Introducation about Ethical Hacking
-
Upload
noahfranklin -
Category
Education
-
view
834 -
download
1
description
Transcript of Introducation about Ethical Hacking
![Page 1: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/1.jpg)
Cyber Ethics – Hacking
Introduction
By
Noah Franklin J
![Page 2: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/2.jpg)
Session Flow
•Why Security?
•Hacking – Introduction
•Hacker Communities
•Types of Hackers.
•Malicious Hacker Strategies
•Ethical Hacker Strategies
•Steps for conducting Ethical Hacking.
•Importance of Vulnerability Research.
•Vulnerability Research References.
•Conclusion.
Copy Rights to Noah Franklin J
![Page 3: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/3.jpg)
• Increasing use of Complex computer infrastructure.
• Increasing use of Network elements & applications.
• Decreasing level of skill set.
Why Security??
Copy Rights to Noah Franklin J
![Page 4: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/4.jpg)
• The Art of exploring various security breaches is
termed as Hacking
• It’s an anti-society activity.
• It says, there always exists more than one way to
solve the
problem.
Hacking - Definition
Copy Rights to Noah Franklin J
![Page 5: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/5.jpg)
• Hackers
• Crackers
• Phreaks
• Script Kiddies
Communities of Hackers
Copy Rights to Noah Franklin J
![Page 6: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/6.jpg)
Hackers are Intelligent Computer Professionals.
Motive/Intent –
To gain in-depth knowledge of a system, what’s happening at the
backend, behind the screen.
To find possible security vulnerabilities in a system.
They create security awareness by sharing knowledge. It’s a team
work.
Hacker Who are they???
Copy Rights to Noah Franklin J
![Page 7: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/7.jpg)
An - Individuals who break into computers with malicious intent.
Motive/Intent –
To seek unauthorized access into a system and cause damage or destroy or reveal confidential information.
To compromise the system to deny services to legitimate users for troubling, harassing them or for taking revenge.
Effects- Can cause financial losses & image/reputation
damages, defamation in the society for individuals or
organizations
Cracker/Attacker
Copy Rights to Noah Franklin J
![Page 8: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/8.jpg)
Phreaks – These are persons who use computer
devices and software to break into phone networks.
Motive/Intention- To find loopholes in security in
phone network and to make phone calls at free of
cost!!!
Effects- You may have to big amount of phone bills,
for doing nothing!!!
Phreaks
Copy Rights to Noah Franklin J
![Page 9: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/9.jpg)
•Script Kiddies – These are persons not having
technical skills to hack computers.
•Motive/Intention- They use the available
information about known
vulnerabilities to break into remote systems.
•It’s an act performed for a fun or out of curiosity.
Script Kiddie
Copy Rights to Noah Franklin J
![Page 10: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/10.jpg)
• Black Hat
• White Hat
• Gray Hat
Hacker Classes
Copy Rights to Noah Franklin J
![Page 11: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/11.jpg)
They use their knowledge and skill set for illegal
activities, destructive intents.
E.g.- to gain money (online robbery), to take revenge.
Disgruntled
Employees is the best example of Black Hats. Attackers
(Black Hat Hackers) are not at all concerned with security
professionals (WhiteHat hackers). Actually these hackers
Are Bad Guys!!!
Black Hat
Copy Rights to Noah Franklin J
![Page 12: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/12.jpg)
They use their knowledge and skill set for
good, constructive intents. They find out new security
loopholes and their solutions.
E.g.- Cyber Security Peoples (FBI , NYPD, US-Homeland Security Breanch)
White Hat
Copy Rights to Noah Franklin J
![Page 13: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/13.jpg)
Individuals who works both offensively and
defensively at various times
E.g.- Third Party Security Testing in IT sectors
Gray Hat
Copy Rights to Noah Franklin J
![Page 14: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/14.jpg)
What Does the Malicious Hacker Do?
Copy Rights to Noah Franklin J
![Page 15: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/15.jpg)
• There are several ways an attacker can gain access
to a system
• The attacker must be able to exploit a weakness or
vulnerability in a system
Attack Types :
Operating System Attacks
Application-level attacks
Shrink Wrap code Attacks
Misconfiguration Attacks
Types of Hacker Attacks
Copy Rights to Noah Franklin J
![Page 16: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/16.jpg)
“The one who can hack it, can only secure it”
“If you want to catch criminal then you’ll have to think like criminal”
• What to protect?
• How to protect?
• Against whom?
• How much resources needed?
Ethical Hacker Strategies
Copy Rights to Noah Franklin J
![Page 17: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/17.jpg)
•Understand Client Requirements for Security / Vulnerability Testing.
• In Preparation Phase, EH will sign an NDA with the client.
• Internal / External Testing.
• Conduct Network Security Audits/ VAPT.
• Risk Assessment & Mitigation
•Documenting Auditing Reports as per Standards.
•Submitting Developer as well as remediation reports.
• Implement remediation for found vulnerabilities.
Ethical Hacker Strategies
Copy Rights to Noah Franklin J
![Page 18: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/18.jpg)
• Vulnerability research is process of finding
vulnerabilities, threats & loopholes in
Server/ System/Network.
• Includes Vulnerability Assessment & Penetration
Testing.
• Vulnerability notes can be search on internet via
Number, CVE.
Vulnerability Research
Copy Rights to Noah Franklin J
![Page 19: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/19.jpg)
• Common Vulnerability database is available at
http://cve.mitre.org/
•National Vulnerability Database is available at
http://web.nvd.nist.gov/
• US – CERT also publishes CVD on
http://www.uscert.gov
1. Contains Alerts which can be helpful to administrator.
2. It doesn’t contain solutions.
Vulnerability Research References
Copy Rights to Noah Franklin J
![Page 20: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/20.jpg)
• Indian CERT also published advisory notes, incident
notes & defacement statistics.
• Secunia also published Vulnerability
Notes,Advisories.
• Zone –h published deface images of web attacks.
• Milw0rm Maintains latest vulneability notes,white
papers,videos.
Vulnerability Research References
Copy Rights to Noah Franklin J
![Page 21: Introducation about Ethical Hacking](https://reader033.fdocuments.us/reader033/viewer/2022060115/557622b6d8b42a4e1c8b4dbf/html5/thumbnails/21.jpg)
Security is important because prevention is better
than cure.
Conclusion
Copy Rights to Noah Franklin J