Ethical Hacking n VAPT presentation by Suvrat jain


Published on

a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.

Published in: Education, Technology
1 Comment
No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • This template can be used as a starter file for presenting training materials in a group setting.SectionsRight-click on a slide to add sections. Sections can help to organize your slides or facilitate collaboration between multiple authors.NotesUse the Notes section for delivery notes or to provide additional details for the audience. View these notes in Presentation View during your presentation. Keep in mind the font size (important for accessibility, visibility, videotaping, and online production)Coordinated colors Pay particular attention to the graphs, charts, and text boxes.Consider that attendees will print in black and white or grayscale. Run a test print to make sure your colors work when printed in pure black and white and grayscale.Graphics, tables, and graphsKeep it simple: If possible, use consistent, non-distracting styles and colors.Label all graphs and tables.
  • Ethical Hacking n VAPT presentation by Suvrat jain

    1. 1. ETHICAL HACKING A LICENCE TO HACK Suvrat Jain 11042 CSE, 3rd year
    2. 2. What is hacking ? • Computer hacking is when someone modifies computer hardware or software in a way that alters the creator's original intent. What is Ethical Hacking ? • Ethical hacking is when person breaches the security with authorization for the purpose of finding loopholes(security issues).
    3. 3. Ty p e s o f h a c ke r s
    4. 4. Types of hacker • White Hat Hackers: – who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. • Black Hat Hackers: – A black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat. • Gray Hat Hackers: – A grey hat, in the hacking community, refers to a skilled hacker whose activities fall somewhere between white and black hat hackers on a variety of spectra
    5. 5. What is information security  Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspect ion, recording or destruction.  Term Information Security follows CIA    Confidentiality Integrity Availability
    6. 6.  Confidentiality : Assurance that the information is accessible only to those authorized to have access. Confidentiality breaches may occur due to improper data handling or a hacking attempt.  Integrity : The data or resources in term of preventing improper and unauthorized changes. Assurance that Information can be relied upon to be sufficiently accurate for its purpose.  Availability : Assurance that the systems responsible for delivering storing , and processing Information are accessible when required by the authorized users.
    7. 7. Essential Terminology's  Threat – An action or event which is a potential challenge to Security.  Vulnerability – It is the existence of a Flaw or Error in the Design of the System which can cause undesired results ranging from Compromise of System Security to Service or System Unavailability.  Attack – An action which attempts to violate or challenge the Integrity or Security of a System.  Exploit – A defined way to breach the security of a System or Product using an identified vulnerability.
    8. 8. Identifying Vulnerabilities • Identifying vulnerabilities through a vulnerability appraisal – Determines the current security weaknesses that could expose assets to threats • Two categories of software and hardware tools – Vulnerability scanning – Penetration testing
    9. 9. Vulnerability Scanning • Vulnerability scanning is typically used by an organization to identify weaknesses in the system – That need to be addressed in order to increase the level of security • Tools include port scanners, network scanner, protocol analyzers, vulnerability scanners, the Open Vulnerability and Assessment Language, and password crackers
    10. 10. IP Addresses and Ports  Internet protocol (IP) addresses  The primary form of address identification on a TCP/IP network  Used to uniquely identify each network device  Port number  TCP/IP uses a numeric value as an identifier to applications and services on the systems  Each datagram (packet) contains not only the source and destination IP addresses  But also the source port and destination port
    11. 11. TCP/IP Ports
    12. 12. Port Scanners  Port scanner  Sends probes to interesting ports on a target system  Determines the state of a port to know what applications are running and could be exploited  Three port states:  Open, closed, and blocked
    13. 13. Network Scanner  Software tools that can identify all the systems connected to a network  Most network mappers utilize the TCP/IP protocol ICMP  Internet Control Message Protocol (ICMP)  Used by PING to identify devices  Less useful for modern versions of Windows
    14. 14. Network Scanner (continued)
    15. 15. Protocol Analyzers • Also called a sniffer – Captures each packet to decode and analyze its contents – Can fully decode application-layer network protocols • Common uses include: – Network troubleshooting – Network traffic characterization – Security analysis
    16. 16. Vulnerability Scanners  Products that look for vulnerabilities in networks or systems  Help network administrators find security problems  Most vulnerability scanners maintain a database that categorizes and describes the vulnerabilities that it can detect  Other types of vulnerability scanners combine the features of a port scanner and network mapper
    17. 17. Password Crackers  Password  A secret combination of letters and numbers that only the user knows  Because passwords are common yet provide weak security, they are a frequent focus of attacks  Password cracker programs  Use the file of hashed passwords and then attempts to break the hashed passwords offline  The most common offline password cracker programs are based on dictionary attacks or rainbow tables
    18. 18. Shadow File  A defense against password cracker programs for UNIX and Linux systems  On a system without a shadow fiile  The passwd file that contains the hashed passwords and other user information is visible to all users  The shadow file can only be accessed at the highest level and contains only the hashed passwords
    19. 19. Penetration Testing • Method of evaluating the security of a computer system or network – By simulating a malicious attack instead of just scanning for vulnerabilities – Involves a more active analysis of a system for vulnerabilities • One of the first tools that was widely used for penetration testing as well as by attackers was SATAN
    20. 20. SATAN  SATAN could improve the security of a network by performing penetration testing  To determine the strength of the security for the network and what vulnerabilities may still have existed  SATAN would:  Recognize several common networking-related security problems  Report the problems without actually exploiting them  Offer a tutorial that explained the problem, what its impact could be, and how to resolve the problem
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.