SlideShare uma empresa Scribd logo

Ethical Hacking & Network Security

Lokender Yadav
Lokender Yadav

The Art of exploring various security breaches is termed as Hacking. Network Security

Internet
1 de 55
Cyber Ethics-hacking introduction And IT Security Author: Lokender Yadav
SESSION FLOW Why Security? Hacking – Introduction Hacker Communities Types of Hackers. Malicious Hacker Strategies Ethical Hacker Strategies Steps for conducting Ethical Hacking. Importance of Vulnerability Research. Vulnerability Research References. Conclusion.
WHY SECURITY ? • Increasing use of Complex computer infrastructure. • Increasing use of Network elements & applications. • Decreasing level of skill set. • Any Security breach in company will affect its asset & goodwill. •Any Security breach in government can affect its operations & reputation.
HACKING-DEFINITION • The Art of exploring various security breaches is termed as Hacking. •It’s an anti-society activity. •It says, there always exists more than one way to solve the problem. •The terms Hacker and Hacking are being misinterpreted and misunderstood with negative sidelines.
COMMUNITIES OF HACKER  Hackers  Crackers  Phreaks  Script Kiddies
HACKER WHO ARE THEY ?  Hackers are Intelligent Computer Professionals. Motive/Intent To gain in-depth knowledge of a system, what’s happening at the backend, behind the screen To find possible security vulnerabilities in a system. They create security awareness by sharing knowledge. It’s a team work.
CRACKERS/ATTACKERS An Individuals who break into computers with malicious intent. Motive/Intent – •To seek unauthorized access into a system and cause damage or destroy or reveal confidential information. •To compromise the system to deny services to legitimate users for troubling, harassing them or for taking revenge. Effects- Can cause financial losses & image/reputation damages, •Defamation in the society for individuals or organizations
PHREAKS •Phreaks – These are persons who use computer devices and software to break into phone networks. •Motive/Intention- To find loopholes in security in phone network and to makes phone calls at free of cost!!! •Effects- You may have to big amount of phone bills, for doing nothing!!!
SCRIPT KIDDIES •Script Kiddies – These are persons not having technical skills to hack computers. •Motive/Intention- They use the available information about known vulnerabilities to break into remote system. •it’s an act performed for a fun or out of curiosity.
HATS OFF •White Hat Hackers – They use their knowledge and skill set for good, constructive intents. They find out new Security loopholes and their solution. E.g.- LIKE ME.. As I’m Doing It Right Now ( I Hope So!!!) • Black Hat Hacker- They use their knowledge and skill set for illegal activities destructive intents. E.g.- to gain money (online robbery), to take revenge. Disgruntled Employees is the best example of Black Hats. Attackers (Black Hat HACKERS) are not at all concerned with security professionals (White hat hackers). Actually these hackers are Bad Guys!!!`
HOW HACKERS WORKS…….
ETHICAL HACKER STRATEGIES “The one who can hack it, can only secure it” “If you want to catch criminal then you’ll have to think like criminal” • What to protect? • How to protect? • Against whom? • How much resources needed?
•Understand Client Requirements for Security / Vulnerability Testing. • In Preparation Phase, EH will sign an NDA with the client. • Internal / External Testing. • Conduct Network Security Audits/ VAPT. • Risk Assessment & Mitigation •Documenting Auditing Reports as per Standards. •Submitting Developer as well as remediation reports. • Implement remediation for found vulnerabilities. ETHICAL HACKER STRATEGIES
Social Engineering…. social engineering is the single greatest threat to enterprise security.
Social Engineering…. A Case Study……
A consultant was hired by a business executive to test the security of the executive's enterprise. The consultant was not hired to try to hack through the firewall or bypass the intrusion detection system. He was hired to see how easy it would be for a motivated intruder to gain physical access to the company's mission-critical systems. So the consultant created a fake company ID badge for himself. He even simulated a magnetic swiping strip on the back of the ID by using a piece of electrical tape. He used this fake ID to get into the company's main building, then made his way up to the data centre where he began swiping his fake ID badge through the scanner. After several failed attempts, a friendly employee walked up and said, "Sometimes, that thing doesn't work." The friendly fellow proceeded to swipe his own badge, letting the consultant into the data centre.
At that point, the consultant walked to the centre of the room, raised his arms, and said, "Okay everyone, I'm conducting a surprise security audit. I need everyone to leave the room immediately." Although there were a few surprised faces, all the employees in the data centre filed out. The consultant pulled out his cell phone, called the executive who hired him, and said, "Guess where I am?"
How to Prevent Social Engineering Attack……………………….
Information gathering
VULNERABILITY RESEARCH  Vulnerability research is process of finding vulnerabilities, threats & loopholes in server/ system.  Includes Vulnerability Assessment & Penetration Testing.  Vulnerability notes can be search on internet via Number, CVE.
VULNERABILITY RESEARCH REFERENCES • Common Vulnerability database is available at http://cve.mitre.org/ •National Vulnerability Database is available at http://web.nvd.nist.gov/ • US – CERT also publishes CVD on http://www.us-cert.gov 1. Contains Alerts which can be helpful to administrator. 2. It doesn’t contain solutions.
VULNERABILITY RESEARCH REFERENCES
CONCLUSION  Security is important because prevention is better than cure.  Community of Hackers.  Security Involves five phases.  Ethical Hacking involves Conducting Security Audits, Vulnerability, Assessment & Penetration testing.  Vulnerability Research is process of discovering different vulnerabilities in technology & applications.
SQL Injection Attack Allow remote attacker to execute arbitrary database commands Relies on poorly formed database queries and insuiffcient Input validation Often facilated,but does not rely unhandled exceptions and ODBC error messages. Impact:Massive This is one of the most dangerous vulnerability on the web.
CYBER CRIME INVESTIGATION
How? • Information Gathering- Definition • Initial Info gathering of websites. • Info Gathering using search engine , blogs & forums. • Info gathering using job, matrimonial websites.
Why Information Gathering ? • Information Gathering can reveal online footprints of criminal. • Information Gathering can help investigator to profile criminals
Information Gathering Of Websites Who is Information •Owner of website. •Email id used to register domain. •Domain registrar. • Domain name server information. • Related websites.
WHO IS. Who is. is query to database to get following information. 1.Owner of website. 2.Email id used to register domain. 3.Domain registrar. 4. Domain name server information. 5. Related websites.
Reverse IP -Mapping • Reverse IP will give number of websites hosted on same server. •If one website is vulnerable on the server then hacker can easily root the server.
Info. Gathering Using Search Engine • Search engines are efficient mediums to get specific results according to your requirements. •Google & yahoo search engine gives best results out of all
Info. Gathering Using Search Engine • This type of search engines retrieves results from different search engine & make relation or connections between those results.
Info.Gathering Using Search Engine • Maltego is an open source intelligence and forensics application. • It allows for the mining and gathering of information as well as the representation of this information in a meaningful way. • Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them.
Information Gathering Almost 80% internet users use blogs/forums for knowledge sharing purpose. Information gathering from specific blog will also helpful in investigations.  Information gathering from Social Networking websites can also reveal personal info about suspect.  Many websites stored email id lists for newsletters. these email ids can also be retrieved using email spiders.
Phishing Frauds In the cyber-world phishing is a form of illegal act whereby fraudulently sensitive information is acquired, such as passwords and credit card details, by a person/entity masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e- mail or instantaneous communication.
Investigation Steps  Investigator should trace Email using Headers.  As it is going to be Spoof Mail in every case, Investigator should gather information about hosting server from which it is originated.  Contacting Hosting Server with Message ID & Headers for Real IP Address.  Asking for Domain names registered within specific time duration during which this incident reported.  Credit Card or Paypal account or any other online payment account which was used for transaction.
Cont…….. Bank Statement with online banking A/C Access log which gives IP address of the culprit.  Beneficiary Bank account statement.  Beneficiary Bank account Access Log.
Prevention is Better Harden the server Monitor alerts Scan and apply patches Monitor log Good physical Security Intrusion detection system. Train the technical staff only Serous policy and procedure.
Scan and apply patches
Monitor Logs Monitor Log
Good Physical Security Preimeter Security Computer room security Desktop security Close monitoring of admin’s work area No floppy drive No bootable CD’s
Security Awareness Sharing admin accounts Service accounts Accounts naming conventions Hardening Passwords (Understand NT passwords !) Two-factor authentication
Serious Policy & Procedures Top-down commitment Investment Designed-in security Regular audits Regular penetration Testing Education & awareness
Ethical Hacking & Network Security
Ethical Hacking & Network Security

Recomendados

Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Security
sumit dimri
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Goutham Shetty
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Tharindu Kalubowila
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
Vikram Khanna
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Nitheesh Adithyan
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
Divyank Jindal
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
Jay Nagar
 

Recomendados

Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Security
sumit dimri
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Goutham Shetty
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Tharindu Kalubowila
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
Vikram Khanna
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Nitheesh Adithyan
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
Divyank Jindal
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
Jay Nagar
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Bhandari Hìmáñßhü
 
Haking PPT
Haking PPTHaking PPT
Haking PPT
Sushil Ranjan
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Dipesh Waghela
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
AniketPandit18
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hacking
Sunny Sundeep
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
Cyber security
Cyber securityCyber security
Cyber security
Sabir Raja
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
giridhar_sadasivuni
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
chrizjohn896
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Ganesh Vadulekar
 
ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION
Yash Shukla
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
ankit sarode
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
VipinYadav257
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
Sazed Salman
 
Hacking
Hacking Hacking
Hacking
Farkhanda Kiran
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Suryansh Srivastava
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
Ajay Dhamija
 

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Haking PPT
Haking PPTHaking PPT
Haking PPT
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hacking
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
Cyber security
Cyber securityCyber security
Cyber security
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Ethical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and toolsEthical hacking : Its methodologies and tools
Ethical hacking : Its methodologies and tools
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION ETHICAL HACKING PRESENTATION
ETHICAL HACKING PRESENTATION
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Social engineering
Social engineering Social engineering
Social engineering
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Social engineering
Social engineering Social engineering
Social engineering
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
 
Hacking
Hacking Hacking
Hacking
 

Destaque

Akbank Saltimbanco Sunum
Akbank Saltimbanco SunumAkbank Saltimbanco Sunum
Akbank Saltimbanco Sunum
Hande Karaca
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
Shubham Takode
 

Destaque (20)

Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Network security
Network securityNetwork security
Network security
 
Akbank Saltimbanco Sunum
Akbank Saltimbanco SunumAkbank Saltimbanco Sunum
Akbank Saltimbanco Sunum
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
Ethical Hacking & IT Security Courses in SIFS
Ethical Hacking & IT Security Courses in SIFSEthical Hacking & IT Security Courses in SIFS
Ethical Hacking & IT Security Courses in SIFS
 
Subnetting
SubnettingSubnetting
Subnetting
 
A Complete Guide Cloud Computing
A Complete Guide Cloud ComputingA Complete Guide Cloud Computing
A Complete Guide Cloud Computing
 
Day3 Backup
Day3 BackupDay3 Backup
Day3 Backup
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
 
Network security engineer performance appraisal
Network security engineer performance appraisalNetwork security engineer performance appraisal
Network security engineer performance appraisal
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
 
APT Webinar
APT WebinarAPT Webinar
APT Webinar
 
Modelo apt 1
Modelo apt 1Modelo apt 1
Modelo apt 1
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hacking
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 

Semelhante a Ethical Hacking & Network Security

Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
prosunghosh7
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
Mehedi Hasan
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
Jayaseelan Vejayon
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909
 

Semelhante a Ethical Hacking & Network Security (20)

Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hackingppt 160730081605
Hackingppt 160730081605Hackingppt 160730081605
Hackingppt 160730081605
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
HACKING
HACKINGHACKING
HACKING
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
Cyber crime in pakistan by zubair
Cyber crime in pakistan by zubairCyber crime in pakistan by zubair
Cyber crime in pakistan by zubair
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
 
Ethical hacking & cyber security
Ethical hacking & cyber securityEthical hacking & cyber security
Ethical hacking & cyber security
 
Hacking
HackingHacking
Hacking
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking Attacks
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
Ethical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxEthical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptx
 
Hacking
HackingHacking
Hacking
 

Mais de Lokender Yadav

Nuclear medicine in gastroenterology
Nuclear medicine in gastroenterologyNuclear medicine in gastroenterology
Nuclear medicine in gastroenterology
Lokender Yadav
 
Nuclear medicine in nerphology
Nuclear medicine in nerphologyNuclear medicine in nerphology
Nuclear medicine in nerphology
Lokender Yadav
 
Nuclear Medicine in Thyroidology
Nuclear Medicine in ThyroidologyNuclear Medicine in Thyroidology
Nuclear Medicine in Thyroidology
Lokender Yadav
 
secrets of presentation skill
secrets of presentation skillsecrets of presentation skill
secrets of presentation skill
Lokender Yadav
 

Mais de Lokender Yadav (20)

Nuclear imaging and PET physics
Nuclear imaging and PET physicsNuclear imaging and PET physics
Nuclear imaging and PET physics
 
Clinical applications of CBCT
Clinical applications of CBCTClinical applications of CBCT
Clinical applications of CBCT
 
Dental lab basics & CAD CAM
Dental lab basics & CAD CAMDental lab basics & CAD CAM
Dental lab basics & CAD CAM
 
Training development
Training developmentTraining development
Training development
 
Satellite
SatelliteSatellite
Satellite
 
Remote sensing
Remote sensingRemote sensing
Remote sensing
 
Dicom
DicomDicom
Dicom
 
Chromotherapy
ChromotherapyChromotherapy
Chromotherapy
 
Dental Light Cure
Dental Light CureDental Light Cure
Dental Light Cure
 
Basics of Lasers
Basics of Lasers Basics of Lasers
Basics of Lasers
 
Soft Skills
Soft Skills Soft Skills
Soft Skills
 
How to handle sales objections
How to handle sales objections How to handle sales objections
How to handle sales objections
 
Solar energy business opportunity
Solar energy business opportunitySolar energy business opportunity
Solar energy business opportunity
 
Nuclear medicine in gastroenterology
Nuclear medicine in gastroenterologyNuclear medicine in gastroenterology
Nuclear medicine in gastroenterology
 
Nuclear medicine in nerphology
Nuclear medicine in nerphologyNuclear medicine in nerphology
Nuclear medicine in nerphology
 
Nuclear Medicine in Thyroidology
Nuclear Medicine in ThyroidologyNuclear Medicine in Thyroidology
Nuclear Medicine in Thyroidology
 
Role of nuclear medicine
Role of nuclear medicineRole of nuclear medicine
Role of nuclear medicine
 
Physics of ct mri
Physics of ct mriPhysics of ct mri
Physics of ct mri
 
secrets of presentation skill
secrets of presentation skillsecrets of presentation skill
secrets of presentation skill
 
Patient Safety
Patient SafetyPatient Safety
Patient Safety
 

Último

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
Diya Sharma
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
soniya singh
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
ruhi
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
SUHANI PANDEY
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Escorts Call Girls
 

Último (20)

(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 

Ethical Hacking & Network Security

  • 1. Cyber Ethics-hacking introduction And IT Security Author: Lokender Yadav
  • 2. SESSION FLOW Why Security? Hacking – Introduction Hacker Communities Types of Hackers. Malicious Hacker Strategies Ethical Hacker Strategies Steps for conducting Ethical Hacking. Importance of Vulnerability Research. Vulnerability Research References. Conclusion.
  • 3. WHY SECURITY ? • Increasing use of Complex computer infrastructure. • Increasing use of Network elements & applications. • Decreasing level of skill set. • Any Security breach in company will affect its asset & goodwill. •Any Security breach in government can affect its operations & reputation.
  • 4. HACKING-DEFINITION • The Art of exploring various security breaches is termed as Hacking. •It’s an anti-society activity. •It says, there always exists more than one way to solve the problem. •The terms Hacker and Hacking are being misinterpreted and misunderstood with negative sidelines.
  • 5. COMMUNITIES OF HACKER  Hackers  Crackers  Phreaks  Script Kiddies
  • 6. HACKER WHO ARE THEY ?  Hackers are Intelligent Computer Professionals. Motive/Intent To gain in-depth knowledge of a system, what’s happening at the backend, behind the screen To find possible security vulnerabilities in a system. They create security awareness by sharing knowledge. It’s a team work.
  • 7. CRACKERS/ATTACKERS An Individuals who break into computers with malicious intent. Motive/Intent – •To seek unauthorized access into a system and cause damage or destroy or reveal confidential information. •To compromise the system to deny services to legitimate users for troubling, harassing them or for taking revenge. Effects- Can cause financial losses & image/reputation damages, •Defamation in the society for individuals or organizations
  • 8. PHREAKS •Phreaks – These are persons who use computer devices and software to break into phone networks. •Motive/Intention- To find loopholes in security in phone network and to makes phone calls at free of cost!!! •Effects- You may have to big amount of phone bills, for doing nothing!!!
  • 9. SCRIPT KIDDIES •Script Kiddies – These are persons not having technical skills to hack computers. •Motive/Intention- They use the available information about known vulnerabilities to break into remote system. •it’s an act performed for a fun or out of curiosity.
  • 10. HATS OFF •White Hat Hackers – They use their knowledge and skill set for good, constructive intents. They find out new Security loopholes and their solution. E.g.- LIKE ME.. As I’m Doing It Right Now ( I Hope So!!!) • Black Hat Hacker- They use their knowledge and skill set for illegal activities destructive intents. E.g.- to gain money (online robbery), to take revenge. Disgruntled Employees is the best example of Black Hats. Attackers (Black Hat HACKERS) are not at all concerned with security professionals (White hat hackers). Actually these hackers are Bad Guys!!!`
  • 12. ETHICAL HACKER STRATEGIES “The one who can hack it, can only secure it” “If you want to catch criminal then you’ll have to think like criminal” • What to protect? • How to protect? • Against whom? • How much resources needed?
  • 13. •Understand Client Requirements for Security / Vulnerability Testing. • In Preparation Phase, EH will sign an NDA with the client. • Internal / External Testing. • Conduct Network Security Audits/ VAPT. • Risk Assessment & Mitigation •Documenting Auditing Reports as per Standards. •Submitting Developer as well as remediation reports. • Implement remediation for found vulnerabilities. ETHICAL HACKER STRATEGIES
  • 14. Social Engineering…. social engineering is the single greatest threat to enterprise security.
  • 15.
  • 16.
  • 18. A consultant was hired by a business executive to test the security of the executive's enterprise. The consultant was not hired to try to hack through the firewall or bypass the intrusion detection system. He was hired to see how easy it would be for a motivated intruder to gain physical access to the company's mission-critical systems. So the consultant created a fake company ID badge for himself. He even simulated a magnetic swiping strip on the back of the ID by using a piece of electrical tape. He used this fake ID to get into the company's main building, then made his way up to the data centre where he began swiping his fake ID badge through the scanner. After several failed attempts, a friendly employee walked up and said, "Sometimes, that thing doesn't work." The friendly fellow proceeded to swipe his own badge, letting the consultant into the data centre.
  • 19. At that point, the consultant walked to the centre of the room, raised his arms, and said, "Okay everyone, I'm conducting a surprise security audit. I need everyone to leave the room immediately." Although there were a few surprised faces, all the employees in the data centre filed out. The consultant pulled out his cell phone, called the executive who hired him, and said, "Guess where I am?"
  • 20.
  • 21. How to Prevent Social Engineering Attack……………………….
  • 22.
  • 24. VULNERABILITY RESEARCH  Vulnerability research is process of finding vulnerabilities, threats & loopholes in server/ system.  Includes Vulnerability Assessment & Penetration Testing.  Vulnerability notes can be search on internet via Number, CVE.
  • 25. VULNERABILITY RESEARCH REFERENCES • Common Vulnerability database is available at http://cve.mitre.org/ •National Vulnerability Database is available at http://web.nvd.nist.gov/ • US – CERT also publishes CVD on http://www.us-cert.gov 1. Contains Alerts which can be helpful to administrator. 2. It doesn’t contain solutions.
  • 27.
  • 28.
  • 29. CONCLUSION  Security is important because prevention is better than cure.  Community of Hackers.  Security Involves five phases.  Ethical Hacking involves Conducting Security Audits, Vulnerability, Assessment & Penetration testing.  Vulnerability Research is process of discovering different vulnerabilities in technology & applications.
  • 30.
  • 31. SQL Injection Attack Allow remote attacker to execute arbitrary database commands Relies on poorly formed database queries and insuiffcient Input validation Often facilated,but does not rely unhandled exceptions and ODBC error messages. Impact:Massive This is one of the most dangerous vulnerability on the web.
  • 33. How? • Information Gathering- Definition • Initial Info gathering of websites. • Info Gathering using search engine , blogs & forums. • Info gathering using job, matrimonial websites.
  • 34. Why Information Gathering ? • Information Gathering can reveal online footprints of criminal. • Information Gathering can help investigator to profile criminals
  • 35. Information Gathering Of Websites Who is Information •Owner of website. •Email id used to register domain. •Domain registrar. • Domain name server information. • Related websites.
  • 36. WHO IS. Who is. is query to database to get following information. 1.Owner of website. 2.Email id used to register domain. 3.Domain registrar. 4. Domain name server information. 5. Related websites.
  • 37. Reverse IP -Mapping • Reverse IP will give number of websites hosted on same server. •If one website is vulnerable on the server then hacker can easily root the server.
  • 38.
  • 39. Info. Gathering Using Search Engine • Search engines are efficient mediums to get specific results according to your requirements. •Google & yahoo search engine gives best results out of all
  • 40. Info. Gathering Using Search Engine • This type of search engines retrieves results from different search engine & make relation or connections between those results.
  • 41. Info.Gathering Using Search Engine • Maltego is an open source intelligence and forensics application. • It allows for the mining and gathering of information as well as the representation of this information in a meaningful way. • Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them.
  • 42.
  • 43.
  • 44. Information Gathering Almost 80% internet users use blogs/forums for knowledge sharing purpose. Information gathering from specific blog will also helpful in investigations.  Information gathering from Social Networking websites can also reveal personal info about suspect.  Many websites stored email id lists for newsletters. these email ids can also be retrieved using email spiders.
  • 45. Phishing Frauds In the cyber-world phishing is a form of illegal act whereby fraudulently sensitive information is acquired, such as passwords and credit card details, by a person/entity masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e- mail or instantaneous communication.
  • 46. Investigation Steps  Investigator should trace Email using Headers.  As it is going to be Spoof Mail in every case, Investigator should gather information about hosting server from which it is originated.  Contacting Hosting Server with Message ID & Headers for Real IP Address.  Asking for Domain names registered within specific time duration during which this incident reported.  Credit Card or Paypal account or any other online payment account which was used for transaction.
  • 47. Cont…….. Bank Statement with online banking A/C Access log which gives IP address of the culprit.  Beneficiary Bank account statement.  Beneficiary Bank account Access Log.
  • 48. Prevention is Better Harden the server Monitor alerts Scan and apply patches Monitor log Good physical Security Intrusion detection system. Train the technical staff only Serous policy and procedure.
  • 49. Scan and apply patches
  • 51. Good Physical Security Preimeter Security Computer room security Desktop security Close monitoring of admin’s work area No floppy drive No bootable CD’s
  • 52. Security Awareness Sharing admin accounts Service accounts Accounts naming conventions Hardening Passwords (Understand NT passwords !) Two-factor authentication
  • 53. Serious Policy & Procedures Top-down commitment Investment Designed-in security Regular audits Regular penetration Testing Education & awareness