Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Ethical Hacking, Its relevance and Its Prospects
1. Ethical Hacking
GROUP MEMBERS:
Rwik Kumar Dutta
Sarthak Singh
Sushmita Sil
By InFERNO
Shweta Mishra
Soumya Mallick
Sristi
2. Evolution Of Hacking
The first hacker appeared in 1960’s at the Massachusetts
Institute Of Technology(MIT).
During the 1970’s, a different breed of hacker’s appeared:
Phone Phreakers or Phone Hackers.
3. In the 1980’s, phreaks started to migrate to computers, and the
first Bulletin Board System (BBS) appeared
During the 1990’s, when the Internet came along, hacker
multiplied.
4. Hacking
The Process of attempting to gain or successfully gaining,
unauthorized access to computer resources is called Hacking.
Hacking and its types…
5. `
Good guys
Don’t use their skill for illegal purposes
Computer security experts and help to
protect from black hats
Combination of white and black hat
Goal is to provide national security
Bad guys
Use their skill
meticulously for
personal gain
Hack banks, steal
credit cards and
deface websites
6. Ethical Hacking
Ethical hacking and ethical hacker are terms used to
describe hacking performed by a company or individual to
help identify potential threats on a computer or network.
An ethical hacker attempts to bypass system security and
search for any weak points.
This information is then used by the organization to
improve the system security to minimize or eliminate any
potential attacks.
And yeah, ‘ethical hacking’ is not an
oxymoron. It truly is ethical.
7. What constitutes ethical
hacking?
For hacking to be deemed ethical, the hacker must obey the
following rules:
Expressed (often written) permission to probe the network
and attempt to identify potential security risks.
You respect the individual's or company's privacy.
You close out your work, not leaving anything open for you
or someone else to exploit at a later time.
You let the software developer or hardware manufacturer
know of any security vulnerabilities you locate
in their software or hardware, if not already
known by the company.
8. Hack without being on the
wrong side of the law….
Hack ethically: work professionally, have high morals and
principles.
Respect privacy: Treat the information gathered with utmost
respect and take care to keep it private.
Work within the guidelines and limitations specified by your
client.
Unless and until you violate any of the above, you will not
find yourself on the wrong side of the law.
Being a ‘white hat’ hacker may give you
lesser adrenaline rush than a ‘black hat’
hacker, but you will atleast lead a good
and honest life and no fear of serving
prison for hacking.
9. As an ethical hacker, you have to
evaluate the system security to
answer the following:
What can an intruder see on the target systems?
What can an intruder do with that information?
Does anyone at the target the intruders attempts or
successes?
What are you trying to protect?
What are you trying to protect against?
How much time, money and effort are you willing to spend
to obtain adequate protection?
10. Why should you consider selecting
ethical hacking as a profession?
To make security in systems stronger
Just for fun
Show Off
You might be one of those people who love to break into
other’s systems but are scared of the legal implications of
doing it on the sly
.
11. Ethical hacking-a core part of IT
security industry today
The IT security industry is growing at the rate of 21% per
annum.
In 2012,ethical hacking was estimated to be a US$ 3.8
billion industry in the US alone.
According to Nasscom, India will require at least 77,000
ethical hackers every year whereas we are producing only
15,000 in a year, currently.
As an intern, you can get around 2.5lakhs per annum. With
one year of experience, it can go upto 4.5lakhs per annum.
With work experience of 5 years or
more, It can go up and beyond 10-12
lakhs.
12. Hacking Process
Reconnaissance(Foot
printing): Whois
Lookup, NS Lookup,
IP Lookup
Scanning and
Enumeration: Port
Scanning, Network
Scanning, Finger
printing, Fire walking
Atack and Gaining
Access: Password
Attacks, Social
Engineering, Viruses
Maintaining access:
Os Backdoors, Trojans
Clearing tracks:
Removing all traces
13. Guidelines for making your
career at ethical hacking
You should have specific domain specializations in various
areas including networking and related areas, RDBMS,
programming languages and OS’s specially windows and linux.
Develop strong soft skills including good communication skills,
good problem solving ability, good strong ethic, good
adaptibility and the mindset to stay dedicated.
Try to be Street Smart-the methodologies that you might need
to adopt to solve a problem can be very unorthodox or out of
the box.
Try to follow hacking conventions like DefCon and try to
connect with one of DefCon affiliated local
groups.
Stay updated with the latest in the IT security
industry.
14. Resources and Certifications
Boost your career, by getting certified.
EC-Council offers a C|EH(certified ethical hacker)
certification which is internationally accepted.
Earn other security certificates like Security+ offered by
CompTIA , the CISSP certification, the TICSA certification
and many more.
Check the resources section of the
EC-Council site.
You can buy books like Hacking: The
Art Of Exploitation and other great
learning and reference books.
15. Latest trends in ethical hacking
Network penetration testing is dead.
Web and Mobile Application Security Testing jobs are on
the rise.
Beware. Web and Mobile Testing is getting automated and
commoditized.
Gaining skills in deeper Business Logic Testing, Code
Review, Architecture review is important.
Running scripts/tools is not enough. Understanding the
design, code and logic is critical for career
growth.
Knowing to break is not good
enough. Learn Prevention.
16. Case study: The Heartbleed
bug(CVE-2014-0160 )
Heartbleed bug: caused due to (unfortunate) memory leaks in systems
protected by vulnerable versions of OpenSSL.
OpenSSL is a general purpose cryptography library that provides an open
source implementation of the Secure Sockets Layer (SSL) and Transport
Layer Security (TLS) protocols.
SSL/TLS provides communication security and privacy over the Internet for
applications such as web, email, instant messaging (IM) and some virtual
private networks (VPNs).
The most notable software using OpenSSL are the open source web
servers like Apache and nginx. The combined
market share of just those two out of the
active sites on the Internet was over 66%
according toNetcraft's April 2014 Web Server
Survey.
Named ‘heartbleed’ because the bug is in the implementation
of a feature called ‘heartbeat’.
17. Understanding‘heartbleed’…
The actual bug in ‘heatbleed’ is surprisingly quite simple.
We can easily understand it by drawing an analogy from a
simple C code.
int arr[]={5,6,7};cout<<arr[10]; //Will this be an error?
No, it wont. It will try to read contents from the memory
beyond what is allocated for the array and hence may return
anything, might even crash your computer…
18. If it so happened that your server had one of your
passwords or encryption keys in the memory at that
moment, the info might have got leaked and somebody
could then very easily snoop in your personal and private
data.
Neel Mehta of Google's security team first reported
Heartbleed on April 1, 2014.
Got fixed pretty soon…but a lot of damage had already
been done by then.
NSA managed to use HeartBleed bug to snoop on people
for two years.
Hope now you have a clearer view on what type of role
ethical hacking plays in this world.
19. Still in need for some
inspiration? Look upto these
people…
Ian Murphy Kevin Mitnick
Robert Morris
20. Acknowledgement
We would like to thank all our teachers, friends, family
members for supporting us throughout the making and
preparation of this presentation.
We would also like to thank the staff and faculties of B P
Poddar Institute of Management and Technology for
offering us the platform to deliver our presentation.