Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Appl...
Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Appl...
Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Appl...
Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Appl...
Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Appl...
Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Appl...
Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Appl...
Upcoming SlideShare
Loading in...5
×

Ka3118541860

427

Published on

1 Comment
0 Likes
Statistics
Notes
  • free free download this latest version 100% working.
    download link- http://gg.gg/hqcf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
427
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Ka3118541860

  1. 1. Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 1, January -February 2013, pp.1854-1860 Ethical Hacking in Linux Environment Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram Department of Computer Engineering Veermata Jijabai Technological Institute Matunga, MumbaiAbstract — “Ethical Hacking” which attempts to logo, steal their private emails or credit cardpro-actively increase security protection by numbers, or put in software that will quietly transmitidentifying and patching known security their organizations data to somebody in anothervulnerabilities on systems owned by other parties. country.Ethical hackers may beta test unreleasedsoftware, stress test released software, and scan Hackers are commonly known as bad or terriblenetworks of computers for vulnerabilities. Ethical people in our society. They are also known ashacking can be defined as the practice of hacking crackers or black hat guys. The reason is thatwithout no malicious intention, rather evaluate majority of computer users are somehow victim oftarget system with a hackers perspectives.[1][7] malicious activities by other users who areHacking is a process to bypass the security outstandingly experts in computers. The importantmechanisms of an information system or thing to understand is not all the hackers are bad asnetwork. In common usage, hacker is a generic some people are doing penetration of a system in theterm for a computer criminal. Hacking is an limits of ethical standards to understand theunprivileged usage of computer and network vulnerabilities in their system or their clients system,resources. The term "hacker" originally meant a also called white hat hackers. Hence the termvery gifted programmer. In recent years though, ―Ethical Standards‖ actually refers to thewith easier access to multiple systems, it now has consideration if the person performing hacking has anegative implications. valid intention or not. If he or she just wants to access the target system with an illegal intention andKeywords —Ethical standards[2], Penetration, misuse the data explored, can be termed as theExploits, Philosophy of Hacking, Emanations, cracker whereas the ethical hacker always intendsVandalism. for test that yields the vulnerabilities of the system as the output through the process of hacking. In I. INTRODUCTION ethical hacking, for example, a network This paper aims at putting forward the basic administrator might use the encrypted password fileconcept of ethical hacking and difference between a and a "cracking" program to determine who has nothacker and cracker, root philosophy of hacking, the picked a good password. The need is to train ourapproach that differs in the thought processes of computer science students with ethical hackinghackers and programmers and reveals secretes of techniques, so that they can fight against criminalhacking under Linux domain. As we all are aware hackers. Because ethical hackers believe that onethat data and Computer Communications are hot can best protect systems by probing them whilesubjects and getting hotter every day[5]. We see it causing no damage and subsequently fixing thewhen we turn on our television, cordless or cell vulnerabilities found.phone, or the computer when we get our email. Ithas provided us lightning speed conveniences that II. RELATED WORKour grandparents could only imagine when they The new generation of hackers are turning openwent to the movies to see Buck Rogers or Dick source into a powerful force in today‘s computingTracy. However, what they could not have imagined world. They are the heirs to an earlier hackingwas the "dark side" that comes along with these culture that thrived in the 1960s and 1970s whentechnological advances. The rapid growth of the computers were still new part of community thatInternet has brought many constructive and valued believed software should be shared and all wouldsolutions for our lives such as e-commerce, benefit as a result. These experts programmers andelectronic communication, and new areas for networking wizards trace their lineage back to theresearch and information sharing. However, like first time-sharing minicomputers and the earliestmany other technological advancements, there is ARPAnet experiments. The members of thisalso an issue of growing number of criminal hackers. community coined the term ―Hacker‖. Hackers build[4]Businesses are scared of computer experts who the internet and made the UNIX operating systemwill penetrate into their web server and change their what is it today. Hackers run the Usenet and make the World Wide Web work. 1854 | P a g e
  2. 2. Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 1, January -February 2013, pp.1854-18601. Hackers sparked the open source revolution- damage and subsequently fixing the In 1991, Linus Torvalds sent a posting to an vulnerabilities found.Internet newsgroup, asking for advice on how to  Ethical hackers simulate how an attacker withmake a better operating system. His project was a no inside knowledge of a system might try toHobby, he said, and would never be ‗big and penetrate and believe their activities benefitprofessional‘[12]. society by exposing system weaknesses -In 1994, the first working version of Linux was stressing that if they can break these systemsdistributed. Marleen Wynants and Jan Cornelis, so could terrorists.while discussing the economic, social, and cultural  Ethical hackers use their knowledge as riskimpact of Free and Open Source Software in their management techniques.paper ―How Open Source is the Future?‖ suggestthat Linux was more than just a toy of hackers. Whereas influenced with an invalid intentionsPropelled by Linux, the open source culture surface people think –from its underground location.  Hacker or cracker are clever but an In the spring of 1997, a group of leaders in the unstructured programmer and believe thefree software community assembled in California. same but with invalid intentions.This group included Eric Raymond, Tim O‘Reilly  Crackers break into (crack) systems withand VA Research president Larry Augustin, among malicious intent. They are out for personalothers. Basically ―HACKING‖ is a loaded term ~ gain: fame, profit, and even revenge. Theythe distinction between hacking and cracking is not modify, delete, and steal critical information,universal. The concept of hacking is yielded from often making other people miserable.the dictionary meaning of ―hack‖ as a verb ―to chop  Hackers have a destructive R&D approach toor cut roughly, to make rough cuts‖ as in break different software, systems, andprogramming using ad hoc methods based on networks policies.experience without necessarily having a formal planor methodology for evaluation. In another While revealing more and more about the ethicalperspective and being a little antisocial, hacking is hacking the journey may stuck up at the point whereclever but unstructured programming solution to a human mind is made thinking about how a hackerproblem. and a normal guy differs in approaches when both of them knows same coding patterns and technologies.2. What is the difference? - In our pyramid of human But the truth turns a little lifeway that turns us tobrain, information is stored in terms of chemicals believe how a black or white hat guy breaks theand genetic substances, as in the same way, two boundaries of the programming.majorly used operating systems viz. Linux andWindows have their owned file system like NTFS A typical developer’s methodology[12]:and FAT or ext and both of them are considered as  Developers are under pressure to followrobust based on their user‘s perspectives and standard solutions, or the path of least resistance tospecification. But the fact lies in that, every ―just making it works.‖ As long as a trick works,operating system can be cracked and hacked. So detailed understanding is often considered optional.what is this difference between the hacks and Consequently, they might not realize the effects ofcracks? Ethical hackers simulate how an attacker deviating from the beaten path.with no inside knowledge of a system might  Developers tend to be implicitly trainedpenetrate and believe their activities benefit society away from exploring underlying APIs because theby exposing system weaknesses – stressing that if extra time investment rarely pays off.they can break these systems so could terrorists. The  Developers often receive a limited view ofresult is not only enhanced local security for the the API, with few or hardly any details about itsethical hacker but also overall operating domain implementation.security. The white paper also tries to elaborate  Developers are de facto trained to ignore orabout the basic tools and techniques that are widely avoid infrequent border cases and might notused by a mass of unexplored group of hackers in understand their effects.the world their methodology of working.  Developers might receive explicit3. Philosophy – The backend thoughts that tempts a directions to ignore specific problems as being inperson to be either a hacker or a cracker lies in the other developer‘s domains.approach he puts his directions. Henceforth what thehacker digests is this.  Developers often lack tools for examining  Ethical hackers believe one can best protect the full state of the system, let alone changing it systems by probing them while causing no outside of the limited API. A Hackers methodology: 1855 | P a g e
  3. 3. Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 1, January -February 2013, pp.1854-1860  Hackers tends to treat special and border paths to become open source. For example, acases of standards as essential and invest significant collaborating open source community developed thetime in reading the appropriate documentation Linux kernel; an individual created PGP (Pretty(which is not a good survival skill for most industrial Good Privacy) and the Mozilla browser wereor curricular tasks). originally developed as proprietary software. One  Hackers insist on understanding the implication of this is that any conclusions aboutunderlying API‘s implementation and exploring it to Linux might not hold true for all open sourceconfirm the documentation‘s claims. products. But being an initiative taker, open source  As a matter of course, hackers second- communities make society Linux strong systemguess the implementer‘s logic (this is one reason for software. A hacker always needs to figure out thepreferring developer-addressed RFCs to other forms vulnerabilities in the victim system.of documentation). Hackers reflect on and explorethe effects of deviating from standard tutorials. A) Local Access Control in Linux Environment  Hackers insist on tools that let them From a Physical Security (PHYSSEC) perspective,examine the full state of the system across interface problems do not really begin until attackers havelayers and modify this state, bypassing the standard their hands on a machine. Having suitable accessdevelopment API. If such tools do not exist, controls to prevent direct access and policies in placedeveloping them becomes a top priority. to prevent social engineering will help ensure that attackers are kept at a safe distance. Linux is a4. Understanding the need to hack your own system robust OS, but it is still vulnerable to hardware To catch a thief, think like a thief. That‘s the dangers that may lead to damage on its physicalbasis for ethical hacking. Protecting your systems drives or power losses that may cause datafrom the bad guys and not just the generic corruption. Therefore, in addition to access controls,vulnerabilities that everyone knows about is the need server rooms should include the following items toof the hour and is absolutely critical. When you ensure integrity and availability and provideknow hacker tricks, you can understand how protections from power outages, power anomalies,vulnerable your systems are. Hacking preys on weak floods, and so on[7].security practices and undisclosed vulnerabilities.An exploit is a piece of malware code that takes •Console Accessadvantage of a newly-announced or otherwise Stealing data using a Bootable Linux CD:unpatched vulnerability in a software application ex; 1. Reboot the system and configure it to bootOS, web browsers, plug-ins etc. from the CD-ROM. When ―ethical‖ is placed in front of the term 2. Boot into the bootable Linux distro.hacking it denotes the moral activity. Unethical 3. Open a root command shell.hacking has no permission to intrude the systems. 4. Create a mount point by typing mkdirEthical hacking includes permissions to intrude such mountpoint, which will create a directoryas contracted consulting services, hacking contests, called mount point.and beta testing of information security or any IT 5. This is where the file system will beproject. mounted. 6. Determine the type of hard disks (SCSI orHACKING IN LINUX OPERATING SYSTEMS[7] IDE) on the system. [sda, sdb, sdc, and so In the last decade the open source movement on for SCSI, & hda, hdb, hdc, and so on forhas been a vital source of innovation affecting IDE] To determine the disk type, type fdisksoftware development. However, open source –l or look through the output of the dmesgcommunity practices have provoked a command.Debate on software quality—namely, is open source 7. Determine the partition on the disk to besoftware‘s quality better than that of its closed- mounted. Partitions on the disk aresource counterpart? Studies have attempted to represented as sda1, sda2, sda2, and so on.correlate metrics with software performance or 8. Identifying the correct partition thatvalidate that metrics can actually predict software contains the /etc/shadow fi le (always thesystems‘ fault proneness. root ―/‖ partition). It is usually one of the first three partitions.Open Source Software 9. Type mount /dev/sda# mountpoint, where Where you can define closed-source software as /dev/sda# is your root partition (sda1, sda2,a product created using traditional software sda3,…), and mountpoint is the directorydevelopment methods, the definition of open source you created.software isn‘t always straightforward. This is 10. Change to the /etc directory on your rootbecause a software product can take at least three partition by typing cd mountpoint/ etc 1856 | P a g e
  4. 4. Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 1, January -February 2013, pp.1854-1860 11. Use your favorite text editor (such as vi) to escalating their privileges themselves and gaining open the etc/shadow file for editing. access to unintended resources. Having said that, 12. Scroll down to the line containing the root‘s Linux systems often require a user be able to elevate information, which looks something like: his or her own privileges from time to time, when root:qDlrwz/E8RSKw:13659:0:99999:7::: executing certain commands. Sudo is a utility that 13. Delete everything between the first and grant granular access to commands that users can second colons, so the line, resembles this run with elevated permissions. When using or one: root::13659:0:99999:7::: administering a Linux box, you frequently need to 14. Save the file and exit you editor. switch back and forth between performing 15. Type cd to return to the home directory. administrative-type tasks requiring enhanced 16. Type umount mountpoint to unmount the permissions and target file system. regular-type tasks only needing basic user 17. Type reboot to reboot the system and permissions. It would be ineffective to operate using remove the bootable Linux distribution CD a basic user account all of the time and unwise to do from the drive. everything as root. Due to the 18. Now the system can be accessed as root restrictions placed on standard user accounts and the with no password (or the known password). number of steps involved in switching back and forth between accounts, not to mention the irritation B) Chrooting Directory caused by the path changing every time, theThe amount of work that goes into securing a system tendency is to just log in to the system as thecan be partially mitigated by taking advantage of the superuser and perform all the tasks from start tochrooting abilities built into certain applications or finish. This is very problematic.by using the chroot feature that is included or can becompiled into Linux. Chroot is a combination of two D) Restrict System Calls with Systracewords: change and root. It creates a sandboxed, Interactive Policiesvirtual directory that is used to provide a user or an One of the most powerful system accessapplication access to only a limited subset of controls is the Systrace utility that allowsresources. Certain daemons, such as FTP and SSH, enforcement of interactive policies. Properhave the built-in or add-in ability to sandbox users in utilization of this utility can replace other accessa carefully crafted ―chrooted‖ environment. controls, or be added to them, as part of a defense- in-depth architecture. It essentially creates a virtualIdentifying Dependencies: The process of chrooted environment where access to systemidentifying and copying application dependencies resources can be specifically permitted or denied forand configuration files can be painstakingly a particular application. The Systrace utility hasperformed using various Linux tools, such as the three primary functions:following. • Intrusion detectionStrace: A utility designed to trace all syscalls and • Non-interactive policy enforcementexecutable makes. It will enumerate all files • Privilege elevation(configuration files, library dependencies, open files, Intrusion Detection The Systrace utility enablesoutput files) for a given executable. It shows administrative personnel to monitor daemonsvoluminous output as it systematically steps through (especially useful if done on remote machines) anda binary as it executes. generate warnings for system calls that identify operations not defined by•Privilege Escalations an existing policy. This allows administrators to•File Permission and Attributes create profiles for normal daemon operations on a•Chrooting in system directories particular system and generate alerts for any•Hacking Local Passwords abnormal activity.•Disabling Bootable CD’s and Bios Password Noninteractive Policy Enforcement (aka IPS) C) Privilege Escalation Beyond the ability for Systrace to generate alerts for We have described ways that attackers can system calls not included in a particular policy, youcompromise a system due to lack of physical access can also use it to preventcontrols on or surrounding a system. Instead of them. Systrace can be configured to deny anyaiming only to prevent activity not explicitly defined in an active policy.physical access to the machine or direct access to itsdrives, you must also consider how to safely allow Privilege Elevation Instead of configuringsemitrusted users some level of access to a machine, SetUID/SUID/SGID bits, which can essentiallybut not give them greater permissions than create built-in vulnerabilities, Systrace can be usednecessary. You must try to prevent users from 1857 | P a g e
  5. 5. Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 1, January -February 2013, pp.1854-1860to execute an application without persistent The proposed system explains about the procedurepermissions, as it only escalates permissions to the for hacking and gaining access to any encrypteddesired level when necessary. Furthermore, Systrace Wireless Network(WAN).only elevates privileges in a precise, fine-grainedmanner, specifically for the particular operations that Requirementrequire them. 1. Hacking Encrypted Wireless Network 2. Backtrack 5.0 installed hardware machineProposed System 3. System assembled with an Wi-Fi device orThe proposed system explains about how to hack a portencrypted wireless computer network (WLAN) The 4. A Wi-Fi stationsystem elaborates about the detailed procedure forhacking and gaining access to any encrypted Algorithm for proposed systemWireless Network(WAN) in three steps – preparing This algorithm contains 3 basic steps-Device for attack, crack WEP encryption, crack 1. Prepare a Wi-Fi device for an attackWPA encryption 2. Cracking WEP Encryption 3. Cracking WPA EncryptionExisting WorkThe work that lies in the background of this Step I) Prepare the Wi-Fi device for an attackWireless Network hacking through Linux flavoredOS has not yet been proposed successfully because 1. Start with a new terminalof the unavailable result statistics. Only the strong 2. Get access of the system in privileged modeprobabilities have been drawn out based on some ―root‖previously proposed mathematical tools and 3. Check the status of the Wi-Fi devicetheorems. Along with this many of the tools that 4. If (Wi-Fi device = installed) Then –come up in build in the Linux like BACKTRACK[7] a. Turn off the ―Monitor Mode‖ ofhave been suggested to perform. W-Fi deviceDrawbacks in this system b. Change the mac address of the1. Hacking process is totally practical and less computer theory prerequisites oriented. c. Enable Monitor Mode of W-Fi2. Every technique of hacking born through the device again use security of less principled counterparts , d. Prepare Wi-Fi device for an attack here no such case history to consider 5. If ( Wi-Fi device != installed) Then3. Hacking cannot be tested over some kind of a. Configure a new Wi-Fi device matrix measures or on any other criteria that are b. Repeat Step # 3 generally considered valid for other kind of 6. Halt with exiting the terminal security related researches.4. No analytical statistics are generated to prove the complexity and risk factors involved in this Step II) Crack WEP (Wireless Encryption methodology. Protocol) Encryption5. The suggested tools have not been verified ever via actual implementation 1. Log in a ―root‖ user.6. Hence, overall risk factor is exponential. 2. Discover a target network to attack upon with airodump-ng.Proposed System Architecture 3. Terminate the discovery once enough nereby n/w are traced 4. Capture the packets and ARPs on wireless network with airodump-ng 5. If (speed of capture is SLOW) Use ―airoplay-ng -3 –b c‖ command. 6. If (Error = ―Waiting for becon frame‖) Repeat from step # 4 and step # 5 7. Save the captured in a target folder 8. Decrypt the data using aircrack 9. Halt Step III) Cracking WPA (Wi-Fi Protected Access) Encryption 1858 | P a g e
  6. 6. Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 1, January -February 2013, pp.1854-1860 1. Log in a ―root‖ user. 2. Open a new terminal to check the Handshake 3. Capture the handshakes using airoplay 4. Disconnect all the clients in the network by airoplay 5. Generate a ―wordlists/wpa.txt‖ 6. Brute force the password from wordlists/wpa.txt 7. If (COMPUTER DECRYPTION SUCCESSFUL) a. Required KEY is achieved b. Close the terminal 8. If (COMPUTER DECRYPTION Here X is the network number enlisted in the output SUCCESSFUL) of the previous command. This will now capture all Repeat from step # 2 to step # 7 the data pakets. 9. Halt Now open an new terminal and log in through root. Use commandProcedure for hacking Encrypted WAN 1. Preparing the Wi-Fi device for an attack airplay-g -3 –b <wirless bssid> -h <myFakeMacAddress> <device name> It is recommende to capture at least of 2000 packets. 3. Cracking WEP EncryptionOpen the terminal and log in through the root user.Check status of your Wi-Fi device by typingiwconfig command. We get list of all the Wi-Fidevices installed.airmon-ng stop wlan0This command disables the monitor mode of Wi-Fidevice.We must not use our real physical address, henceusemacchanger –mac <proxy mac address>Now use monitor enabling to have full control over Lets try to decrypt the captured date to find out thedevice you want to configure by using wireless network password. In the other terminalairmon-ng start wlan0 press ls to enlist the data folders. Use wepcaptured 01.cap. 2. Cracking WEP EncryptionFirst of all we need to select the target network to aircrack-ng –bssid <address ofattack. Use ―airodump-ng start wlan0‖ target> <path where captured dataThis will show all the active station nereby. It also has been stored> wepcaptured 01.cap.shows their mac addresses, total users, traffics etcetc. Now hit ―Ctrl+C‖ to stop the discovery. Now, The computer now try to decrypt the data and ifit‘s the time to capture some packets. Use following successful will show the password. Now we havecommand: actually gained the access over theairodump-ng X c w <address where network.Furthermore we can manipulate as we wish.captured packets should be saved> For example I want to disconnect all the clientsbssid <networkaddress> <devicename> connected, I use: airplay-ng -0 15 –a <your network device ID> <device name> 1859 | P a g e
  7. 7. Aniruddha P Tekade, Pravin Gurjar, Pankaj R. Ingle, Dr.B.B.Meshram /International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 3, Issue 1, January -February 2013, pp.1854-1860We come to know how actual handshaking is done David Doss Illinois State University, 0-on the other terminal and all the clients are being 7803-7824-0/02/%10.00 62002 IEEE.disconnected. 6) Network Viruses: Their Working Principles and Marriages with Hacking Programs by III. CONCLUSION Yanjun Zuo and Brajendra Panda Computer The method of testing the system reliability Science & Computer Engineeringby trying to damage is not new. Whether an Department University of Arkansas, ISBN 0-automobile company is testing cars by crashing the 7803-7808-3/03/$17.00 0 2003 IEEE.cars in a controlled environment, or an individual is 7) Hacking Exposed in Linux 3rd Edition bytesting his skills at an army training camp by ISECOMM Tata McGrawHill Publicationsparring with another people, is generally accepted 8) Linux 101 Hacks: Practical Foundation toas reasonable. Identification of vulnerabilities is built strong foundation in Linux by Rameshuseless without regular auditing, persistent intrusion Natarajan.detection, high-quality system administration 9) Beaver, Kevin, CISSP (2003), Ethicalpractice, and computer security knowledge. A Hacking: Ten crucial lesson. Retrieved onsimple breakdown can expose an organization to June 21, 2006.cyber-attacks, loss of income or mind share, or even 10) Ethical Hacking and Cybercrime bysomething worse. Every new technology has its Nataliya B. Sukhai 6675 Williamson Driveadvantages and its risks. Ethical hackers can only Atlanta, Georgia 30328assist their clients in better understanding and 11) Legal Policy and Digital Rightsidentifying of their security needs, it is the Management by RICHARD OWENS ANDresponsibility of the clients who decide whether to RAJEN AKALU, PROCEEDINGS OF THEaddress them or not. Students also enjoyed the new IEEE, VOL. 92, NO. 6, JUNE 2004.vocabulary that has developed in the Google hacking 12) Hacking Risk Analysis of Web Trojan incommunity. Electric Power System by Yong Wang , Using the results of penetration testing Dawu Gu, Dept. of computer Science andrequires proper interpretation. Neither testers nor Engineering, Shanghai Jiao Tong Universitysponsors should assert that the penetration test has Shanghai, Chinafound all possible flaws, or that the failure to find 13) Hacking Competitions and Their Untappedflaws means that the system is secure. All types of Potential for Security Education by Gregorytesting can show only the presence of flaws and Conti, Thomas Babb itt, and John Nelson,never the absence of them. The best that testers can US Military Academy, COPUBLISHEDsay is that the specific flaws they looked for and BY THE IEEE COMPUTER ANDfailed to find aren‘t present; this can give some idea RELIABILITY SOCIETIESof the overall security of the system‘s design and 14) Be Protected and Feel Secure – Ethicalimplementation. Penetration testing is effective Hacking Seminar by KARMA Cyber Intel,because it lets us consider a system as it‘s actually Mumbai.used, rather than as it‘s expected to be used. It‘ssomething to which all computer security studentsshould be exposed. REFERENCES 1) Packet Sniffing:A Brief Introduction DECEMBER 2002/JANUARY 2003 0278- 6648/02/$17.00 © 2002 IEEE 2) PERVASIVE computing Published by the IEEE CS n 1536-1268/08/$25.00 © 2008 IEEE 3) Teaching Students to Hack: Ethical Implications in Teaching Students to hack at university level 4) ―What Hackers Learn that the Rest of Us Don‘t‖, THE IEEE COMPUTER SOCIETY, 1540-7993/07/$25.00 © 2007 IEEE. 5) Ethical Hacking: The Security Justification Redux by Bryan Smith William Yurcik 1860 | P a g e

×