INTRODUCTIONIntroduction To Ethical Hacking & Information Security !
ETHICAL HACKING OUTLINE Why we need Security Security & Usability Triangle Who is Hacker ? Types of Hackers Type of attack on a system Phases of Hacker Profile of Ethical Hacker Why ethical hacking is Necessary ? Specializations Essential Terminologys.
WHY WE NEED SECURITY• Important part of business is - Now lot of people use computer to store and share there valuable informations.• Security – A state of well – being of information and infrastructures in which the possibility of successful yet undetected theft.
WHAT IS INFORMATION SECURITY Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Term Information Security follows CIA Confidentiality Integrity Availability
Confidentiality : Assurance that the information is accessible only to those authorized to have access. Confidentiality breaches may occur due to improper data handling or a hacking attempt. Integrity : The data or resources in term of preventing improper and unauthorized changes. Assurance that Information can be relied upon to be sufficiently accurate for its purpose. Availability : Assurance that the systems responsible for delivering storing , and processing Information are accessible when required by the authorized users.
SECURITY , FUNCTIONALITY &USABILITY TRIANGLE Level of security in any system can be defined by the strength of three ComponentsThis Triangle represents the Basic relationship between Security, Functionality andusability.You can move the Ball in either of the Direction, which will cause the Intensity of othertwo sides to decrease.For Example, you can remove all the complicated Security Measures such as Hybrid Passwords, Regular Password Resets, Security Tokens, which will make the System easy to use, however, the Security and Functionality will be reduced.
WHO IS HACKER ? Intelligent Individuals with excellent Computer Skills, with the Ability to create And explore into the computer’s Software and Hardware. For some hackers, hacking is a hobby to see how many computers or networks they can compromise. Some do hacking with Malicious intent behind their escapades, like stealing business data, credit card information, social security numbers, email passwords etc. Their intention can either be to gain knowledge or to poke around to do illegal things.
TYPES OF HACKERS Black Hats Technical Levels of Hackers– Good Technical Skills Neophyte- A Newbie in the– Involved in Malicious or field of Computer Security with illegal Activities. almost no knowledge. Script Kiddie- A non-expert White Hats who uses Tools or Scripts made– Use of Knowledge & skills for by others to Hack into SystemDefensive purpose, rather with little knowledge about theoffensive. concept working behind the tool. Gray Hats Elite- Also knows as 1337, it is a– Individuals who work on term used to describe the most both the sides – Ethical and technically advanced hackers Malicious. who use cutting edge technology.
TYPE OF ATTACKS ON A SYSTEM There are several ways an attacker can gain access to a System. The attacker must be able to exploit a weakness or vulnerability in a system.
PHASES OF HACKERInformation GatheringScanning Gaining access – Operating System/Application – Network level – Denial of serviceMaintaining access – Uploading/altering/ downloading programs or data -- Covering Tracks
PROFILE OF ETHICAL HACKER An Ethical Hacker will follow the same Techniques and Methodologies as a Malicious Hacker, however, in the end, The found vulnerabilities of Security Flaws are either Reported (Responsible Disclosure/Open Disclosure) or Fixed. This is also called Penetration Testing. The Complete Procedure depends upon the Type of Penetration Testing being conducted, which are primarily of 3 Types: Black Box Testing – No Previous Knowledge about the Target of Evaluation. White Box Testing – Full Knowledge about the Target. Purpose is to protect the system or product from insider attacks. Grey Box Testing – Partial Knowledge is available in this case.
WHY ETHICAL HACKING IS NECESSARY? Computer Security Expert. In-depth knowledge about Target Platforms (such as Windows, Unix, Linux, Mac). In-depth knowledge about networking and related hardware/software. Knowledge about Programming and Web Applications. Knowledgeable about computer or system security.
SPECIALIZATIONS Just like any other Technical Field, Information Security and Hacking is very vast and Individuals generally specialize in single or multiple Domains which primarily are: Network Security/Attack Web Application Security/Attack Exploit Development and Reverse Engineering Malware Analysis/Development Cyber Forensics
ESSENTIAL TERMINOLOGYS Threat – An action or event which is a potential challenge to Security. Vulnerability – It is the existence of a Flaw or Error in the Design of the System which can cause undesired results ranging from Compromise of System Security to Service or System Unavailability. Attack – An action which attempts to violate or challenge the Integrity or Security of a System. Exploit – A defined way to breach the security of a System or Product using an identified vulnerability.
MODULES FOR WINDOWS HACKING Introduction to Windows Windows - Passwords LM Hashes and NTLM Hashes Syskey Windows Hacking Types of Attacks Tools used for Windows Password Cracking Securing passwords. Privilege Escalation Key loggers Covering Tracks Removing logs
Tools used for windows Password CrackingWindows passwords can be cracked by using the following tools: Ophcrack Live CD and windows installer. Hiren Boot CD. ERD commander. Cain n Able. Etc.
Keyloggers Keystroke logging (often called key logging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous key logging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.