SlideShare uma empresa Scribd logo

Ethical hacking presentation_october_2006

Transferir como PPT, PDF
Umang Patel
Umang Patel
TecnologiaNotícias e política
1 de 98
Ethical Hacking for Educators Presented By Regina DeLisse Hartley, Ph.D. Caldwell Community College & Technical Institute
Overview  Old School Hackers: History of Hacking  Ec-Council: Certified Ethical Hacker  Learning Competencies  Teaching Resources: Ethical Hacking Textbooks  Hacking Tools  Hacker Challenge Websites  Additional Web Sites  Questions and Answers
Old School Hackers: History of Hacking
PREHISTORY  Draper builds a "blue  1960s: The Dawn of box" used with whistle Hacking allows phreaks to make Original meaning of the free calls. word "hack" started at  Steve Wozniak and MIT; meant elegant, witty Steve Jobs, future or inspired way of doing founders of Apple almost anything; hacks Computer, make and sell were programming blue boxes. shortcuts THE GOLDEN AGE ELDER DAYS (1970-1979) (1980-1991)  1970s: Phone Phreaks  1980: Hacker Message and Cap'n Crunch: One Boards and Groups phreak, John Draper (aka Hacking groups form; "Cap'n Crunch"), discovers such as Legion of Doom a toy whistle inside Cap'n (US), Chaos Computer Crunch cereal gives 2600- Club (Germany). hertz signal, and can  1983: Kids' Games access AT&T's long- Movie "War Games" distance switching system. introduces public to hacking.
THE GREAT HACKER WAR  1989: The Germans ,  Legion of Doom vs the KGB and Kevin Mitnick. Masters of Deception; online warfare; jamming  German Hackers phone lines. arrested for breaking into U.S. computers; sold  1984: Hacker 'Zines information to Soviet Hacker magazine 2600 KGB. publication; online 'zine  Hacker "The Mentor“ Phrack. arrested; publishes CRACKDOWN (1986- Hacker's Manifesto. 1994)  Kevin Mitnick convicted;  1986: Congress passes first person convicted Computer Fraud and Abuse under law against gaining access to interstate Act; crime to break into network for criminal computer systems. purposes.  1988: The Morris Worm Robert T. Morris, Jr., launches self-replicating worm on ARPAnet.
 1993: Why Buy a Car  1995: Russian Hackers When You Can Hack Siphon $10 million from One? Citibank; Vladimir Levin, Radio station call-in leader. contest; hacker-fugitive  Oct 1998 teenager hacks Kevin Poulsen and friends crack phone; they into Bell Atlantic phone allegedly get two Porsches, system; disabled $20,000 cash, vacation communication at airport trips; Poulsen now a disables runway lights. freelance journalist  1999 hackers attack covering computer crime. Pentagon, MIT, FBI web  First Def Con hacking sites. conference in Las Vegas  1999: E-commerce company attacked; ZERO TOLERANCE (1994- blackmail threats followed 1998) by 8 million credit card  1995: The Mitnick numbers stolen. ( Takedown: Arrested www.blackhat.info; www.h2k2.net; www.slais.ubc.ca/; www.sptimes.com; again; charged with www.tlc.discovery.com) stealing 20,000 credit card numbers.
Ec-Council: Certified Ethical Hacker
EC-Council has certified IT professionals from the following organizations as CEH: Novell, Canon, Hewlett Packard, US Air Force Reserve, US Embassy, Verizon, PFIZER, HDFC Bank, University of Memphis, Microsoft Corporation, Worldcom, Trusecure, US Department of Defense, Fedex, Dunlop, British Telecom, Cisco, Supreme Court of the Philippines, United Nations, Ministry of Defense, UK, Nortel Networks, MCI, Check Point Software, KPMG, Fleet International, Cingular Wireless, Columbia Daily Tribune, Johnson & Johnson, Marriott Hotel, Tucson Electric Power Company, Singapore Police Force
(Cont.) PriceWaterhouseCoopers, SAP, Coca-Cola Corporation, Quantum Research, US Military, IBM Global Services, UPS, American Express, FBI, Citibank Corporation, Boehringer Ingelheim, Wipro, New York City Dept Of IT & Telecom – DoITT, United States Marine Corps, Reserve Bank of India, US Air Force, EDS, Bell Canada, SONY, Kodak, Ontario Provincial Police, Harris Corporation, Xerox, Philips Electronics, U.S. Army, Schering, Accenture, Bank One, SAIC, Fujitsu, Deutsche Bank
Hackers are here. Where are you?  The explosive growth of the Internet has brought many good things…As with most technological advances, there is also a dark side: criminal hackers.  The term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as:  HACKER noun. 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities…. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.
What is a Hacker?  Old School Hackers: 1960s style Stanford or MIT hackers. Do not have malicious intent, but do have lack of concern for privacy and proprietary information. They believe the Internet was designed to be an open system.  Script Kiddies or Cyber-Punks: Between 12-30; predominantly white and male; bored in school; get caught due to bragging online; intent is to vandalize or disrupt systems.  Professional Criminals or Crackers: Make a living by breaking into systems and selling the information.  Coders and Virus Writers: See themselves as an elite; programming background and write code but won’t use it themselves; have their own networks called “zoos”; leave it to others to release their code into “The Wild” or Internet. (www.tlc.discovery.com)
What is Ethical Hacking?  Ethical hacking – defined “methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems’ operating environments.”  With the growth of the Internet, computer security has become a major concern for businesses and governments.  In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.
Who are Ethical Hackers?  “One of the best ways to evaluate the intruder threat is to have an independent computer security professionals attempt to break their computer systems”  Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy.  Ethical hackers typically have very strong programming and computer networking skills.  They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., Linux or Windows 2000) used on target systems.  These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors.
What do Ethical Hackers do?  An ethical hacker’s evaluation of a system’s security seeks answers to these basic questions: • What can an intruder see on the target systems? • What can an intruder do with that information? • Does anyone at the target notice the intruder’s at tempts or successes? • What are you trying to protect? • What are you trying to protect against? • How much time, effort, and money are you willing to expend to obtain adequate protection?
How much do Ethical Hackers get Paid?  Globally, the hiring of ethical hackers is on the rise with most of them working with top consulting firms.  In the United States, an ethical hacker can make upwards of $120,000 per annum.  Freelance ethical hackers can expect to make $10,000 per assignment.  Some ranges from $15,000 to $45,000 for a standalone ethical hack.
Certified Ethical Hacker (C|EH) Training  InfoSec Academy  http://www.infosecacademy.com • Five-day Certified Ethical Hacker (C|EH) Training Camp Certification Training Program • (C|EH) examination • C|EH Certified Ethical Hacker Training Camp (5-Day Package)$3,595 ($2,580 training only) (Source: www.eccouncil.org)
Learning Competencies
Required Skills of an Ethical Hacker  Routers: knowledge of routers, routing protocols, and access control lists  Microsoft: skills in operation, configuration and management.  Linux: knowledge of Linux/Unix; security setting, configuration, and services.  Firewalls: configurations, and operation of intrusion detection systems.  Mainframes  Network Protocols: TCP/IP; how they function and can be manipulated.  Project Management: knowledge of leading, planning, organizing, and controlling a penetration testing team. (Source: http://www.examcram.com)
Modes of Ethical Hacking  Insider attack  Outsider attack  Stolen equipment attack  Physical entry  Bypassed authentication attack (wireless access points)  Social engineering attack (Source: http://www.examcram.com)
Anatomy of an attack: • Reconnaissance – attacker gathers information; can include social engineering. • Scanning – searches for open ports (port scan) probes target for vulnerabilities. • Gaining access – attacker exploits vulnerabilities to get inside system; used for spoofing IP. • Maintaining access – creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in. • Covering tracks – deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized. (Source: www.eccouncil.org)
 Hacker classes • Black hats – highly skilled, malicious, destructive “crackers” • White hats – skills used for defensive security analysts • Gray hats – offensively and defensively; will hack for different reasons, depends on situation.  Hactivism – hacking for social and political cause.  Ethical hackers – determine what attackers can gain access to, what they will do with the information, and can they be detected. (Source: www.eccouncil.org)
Teaching Resources: Ethical Hacking Textbooks
Ec-Council Certified Ethical Hacker www.eccouncil.org ISBN 0-9729362-1-1
Ec-Council Topics Covered  Introduction to Ethical Hacking  Footprinting  Scanning  Enumeration  System Hacking  Trojans and Backdoors  Sniffers  Denial of Service  Social Engineering  Session Hijacking  Hacking Web Servers
Ec-Council (Cont.)  Web Application Vulnerabilities  Web Based Password Cracking Techniques  SQL Injection  Hacking Wireless Networks  Viruses  Novell Hacking  Linux Hacking  Evading IDS, Firewalls and Honeypots  Buffer Overflows  Cryptography
Certified Ethical Hacker Exam Prep http://www.examcram.com ISBN 0-7897-3531-8
Certified Ethical Hacker Exam Prep  The Business Aspects of Penetration Testing  The Technical Foundations of Hacking  Footprinting and Scanning  Enumeration and System Hacking  Linux and automated Security Assessment Tools  Trojans and Backdoors  Sniffers, Session Hyjacking, and Denial of Service
Certified Ethical Hacker Exam Prep (Cont.)  Web Server Hacking, Web Applications, and Database Attacks  Wireless Technologies, Security, and Attacks  IDS, Firewalls, and Honeypots  Buffer Overflows, Viruses, and Worms  Cryptographic Attacks and Defenses  Physical Security and Social Engineering
Hands-On Information Security Lab Manual, Second Edition 1. Footprinting 2. Scanning and Enumeration 3. Operating System Vulnerabilities and Resolutions 4. Network Security Tools and Technologies 5. Security Maintenance 6. Information Security Management 7. File System Security and Cryptography 8. Computer Forensics http://www.course.com/ ISBN 0-619-21631-X
Hacking Tools: Footprinting and Reconnaissance
Whois
Whois (cont.) http://www.allwhois.com/
Whois (cont.)
Sam Spade
Sam Spade (Cont.)
Nslookup
Nslookup Options
Traceroute
Ping
Ping Options
Hacking Tools: Scanning and Enumeration
nmap
NMapWin
SuperScan
SuperScan (Cont.)
IP Scanner
Hyena
Retina
LANguard
Hacking Tools: System Hacking
telnet
Snadboy
Password Cracking with LOphtcrack
Keylogger
Hacking Tools: Trojans and Backdoors
NetBus
Game Creates Backdoor for NetBus
SubSeven
Hacking Tools: Sniffers
Spoofing a MAC address Original Configuration
Spoofed Mac
Ethereal
Iris
Snort
Hacking Tools: Web Based Password Cracking
Cain and Abel
Cain and Abel (Cont.)
Cain and Abel (Cont.)
Legion
Brutus
Hacking Tools: Covering Tracks
ImageHide
ClearLogs
ClearLogs (Cont.)
Hacking Tools: Google Hacking and SQL Injection
Google Hacking
Google Cheat Sheet
SQL Injection  Allows a remote attacker to execute arbitrary database commands  Relies on poorly formed database queries and insufficient input validation  Often facilitated, but does not rely on unhandled exceptions and ODBC error messages  Impact: MASSIVE. This is one of the most dangerous vulnerabilities on the web.
Common Database Query
Problem: Unvalidated Input
Piggybacking Queries with UNION
Hacker Challenge Websites
http://www.hackr.org/mainpage.php
Hackthissite.org http://www.hackthissite.org
Answers revealed in code
Hackits http://www.hackits.de/challenge/
Additional Web Sites
Legion of Ethical Hacking
Legion of Ethical Hacking (Cont.)
Hacker Highschool http://www.hackerhighschool.org/
Hacker Highschool
johnny.ihackstuff.com/
HappyHacker.org
Foundstone
Insecure.org
SANS Institute
Questions & Answers

Recomendados

ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
jeshin jose
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Binit Kumar
 
Ethical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyayEthical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyay
Chandra Prakash
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Sanu Subham
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Keith Brooks
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
Dharmesh Makwana
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
Lokender Yadav
 

Recomendados

ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
jeshin jose
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Binit Kumar
 
Ethical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyayEthical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyay
Chandra Prakash
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Sanu Subham
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Keith Brooks
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hack
Dharmesh Makwana
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
Lokender Yadav
 
National information security education & awareness program
National information security education & awareness programNational information security education & awareness program
National information security education & awareness program
Neel Kamal
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
chakrekevin
 
Report on Hacking
Report on HackingReport on Hacking
Report on Hacking
Sharique Masood
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
DEEPIKA WALIA
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
ankit sarode
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - Introduction
Bharat Thakkar
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Security
sumit dimri
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Harshit Upadhyay
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Georgekutty Francis
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Tharindu Kalubowila
 
Hacking
HackingHacking
Hacking
Nadeem Ahmad
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Ganesh Vadulekar
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
Farwa Ansari
 
presentation on ethical hacking
presentation on ethical hacking presentation on ethical hacking
presentation on ethical hacking
Amol Deshmukh
 
Hacking Tutorial in Telugu
Hacking Tutorial in TeluguHacking Tutorial in Telugu
Hacking Tutorial in Telugu
Sravani Reddy
 
the best hacking ppt
the best hacking pptthe best hacking ppt
the best hacking ppt
fuckubitches
 
Secure Shell - a Presentation on Ethical Hacking
Secure Shell - a Presentation on Ethical HackingSecure Shell - a Presentation on Ethical Hacking
Secure Shell - a Presentation on Ethical Hacking
Nitish Kasar
 
Cybercrime (Computer Hacking)
Cybercrime (Computer Hacking)Cybercrime (Computer Hacking)
Cybercrime (Computer Hacking)
Esteban
 
Hacking
Hacking Hacking
Hacking
Farkhanda Kiran
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hacking
Sunny Sundeep
 

Mais conteúdo relacionado

Mais procurados

Report on Hacking
Report on HackingReport on Hacking
Report on Hacking
Sharique Masood
 
presentation on ethical hacking
presentation on ethical hacking presentation on ethical hacking
presentation on ethical hacking
Amol Deshmukh
 

Mais procurados (20)

National information security education & awareness program
National information security education & awareness programNational information security education & awareness program
National information security education & awareness program
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Report on Hacking
Report on HackingReport on Hacking
Report on Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - Introduction
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Hacking
HackingHacking
Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
presentation on ethical hacking
presentation on ethical hacking presentation on ethical hacking
presentation on ethical hacking
 
Hacking Tutorial in Telugu
Hacking Tutorial in TeluguHacking Tutorial in Telugu
Hacking Tutorial in Telugu
 
the best hacking ppt
the best hacking pptthe best hacking ppt
the best hacking ppt
 
Secure Shell - a Presentation on Ethical Hacking
Secure Shell - a Presentation on Ethical HackingSecure Shell - a Presentation on Ethical Hacking
Secure Shell - a Presentation on Ethical Hacking
 
Cybercrime (Computer Hacking)
Cybercrime (Computer Hacking)Cybercrime (Computer Hacking)
Cybercrime (Computer Hacking)
 
Hacking
Hacking Hacking
Hacking
 

Destaque

Destaque (8)

Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hacking
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Cyber security
Cyber securityCyber security
Cyber security
 

Semelhante a Ethical hacking presentation_october_2006

C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
sunnysmith
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
alinainglis
 
Sit presentation - Hacking
Sit presentation - HackingSit presentation - Hacking
Sit presentation - Hacking
msolis0710
 

Semelhante a Ethical hacking presentation_october_2006 (20)

What is Ethical hacking
What is Ethical hackingWhat is Ethical hacking
What is Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 
Hacking
HackingHacking
Hacking
 
Is hacking good or bad
Is hacking good or badIs hacking good or bad
Is hacking good or bad
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
hacking
hackinghacking
hacking
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
Sit presentation - Hacking
Sit presentation - HackingSit presentation - Hacking
Sit presentation - Hacking
 
5 biggest cyber attacks and most famous hackers
5 biggest cyber attacks and most famous hackers5 biggest cyber attacks and most famous hackers
5 biggest cyber attacks and most famous hackers
 
Unit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesUnit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimes
 
Hackers and cyber crimes
Hackers and cyber crimesHackers and cyber crimes
Hackers and cyber crimes
 
Ethicalhacking
Ethicalhacking Ethicalhacking
Ethicalhacking
 
Evolution of Hacking- Ronit Chakraborty .pptx
Evolution of Hacking- Ronit Chakraborty .pptxEvolution of Hacking- Ronit Chakraborty .pptx
Evolution of Hacking- Ronit Chakraborty .pptx
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 

Último

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Último (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Ethical hacking presentation_october_2006

  • 1. Ethical Hacking for Educators Presented By Regina DeLisse Hartley, Ph.D. Caldwell Community College & Technical Institute
  • 2. Overview  Old School Hackers: History of Hacking  Ec-Council: Certified Ethical Hacker  Learning Competencies  Teaching Resources: Ethical Hacking Textbooks  Hacking Tools  Hacker Challenge Websites  Additional Web Sites  Questions and Answers
  • 3. Old School Hackers: History of Hacking
  • 4. PREHISTORY  Draper builds a "blue  1960s: The Dawn of box" used with whistle Hacking allows phreaks to make Original meaning of the free calls. word "hack" started at  Steve Wozniak and MIT; meant elegant, witty Steve Jobs, future or inspired way of doing founders of Apple almost anything; hacks Computer, make and sell were programming blue boxes. shortcuts THE GOLDEN AGE ELDER DAYS (1970-1979) (1980-1991)  1970s: Phone Phreaks  1980: Hacker Message and Cap'n Crunch: One Boards and Groups phreak, John Draper (aka Hacking groups form; "Cap'n Crunch"), discovers such as Legion of Doom a toy whistle inside Cap'n (US), Chaos Computer Crunch cereal gives 2600- Club (Germany). hertz signal, and can  1983: Kids' Games access AT&T's long- Movie "War Games" distance switching system. introduces public to hacking.
  • 5. THE GREAT HACKER WAR  1989: The Germans ,  Legion of Doom vs the KGB and Kevin Mitnick. Masters of Deception; online warfare; jamming  German Hackers phone lines. arrested for breaking into U.S. computers; sold  1984: Hacker 'Zines information to Soviet Hacker magazine 2600 KGB. publication; online 'zine  Hacker "The Mentor“ Phrack. arrested; publishes CRACKDOWN (1986- Hacker's Manifesto. 1994)  Kevin Mitnick convicted;  1986: Congress passes first person convicted Computer Fraud and Abuse under law against gaining access to interstate Act; crime to break into network for criminal computer systems. purposes.  1988: The Morris Worm Robert T. Morris, Jr., launches self-replicating worm on ARPAnet.
  • 6.  1993: Why Buy a Car  1995: Russian Hackers When You Can Hack Siphon $10 million from One? Citibank; Vladimir Levin, Radio station call-in leader. contest; hacker-fugitive  Oct 1998 teenager hacks Kevin Poulsen and friends crack phone; they into Bell Atlantic phone allegedly get two Porsches, system; disabled $20,000 cash, vacation communication at airport trips; Poulsen now a disables runway lights. freelance journalist  1999 hackers attack covering computer crime. Pentagon, MIT, FBI web  First Def Con hacking sites. conference in Las Vegas  1999: E-commerce company attacked; ZERO TOLERANCE (1994- blackmail threats followed 1998) by 8 million credit card  1995: The Mitnick numbers stolen. ( Takedown: Arrested www.blackhat.info; www.h2k2.net; www.slais.ubc.ca/; www.sptimes.com; again; charged with www.tlc.discovery.com) stealing 20,000 credit card numbers.
  • 8. EC-Council has certified IT professionals from the following organizations as CEH: Novell, Canon, Hewlett Packard, US Air Force Reserve, US Embassy, Verizon, PFIZER, HDFC Bank, University of Memphis, Microsoft Corporation, Worldcom, Trusecure, US Department of Defense, Fedex, Dunlop, British Telecom, Cisco, Supreme Court of the Philippines, United Nations, Ministry of Defense, UK, Nortel Networks, MCI, Check Point Software, KPMG, Fleet International, Cingular Wireless, Columbia Daily Tribune, Johnson & Johnson, Marriott Hotel, Tucson Electric Power Company, Singapore Police Force
  • 9. (Cont.) PriceWaterhouseCoopers, SAP, Coca-Cola Corporation, Quantum Research, US Military, IBM Global Services, UPS, American Express, FBI, Citibank Corporation, Boehringer Ingelheim, Wipro, New York City Dept Of IT & Telecom – DoITT, United States Marine Corps, Reserve Bank of India, US Air Force, EDS, Bell Canada, SONY, Kodak, Ontario Provincial Police, Harris Corporation, Xerox, Philips Electronics, U.S. Army, Schering, Accenture, Bank One, SAIC, Fujitsu, Deutsche Bank
  • 10. Hackers are here. Where are you?  The explosive growth of the Internet has brought many good things…As with most technological advances, there is also a dark side: criminal hackers.  The term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as:  HACKER noun. 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities…. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.
  • 11. What is a Hacker?  Old School Hackers: 1960s style Stanford or MIT hackers. Do not have malicious intent, but do have lack of concern for privacy and proprietary information. They believe the Internet was designed to be an open system.  Script Kiddies or Cyber-Punks: Between 12-30; predominantly white and male; bored in school; get caught due to bragging online; intent is to vandalize or disrupt systems.  Professional Criminals or Crackers: Make a living by breaking into systems and selling the information.  Coders and Virus Writers: See themselves as an elite; programming background and write code but won’t use it themselves; have their own networks called “zoos”; leave it to others to release their code into “The Wild” or Internet. (www.tlc.discovery.com)
  • 12. What is Ethical Hacking?  Ethical hacking – defined “methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems’ operating environments.”  With the growth of the Internet, computer security has become a major concern for businesses and governments.  In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.
  • 13. Who are Ethical Hackers?  “One of the best ways to evaluate the intruder threat is to have an independent computer security professionals attempt to break their computer systems”  Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy.  Ethical hackers typically have very strong programming and computer networking skills.  They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., Linux or Windows 2000) used on target systems.  These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors.
  • 14. What do Ethical Hackers do?  An ethical hacker’s evaluation of a system’s security seeks answers to these basic questions: • What can an intruder see on the target systems? • What can an intruder do with that information? • Does anyone at the target notice the intruder’s at tempts or successes? • What are you trying to protect? • What are you trying to protect against? • How much time, effort, and money are you willing to expend to obtain adequate protection?
  • 15. How much do Ethical Hackers get Paid?  Globally, the hiring of ethical hackers is on the rise with most of them working with top consulting firms.  In the United States, an ethical hacker can make upwards of $120,000 per annum.  Freelance ethical hackers can expect to make $10,000 per assignment.  Some ranges from $15,000 to $45,000 for a standalone ethical hack.
  • 16. Certified Ethical Hacker (C|EH) Training  InfoSec Academy  http://www.infosecacademy.com • Five-day Certified Ethical Hacker (C|EH) Training Camp Certification Training Program • (C|EH) examination • C|EH Certified Ethical Hacker Training Camp (5-Day Package)$3,595 ($2,580 training only) (Source: www.eccouncil.org)
  • 18. Required Skills of an Ethical Hacker  Routers: knowledge of routers, routing protocols, and access control lists  Microsoft: skills in operation, configuration and management.  Linux: knowledge of Linux/Unix; security setting, configuration, and services.  Firewalls: configurations, and operation of intrusion detection systems.  Mainframes  Network Protocols: TCP/IP; how they function and can be manipulated.  Project Management: knowledge of leading, planning, organizing, and controlling a penetration testing team. (Source: http://www.examcram.com)
  • 19. Modes of Ethical Hacking  Insider attack  Outsider attack  Stolen equipment attack  Physical entry  Bypassed authentication attack (wireless access points)  Social engineering attack (Source: http://www.examcram.com)
  • 20. Anatomy of an attack: • Reconnaissance – attacker gathers information; can include social engineering. • Scanning – searches for open ports (port scan) probes target for vulnerabilities. • Gaining access – attacker exploits vulnerabilities to get inside system; used for spoofing IP. • Maintaining access – creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in. • Covering tracks – deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized. (Source: www.eccouncil.org)
  • 21. Hacker classes • Black hats – highly skilled, malicious, destructive “crackers” • White hats – skills used for defensive security analysts • Gray hats – offensively and defensively; will hack for different reasons, depends on situation.  Hactivism – hacking for social and political cause.  Ethical hackers – determine what attackers can gain access to, what they will do with the information, and can they be detected. (Source: www.eccouncil.org)
  • 22. Teaching Resources: Ethical Hacking Textbooks
  • 23. Ec-Council Certified Ethical Hacker www.eccouncil.org ISBN 0-9729362-1-1
  • 24. Ec-Council Topics Covered  Introduction to Ethical Hacking  Footprinting  Scanning  Enumeration  System Hacking  Trojans and Backdoors  Sniffers  Denial of Service  Social Engineering  Session Hijacking  Hacking Web Servers
  • 25. Ec-Council (Cont.)  Web Application Vulnerabilities  Web Based Password Cracking Techniques  SQL Injection  Hacking Wireless Networks  Viruses  Novell Hacking  Linux Hacking  Evading IDS, Firewalls and Honeypots  Buffer Overflows  Cryptography
  • 26. Certified Ethical Hacker Exam Prep http://www.examcram.com ISBN 0-7897-3531-8
  • 27. Certified Ethical Hacker Exam Prep  The Business Aspects of Penetration Testing  The Technical Foundations of Hacking  Footprinting and Scanning  Enumeration and System Hacking  Linux and automated Security Assessment Tools  Trojans and Backdoors  Sniffers, Session Hyjacking, and Denial of Service
  • 28. Certified Ethical Hacker Exam Prep (Cont.)  Web Server Hacking, Web Applications, and Database Attacks  Wireless Technologies, Security, and Attacks  IDS, Firewalls, and Honeypots  Buffer Overflows, Viruses, and Worms  Cryptographic Attacks and Defenses  Physical Security and Social Engineering
  • 29. Hands-On Information Security Lab Manual, Second Edition 1. Footprinting 2. Scanning and Enumeration 3. Operating System Vulnerabilities and Resolutions 4. Network Security Tools and Technologies 5. Security Maintenance 6. Information Security Management 7. File System Security and Cryptography 8. Computer Forensics http://www.course.com/ ISBN 0-619-21631-X
  • 30. Hacking Tools: Footprinting and Reconnaissance
  • 31. Whois
  • 32. Whois (cont.) http://www.allwhois.com/
  • 39. Ping
  • 41. Hacking Tools: Scanning and Enumeration
  • 42. nmap
  • 47. Hyena
  • 55. Hacking Tools: Trojans and Backdoors
  • 57. Game Creates Backdoor for NetBus
  • 60. Spoofing a MAC address Original Configuration
  • 63. Iris
  • 64. Snort
  • 65. Hacking Tools: Web Based Password Cracking
  • 67. Cain and Abel (Cont.)
  • 68. Cain and Abel (Cont.)
  • 75. Hacking Tools: Google Hacking and SQL Injection
  • 78. SQL Injection  Allows a remote attacker to execute arbitrary database commands  Relies on poorly formed database queries and insufficient input validation  Often facilitated, but does not rely on unhandled exceptions and ODBC error messages  Impact: MASSIVE. This is one of the most dangerous vulnerabilities on the web.
  • 84.
  • 85. Hackthissite.org http://www.hackthissite.org
  • 87. Hackits http://www.hackits.de/challenge/
  • 89. Legion of Ethical Hacking
  • 90. Legion of Ethical Hacking (Cont.)
  • 91. Hacker Highschool http://www.hackerhighschool.org/