Ethical hacking
Download as PPTX, PDF2 likes328 views
A Short Introductory Slide show on what is ethical hacking. Fundamental terms and descriptions are dealt with.
More Related Content
What's hot (20)
Similar to Ethical hacking (20)
Recently uploaded (20)
Ethical hacking
- 2. Submitted to Mr Purushottam Das Presented By Punit Goswami CSE 3rd Sem
- 3. Ethical Hacking Offense as the best defense
- 4. What is hacking ? A little clarification…
- 5. ▪ Hacking is any curiosity driven approach to finding weakness in a system. ▪ Exploiting these weaknesses depends on the purpose of breaching. ▪ Commonly misunderstood as a cracker. ▪ Cracker is somebody who uses the breaches and exploits in a system only for malicious usage. ▪ Hacking is about making things do what they were not made to do. ▪ A person who uses breaches and exploits for increasing knowledge or breaches them for security auditing is a Hacker.
- 6. Kinds of hackers… Because hackers too occur of kinds…
- 7. Hackers too come in types… ▪ Script Kiddie: Knows how to use tools or methods made by experienced hackers. Does not necessarily know or understand the background working of the tools or methods. Is just curious or wants to show off.
- 8. Hackers too come in types… ▪ White Hat Hackers: Do hacking for research and defensive purposes. Try to improve the robustness of a system by finding flaws in a security system and fixing them. Mostly work for or in an organization or individually.
- 9. Hackers too come in types… ▪ Black Hat Hacker: Hackers with malicious intents while breaking into a system. Cyber criminals who steal money, passwords, infect systems. Practically everything that media shows about hacking and its illegal strings.
- 10. Hackers too come in types… ▪ GreyHat Hackers: Are neither purely malicious nor completely defensive. Their nature depends on the situation. May not have malicious intents but would still like to break into the systems that they are not authorized to.
- 11. Hackers too come in types… ▪ Hacktivist: A new genre of hackers. Use their collective knowledge and potential to protest against politically or religiously sensitive issues. Have become the most popular category of hackers being talked about nowadays.
- 12. The C-I-A Triad Basic security concepts…
- 13. Basic Security Concepts ▪ Confidentiality When information is compromised by someone not authorized to do so it is a loss of confidentiality. Is an important attribute. Requires internal cohesiveness of set of data. Research papers Insurance records New product Specifications Private Information of People
- 14. Basic Security Concepts ▪ Integrity For an information which is very sensitive, its corruption can be disastrous. If this information is kept on an unsecured network, chances of it being corrupted, modified or changed increases. This loss of integrity indicates that unauthorised changes have been made to the information. Electronics fund transfer, Air traffic controlling, Financial accounting
- 15. Basic Security Concepts ▪ Availability This is often the most important criteria in service oriented businesses. When information is erased or becomes inaccessible to an authorised entity, it is loss of availability.
- 16. Phases of Hacking oInformation Gathering oScanning oGaining Access oReporting Vulnerability oMaintaining Access oCovering Tracks
- 18. Scanning
- 19. GainingAccess
- 22. Covering Tracks
- 23. History of Hacking Tracing the roots…
- 24. ▪ Early 1970s: John Draper made a long distance call for free by blowing a precise tone into a telephone that told the phone system to open the line. ▪ Early 1980s: Milwaukee based 414s charged of 60 computer break- ins from Memorial Sloan Kettering Cancer Centre to the Los Alamos National Laboratory. ▪ Late 1980s: 25 year old Kevin Mitnick secretly monitors the emails of MCI and Digital Equipment security officials.
- 25. ▪ Early 1990s: AT&T long distance service made to crash on Martin Luther King Jr. Day. Security breach into Griffith Air Force Base Station, pewit computers at NASA and the Korean Atomic Research Institute. ▪ Michael Shim E-bay Amazon and Yahoo. 15 years old.
- 26. Methods toHacking The different ways and paths taken during a hacking process…
- 27. System Hacking oPassword Cracking Use probabilities of password guesses to match with the original passwords. Brute Forcing Matching all possible key combinations. Dictionary Attacks Using dictionary words to crack passwords. Key logging Tracking and spying on the inputs done on a system through the keyboard.
- 28. System Hacking oRootkits and RATs Use malwares or spywares to observe and steal files containing passwords or their hashes. 1. Application Level Rootkits 2. Kernel Level Rootkits 3. Hardware Level Rootkits 4. Boot loader Level Rootkits
- 29. SQL Injection oSimple SQL Injection Practical approach of bypassing login form using malicious SQL entries. Example: If you put ‘or’1’=‘1 in both username and password fields of a login form vulnerable to SQL injection, then it bypasses the login form.
- 30. SQL Injection oUnion SQL Injection The union operation of the SQL databases is used to find the vulnerable column of entries. This vulnerable column can be further used to rig out meta data about the database.
- 31. SQL Injection oBlind SQL Injection It asks the database “True OR False” based questions and determines the answer based on the applications response.
- 32. SQL Injection oAdvanced SQL Injection Error messages are used to extract information. Example: Warning: mysql_fetch_array():supplied argument is not valid MySQL result resource in D:Inetpubvhostskpccvicharvibhag.orghttpdo csadminclassesclsCollection.php on line 124 Above is a generic error message through which we can extract a lot of information about the database.
- 33. SQL Injection oAdvanced SQL Injection 1. Message says that the back-end is running on MySQl 2. Path stated starts with D:inetpubvhosts… this means the Operating System is Windows based and the web server being used is IIS.