Date post: | 16-Jul-2015 |
Category: |
Internet |
Upload: | namrata-raiyani |
View: | 30 times |
Download: | 0 times |
What is an ethical hacking?
Who is a hacker ?
Classes of hacker.
Process of ethical hacking.
Types of attacks on a system .
Why ethical hacking is needed?
Scope and limitations of ethical hacking.
What ethical hacker do?
Skills of an ethical hacker.
What is penetration testing?
Module summery.
Created By :- Raiyani Namrata H.2
Ethical hacking is an assessment to test and check an information
technology environment for possible weak links and vulnerabilities.
Ethical hacking describes the process of hacking a network in an
ethical way.
Ethical hacking is , what it can do , an ethical hacking methodology
as well as some tools which can be used for an ethical hack .
1. What is an ethical hacking ?
Created By :- Raiyani Namrata H.3
2. Who is a hacker?
Intelligent individuals with excellent computer skill with the
ability to create and explore into the computer software &
hardware.
For some hackers , hacking is a hobby to see howmany comp-
uters or networks they can compromise.
Their intension can either be to gain knowledge or to poke ar-
ound to do illegal things.
Hackers can hack business data , credit card information , etc.
Created By :- Raiyani Namrata H.4
3. Classes of hackers.
Class of
hackerr
Black
Hats
White
Hats
Gray
Hats
Suicide
Hackers
Created By :- Raiyani Namrata H.5
Black Hats
Individuals with extraordinary computing skills , resorting to malicious
or destructive activities and are also known as crackers or dark
-side hackers.
The term “black hat” comes from old westerns where the
bad guys usually wore black hats and the good guys wore
white ones.
hackers build things, crackers break things.
- Good technical skill
- Involved malicious and illegal activities.
Created By :- Raiyani Namrata H.6
White Hats
Individuals professing hacker skill and using them for defensive purpose
and are also known as security analyst .
who specializes in penetration testing and in other testing methodologies
to ensure the security of an organization's information systems.
- Use of knowledge and skills for defensive purpose , rather offensive
Created By :- Raiyani Namrata H.7
Gray Hats
Individuals who work both offensive and defensively at various times .
- Individuals who work both side :- ethical and malicious.
a grey hat hacker discovers a vulnerability, instead of telling the vendor
how the exploit works, he or she may offer to repair it for a small fee.
When one successfully gains illegal access to a system or network, he or
she may suggest to the system administrator that one of his or her friends
be hired to fix the problem; however, this practice has been declining due
to the increasing willingness of businesses to prosecute.
Created By :- Raiyani Namrata H.8
Created By :- Raiyani Namrata H. 9
Suicide Hacker
Individuals who aim to bring down critical infrastructure
for a“cause” and are not worried about facing 30 years in jail
for their actions.
- Suicide hacker can be good as well as bad .
4 . Process of Hacking
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Clearing Tracks
Created By :- Raiyani Namrata H.10
Reconnaissance
Reconnaissance refer to the preparatory phase where an attacker
seeks to gather information about a target prior to launching an
attack.
There are two types reconnaissance :- 1) Passive Reconnaissance
and 2) Active Reconnaissance .
Created By :- Raiyani Namrata H.11
1) Passive Reconnaissance
Passive reconnaissance is an attempt to gain information
about targeted computers and networks without actively
engaging with the systems.
Created By :- Raiyani Namrata H. 12
2) Active Reconnaissance
Active reconnaissance is a type of computer attack
in which an intruder engages with the targeted sy-
stem to gather information about vulnerabilities.
Created By :- Raiyani Namrata H. 13
Scanning
Scanning refers to the pre-attack phase when the attacker scans
the network for specific information on the basis of information
gathered during reconnaissance .
Scanning can include use of dialers , port scanner , network mapping
vulnerability scanner , etc .
Attacker extract information such as computer names , IP address ,
and user account to launch attack .
Created By :- Raiyani Namrata H. 14
Gaining Access
Gaining access refers to the points where the attacker obtains access
to the operating system or applications on the computer or networks .
The attacker can gain access at the operating system level , application
level , or network level .
for example , password cracking , buffer overflows , denial of service ,
session hijacking , etc .
Created By :- Raiyani Namrata H. 15
Maintaining Access
Maintaining access refers to the phase when the attacker tries
to retain his or her ownership of the system .
Attacker may prevent the system from being owned by other
attacker by securing their exclusive access with backdoors ,
roolkits , or trozens .
Attacker use the compromised system to launch further attacks .
Created By :- Raiyani Namrata H. 16
Covering Tracks
Covering tracks refers to the activities carried buy an attacker
to hide malicious acts .
The attacker overwrites the server , system and application logs
to avoid suspicion .
The attacker’s intension include continuing access to the victim’s
system , deleting evidence that might lead to his prosecution .
Created By :- Raiyani Namrata H. 17
5 . Types of attacks on a system
There are several an attacker can access to a system . The attacker
must be able to exploit a weakness or vulnerability in a system .
There are four types attacks on a system :- 1) Operating system attack ,
2) Application level attack , 3) Mis-configuration attack and 4) Shrink
wrap code attack .
Created By :- Raiyani Namrata H. 18
Operating System Attack
Attackers search for operating system vulnerabilities and exploit
them to gain access to a network system .
Some of the system vulnerabilities :- buffer overflow vulnerabilities ,
bugs in operating system , and unpatched operating system .
Created By :- Raiyani Namrata H. 19
Application Level Attack
Software applications come with tons of functionalities and features .
There is a dearth of time to perform complete testing before releasing
products .
Created By :- Raiyani Namrata H. 20
Mis-Configuration Attack
If a system is misconfigured , such as change in made in the file
permission , it can no longer be considered as secure .
The administrators are expected to change the configuration of
the device before they are deployed in the network .
In order to optimize the configuration to the machine remove any
redundant service or software .
Created By :- Raiyani Namrata H. 21
6. Why an ethical hacking is needed ?
Ethical
hacking
Defense in depth
strategy
Counter the attacks
Ethical hacking is needed because it allows the
countering of attacks from malicious hacker by
anticipating method they can use to break into
a system .
Created By :- Raiyani Namrata H.
22
Defense in Depth Service
There are seven types of defense in depth layers .
Data , Application , Host , Internal Network , Perimeter , Physical ,
Policies , Procedures and awareness
Defense in depth is a security strategy in which several protection
layers are placed throughout an information system .
Created By :- Raiyani Namrata H. 23
7. Scope and Limitation Of Ethical Hacking
Scope of ethical hacking
Ethical hacking is a crucial component of risk assessment ,
auditing , counter fraud , best practice , and good governa-
nce .
It is used to identify risks and highlight the remedial actions ,
and also reduce information and communication technology
(ICT) costs by resolving those vulnerabilities .
Created By :- Raiyani Namrata H. 24
Limitations Of Ethical Hacking
However , unless the business first know what it is at that they
are looking for and why they are hiring an outside vendor to
hack the system in the first place , chances there would not
be much to gain from the experience.
An ethical hacker thus can only help the organization to better
understand their security system , but it is up to the organizati-
on to place the right guards on the network .
Created By :- Raiyani Namrata H. 25
8. What an ethical hacker do ?
Ethical hackers are hired by an organization to attack their infor-
mation system and networks in order to discover vulnerabilities
and verify that security measures are functioning correctly .
Their duties may include testing systems and networks for vulne-
rabilities and attempting to access sensitive data by breaking se-
curity .
Created By :- Raiyani Namrata H. 26
9. Skills of an ethical hacker
There are five skills of an ethical hacker :-
- Platform Knowledge
- Network Knowledge
- Computer Expert
- Security Knowledge
- Technical Knowledge
Created By :- Raiyani Namrata H. 27
Platform Knowledge
Has-In-Depth knowledge of target platform , such as UNIX ,
LINUX , WINDOW .
Network Knowledge
Has exemplary knowledge of networking and related hardware
and software
Computer Experts
Should be a computer experts adept at technical domains .
Created By :- Raiyani Namrata H. 28
Security Knowledge
Has knowledge of security areas and related issues .
Technical Knowledge
Has high technical knowledge to launch the sophisticated attacks .
Created By :- Raiyani Namrata H. 29
10 . What is a penetration testing ?
Penetration testing is a method of actively evaluating the security
of an information system or network by simulating an attack from
a malicious source .
Security measures are actively analyzed for design weakness , tech-
nical flaws and vulnerabilities .
The results are delivered comprehensive in a report to executive ,
management and technical audience .
Created By :- Raiyani Namrata H. 30
11 . Summery of an ethical hacking
An ethical hacking enables organization to counter attacks from
malicious hacker by anticipating certain attack by which they
can break into the system .
Ethical hacking is a crucial component of risk assessment ,audi-
ting , counter frauds , best practice and good governance .
An ethical hacker helps in evaluating the security of a computer
system or network by simulating an attack by a malicious user .