HACKING: Hacking is unauthorized use of computer and network resources. According to Computer Crime Research Center: “It is act of gaining access without legal authorization to computer or computer network.”
HACKER: Someone who tries to break into computer systems for any illegal purpose. Someone who maliciously breaks into systems for personal gain. These are criminals.
TYPES OF HACKERS Black hat hacker. White hat hacker. Gray hat hacker.
BLACK BOX MODEL Black box model Company staff does not know about the test. Tester is not given details about the network. ▪ Burden is on the tester to find these details It is tested, if security personnel are able to detect an attack.
WHITE BOX MODEL White box model Tester is told everything about the network topology and technology. Network diagram is given. Tester is authorized to interview IT personnel and company employees. Makes the tester’s job a little easier.
GRAY BOX MODEL Gray box model Hybrid of the white and black box models. Company gives tester partial information.
WHAT IS ETHICAL HACKING ? Ethical hacking ,also known as penetration testing or white-hat hacking involves the same tools, tricks, and techniques that hackers use, i.e, by duplicating the intent and actions of malicious hackers. Ethical hacking is performed with the target’s permission.
WHO ARE ETHICAL HACKERS? An Ethical Hacker, also known as a whitehat hacker, or simply a whitehat, is a security professional who applies their hacking skills for defensive purposes on behalf of the owners of information systems. They are completely trustworthy. They have strong programming and computer networking skills. They should have more patience. Continuous updating of their knowledge on computer and network security is required. They should know the techniques of the criminals, what their activities would be, how to detected them and how to stop them.
REQUIRED SKILLS OF AN ETHICAL HACKER Routers: knowledge of routers, routing protocols, and access control lists. Microsoft: skills in operation, configuration and management. Linux: knowledge of Linux/Unix; security setting, configuration, and services. Firewalls: configurations, and operation of intrusion detection systems.
ETHICAL HACKING PROCESS1. Preparation2. Foot printing3. Enumeration and fingerprinting4. Identification of vulnerabilities5. Attack-exploit the vulnerabilities.
PREPARATION: Identification of target –company website, mail server, extranet. Signing of contract Agreement on protection against any legal issue. Contracts to clearly specify limits and dangers of the test. Total time for testing. Key people made aware of testing.
FOOTPRINTING Collecting required information about target: DNS server. IP ranges. Administrative contacts. Problem reveled by administrator.
ENUMERATION AND FINGERPRINTING Operating system enumeration. Identification of services/open port.
CERTIFICATIONThe International Council of E-Commerce Consultants (EC-Council) provides a professional certification for Certified Ethical Hackers (CEH). A certified ethical hacker is an ethical hacker who has obtained the certification provided by the EC-Council.
ADVANTAGES These are good hackers Have genuine license to hack Generally owned by companies for security designing Provides security to banking and financial establishments
CONCLUSIONS Always security professionals are one step behind the hackers and crackers. Plan for the unplanned attacks. The role of ethical hacking in security is to provide customers with awareness of how they could be attacked and why they are targeted.