Introducation about Ethical Hacking


Published on

Introducation about Ethical hacking and security

Published in: Education, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Introducation about Ethical Hacking

  1. 1. Cyber Ethics – Hacking Introduction By Noah Franklin J
  2. 2. Session Flow•Why Security?•Hacking – Introduction•Hacker Communities•Types of Hackers.•Malicious Hacker Strategies•Ethical Hacker Strategies•Steps for conducting Ethical Hacking.•Importance of Vulnerability Research.•Vulnerability Research References.•Conclusion. Copy Rights to Noah Franklin J
  3. 3. Why Security??• Increasing use of Complex computer infrastructure.• Increasing use of Network elements & applications.• Decreasing level of skill set. Copy Rights to Noah Franklin J
  4. 4. Hacking - Definition• The Art of exploring various security breaches is termed as Hacking• It’s an anti-society activity.• It says, there always exists more than one way to solve theproblem. Copy Rights to Noah Franklin J
  5. 5. Communities of Hackers• Hackers• Crackers• Phreaks• Script Kiddies Copy Rights to Noah Franklin J
  6. 6. Hacker Who are they???Hackers are Intelligent Computer Professionals.Motive/Intent –To gain in-depth knowledge of a system, what’s happening at thebackend, behind the screen.To find possible security vulnerabilities in a system.They create security awareness by sharing knowledge. It’s a teamwork. Copy Rights to Noah Franklin J
  7. 7. Cracker/AttackerAn - Individuals who break into computers with malicious intent.Motive/Intent – To seek unauthorized access into a system and cause damage or destroy or reveal confidential information. To compromise the system to deny services to legitimate users for troubling, harassing them or for taking revenge.Effects- Can cause financial losses & image/reputationdamages, defamation in the society for individuals ororganizations Copy Rights to Noah Franklin J
  8. 8. PhreaksPhreaks – These are persons who use computerdevices and software to break into phone networks.Motive/Intention- To find loopholes in security inphone network and to make phone calls at free ofcost!!!Effects- You may have to big amount of phone bills,for doing nothing!!! Copy Rights to Noah Franklin J
  9. 9. Script Kiddie•Script Kiddies – These are persons not havingtechnical skills to hack computers.•Motive/Intention- They use the availableinformation about knownvulnerabilities to break into remote systems.•It’s an act performed for a fun or out of curiosity. Copy Rights to Noah Franklin J
  10. 10. Hacker Classes• Black Hat• White Hat• Gray Hat Copy Rights to Noah Franklin J
  11. 11. Black HatThey use their knowledge and skill set for illegalactivities, destructive intents.E.g.- to gain money (online robbery), to take revenge.DisgruntledEmployees is the best example of Black Hats. Attackers(Black Hat Hackers) are not at all concerned with securityprofessionals (WhiteHat hackers). Actually these hackersAre Bad Guys!!! Copy Rights to Noah Franklin J
  12. 12. White HatThey use their knowledge and skill set forgood, constructive intents. They find out new securityloopholes and their solutions.E.g.- Cyber Security Peoples (FBI , NYPD, US- Homeland Security Breanch) Copy Rights to Noah Franklin J
  13. 13. Gray HatIndividuals who works both offensively anddefensively at various timesE.g.- Third Party Security Testing in IT sectors Copy Rights to Noah Franklin J
  14. 14. What Does the Malicious Hacker Do? Copy Rights to Noah Franklin J
  15. 15. Types of Hacker Attacks• There are several ways an attacker can gain accessto a system• The attacker must be able to exploit a weakness orvulnerability in a systemAttack Types :Operating System AttacksApplication-level attacksShrink Wrap code AttacksMisconfiguration Attacks Copy Rights to Noah Franklin J
  16. 16. Ethical Hacker Strategies“The one who can hack it, can only secure it”“If you want to catch criminal then you’ll have to think like criminal”• What to protect?• How to protect?• Against whom?• How much resources needed? Copy Rights to Noah Franklin J
  17. 17. Ethical Hacker Strategies•Understand Client Requirements for Security / Vulnerability Testing.• In Preparation Phase, EH will sign an NDA with the client.• Internal / External Testing.• Conduct Network Security Audits/ VAPT.• Risk Assessment & Mitigation•Documenting Auditing Reports as per Standards.•Submitting Developer as well as remediation reports.• Implement remediation for found vulnerabilities. Copy Rights to Noah Franklin J
  18. 18. Vulnerability Research• Vulnerability research is process of findingvulnerabilities, threats & loopholes inServer/ System/Network.• Includes Vulnerability Assessment & PenetrationTesting.• Vulnerability notes can be search on internet viaNumber, CVE. Copy Rights to Noah Franklin J
  19. 19. Vulnerability Research References• Common Vulnerability database is available at•National Vulnerability Database is available at• US – CERT also publishes CVD onhttp://www.uscert.gov1. Contains Alerts which can be helpful to administrator.2. It doesn’t contain solutions. Copy Rights to Noah Franklin J
  20. 20. Vulnerability Research References• Indian CERT also published advisory notes, incidentnotes & defacement statistics.• Secunia also published VulnerabilityNotes,Advisories.• Zone –h published deface images of web attacks.• Milw0rm Maintains latest vulneability notes,whitepapers,videos. Copy Rights to Noah Franklin J
  21. 21. ConclusionSecurity is important because prevention is betterthan cure. Copy Rights to Noah Franklin J