2. HACKING:
Hacking is unauthorized use of computer and
network resources.
According to Computer Crime Research
Center: “It is act of gaining access without
legal authorization to computer or computer
network.”
3. HACKER:
Someone who tries to break into
computer systems for any illegal
purpose.
Someone who maliciously breaks into systems
for personal gain. These are criminals.
4. TYPES OF HACKERS
Black hat hacker.
White hat hacker.
Gray hat hacker.
5. BLACK BOX MODEL
Black box model
Company staff does not know about the test.
Tester is not given details about the network.
▪ Burden is on the tester to find these details
It is tested, if security personnel are able to
detect an attack.
6. WHITE BOX MODEL
White box model
Tester
is told everything about the network
topology and technology.
Network diagram is given.
Tester
is authorized to interview IT personnel and
company employees.
Makes the tester’s job a little easier.
7. GRAY BOX MODEL
Gray box model
Hybrid of the white and black box models.
Company gives tester partial information.
8. WHAT IS ETHICAL HACKING ?
Ethical hacking ,also known as penetration
testing or white-hat hacking involves the
same tools, tricks, and techniques that
hackers use, i.e, by duplicating the intent
and actions of malicious hackers.
Ethical hacking is performed with the
target’s permission.
9. WHO ARE ETHICAL HACKERS?
An Ethical Hacker, also known as a whitehat
hacker, or simply a whitehat, is a security
professional who applies their hacking skills for
defensive purposes on behalf of the owners of
information systems.
They are completely trustworthy.
They have strong programming and computer
networking skills.
They should have more patience.
Continuous updating of their knowledge on
computer and network security is required.
They should know the techniques of the criminals,
what their activities would be, how to detected
them and how to stop them.
10. REQUIRED SKILLS OF AN ETHICAL HACKER
Routers: knowledge of routers,
routing protocols, and access control
lists.
Microsoft: skills in operation,
configuration and management.
Linux: knowledge of Linux/Unix;
security setting, configuration, and
services.
Firewalls: configurations, and
operation of intrusion detection
systems.
11. ETHICAL HACKING PROCESS
1. Preparation
2. Foot printing
3. Enumeration and fingerprinting
4. Identification of vulnerabilities
5. Attack-exploit the vulnerabilities.
12. PREPARATION:
Identification of target –company website, mail
server, extranet.
Signing of contract
Agreement on protection against any legal
issue.
Contracts to clearly specify limits and dangers
of the test.
Total time for testing.
Key people made aware of testing.
13. FOOTPRINTING
Collecting required information about target:
DNS server.
IP ranges.
Administrative contacts.
Problem reveled by administrator.
16. CERTIFICATION
The International Council of E-Commerce
Consultants (EC-Council) provides a
professional certification for Certified Ethical
Hackers (CEH). A certified ethical hacker is
an ethical hacker who has obtained the
certification provided by the EC-Council.
17. ADVANTAGES
These are good hackers
Have genuine license to hack
Generally owned by companies for security
designing
Provides security to banking and financial
establishments
18. CONCLUSIONS
Always security professionals are one step
behind the hackers and crackers.
Plan for the unplanned attacks.
The role of ethical hacking in security is to
provide customers with awareness of how
they could be attacked and why they are
targeted.