SlideShare a Scribd company logo

Ethical Hacking Redefined

Download as PPTX, PDF
Pawan Patil
Pawan Patil

This document provides an overview of computer hacking and ethical hacking. It discusses the history of hacking, different types of hackers (e.g. white hat, black hat), why people hack, and the hacking process. The hacking process involves preparation, footprinting, enumeration/fingerprinting, identifying vulnerabilities, exploiting vulnerabilities to gain access, escalating privileges, covering tracks, and creating backdoors. It also discusses how to protect systems from hackers through actions like patching security holes, encrypting data, using firewalls and IDS systems. The document emphasizes that ethical hacking involves legally testing systems with permission to identify vulnerabilities.

1 of 34
Downloaded 62 times
Presented By: Pawan Patil BCA Sem V Roll No :24 COMPUTER SECURITY AND ETHICAL HACKING
CONTENTS • Overview of Hacking • History • Types of hacking • Hacker • Types of Hacker • Why do hackers hack? • How can kid hack? • What does a script kid know? • Hackers language
CONTENT CONTINUED… • How to translate the hackers’ language • Ethical Hacking • Ethical Hacking – Process • What hackers do after hacking? • Why can’t we defend against hackers? • How can we protect the system? • What we should do after hacked? • Final words
OVERVIEW OF HACKING • Hack • Examine something very minutely • the rapid crafting of a new program or the making of changes to existing, usually complicated software • Hacker • The person who hacks • Cracker • System intruder/destroyer
HISTORY OF HACKING • 1903 - Magician and inventor Nevil Maskelyne disrupts John Ambrose Fleming's public demonstration on secure wireless telegraphy technology, sending insulting code messages through the auditorium's projector. • 1943 - French computer expert René Carmille, hacked the punched card used by the Nazis to locate Jews. • 1982 - The 414s break into 60 computer systems at institutions ranging from the Los Alamos Laboratories to Manhattan's Memorial Sloan-Kettering Cancer Centre. The incident appeared as the cover story of Newsweek with the title Beware: Hackers at play, possibly the first mass-media use of the term hacker in the context of computer security. As a result, the U.S. House of Representatives held hearings on computer security and passed several laws.
TYPES OF HACKING Normal data transfer Interruption Interception Modification Fabrication
HACKER : • Someone who bypasses the system’s access controls by taking advantage of security weaknesses left in the system by developers • Person who is totally immersed in computer technology and programming, and who likes to examine the code of programs to see how they work … then uses his or her computer expertise for illicit purposes such as gaining access to computer systems without permission and tampering with programs and data. At that point, this individual would steal information and install backdoors, virus and Trojans • Hacker means cracker nowadays.
WHAT IS HACKING
TYPES OF HACKER • White Hat Hackers: • who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. • Black Hat Hackers: • A black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat. • Gray Hat Hackers: • A grey hat, in the hacking community, refers to a skilled hacker whose activities fall somewhere between white and black hat hackers on a variety of spectra
TYPES OF HACKER CONTINUED… • Script Kiddies: • who use scripts or programs developed by others to attack computer systems and networks and deface websites.[ • Phreak • Person who breaks into telecommunications systems to [commit] theft • Cyber Punk • Recent mutation of … the hacker, cracker, and phreak
WHY DO PEOPLE HACK?? • To make security stronger ( Ethical Hacking ) • Just for fun • Show off • Hack other systems secretly • Notify many people their thought • Steal important information • Destroy enemy’s computer network during the war
HACKERS LANGUAGE : 1 -> i or l 3 -> e 4 -> a 7 -> t 9 -> g 0 -> o $ -> s | -> i or l || -> n |/| -> m s -> z z -> s f -> ph ph -> f x -> ck ck -> x
HACKERS LANGUAGE TRANSLATION • Ex) • 1 d1d n0t h4ck th1s p4g3, 1t w4s l1k3 th1s wh3n 1 h4ck3d 1n • I did not hack this page, it was like this when I hacked in
GOAL
HACKING - PROCESS 1. Preparation 2. Foot printing 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities 6. Gaining Access 7. Escalating privilege 8. Covering tracks 9. Creating back doors
1. PREPARATION • Identification of Targets – company websites, mail servers, extranets, etc. • Signing of Contract • Agreement on protection against any legal issues • Contracts to clearly specifies the limits and dangers of the test • Specifics on Denial of Service Tests, Social Engineering, etc. • Time window for Attacks • Total time for the testing • Prior Knowledge of the systems • Key people who are made aware of the testing
2. FOOT PRINTING Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources • Search engines • Forums • Databases – whois, • Tools – PING, whois, Traceroute, nslookup
3. ENUMERATION & FINGERPRINTING • Specific targets determined • Identification of Services / open ports • Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools • Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
4. IDENTIFICATION OF VULNERABILITIES Vulnerabilities: It is a weakness which allows an attacker to reduce a system's information assurance. • Insecure Configuration • Weak passwords • Unpatched vulnerabilities in services, Operating systems, applications • Possible Vulnerabilities in Services, Operating Systems • Insecure programming • Weak Access Control
IDENTIFICATION OF VULNERABILITIES CONT.. Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion
5. ATTACK – EXPLOIT THE VULNERABILITIES Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
6. GAINING ACCESS: • Enough data has been gathered at this point to make an informed attempt to access the target • Techniques • Password eavesdropping • File share brute forcing • Password file grab • Buffer overflows
7. ESCALATING PRIVILEGES • If only user-level access was obtained in the last step, the attacker will now seek to gain complete control of the system • Techniques • Password cracking • Known exploits
8. COVERING TRACKS • Once total ownership of the target is secured, hiding this fact from system administrators becomes paramount, lest they quickly end the romp. • Techniques • Clear logs • Hide tools
9. CREATING BACK DOORS • Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim of the intruder • Techniques • Create rogue user accounts • Schedule batch jobs • Infect startup files • Plant remote control services • Install monitoring mechanisms • Replace apps with trojans
WHAT DO HACKERS DO AFTER HACKING? (1) • Patch security hole • The other hackers can’t intrude • Clear logs and hide themselves • Install rootkit ( backdoor ) • The hacker who hacked the system can use the system later • It contains trojan virus, and so on • Install irc related program • identd, irc, bitchx, eggdrop, bnc
WHAT DO HACKERS DO AFTER HACKING? (2) • Install scanner program • mscan, sscan, nmap • Install exploit program • Install denial of service program • Use all of installed programs silently
WHY CAN’T WE DEFEND AGAINST HACKERS? • There are many unknown security hole • Hackers need to know only one security hole to hack the system • Admin need to know all security holes to defend the system
ARE WE SECURE????
WHAT IS ETHICAL HACKING?? • It is Legal • Permission is obtained from the target • Part of an overall security program • Identify vulnerabilities visible from Internet at particular point of time • Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner • Also Called – Attack & Penetration Testing,
HOW CAN WE PROTECT THE SYSTEM?  Patch security hole often  Encrypt important data  Ex) pgp, ssh  Do not run unused daemon  Remove unused setuid/setgid program  Setup loghost • Backup the system often  Setup firewall  Setup IDS  Ex) snort
WHAT SHOULD WE DO AFTER HACKED? • Shutdown the system • Or turn off the system • Separate the system from network • Restore the system with the backup • Or reinstall all programs • Connect the system to the network
REMEMBER
REMEMBER

Recommended

Hacking
HackingHacking
Hacking
Karan Poshattiwar
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Rishabha Garg
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION
Yash Shukla
 
Threats to network
Threats to networkThreats to network
Threats to network
Q4Points.com
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
Harshil Barot
 
Ethical hacking Presentation
Ethical hacking PresentationEthical hacking Presentation
Ethical hacking Presentation
AmbikaMalgatti
 
Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics Using fault injection attacks for digital forensics
Using fault injection attacks for digital forensics
Justin Black
 
Hacking final
Hacking finalHacking final
Hacking final
JiyaaNaqvi
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
himanshujoshi238
 
The Basics of Ethical Hacking
The Basics of Ethical HackingThe Basics of Ethical Hacking
The Basics of Ethical Hacking
Vamshi TG
 
Hacking
HackingHacking
Hacking
powerpointking1
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Namrata Raiyani
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
Divyank Jindal
 
An Introduction to Ethical Hacking
An Introduction to Ethical HackingAn Introduction to Ethical Hacking
An Introduction to Ethical Hacking
Vinny Vessel
 
Hacking
HackingHacking
Hacking
Arpit Verma
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Georgekutty Francis
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking Overview
Sam Bowne
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
PTC
 
ethical hacking
ethical hackingethical hacking
ethical hacking
Neelima Bawa
 
Basic Introduction to hacking
Basic Introduction to hackingBasic Introduction to hacking
Basic Introduction to hacking
Sainath Volam
 
Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.
JasminJaman1
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
Dharmesh Makwana
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Keith Brooks
 
Career in Ethical Hacking
Career in Ethical Hacking Career in Ethical Hacking
Career in Ethical Hacking
neosphere
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Sourabh Badve
 
About hackers
About hackersAbout hackers
About hackers
Kaptainz12
 
Ethical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyayEthical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyay
Chandra Prakash
 
Hackers
HackersHackers
Hackers
Mahmoud Saeed
 

More Related Content

What's hot (19)

Hacking final
Hacking finalHacking final
Hacking final
JiyaaNaqvi
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
himanshujoshi238
 
The Basics of Ethical Hacking
The Basics of Ethical HackingThe Basics of Ethical Hacking
The Basics of Ethical Hacking
Vamshi TG
 
Hacking
HackingHacking
Hacking
powerpointking1
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Namrata Raiyani
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
Divyank Jindal
 
An Introduction to Ethical Hacking
An Introduction to Ethical HackingAn Introduction to Ethical Hacking
An Introduction to Ethical Hacking
Vinny Vessel
 
Hacking
HackingHacking
Hacking
Arpit Verma
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Georgekutty Francis
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking Overview
Sam Bowne
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
PTC
 
ethical hacking
ethical hackingethical hacking
ethical hacking
Neelima Bawa
 
Basic Introduction to hacking
Basic Introduction to hackingBasic Introduction to hacking
Basic Introduction to hacking
Sainath Volam
 
Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.
JasminJaman1
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
Dharmesh Makwana
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Keith Brooks
 
Career in Ethical Hacking
Career in Ethical Hacking Career in Ethical Hacking
Career in Ethical Hacking
neosphere
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Sourabh Badve
 
Hacking final
Hacking finalHacking final
Hacking final
JiyaaNaqvi
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
himanshujoshi238
 
The Basics of Ethical Hacking
The Basics of Ethical HackingThe Basics of Ethical Hacking
The Basics of Ethical Hacking
Vamshi TG
 
Hacking
HackingHacking
Hacking
powerpointking1
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Namrata Raiyani
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
Divyank Jindal
 
An Introduction to Ethical Hacking
An Introduction to Ethical HackingAn Introduction to Ethical Hacking
An Introduction to Ethical Hacking
Vinny Vessel
 
Hacking
HackingHacking
Hacking
Arpit Verma
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Georgekutty Francis
 
CNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking OverviewCNIT 123 Ch 1: Ethical Hacking Overview
CNIT 123 Ch 1: Ethical Hacking Overview
Sam Bowne
 
Penetration testing
Penetration testing Penetration testing
Penetration testing
PTC
 
ethical hacking
ethical hackingethical hacking
ethical hacking
Neelima Bawa
 
Basic Introduction to hacking
Basic Introduction to hackingBasic Introduction to hacking
Basic Introduction to hacking
Sainath Volam
 
Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.Hacking- Ethical/ Non-ethical, Cyber Security.
Hacking- Ethical/ Non-ethical, Cyber Security.
JasminJaman1
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
Dharmesh Makwana
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Keith Brooks
 
Career in Ethical Hacking
Career in Ethical Hacking Career in Ethical Hacking
Career in Ethical Hacking
neosphere
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Sourabh Badve
 

Viewers also liked (9)

About hackers
About hackersAbout hackers
About hackers
Kaptainz12
 
Ethical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyayEthical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyay
Chandra Prakash
 
Hackers
HackersHackers
Hackers
Mahmoud Saeed
 
Hackers ESP
Hackers ESPHackers ESP
Hackers ESP
Maryam AL-Khabbaz
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - Introduction
Bharat Thakkar
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
SHERALI445
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
giridhar_sadasivuni
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Suryansh Srivastava
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
Sai Sakoji
 
About hackers
About hackersAbout hackers
About hackers
Kaptainz12
 
Ethical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyayEthical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyay
Chandra Prakash
 
Hackers
HackersHackers
Hackers
Mahmoud Saeed
 
Hackers ESP
Hackers ESPHackers ESP
Hackers ESP
Maryam AL-Khabbaz
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - Introduction
Bharat Thakkar
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
SHERALI445
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
giridhar_sadasivuni
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Suryansh Srivastava
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
Sai Sakoji
 

Similar to Ethical Hacking Redefined (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
VipinYadav257
 
Ethical Hacking.pptx Hacker Presentation
Ethical Hacking.pptx Hacker PresentationEthical Hacking.pptx Hacker Presentation
Ethical Hacking.pptx Hacker Presentation
sahilhussain2006bth
 
sourabh_sipPPT.pptx
sourabh_sipPPT.pptxsourabh_sipPPT.pptx
sourabh_sipPPT.pptx
SourabhRuhil4
 
building foundation for ethical hacking.ppt
building foundation for ethical hacking.pptbuilding foundation for ethical hacking.ppt
building foundation for ethical hacking.ppt
ShivaniSingha1
 
Hacking
HackingHacking
Hacking
VipinYadav257
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
ankit sarode
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
chrizjohn896
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
 
Ethical_Hacking
Ethical_HackingEthical_Hacking
Ethical_Hacking
Shahnawaz Sarkar
 
Ethical Hacking.pptx
Ethical Hacking.pptxEthical Hacking.pptx
Ethical Hacking.pptx
MadhuKumar114889
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
Abhilash Ak
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Rohan Raj
 
Session Slide
Session SlideSession Slide
Session Slide
Muralidharan Radhakrishnan
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
Ethical hacking.pptx
Ethical hacking.pptxEthical hacking.pptx
Ethical hacking.pptx
NilkanthPatel38
 
Computer Security
Computer SecurityComputer Security
Computer Security
Greater Noida Institute Of Technology
 
Security for database administrator to enhance security
Security for database administrator to enhance securitySecurity for database administrator to enhance security
Security for database administrator to enhance security
ssuser20fcbe
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
vamshimatangi
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
Thangaraj Murugananthan
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
VipinYadav257
 
Ethical Hacking.pptx Hacker Presentation
Ethical Hacking.pptx Hacker PresentationEthical Hacking.pptx Hacker Presentation
Ethical Hacking.pptx Hacker Presentation
sahilhussain2006bth
 
sourabh_sipPPT.pptx
sourabh_sipPPT.pptxsourabh_sipPPT.pptx
sourabh_sipPPT.pptx
SourabhRuhil4
 
building foundation for ethical hacking.ppt
building foundation for ethical hacking.pptbuilding foundation for ethical hacking.ppt
building foundation for ethical hacking.ppt
ShivaniSingha1
 
Hacking
HackingHacking
Hacking
VipinYadav257
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
ankit sarode
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
chrizjohn896
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
 
Ethical_Hacking
Ethical_HackingEthical_Hacking
Ethical_Hacking
Shahnawaz Sarkar
 
Ethical Hacking.pptx
Ethical Hacking.pptxEthical Hacking.pptx
Ethical Hacking.pptx
MadhuKumar114889
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
Sweta Leena Panda
 
Ethical hacking and cyber security intro
Ethical hacking and cyber security introEthical hacking and cyber security intro
Ethical hacking and cyber security intro
Abhilash Ak
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Rohan Raj
 
Session Slide
Session SlideSession Slide
Session Slide
Muralidharan Radhakrishnan
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
Ethical hacking.pptx
Ethical hacking.pptxEthical hacking.pptx
Ethical hacking.pptx
NilkanthPatel38
 
Computer Security
Computer SecurityComputer Security
Computer Security
Greater Noida Institute Of Technology
 
Security for database administrator to enhance security
Security for database administrator to enhance securitySecurity for database administrator to enhance security
Security for database administrator to enhance security
ssuser20fcbe
 
Ethical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptxEthical Hacking justvamshi .pptx
Ethical Hacking justvamshi .pptx
vamshimatangi
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
Thangaraj Murugananthan
 

Recently uploaded (19)

White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 

Ethical Hacking Redefined

  • 1. Presented By: Pawan Patil BCA Sem V Roll No :24 COMPUTER SECURITY AND ETHICAL HACKING
  • 2. CONTENTS • Overview of Hacking • History • Types of hacking • Hacker • Types of Hacker • Why do hackers hack? • How can kid hack? • What does a script kid know? • Hackers language
  • 3. CONTENT CONTINUED… • How to translate the hackers’ language • Ethical Hacking • Ethical Hacking – Process • What hackers do after hacking? • Why can’t we defend against hackers? • How can we protect the system? • What we should do after hacked? • Final words
  • 4. OVERVIEW OF HACKING • Hack • Examine something very minutely • the rapid crafting of a new program or the making of changes to existing, usually complicated software • Hacker • The person who hacks • Cracker • System intruder/destroyer
  • 5. HISTORY OF HACKING • 1903 - Magician and inventor Nevil Maskelyne disrupts John Ambrose Fleming's public demonstration on secure wireless telegraphy technology, sending insulting code messages through the auditorium's projector. • 1943 - French computer expert René Carmille, hacked the punched card used by the Nazis to locate Jews. • 1982 - The 414s break into 60 computer systems at institutions ranging from the Los Alamos Laboratories to Manhattan's Memorial Sloan-Kettering Cancer Centre. The incident appeared as the cover story of Newsweek with the title Beware: Hackers at play, possibly the first mass-media use of the term hacker in the context of computer security. As a result, the U.S. House of Representatives held hearings on computer security and passed several laws.
  • 6. TYPES OF HACKING Normal data transfer Interruption Interception Modification Fabrication
  • 7. HACKER : • Someone who bypasses the system’s access controls by taking advantage of security weaknesses left in the system by developers • Person who is totally immersed in computer technology and programming, and who likes to examine the code of programs to see how they work … then uses his or her computer expertise for illicit purposes such as gaining access to computer systems without permission and tampering with programs and data. At that point, this individual would steal information and install backdoors, virus and Trojans • Hacker means cracker nowadays.
  • 9. TYPES OF HACKER • White Hat Hackers: • who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. • Black Hat Hackers: • A black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat. • Gray Hat Hackers: • A grey hat, in the hacking community, refers to a skilled hacker whose activities fall somewhere between white and black hat hackers on a variety of spectra
  • 10. TYPES OF HACKER CONTINUED… • Script Kiddies: • who use scripts or programs developed by others to attack computer systems and networks and deface websites.[ • Phreak • Person who breaks into telecommunications systems to [commit] theft • Cyber Punk • Recent mutation of … the hacker, cracker, and phreak
  • 11. WHY DO PEOPLE HACK?? • To make security stronger ( Ethical Hacking ) • Just for fun • Show off • Hack other systems secretly • Notify many people their thought • Steal important information • Destroy enemy’s computer network during the war
  • 12. HACKERS LANGUAGE : 1 -> i or l 3 -> e 4 -> a 7 -> t 9 -> g 0 -> o $ -> s | -> i or l || -> n |/| -> m s -> z z -> s f -> ph ph -> f x -> ck ck -> x
  • 13. HACKERS LANGUAGE TRANSLATION • Ex) • 1 d1d n0t h4ck th1s p4g3, 1t w4s l1k3 th1s wh3n 1 h4ck3d 1n • I did not hack this page, it was like this when I hacked in
  • 14. GOAL
  • 15. HACKING - PROCESS 1. Preparation 2. Foot printing 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities 6. Gaining Access 7. Escalating privilege 8. Covering tracks 9. Creating back doors
  • 16. 1. PREPARATION • Identification of Targets – company websites, mail servers, extranets, etc. • Signing of Contract • Agreement on protection against any legal issues • Contracts to clearly specifies the limits and dangers of the test • Specifics on Denial of Service Tests, Social Engineering, etc. • Time window for Attacks • Total time for the testing • Prior Knowledge of the systems • Key people who are made aware of the testing
  • 17. 2. FOOT PRINTING Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources • Search engines • Forums • Databases – whois, • Tools – PING, whois, Traceroute, nslookup
  • 18. 3. ENUMERATION & FINGERPRINTING • Specific targets determined • Identification of Services / open ports • Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools • Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
  • 19. 4. IDENTIFICATION OF VULNERABILITIES Vulnerabilities: It is a weakness which allows an attacker to reduce a system's information assurance. • Insecure Configuration • Weak passwords • Unpatched vulnerabilities in services, Operating systems, applications • Possible Vulnerabilities in Services, Operating Systems • Insecure programming • Weak Access Control
  • 20. IDENTIFICATION OF VULNERABILITIES CONT.. Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion
  • 21. 5. ATTACK – EXPLOIT THE VULNERABILITIES Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
  • 22. 6. GAINING ACCESS: • Enough data has been gathered at this point to make an informed attempt to access the target • Techniques • Password eavesdropping • File share brute forcing • Password file grab • Buffer overflows
  • 23. 7. ESCALATING PRIVILEGES • If only user-level access was obtained in the last step, the attacker will now seek to gain complete control of the system • Techniques • Password cracking • Known exploits
  • 24. 8. COVERING TRACKS • Once total ownership of the target is secured, hiding this fact from system administrators becomes paramount, lest they quickly end the romp. • Techniques • Clear logs • Hide tools
  • 25. 9. CREATING BACK DOORS • Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim of the intruder • Techniques • Create rogue user accounts • Schedule batch jobs • Infect startup files • Plant remote control services • Install monitoring mechanisms • Replace apps with trojans
  • 26. WHAT DO HACKERS DO AFTER HACKING? (1) • Patch security hole • The other hackers can’t intrude • Clear logs and hide themselves • Install rootkit ( backdoor ) • The hacker who hacked the system can use the system later • It contains trojan virus, and so on • Install irc related program • identd, irc, bitchx, eggdrop, bnc
  • 27. WHAT DO HACKERS DO AFTER HACKING? (2) • Install scanner program • mscan, sscan, nmap • Install exploit program • Install denial of service program • Use all of installed programs silently
  • 28. WHY CAN’T WE DEFEND AGAINST HACKERS? • There are many unknown security hole • Hackers need to know only one security hole to hack the system • Admin need to know all security holes to defend the system
  • 30. WHAT IS ETHICAL HACKING?? • It is Legal • Permission is obtained from the target • Part of an overall security program • Identify vulnerabilities visible from Internet at particular point of time • Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner • Also Called – Attack & Penetration Testing,
  • 31. HOW CAN WE PROTECT THE SYSTEM?  Patch security hole often  Encrypt important data  Ex) pgp, ssh  Do not run unused daemon  Remove unused setuid/setgid program  Setup loghost • Backup the system often  Setup firewall  Setup IDS  Ex) snort
  • 32. WHAT SHOULD WE DO AFTER HACKED? • Shutdown the system • Or turn off the system • Separate the system from network • Restore the system with the backup • Or reinstall all programs • Connect the system to the network