1. ETHICAL HACKING
A LICENCE TO HACK
B. TECH- III YR
L. D. COLLEGE OF ENGINEERING
2. INTRODUCTION
Ethical hacking- also known as penetration
testing or intrusion testing or red teaming has
become a major concern for businesses and
governments.
Companies are worried about the possibility of
being “hacked” and potential customers are
worried about maintaining control of personal
information.
Necessity of computer security professionals to
break into the systems of the organization.
3. INTRODUCTION
Ethical hackers employ the same tools and
techniques as the intruders.
They neither damage the target systems nor
steal information.
The tool is not an automated hacker program
rather it is an audit that both identifies the
vulnerabilities of a system and provide advice
on how to eliminate them.
4. Who are ethical hackers
The skills ethical hackers should posses
They must be completely trustworthy.
Should have very strong programming and
computer networking skills and have been
in networking field for several years.
5. Who are ethical hackers
Should have more patience.
Continuous updating of the knowledge on
computer and network security is required.
They should know the techniques of the
criminals, how their activities might be
detected and how to stop them.
6. Types Of Hacker
Black Hat Hacker
A black hat hackers or crackers
are individuals with extraordinary
computing skills, resorting to
malicious or destructive activities.
That is black hat hackers use their
knowledge and skill for their own
personal gains probably by hurting
others.
7. Cont…..
White Hat Hacker
White hat hackers are those
individuals professing hacker skills
and using them for defensive
purposes. This means that the white
hat hackers use their knowledge and
skill for the good of others and for the
common good.
8. Cont…..
Grey Hat Hacker
These are individuals who work both
offensively and defensively at various
times. We cannot predict their
behaviour. Sometimes they use their
skills for the common good while in
some other times he uses them for
their personal gains.
9. Need for the ethical hacking
Your overall goals as an ethical hacker
should be as follows:
Hack your systems in a
nondestructive fashion.
Enumerate vulnerabilities and, if
necessary, prove to upper
management that vulnerabilities
exist.
12. AREAS TO BE TESTED
Application servers
Firewalls and security devices
Network security
Wireless security
13. Anatomy of an attack
Gathering Data – attacker gathers
information; can include social
engineering.
Scanning – searches for open ports
(port scan) probes target for
vulnerabilities.
Gaining access – attacker exploits
vulnerabilities to get inside system;
used for spoofing IP.
14. Cont.....
Maintaining access – creates backdoor
through use of Trojans; once attacker
gains access makes sure he/she can
get back in.
Covering tracks – deletes files, hides files,
and erases log files. So that attacker
cannot be detected or penalized.
15. Ethical Hacking Tools
Ethical hackers utilize and have
developed variety of tools to
intrude into different kinds of
systems and to evaluate the
security levels. The nature of
these tools differ widely. Here we
describe some of the widely used
tools in ethical hacking.
20. Information Security Goals
Improve IS awareness.
Assess risk.
Mitigate risk immediately.
Assist in the decision making process.
Conduct drills on emergency response
procedures.
21. Conclusions
Never underestimate the attacker or
overestimate our existing posture.
A company may be target not just for its
information but potentially for its various
transactions.
To protect against an
attack, understanding where the systems
are vulnerable is necessary.
Ethical hacking helps companies first
comprehend their risk and then, manage
them.
22. Conclusions
Always security professionals are one
step behind the hackers and crackers.
Plan for the unplanned attacks.
The role of ethical hacking in security
is to provide customers with
awareness of how they could be
attacked and why they are targeted.
“Security though a pain”, is necessary.
23. FUTURE OF ETHICAL HACKING
At present, security on the Internet is
very poor and ethical hacking can be
one of the most effective ways to fix
serious security problems like cyber
crime.
The information entrusted to the
companies is required to be protected
against all kinds of attacks by
crackers, which makes their future
promising.