Your SlideShare is downloading. ×
0
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Ethical Hacking
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Ethical Hacking

9,627

Published on

A presentation on Ethical Hacking.

A presentation on Ethical Hacking.

Published in: Technology, News & Politics
2 Comments
7 Likes
Statistics
Notes
No Downloads
Views
Total Views
9,627
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1,509
Comments
2
Likes
7
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Presented by: Manisha, Shruti, Satish, Viraj. [3 rd semester I.T.]
  • 2. Also Called – Attack & Penetration Testing, White-hat hacking…. Ethical Hacking How much do Ethical Hackers get Paid? In the United States, an ethical hacker can make upwards of $120,000 per annum.
  • 3. Source: CERT-India January - 2005 Defacement Statistics for Indian Websites June 01, 2004 to Dec.31, 2004 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131
  • 4. Source: CERT/CC Total Number of Hacking Incidents Graph upto fiscal year 2003
  • 5.  
  • 6.  
  • 7.  
  • 8. Hackers Black Hats White Hats Gray Hats
  • 9. <ul><li>Preparation </li></ul><ul><li>Footprinting </li></ul><ul><li>Enumeration & Fingerprinting </li></ul><ul><li>Identification of Vulnerabilities </li></ul><ul><li>Attacking </li></ul>
  • 10. <ul><li>Identification of Targets – company websites, mail servers, extranets, etc. </li></ul><ul><li>Signing of Contract </li></ul><ul><ul><li>Agreement on protection against any legal issues </li></ul></ul><ul><ul><li>Time window for Attacks </li></ul></ul><ul><ul><li>Total time for the testing </li></ul></ul><ul><ul><li>Prior Knowledge of the systems </li></ul></ul><ul><ul><li>Key people who are made aware of the testing </li></ul></ul>
  • 11. <ul><li>Collecting as much information about the target </li></ul><ul><li>DNS Servers </li></ul><ul><li>IP Ranges </li></ul><ul><li>Administrative Contacts </li></ul><ul><li>Information Sources </li></ul><ul><li>Search engines </li></ul><ul><li>Forums </li></ul><ul><li>Databases – whois, ripe, etc... </li></ul><ul><li>Tools – PING, whois, Traceroute, etc... </li></ul>
  • 12.  
  • 13.  
  • 14.  
  • 15. <ul><li>Specific targets determined </li></ul><ul><li>Identification of Services / open ports </li></ul><ul><li>Operating System Enumeration </li></ul><ul><li>Methods </li></ul><ul><li>Banner grabbing </li></ul><ul><li>Responses to various protocol like TCP </li></ul><ul><li>Port / Service Scans – TCP Connect, TCP SYN, etc... </li></ul><ul><li>Tools </li></ul><ul><li>Telnet, Angry IP Scanner, Nmap… </li></ul>
  • 16. <ul><li>Insecure Configuration </li></ul><ul><li>Weak passwords </li></ul><ul><li>Possible Vulnerabilities in Services, Operating Systems </li></ul><ul><li>Insecure programming </li></ul><ul><li>Weak Access Control </li></ul>
  • 17. <ul><li>Obtain as much information (trophies) from the Target Asset </li></ul><ul><li>Gaining Normal Access </li></ul><ul><li>Obtaining access to other connected systems </li></ul><ul><li>Application Specific Attacks </li></ul><ul><li>Gaining access to application Databases </li></ul><ul><li>SQL Injection </li></ul><ul><li>Spamming </li></ul>
  • 18. <ul><li>Methodology </li></ul><ul><li>Proof for Exploits - Trophies </li></ul><ul><li>Practical Security solutions </li></ul>
  • 19.  
  • 20.  
  • 21. <ul><li>Course Material </li></ul>www.eccouncil.org ISBN 0-9729362-1-1
  • 22.  
  • 23. http://www.hackerhighschool.org/
  • 24.  
  • 25.  
  • 26. <ul><li>Working Ethically </li></ul><ul><ul><li>Trustworthiness </li></ul></ul><ul><ul><li>No misuse for personal gain </li></ul></ul><ul><li>Hacking is not a crime when it is done under set of rules… </li></ul><ul><li>That’s why frnz its termed as ETHICAL HACKING!!! </li></ul>
  • 27. Any Questions?

×