PREHISTORY ► Draper builds a "blue box"► 1960s: The Dawn of used with whistle allows Hacking phreaks to make free calls. Original meaning of the word ► Steve Wozniak and Steve "hack" started at MIT; meant Jobs, future founders of elegant, witty or inspired way Apple Computer, make and of doing almost anything; sell blue boxes. hacks were programming THE GOLDEN AGE shortcuts (1980-1991)ELDER DAYS (1970-1979) ► 1980: Hacker Message► 1970s: Phone Phreaks and Boards and Groups Capn Crunch: One phreak, Hacking groups form; such as John Draper (aka "Capn Legion of Doom (US), Chaos Crunch"), discovers a toy Computer Club (Germany). whistle inside Capn Crunch ► 1983: Kids Games cereal gives 2600-hertz signal, Movie "War Games" and can access AT&Ts long- introduces public to hacking. distance switching system.
THE GREAT HACKER WAR ► 1989: The Germans ,► Legion of Doom vs Masters the KGB and Kevin of Deception; online warfare; Mitnick. jamming phone lines. ► German Hackers► 1984: Hacker Zines arrested for breaking into Hacker magazine 2600 U.S. computers; sold publication; online zine information to Soviet KGB. Phrack. ► Hacker "The Mentor“CRACKDOWN (1986-1994) arrested; publishes► 1986: Congress passes Hackers Manifesto. Computer Fraud and Abuse ► Kevin Mitnick convicted; Act; crime to break into first person convicted computer systems. under law against gaining► 1988: The Morris Worm access to interstate network for criminal Robert T. Morris, Jr., launches purposes. self-replicating worm on ARPAnet.
Ethical Hacking► Independent computer security Professionals breaking into the computer systems.► Neither damage the target systems nor steal information.► Evaluate target systems security and report back to owners about the vulnerabilities found.
Ethical Hackers but not Criminal Hackers ► Completely trustworthy. ► Strong programming and computer networking skills. ► Learn about the system and trying to find its weaknesses. ► Techniques of Criminal hackers- Detection-Prevention. ► Published research papers or released security software. ► No Ex-hackers.
Being Prepared► What can an intruder see on the target systems?► What can an intruder do with that information?► Does anyone at the target notice the intruders attempts or successes?6. What are you trying to protect?7. Who are you trying to protect against?8. How much time, effort, and money are you willing to expend to obtain adequate protection?
Ethical Hacker’s Prospective► Ethical Hacker’s demand a lot of time and persistence.► Security evaluation plan 1. Identify system to be tested 2. How to test? 3. Limitations on that testing► Evaluation done under a “no-holds-barred” approach.► Clients should be aware of risks.► Limit prior knowledge of test.
Required Skills of an Ethical Hacker► Routers: knowledge of routers, routing protocols, and access control lists► Microsoft: skills in operation, configuration and management.► Linux: knowledge of Linux/Unix; security setting, configuration, and services.► Firewalls: configurations, and operation of intrusion detection systems.► Mainframes► Network Protocols: TCP/IP; how they function and can be manipulated.► Project Management: knowledge of leading, planning, organizing, and controlling a penetration testing team.
Kinds of Testing► Remote Network► Remote dial-up network► Local network► Stolen laptop computer► Social engineering► Physical entry1.Total outsider2.Semi-outsider3.Valid user
REVIEWTherefore Ethical Hackers and NetworkSecurity experts are highly required as wellas demanded by many organization’s for thesecurity of their own data, if it fell in thewrong hands a competitor might use it forcorporate espionage, a hacker might use itto break into the client’s computers, or aprankster might just post the report’scontents on the Web as a joke.