing
Red Teaming.

“To catch a thief, think like a thief.”


Introduction

 Ethical Hackers employ the same tools and


techniques as the intruders.
 They neither damage the target systems nor steal
information.
 The tool is not an automated hacker program
rather it is an audit that both identifies the
vulnerabilities of a system and provide advice on
how to eliminate them.
How Hacking be Ethical?

Code of Ethics by EC-Council:


1. Privacy

2. Legal Limits

3. Extreme Care
Who are Ethical Hackers?

The skills the Ethical Hackers should possess:


 Must be completely trustworthy

 Should have very strong programming and


computer networking skills and have been in
networking field for several years.

 Should have more patience


Who are Ethical Hackers?

 Continuous updating of knowledge on computer


and network security is required.

 They should know the techniques of the


criminals, how their activities might be detected
and how to stop them.
Planning the Test

• Aspects that should be focused on:


 Who should perform penetration testing?
 How often the tests have to be conducted?
 What are the methods of measuring and
communicating the results?
 What if something unexpected happens during
the test and brings the whole system down?
 What are the organization’s security policies?
Ethical Hacking – a dynamic process

 Penetration testing must be continuous to ensure


that system movements and newly installed
applications do not introduce new vulnerabilities
into the system.
Areas To Be Tested

 Application Servers

 Firewalls and Security Devices

 Network Security

 Wireless Security
Phases of Hacking

1. Reconnaissance

2. Scanning

3. Gaining Access

4. Maintaining Access

5. Clearing Tracks
Reconnaissance

 Information Gathering
 Sniffing the Network
 Social Engineering
 Types:
Active Reconnaissance – probing the network
 Risky, raises suspicion
Passive Reconnaissance – without the target’s
knowledge
 Social Engineering, Dumpster Diving
Scanning

 Examining the Network - Enumeration


 Tools:
Dialers
Port Scanners
Network Mappers
Vulnerability Scanners
Search for:
Computer names, IP Addresses, user accounts
Gaining Access

 Real hacking happens here


 Discovered vulnerabilities are exploited
 Examples:
Stack-based buffer overflows
Denial of Service (DoS)
Session Hijacking
Maintaining Access

 For future exploitation


 Harden the System: backdoors, trojans, rootkits
 Owned system – Zombie System
Covering Tracks

 To avoid detection
 To continue using owned system
 To remove evidence of hacking
 To avoid legal action
 Examples:
Removing log files
Removing IDS alarms
Steganography
Ethical Hackers’ OS
Conclusion

 Never underestimate the attacker or


overestimate our existing policies.
 A company may be target not just for its
information but for its various transactions.
 To protect against an attack, understanding
where the systems are vulnerable is necessary.
 Ethical Hacking helps companies first
comprehend their risk and then, manage them.
Conclusion

 Always security professionals are one step


behind the hackers and crackers.
 Plan for the unplanned attacks.
 The role of Ethical Hacking in security is to
provide customers with awareness of how they
could be attacked and why they are targeted.

“Security, though a pain” is necessary.


Bibliography

• http://www.cert.org
• http://www.eccouncil.org
• http://www.ethicalhacker.net
• http://www.astalavista.com
• http://hack-o-crack.blogspot.in
• http://www.offensive-security.org
Any Queries??

You might also like