Ethical Hacking v10 Module 1 - Introduction to Ethical Hacking
Ethical hacking seminar
-
Upload
aneesh-raj -
Category
Documents
-
view
223 -
download
0
Transcript of Ethical hacking seminar
![Page 1: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/1.jpg)
1
Under the guidance of Miss.ANJU VIJAYAN
Presented By ROHINI V
![Page 2: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/2.jpg)
2
INTRODUCTION
• With the growth of the Internet, computer security has become a major concern for businesses and governments.
• Worried about the possibility of being “hacked”
• Solution :Ethical hacking ,also known as penetration testing or white-hat hacking
• This paper describes ethical hackers: their skill their attitude
how they go about helping their customers
![Page 3: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/3.jpg)
3
• Security is the condition of being protected against danger or loss
Security
• In networks, security is also called the information security
• Described in terms of CIA triads.
“C”:- Confidentiality “I”:- Integrity“A”:-Availability
1. Confidentiality : passive person should not see those data
2.Integrity :data cannot be modified without authorization
3. Availability : information must be available when it is needed
![Page 4: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/4.jpg)
4
Need for security
• Systems are damaged by intruders
● lose of confidential data● damage or destruction of data● damage or destruction of computer system● loss of reputation of a company
• Several forms of damage will occur
![Page 5: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/5.jpg)
5
Hacking
● A person who enjoys learning details of a programming language or system● A person who enjoys actually doing the programming rather than just theorizing about it● A person who picks up programming quickly
two definitions: 1st refers to the hobby/profession of working with computers. 2nd refers to breaking into computer systems.HACKER
● A person who is an expert at a particular programming language or system
![Page 6: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/6.jpg)
6
Types of Hackers3 types of hackers:
Black-Hat Hacker
White-Hat Hackerhacker skills and using them for defensive purposes
Grey-Hat Hackers Individuals who work both offensively and defensively
Black-Hat Hackerhackers use their knowledge and skill for their own personal gains probably by hurting others.
![Page 7: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/7.jpg)
7
Can Hacking Be Done Ethically?
Answer is yes…….because to catch a thief, think like a thief
Above is the basis for ethical hacking
![Page 8: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/8.jpg)
8
Ethical hackers possess a variety of skills:
Skills needed for ethical hackers
Completely trustworthy
Strong programming and computer networking skills
Patience
![Page 9: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/9.jpg)
9
What do an Ethical Hacker do?
1) Tries to get in to the system
2) Find vulnerability.
3) Report to the company about vulnerability.
4) Make patches for that particular vulnerability
![Page 10: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/10.jpg)
10
Methodology of Hacking
• Include five steps..
1. Reconnaissance2. Scanning & Enumeration3. Gaining access4. Maintaining access5. Clearing tracks
![Page 11: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/11.jpg)
11
1) Reconnaissance
Preliminary survey to gain informationFirst stage
Many tools are there:
1.Google: •search engines used in the Internet •specialized keywords for searching
2. Samspade:•provides us information about a particular host
![Page 12: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/12.jpg)
12
Fig:Samspade GUI
Reconnaissance cont…
![Page 13: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/13.jpg)
13
3.Email Tracker and Visual Route
Reconnaissance cont…
• software which helps us to find from which server does the mail actually came from.
Visual route
• gives actual location of the server with the help of IP addresses
![Page 14: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/14.jpg)
14
2)Scanning & Enumeration
• Make a blue print of the target network
• Includes the ip addresses of the target network which are live.
• Different tools used for scanning are:
1. War Dialing:
•Computer program used to identify the phone numbers that can successfully make a connection with a computer modem
![Page 15: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/15.jpg)
15
2.Pingers
Scanning & Enumeration cont……
• Use Internet Control Message Protocol(ICMP) packets
• Principle: Automated software which sends the ICMP packets to different machines and checking their responses
3.Port Scanning
• Determine what ports are open or in use on a system or network
![Page 16: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/16.jpg)
16
Enumeration
Scanning & Enumeration cont……
• Ability of a hacker to convince some servers to give them information that is vital to them to make an attack
1) Null sessions
Created by keeping the user name and password as null
After this ,NBTscan is used
2) SNMP (Simple Network Management Protocol )
Done by using
![Page 17: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/17.jpg)
17
• Make use of all the information collected in the pre attacking phases
3)Gaining access
• Hindrance to gain access :Password
1. Password Cracking
• Dictionary cracking
• Brute force cracking
• Hybrid cracking
• Social Engineering
![Page 18: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/18.jpg)
18
2. Man in the Middle Attack
Gaining access cont…..
• All the traffic between a host and a client to go through the hacker system
• hacker, the man in the middle
![Page 19: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/19.jpg)
19
4) Maintaining Access
• Make an easier path to get in when he comes the next time
1:Key Stroke Loggers
• record every movement of the keys in the keyboard
• middle man between the keyboard driver and the CPU
![Page 20: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/20.jpg)
20
2:Trojan Horses & Backdoors
Maintaining Access cont…..
• destructive program
• do not replicate
3:Wrappers
• wrap their contents to some pictures, greeting cards
• malicious data hidden from the administrator and other usual user
• Software:Elitewrap
![Page 21: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/21.jpg)
21
5)Clearing Tracks
“Everybody knows a good hacker but nobody knows a great hacker”
1:Winzapper
• Tool used:
![Page 22: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/22.jpg)
22
CONCLUSION
• Ethical Hacking is a legal hacking
• Increase security protection by identifyingand patching known security vulnerabilities on systems
• performed with the target’spermission
![Page 23: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/23.jpg)
23
![Page 24: Ethical hacking seminar](https://reader035.fdocuments.us/reader035/viewer/2022062401/577ccf3f1a28ab9e788f406e/html5/thumbnails/24.jpg)
24