SlideShare uma empresa Scribd logo

Ethical hacking

Transferir como DOCX, PDF
Asaduzzaman Kanok
Asaduzzaman Kanok

Certified Ethical Hacker is a qualification obtained in assessing the security of computer systems, using penetration testing techniques. The code for the CEH exam is 312-50, the certification is in Version 9 as of late 2015.

Educação
1 de 11
Ethical Hacking Introduction Ethical hacking are known as penetration testing or White-hat hacking, involves the same tools, tricks and techniques that hackers use, but with one major difference that ethical hacking is legal. Ethical hacking can also ensure that vendors claims about the security of their products legitimate. It is Legal. Permission is obtained from the target. Part of an overall security program. Identify vulnerabilities visible from Internet at particular point of time. Ethical hackerspossessessameskills, mindset and tools of a hackerbutthe attacks are done in a non-destructive manner. Why – Ethical Hacking  Protection From Possible External Attacks Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data
Ethical Hacking History Sincethe1980's,theInternethasvastlygrowninpopularity andcomputersecurityhasbecome a major concernforbusinessesandgovernments.Organizationswouldliketo usethe Internet to their advantage by utilizing the Internet as a medium for e-commerce, advertising, information distribution andaccess,aswellasotherendeavors.However,theyremainworried that they may be hacked which could lead to a loss of control of private and personal information regarding the organization, its employees, and its clients. From the early days of computers, ethical hacking has been used as an evaluation of system security. Many early ethical hacks were conducted by the United States Military to cary out security evaluations on their operating systems to determine whether they should employ a two-level (secret/top secret) classification system. However, with the growth of computing and networking in the early 1990's, computer and network vulnerability studies began to appear outside of the military organization. In December of 1993, two computer security researchers,DanFarmer fromElementalSecurity and Wietse Venemafrom IBM, suggested thatthe techniques usedbyhackerscanbeusedtoassesthesecurityofan information system. What does an Ethical Hacker do ? An ethical hackeris a person doing ethical hacking that is he is a security personalwho tries to penetrate in to a network to find if there is some vulnerability in the system. An ethical hacker will always have the permission to enter into the target network. If he succeedin penetratinginto the system then he will report to the companywith adetailed report about the particular vulnerab-ility exploiting which he got in to the system.  Expressed(often written) permission to probe the network and attempt to identify potentialsecurity risks.  They respectthe individual's or company'sprivacy.
 They closeout yourwork, not leavinganything openfor you orsomeoneelse to exploit ata later time.  They let the software developerorhardware manufacturerknow of any security vulnerabilities you locate in their software or hardware,if notalready knownby the company. The term "ethicalhacker" hasreceivedcriticism at times from peoplewho say that there is no suchthing as an "ethical" hacker.Hacking is hacking,no matter how youlook atit and those who do the hackingare commonlyreferred to as computercriminals or cyber criminals. However,the work that ethicalhackersdo for organizationshashelped improve system security andcan be said to be quite effective and successful. Ethicalhackingandethicalhackeraretermsusedtodescribe hackingperformedbyacompany or individual to help identify potential threats on a computer or network. An ethical hacker attempts to bypasssystemsecurity and searchfor any weak points that could be exploited by malicious hackers. This information is then used by the organization to improve the system security, in an effort to minimize or eliminate any potential attacks
Required Skills of an Ethical Hacker  Microsoft,mainframe computer  Linux,infosec  Firewalls  Routers  Network Protocols  Project and problem Management  knowledge of threat sources  Hardware software network Certification Comunicaton report writing Due to the controversy surrounding the profession of ethical hacking, the International Council of E-Commerce Consultants (EC-Council) provides a professional certification for Certified Ethical Hackers (CEH).
The Ethical Hacking Process Planning - Planningis essentialfor havinga successfulproject.It providesan opportunity to give critical thoughtto what needsto be done, allows for goals to be set, and allows for a risk assessment to evaluate how a project should be carried out. Thereare a large numberofexternalfactors thatneedto beconsideredwhenplanningto carry out an ethical hack. These factors include existing sequrity policies, culture, laws and regulations, best practices, and industry requirements. Each of these factors play an integral role in the decision making process when it comesto ethicalhacking. The planning phaseof an ethical hack will have a profound influence on how the hack is performed and the information shared and collected, and will directly influence the deliverable and integration of the results into the security program. The planning phasewill describe many of the details of a controlled attack. It will attempt to answerquestions regarding how the attack is going to be supported and controlled, whatthe underlying actions that must be performed and who does what, when, where, and for how long. Reconnaissance- Reconnaissance is the search for freely available information to assist in an attack. This can be as simple as a ping or browsing newsgroups on the Internet in search of disgruntled employees divulging secret information or as messy as digging through the trash to find receipts or letters. Reconnaissancecan include social engineering, tapping phones and networks, or even theft. The search for information is limited only by the extremes at which the organization and ethical hacker are willing to go in order to recover the information they are searching for. The reconnaissance phase introduces the relationship between the tasks that must be completed and the methods that will need to be used in order to protect the organization's assets and information.
Enumeration- Enumeration is also known as network or vulnerability discovery. It is the act of obtaining information that is readily availablefrom the target's system, applicationsand networks.It is important to note that the enumeration phase is often the point where the line between an ethicalhack and a malicious attack can becomeblurred as it is often easyto go outside ofthe boundaries outlined in the original attack plan. In order to constructa picture of an organization's environment, severaltools and techniques are available. These tools and techniques include port scanning and NMap. Although it is rather simple to collect information, it is rather difficult to determine the value of the information in the hands of a hacker. At first glance, enumeration is simple: take the collected data and evaluate it collectively to establish a plan for more reconnaissanceor building a matrix for the vulnerability analysis phase. However, the enumeration phase is where the ethical hacker's ability to make logical deductions plays an enormous role. Vulnerability Analysis- In order to effectively analyze data, an ethical hacker must employ a logical and pragmatic approach. In the vulnerability analysis phase, the collected information is compared with known vulnerabilities in a practical process. Information is usefulno matter whatthe source.Any little bit can help in discoveringoptions for exploitation andmaypossiblylead to discoveriesthatmaynothavebeenfoundotherwise. Knownvulnerabilities, incidents,service packs,updates,andevenavailablehackertoolshelp in identifying a point of attack. The Internet provides a vast amount of information that can easily be associated with the architecture and strong and weak points of a system. Final Analysis- Although the exploitation phase has a numberof checks and validations to ensure success, a final analysisis required to categorize the vulnerabilities of the system in terms of their level of exposure and to assist in the derivation of a mitigation plan. The final analysis phase
provides a link between the exploitation phase and the creation of a deliverable. A comprehensiveviewoftheentire attackmustexistin orderto constructa biggerpicture ofthe security posture of the environment and express the vulnerabilities in a clear and useful manner. The final analysis is part interpretation and part empirical results. Important METHODOLOGY OF HACKING This literal meaning of the Word reconnaissance means a preliminary survey to gain the information . This is also knownas foot-printing. As given in the analogy,this is the stagein which the hackercollectsinformation aboutthe companywhichthepersonalis going to hack. This is one of the pre-attacking phases. Scanning The hacker tries to make a blue print of the target network. The blue print includes the IP addressesofthetargetnetworkwhicharelive, theserviceswhicharerunningonthosesystems andso on Modern portscanningusesTCPprotocolto doscanning andthey couldevendetect the operating systems running on the particular hosts. Gaining access This is the actual hacking phase in which the hackergains access to the system. The hacker will make useofall the information he collectedin the pre-attacking phases.Usuallythemain hindrancetogainingaccesstoasystemisthepasswords.IntheSystemhackingfirstthehacker will try to get in to the system. Password Cracking Thereare manymethodsforcrackingthe passwordandthengetin to the system.Thesimplest method is to guess the password. But this is a tedious work. But in order to make this work easier there are many automated tools for password guessing like legion. Privilege escalation
Privilege escalationistheprocessofraisingtheprivilegesoncethehackergetsintothe system The privilege escalation processusually uses the vulnerabilities presentin the hostoperating systemorthe software.There aremanytools like hk.exe,metasploitetc.One suchcommunity of hackers is the metasploit. Maintaining Access Now the hackeris inside the system . This means that he is now in a position to upload some files and downloadsome of them. The nextaim will be to make an easierpath to get in when he comes the next time. This is analogous to making a small hidden door in the building so that he can directly enter in to the building through the door easily Clearing Tracks Whenevera hackerdownloadssomefile or installs somesoftware, its log will be storedin the serverlogs.So in order to erasethe hackerusesman tools.One suchtoolis windowsresource kit’s auditpol.exe. Another tool which eliminates any physical evidence is the evidence eliminator.. The Evidence Eliminator deletes all such evidences. Ethical hacking tools Ethical hackers utilize and have developed variety of tools intrude into different kinds of systems and to evaluate the security levels. The nature of these tools differs widely. Samspade Samspadeis a simple tool which provides us information abouta particular host. This tool is very much helpful in finding the addresses, phone number etc  Email Tracker and Visual Route
 Email trackeris a software which help us to find from which serverthe mail does actually came from. Every message we receive will have a header associated with It . The email tracker uses this header information for find location.  Visualroute is a tool which displaysthe location a particular serverwith the help of IP addresses. When we connect this with the email tracker we can find the server which actually sends the mail . Advantages and disadvantages Ethical hacking nowadays is a backbone of network security .Each day its relevance is increasing ,the major pros & cons of ethical hacking.  Advantages-  “To catch a thief you have to think like a thief”  Help in closing the open holes in the network.  Provides security to banking and financial establishments.  Prevents website defacements.  An evolving technique.  Disadvantages-  All depend upon the trustworthiness of the ethical hacker  Hiring professionals is expensive
Future enhancements Asit anevolvingbranchthescopeofenhancementintechnologyis immense.Noethical hacker can ensure the system security by using the same technique repeatedly. He would He would have to improve , develop and explore new avenues repeatedly.  More enhanced software’s should be used for optimum protection . Tools used , need to be updated regularly and more efficient ones need to be developed. With companies having so much data, it has to be protected i.e. from disgruntled workers or criminal hackers. There was a case with foxybingo.com were thieves ended up with 65,000 customers data, and he was trying to sell them to numberof contacts in the gaming industry. The OpenSecurity Foundation’sDataLossDBgathersinformation abouteventsinvolvingthe loss, theft, or exposureof personally identifiable information (PII). DataLossDB’sdataset,in currentandpreviousforms,hasbeenusedinresearchbynumerouseducational,governmental, and commercial entities, which often have been able to provide statistical analysis with graphicalpresentations.In thefirst graphfrom aboveitshows,thatthere was56% ofdataloss due to hacking in the current month and the highestof all time was in 2008 where there was 986 incidents of data loss.This is a quote from Ankit Fadia:” Technologyis evolving at such a rapid pace that we’re now being introduced to mundane, everyday objects that have their own internet connection. Telephones, televisions, refrigerators and even cars are starting to havetheir own IP address.Butas technologyadvancessodoesthe complexity ofits security. “Five years ago, you had people hacking into others’ desktops and laptops. Now you see peoplehackingintosmartphonesandATMs.Anotherfiveyearsfrom now,you’llhavepeople trying to hack into a TV or a car and try to misuse it in some way. The point I’m trying to makeis thatjust aboutevery deviceis going to be connected.Andwhenthatis the case,there is alwaysthe possibility of hacking into them. Thatis where the challengelies — in securing them.”
Conclusion An ethical hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit. The word "hacker" carries weight. People strongly disagree as to what a hackeris. Hacking may be defined as legalorillegal, ethicalorunethical.The media’sportrayalof hackinghasboostedoneversion of discourse.Theconflict betweendiscoursesis important for ourunderstandingofcomputer hackingsubculture. Also, the outcomeof the conflict may prove critical in deciding whether or notour society andinstitutions remain in the controlof a small elite or we move towardsa radical democracy (a.k.a. socialism). It is my hope that the hackers of the future will move beyond their limitations (through inclusion of women, a deeper politicization, and more concern for recruitment and teaching)and become hacktivists. They need to work with non- technologicallybasedand technology-borrowingsocialmovements(like mostmodern social movementswhouse technologytodo their task more easily)in the strugglefor globaljustice. Otherwise the non-technologicallybasedsocialmovements may face difficulty continuingto resist as their powerbase is eroded while that of the new technopowerelite is growing – and the fictionesque cyberpunk-1984 world may become real. Recommendations Other than closing the internet down, the ethical hackershave to keeptwo steps ahead ofthe criminals. With companies making millions of pounds, from the internet they have to spend some the money protecting their websitesand data. we think there shouldbe more coursesin colleges, and university’s in the training of ethical hacking. Doing this assigment on ethical hacking, we have learnt how to do the Harvard system and nexttime we would focus on one aspectof ethical hackingsuchviruses or ddosattacks, with ethical hacking having such a range of topics to cover.

Recomendados

What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSPriyanka Aash
 
Splunk for security
Splunk for securitySplunk for security
Splunk for securityGreg Hanchin
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseEMC
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkAndrew Gerber
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosecErfan Mallick
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 

Recomendados

What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSPriyanka Aash
 
Splunk for security
Splunk for securitySplunk for security
Splunk for securityGreg Hanchin
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseEMC
 
Mapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkMapping the Enterprise Threat, Risk, and Security Control Landscape with Splunk
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkAndrew Gerber
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosecErfan Mallick
 
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of CompromiseInsight Brief: Security Analytics to Identify the 12 Indicators of Compromise
Insight Brief: Security Analytics to Identify the 12 Indicators of Compromise21CT Inc.
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Telesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicTelesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicSarah Chandley
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGDrm Kapoor
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Intrusion Detection System using Data Mining
Intrusion Detection System using Data MiningIntrusion Detection System using Data Mining
Intrusion Detection System using Data MiningIRJET Journal
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and ComplianceAnton Chuvakin
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesSpectorsoft
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Lookingglass whitepaper
Lookingglass whitepaperLookingglass whitepaper
Lookingglass whitepaperDaniel Coulbourne
 
Jim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for CybersecurityJim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for Cybersecurityidsecconf
 
Building an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramBuilding an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramLondon School of Cyber Security
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Phil Legg
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteDamir Delija
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
61370436 main-case-study
61370436 main-case-study61370436 main-case-study
61370436 main-case-studyhomeworkping4
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNitheesh Adithyan
 

Mais conteúdo relacionado

Mais procurados

Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple TeamPriyanka Aash
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Telesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicTelesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicSarah Chandley
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGDrm Kapoor
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemLancope, Inc.
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Intrusion Detection System using Data Mining
Intrusion Detection System using Data MiningIntrusion Detection System using Data Mining
Intrusion Detection System using Data MiningIRJET Journal
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and ComplianceAnton Chuvakin
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesSpectorsoft
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMEAlienVault
 
Jim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for CybersecurityJim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for Cybersecurityidsecconf
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Phil Legg
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteDamir Delija
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 

Mais procurados (20)

Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Telesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting InfographicTelesoft Cyber Threat Hunting Infographic
Telesoft Cyber Threat Hunting Infographic
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKING
 
The Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch SystemThe Critical Security Controls and the StealthWatch System
The Critical Security Controls and the StealthWatch System
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Intrusion Detection System using Data Mining
Intrusion Detection System using Data MiningIntrusion Detection System using Data Mining
Intrusion Detection System using Data Mining
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and Compliance
 
User Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To CompaniesUser Behavior Analytics And The Benefits To Companies
User Behavior Analytics And The Benefits To Companies
 
Security Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SMESecurity Operations Center (SOC) Essentials for the SME
Security Operations Center (SOC) Essentials for the SME
 
CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016 CYBER THREAT FORCAST 2016
CYBER THREAT FORCAST 2016
 
Lookingglass whitepaper
Lookingglass whitepaperLookingglass whitepaper
Lookingglass whitepaper
 
Jim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for CybersecurityJim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for Cybersecurity
 
Building an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence ProgramBuilding an Effective Cyber Intelligence Program
Building an Effective Cyber Intelligence Program
 
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
Visualizing the Insider Threat: Challenges and tools for identifying maliciou...
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
 
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyWhat We’ve Learned Building a Cyber Security Operation Center: du Case Study
What We’ve Learned Building a Cyber Security Operation Center: du Case Study
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidente
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 

Semelhante a Ethical hacking

61370436 main-case-study
61370436 main-case-study61370436 main-case-study
61370436 main-case-studyhomeworkping4
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical HackingIRJET Journal
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackamrutharam
 
Full seminar report on ethical hacking
Full seminar report on ethical hackingFull seminar report on ethical hacking
Full seminar report on ethical hackingGeorgekutty Francis
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosecCMR WORLD TECH
 
3.Seminar Report Ashar Shaikh Final.docx
3.Seminar Report Ashar Shaikh Final.docx3.Seminar Report Ashar Shaikh Final.docx
3.Seminar Report Ashar Shaikh Final.docxasharshaikh8
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guideMatt Ford
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxBishalRay8
 
Breaking the Code The Art of Ethical Hacking.pdf
Breaking the Code The Art of Ethical Hacking.pdfBreaking the Code The Art of Ethical Hacking.pdf
Breaking the Code The Art of Ethical Hacking.pdfCetpa Infotech
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Ethical hacking BY Thariq ibnu Ubaidhullah
Ethical hacking BY Thariq ibnu UbaidhullahEthical hacking BY Thariq ibnu Ubaidhullah
Ethical hacking BY Thariq ibnu Ubaidhullahpongada123
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
 
Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01rajkumar jonuboyena
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxasharshaikh8
 
Vulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfVulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfMithunJV
 

Semelhante a Ethical hacking (20)

61370436 main-case-study
61370436 main-case-study61370436 main-case-study
61370436 main-case-study
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
 
Full seminar report on ethical hacking
Full seminar report on ethical hackingFull seminar report on ethical hacking
Full seminar report on ethical hacking
 
Ethical hacking-guide-infosec
Ethical hacking-guide-infosecEthical hacking-guide-infosec
Ethical hacking-guide-infosec
 
3.Seminar Report Ashar Shaikh Final.docx
3.Seminar Report Ashar Shaikh Final.docx3.Seminar Report Ashar Shaikh Final.docx
3.Seminar Report Ashar Shaikh Final.docx
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPT
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guide
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptx
 
Ethical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive CheatsheetEthical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive Cheatsheet
 
Breaking the Code The Art of Ethical Hacking.pdf
Breaking the Code The Art of Ethical Hacking.pdfBreaking the Code The Art of Ethical Hacking.pdf
Breaking the Code The Art of Ethical Hacking.pdf
 
Ethical hacking1
Ethical hacking1Ethical hacking1
Ethical hacking1
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
 
Ethical hacking BY Thariq ibnu Ubaidhullah
Ethical hacking BY Thariq ibnu UbaidhullahEthical hacking BY Thariq ibnu Ubaidhullah
Ethical hacking BY Thariq ibnu Ubaidhullah
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testing
 
Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptx
 
Vulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfVulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdf
 

Mais de Asaduzzaman Kanok

Daffodil International University cover page
Daffodil International University cover pageDaffodil International University cover page
Daffodil International University cover pageAsaduzzaman Kanok
 
market structure in economics
market structure in economicsmarket structure in economics
market structure in economicsAsaduzzaman Kanok
 
Determining Requirements In System Analysis And Dsign
Determining Requirements In System Analysis And DsignDetermining Requirements In System Analysis And Dsign
Determining Requirements In System Analysis And DsignAsaduzzaman Kanok
 
Assembly Language In Electronics
Assembly Language In ElectronicsAssembly Language In Electronics
Assembly Language In ElectronicsAsaduzzaman Kanok
 
Presentation on Modem working procedures
Presentation on Modem working procedures Presentation on Modem working procedures
Presentation on Modem working proceduresAsaduzzaman Kanok
 
Rural Development in bangladesh
Rural Development in bangladeshRural Development in bangladesh
Rural Development in bangladeshAsaduzzaman Kanok
 

Mais de Asaduzzaman Kanok (9)

Daffodil International University cover page
Daffodil International University cover pageDaffodil International University cover page
Daffodil International University cover page
 
market structure in economics
market structure in economicsmarket structure in economics
market structure in economics
 
Determining Requirements In System Analysis And Dsign
Determining Requirements In System Analysis And DsignDetermining Requirements In System Analysis And Dsign
Determining Requirements In System Analysis And Dsign
 
Kernal
KernalKernal
Kernal
 
Assembly Language In Electronics
Assembly Language In ElectronicsAssembly Language In Electronics
Assembly Language In Electronics
 
Presentation on Modem working procedures
Presentation on Modem working procedures Presentation on Modem working procedures
Presentation on Modem working procedures
 
Correlation Analysis
Correlation AnalysisCorrelation Analysis
Correlation Analysis
 
Networking slide
Networking slideNetworking slide
Networking slide
 
Rural Development in bangladesh
Rural Development in bangladeshRural Development in bangladesh
Rural Development in bangladesh
 

Último

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 

Último (20)

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 

Ethical hacking

  • 1. Ethical Hacking Introduction Ethical hacking are known as penetration testing or White-hat hacking, involves the same tools, tricks and techniques that hackers use, but with one major difference that ethical hacking is legal. Ethical hacking can also ensure that vendors claims about the security of their products legitimate. It is Legal. Permission is obtained from the target. Part of an overall security program. Identify vulnerabilities visible from Internet at particular point of time. Ethical hackerspossessessameskills, mindset and tools of a hackerbutthe attacks are done in a non-destructive manner. Why – Ethical Hacking  Protection From Possible External Attacks Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data
  • 2. Ethical Hacking History Sincethe1980's,theInternethasvastlygrowninpopularity andcomputersecurityhasbecome a major concernforbusinessesandgovernments.Organizationswouldliketo usethe Internet to their advantage by utilizing the Internet as a medium for e-commerce, advertising, information distribution andaccess,aswellasotherendeavors.However,theyremainworried that they may be hacked which could lead to a loss of control of private and personal information regarding the organization, its employees, and its clients. From the early days of computers, ethical hacking has been used as an evaluation of system security. Many early ethical hacks were conducted by the United States Military to cary out security evaluations on their operating systems to determine whether they should employ a two-level (secret/top secret) classification system. However, with the growth of computing and networking in the early 1990's, computer and network vulnerability studies began to appear outside of the military organization. In December of 1993, two computer security researchers,DanFarmer fromElementalSecurity and Wietse Venemafrom IBM, suggested thatthe techniques usedbyhackerscanbeusedtoassesthesecurityofan information system. What does an Ethical Hacker do ? An ethical hackeris a person doing ethical hacking that is he is a security personalwho tries to penetrate in to a network to find if there is some vulnerability in the system. An ethical hacker will always have the permission to enter into the target network. If he succeedin penetratinginto the system then he will report to the companywith adetailed report about the particular vulnerab-ility exploiting which he got in to the system.  Expressed(often written) permission to probe the network and attempt to identify potentialsecurity risks.  They respectthe individual's or company'sprivacy.
  • 3.  They closeout yourwork, not leavinganything openfor you orsomeoneelse to exploit ata later time.  They let the software developerorhardware manufacturerknow of any security vulnerabilities you locate in their software or hardware,if notalready knownby the company. The term "ethicalhacker" hasreceivedcriticism at times from peoplewho say that there is no suchthing as an "ethical" hacker.Hacking is hacking,no matter how youlook atit and those who do the hackingare commonlyreferred to as computercriminals or cyber criminals. However,the work that ethicalhackersdo for organizationshashelped improve system security andcan be said to be quite effective and successful. Ethicalhackingandethicalhackeraretermsusedtodescribe hackingperformedbyacompany or individual to help identify potential threats on a computer or network. An ethical hacker attempts to bypasssystemsecurity and searchfor any weak points that could be exploited by malicious hackers. This information is then used by the organization to improve the system security, in an effort to minimize or eliminate any potential attacks
  • 4. Required Skills of an Ethical Hacker  Microsoft,mainframe computer  Linux,infosec  Firewalls  Routers  Network Protocols  Project and problem Management  knowledge of threat sources  Hardware software network Certification Comunicaton report writing Due to the controversy surrounding the profession of ethical hacking, the International Council of E-Commerce Consultants (EC-Council) provides a professional certification for Certified Ethical Hackers (CEH).
  • 5. The Ethical Hacking Process Planning - Planningis essentialfor havinga successfulproject.It providesan opportunity to give critical thoughtto what needsto be done, allows for goals to be set, and allows for a risk assessment to evaluate how a project should be carried out. Thereare a large numberofexternalfactors thatneedto beconsideredwhenplanningto carry out an ethical hack. These factors include existing sequrity policies, culture, laws and regulations, best practices, and industry requirements. Each of these factors play an integral role in the decision making process when it comesto ethicalhacking. The planning phaseof an ethical hack will have a profound influence on how the hack is performed and the information shared and collected, and will directly influence the deliverable and integration of the results into the security program. The planning phasewill describe many of the details of a controlled attack. It will attempt to answerquestions regarding how the attack is going to be supported and controlled, whatthe underlying actions that must be performed and who does what, when, where, and for how long. Reconnaissance- Reconnaissance is the search for freely available information to assist in an attack. This can be as simple as a ping or browsing newsgroups on the Internet in search of disgruntled employees divulging secret information or as messy as digging through the trash to find receipts or letters. Reconnaissancecan include social engineering, tapping phones and networks, or even theft. The search for information is limited only by the extremes at which the organization and ethical hacker are willing to go in order to recover the information they are searching for. The reconnaissance phase introduces the relationship between the tasks that must be completed and the methods that will need to be used in order to protect the organization's assets and information.
  • 6. Enumeration- Enumeration is also known as network or vulnerability discovery. It is the act of obtaining information that is readily availablefrom the target's system, applicationsand networks.It is important to note that the enumeration phase is often the point where the line between an ethicalhack and a malicious attack can becomeblurred as it is often easyto go outside ofthe boundaries outlined in the original attack plan. In order to constructa picture of an organization's environment, severaltools and techniques are available. These tools and techniques include port scanning and NMap. Although it is rather simple to collect information, it is rather difficult to determine the value of the information in the hands of a hacker. At first glance, enumeration is simple: take the collected data and evaluate it collectively to establish a plan for more reconnaissanceor building a matrix for the vulnerability analysis phase. However, the enumeration phase is where the ethical hacker's ability to make logical deductions plays an enormous role. Vulnerability Analysis- In order to effectively analyze data, an ethical hacker must employ a logical and pragmatic approach. In the vulnerability analysis phase, the collected information is compared with known vulnerabilities in a practical process. Information is usefulno matter whatthe source.Any little bit can help in discoveringoptions for exploitation andmaypossiblylead to discoveriesthatmaynothavebeenfoundotherwise. Knownvulnerabilities, incidents,service packs,updates,andevenavailablehackertoolshelp in identifying a point of attack. The Internet provides a vast amount of information that can easily be associated with the architecture and strong and weak points of a system. Final Analysis- Although the exploitation phase has a numberof checks and validations to ensure success, a final analysisis required to categorize the vulnerabilities of the system in terms of their level of exposure and to assist in the derivation of a mitigation plan. The final analysis phase
  • 7. provides a link between the exploitation phase and the creation of a deliverable. A comprehensiveviewoftheentire attackmustexistin orderto constructa biggerpicture ofthe security posture of the environment and express the vulnerabilities in a clear and useful manner. The final analysis is part interpretation and part empirical results. Important METHODOLOGY OF HACKING This literal meaning of the Word reconnaissance means a preliminary survey to gain the information . This is also knownas foot-printing. As given in the analogy,this is the stagein which the hackercollectsinformation aboutthe companywhichthepersonalis going to hack. This is one of the pre-attacking phases. Scanning The hacker tries to make a blue print of the target network. The blue print includes the IP addressesofthetargetnetworkwhicharelive, theserviceswhicharerunningonthosesystems andso on Modern portscanningusesTCPprotocolto doscanning andthey couldevendetect the operating systems running on the particular hosts. Gaining access This is the actual hacking phase in which the hackergains access to the system. The hacker will make useofall the information he collectedin the pre-attacking phases.Usuallythemain hindrancetogainingaccesstoasystemisthepasswords.IntheSystemhackingfirstthehacker will try to get in to the system. Password Cracking Thereare manymethodsforcrackingthe passwordandthengetin to the system.Thesimplest method is to guess the password. But this is a tedious work. But in order to make this work easier there are many automated tools for password guessing like legion. Privilege escalation
  • 8. Privilege escalationistheprocessofraisingtheprivilegesoncethehackergetsintothe system The privilege escalation processusually uses the vulnerabilities presentin the hostoperating systemorthe software.There aremanytools like hk.exe,metasploitetc.One suchcommunity of hackers is the metasploit. Maintaining Access Now the hackeris inside the system . This means that he is now in a position to upload some files and downloadsome of them. The nextaim will be to make an easierpath to get in when he comes the next time. This is analogous to making a small hidden door in the building so that he can directly enter in to the building through the door easily Clearing Tracks Whenevera hackerdownloadssomefile or installs somesoftware, its log will be storedin the serverlogs.So in order to erasethe hackerusesman tools.One suchtoolis windowsresource kit’s auditpol.exe. Another tool which eliminates any physical evidence is the evidence eliminator.. The Evidence Eliminator deletes all such evidences. Ethical hacking tools Ethical hackers utilize and have developed variety of tools intrude into different kinds of systems and to evaluate the security levels. The nature of these tools differs widely. Samspade Samspadeis a simple tool which provides us information abouta particular host. This tool is very much helpful in finding the addresses, phone number etc  Email Tracker and Visual Route
  • 9.  Email trackeris a software which help us to find from which serverthe mail does actually came from. Every message we receive will have a header associated with It . The email tracker uses this header information for find location.  Visualroute is a tool which displaysthe location a particular serverwith the help of IP addresses. When we connect this with the email tracker we can find the server which actually sends the mail . Advantages and disadvantages Ethical hacking nowadays is a backbone of network security .Each day its relevance is increasing ,the major pros & cons of ethical hacking.  Advantages-  “To catch a thief you have to think like a thief”  Help in closing the open holes in the network.  Provides security to banking and financial establishments.  Prevents website defacements.  An evolving technique.  Disadvantages-  All depend upon the trustworthiness of the ethical hacker  Hiring professionals is expensive
  • 10. Future enhancements Asit anevolvingbranchthescopeofenhancementintechnologyis immense.Noethical hacker can ensure the system security by using the same technique repeatedly. He would He would have to improve , develop and explore new avenues repeatedly.  More enhanced software’s should be used for optimum protection . Tools used , need to be updated regularly and more efficient ones need to be developed. With companies having so much data, it has to be protected i.e. from disgruntled workers or criminal hackers. There was a case with foxybingo.com were thieves ended up with 65,000 customers data, and he was trying to sell them to numberof contacts in the gaming industry. The OpenSecurity Foundation’sDataLossDBgathersinformation abouteventsinvolvingthe loss, theft, or exposureof personally identifiable information (PII). DataLossDB’sdataset,in currentandpreviousforms,hasbeenusedinresearchbynumerouseducational,governmental, and commercial entities, which often have been able to provide statistical analysis with graphicalpresentations.In thefirst graphfrom aboveitshows,thatthere was56% ofdataloss due to hacking in the current month and the highestof all time was in 2008 where there was 986 incidents of data loss.This is a quote from Ankit Fadia:” Technologyis evolving at such a rapid pace that we’re now being introduced to mundane, everyday objects that have their own internet connection. Telephones, televisions, refrigerators and even cars are starting to havetheir own IP address.Butas technologyadvancessodoesthe complexity ofits security. “Five years ago, you had people hacking into others’ desktops and laptops. Now you see peoplehackingintosmartphonesandATMs.Anotherfiveyearsfrom now,you’llhavepeople trying to hack into a TV or a car and try to misuse it in some way. The point I’m trying to makeis thatjust aboutevery deviceis going to be connected.Andwhenthatis the case,there is alwaysthe possibility of hacking into them. Thatis where the challengelies — in securing them.”
  • 11. Conclusion An ethical hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit. The word "hacker" carries weight. People strongly disagree as to what a hackeris. Hacking may be defined as legalorillegal, ethicalorunethical.The media’sportrayalof hackinghasboostedoneversion of discourse.Theconflict betweendiscoursesis important for ourunderstandingofcomputer hackingsubculture. Also, the outcomeof the conflict may prove critical in deciding whether or notour society andinstitutions remain in the controlof a small elite or we move towardsa radical democracy (a.k.a. socialism). It is my hope that the hackers of the future will move beyond their limitations (through inclusion of women, a deeper politicization, and more concern for recruitment and teaching)and become hacktivists. They need to work with non- technologicallybasedand technology-borrowingsocialmovements(like mostmodern social movementswhouse technologytodo their task more easily)in the strugglefor globaljustice. Otherwise the non-technologicallybasedsocialmovements may face difficulty continuingto resist as their powerbase is eroded while that of the new technopowerelite is growing – and the fictionesque cyberpunk-1984 world may become real. Recommendations Other than closing the internet down, the ethical hackershave to keeptwo steps ahead ofthe criminals. With companies making millions of pounds, from the internet they have to spend some the money protecting their websitesand data. we think there shouldbe more coursesin colleges, and university’s in the training of ethical hacking. Doing this assigment on ethical hacking, we have learnt how to do the Harvard system and nexttime we would focus on one aspectof ethical hackingsuchviruses or ddosattacks, with ethical hacking having such a range of topics to cover.