WELCOMEWELCOME

ETHICAL HACKINGETHICAL HACKING

NAMECLASS

What is Hacking ???What is Hacking ??? Hacking is unauthorized use of computer and Hacking is unauthorized use of computer and

network resources. (The term "hacker" network resources. (The term "hacker" originally meant a very gifted programmer. In originally meant a very gifted programmer. In recent years though, with easier access to recent years though, with easier access to multiple systems, it now has negative multiple systems, it now has negative implications.)implications.)

Type Type ofof Hackers Hackers

Black-Hat Hacker- Black-Hat Hacker- A black hat hacker or A black hat hacker or crackers are individuals with extraordinary crackers are individuals with extraordinary computer skillscomputer skills

White-Hat Hacker- White-Hat Hacker- White hat hackers are White hat hackers are those individuals professing hacker skills those individuals professing hacker skills and using them for defensive purposeand using them for defensive purpose

Grey-Hat Hacker- Grey-Hat Hacker- These are individuals who These are individuals who work both offensively and defensively at work both offensively and defensively at various timesvarious times

Figure of General HackingFigure of General Hacking

What is Ethical Hacking ??What is Ethical Hacking ?? Ethical hackingEthical hacking – – defined “methodology defined “methodology

adopted by ethical hackers to discover the adopted by ethical hackers to discover the harmed existing in information systems’ harmed existing in information systems’ of operating environments.”of operating environments.”

With the growth of the Internet, computer With the growth of the Internet, computer security has become a major concern for security has become a major concern for businesses and governments. businesses and governments.

In their search for a way to approach the In their search for a way to approach the problem, organizations came to realize that problem, organizations came to realize that one of the best ways to evaluate the one of the best ways to evaluate the unwanted threat to their interests would be to unwanted threat to their interests would be to have independent computer security have independent computer security professionals attempt to break into their professionals attempt to break into their computer systems. computer systems.

Who are Ethical Hackers?Who are Ethical Hackers?

““One of the best ways to evaluate the intruder threat is to One of the best ways to evaluate the intruder threat is to have an independent computer security professionals have an independent computer security professionals attempt to break their computer systems” attempt to break their computer systems”

Successful ethical hackers possess a variety of skills. Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy. First and foremost, they must be completely trustworthy.

Ethical hackers typically have very strong programming Ethical hackers typically have very strong programming and computer networking skills. and computer networking skills.

They are also adept at installing and maintaining They are also adept at installing and maintaining systems that use the more popular operating systems systems that use the more popular operating systems (e.g., Linux or Windows 2000) used on target systems. (e.g., Linux or Windows 2000) used on target systems.

These base skills are detailed knowledge of the These base skills are detailed knowledge of the hardware and software provided by the more popular hardware and software provided by the more popular computer and networking hardware vendors. computer and networking hardware vendors.

What do Ethical Hackers do?What do Ethical Hackers do?

An ethical hacker’s evaluation of a system’s security An ethical hacker’s evaluation of a system’s security seeks answers to these basic questions: seeks answers to these basic questions: What can an intruder see on the target systems? What can an intruder see on the target systems? What can an intruder do with that information? What can an intruder do with that information? Does anyone at the target notice the intruder’s at Does anyone at the target notice the intruder’s at

tempts or successes? tempts or successes? What are you trying to protect? What are you trying to protect? What are you trying to protect against? What are you trying to protect against? How much time, effort, and money are you willing to How much time, effort, and money are you willing to

expend to obtain adequate protection? expend to obtain adequate protection?

Required Skills of an Ethical Required Skills of an Ethical HackerHacker

Routers:Routers: knowledge of routers, routing protocols, and knowledge of routers, routing protocols, and access control listsaccess control lists

Microsoft:Microsoft: skills in operation, configuration and skills in operation, configuration and management.management.

Linux:Linux: knowledge of Linux/Unix; security setting, knowledge of Linux/Unix; security setting, configuration, and services.configuration, and services.

Firewalls:Firewalls: configurations, and operation of intrusion configurations, and operation of intrusion detection systems.detection systems.

Mainframes : knowledge of mainframes .Mainframes : knowledge of mainframes .

Network Protocols:Network Protocols: TCP/IP; how they function and can TCP/IP; how they function and can be manipulated.be manipulated.

Project Management:Project Management: knowledge of leading, planning, knowledge of leading, planning, organizing, and controlling a penetration testing team.organizing, and controlling a penetration testing team.

WORKINGWORKING

In hacking there are five steps. The actual hacking In hacking there are five steps. The actual hacking will be a circular one. When the five steps will be a circular one. When the five steps completed he start reconnaissance in that stage completed he start reconnaissance in that stage and the preceding stages to get in to the next and the preceding stages to get in to the next level. The five steps arelevel. The five steps areReconnaissanceReconnaissanceScanning & EnumerationScanning & EnumerationGaining accessGaining accessMaintaining accessMaintaining accessClearing tracksClearing tracks

Future Scope of Ethical HackingFuture Scope of Ethical Hacking

As it an evolving branch the scope of enhancement in As it an evolving branch the scope of enhancement in technology is immense. No ethical hacker can ensure technology is immense. No ethical hacker can ensure the system security by using the same technique the system security by using the same technique repeatedly. He would have to improve, develop and repeatedly. He would have to improve, develop and explore new avenues repeatedly.explore new avenues repeatedly.

More enhanced software's should be used for optimum More enhanced software's should be used for optimum protection. Tools used, need to be updated regularly and protection. Tools used, need to be updated regularly and more efficient ones need to be developedmore efficient ones need to be developed

Advantage of Ethical HackingAdvantage of Ethical Hacking

Helping in closing the open holes in the system networkHelping in closing the open holes in the system network Provides security to banking and financial Provides security to banking and financial

establishmentsestablishments Prevent website defacementsPrevent website defacements Fight against terrorism and national security breachesFight against terrorism and national security breaches

Having a computer system that prevents malicious Having a computer system that prevents malicious hackers from gaining accesshackers from gaining access

Disadvantage of Ethical Disadvantage of Ethical HackingHacking

All depends upon the trustworthiness of the ethical All depends upon the trustworthiness of the ethical hackerhacker

Hiring professionals is expensiveHiring professionals is expensive The ethical hacker using the knowledge they gain to do The ethical hacker using the knowledge they gain to do

malicious hacking activitiesmalicious hacking activities Allowing the company’s financial and banking details to Allowing the company’s financial and banking details to

be seenbe seen

Massive securitMassive security breachy breach

Any Questions???Any Questions???

OrOr

suggestions???suggestions???