TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Ethical hacking
1. SEMINAR ON
ETHICAL HACKING
PRESENTED BY:
DEVENDRA KUMAR YADAV
1
ELECTRICAL AND ELECTRONICS DEPARTMENT
G. L. BAJAJ INSTITUTE OF TECHNOLOGY AND MANAGEMENT
2. CONTENT
What is Hacking?
What is Ethical Hacking?
Types of Hackers
Phases of Hacking
Countermeasures
Recent cases of Hacking
References
3. What is Hacking?
Hacking refers to exploiting system vulnerabilities and
compromising security controls to gain unauthorised or
inappropriate access to the system resources.
It involves modifying system or application features to achieve a
goal outside of the creator’s original purpose.
Hacking can be used to steal and redistribute intellectual property
leading to business loss.
4. What is Ethical Hacking?
Ethical Hacking
involves the use of
hacking tools, tricks and
techniques to identify
vulnerabilities so as to
ensure system security.
It focuses on stimulating
techniques used by
attackers to verify the
existence of exploitable
vulnerabilities in the
system.
5. Types of Hackers
White Hat
Black Hat
Grey Hat
Individuals professing
hackers skills and using
them for the defensive
purpose also known as
Security Analysts.
Individuals with
extraordinary computing
skills, resorting to
malicious or destructive
activities and are also
known as Crackers.
Individuals who work
both offensive and
defensive at various
works.
7. Hacking Phases: Reconnaissance
Reconnaissance
Scanning
Gaining
Access
Maintaining
Access
Clearing
Tracks
Reconnaissance refers to a preparatory phase
where an attackers seeks to gather
information about a target prior to launching
an attack.
Could be the future point of return, noted for
ease of entry for an attack when more about
the target is known on a board scale.
Reconnaissance target range may include
the target organization’s clients employee,
operations, network and systems.
8. Reconna
issance
Scanning
Gaining
Access
Hacking Phases: Scanning
Clearing
Tracks
Maintaining
Access
Pre-Attack Phase: Scanning refers to the
pre-attack phase when the attackers scans the
networks for specific information gathered
during reconnaissance.
Port Scanner: Scanning can include use of
diameter, port scanner’s, network mapper,
ping tools, vulnerabilities scanner etc.
Extract Information: Attackers extract
information such as live machines, port, port
status, OS details, device type, system
uptime, etc to launch attack.
9. Hacking Phases: Gaining Access
Reconnai
ssance
Maintaining
Access
Clearing
Tracks
Scanning
Gaining
Access
Gaining access refers to the point where the
attacker obtains access to the operating system or
applications on the computer or network.
The Attackers can escalate privileges to obtain
complete control of the system. In the process,
intermediate systems that are connected to it are
also compromised.
The attacker can gain access at the operating
system level, application level, or network level.
Example include password cracking, buffer
overflows, denial of service, session hijacking
etc.
10. Hacking Phase: Maintaining Access
Reconnai
ssance
Maintaining
Access
Scanning
Gaining
Access
Clearing
Tracks
Maintaining access refers to the phase when the
attackers tries to retain his or her ownership of the
system.
Attackers may prevent the system from being
owned by other attackers by securing their
exclusive access with Blackdoor, Rootkits, or
Trojans.
Attackers can upload, download or manipulate
data, applications and configurations on the owned
system.
Attackers use the compromised system to launch
further attacks
11. Hacking Phase: Clearing Tracks
Reconnais
sance
Scanning
Gaining
Access
Maintaining
Access
Clearing
Tracks
Covering tracks refers to the activities carried
out by an attacker to hide malicious acts.
The attackers intentions includes: Continuing
access to the victim’s system, remaining
unnoticed and uncaught, deleting evidence
that might lead to his prosecution.
The attackers overwrites the serve, system
and application logs to avoid suspicion.
12. Countermeasures
Do not responds to the Phishing email and calls.
Regularly change password of the accounts & try to use
special characters in the password.
To avoid atm fraud try not to swipe atm card at any random
shop & change pin within months.
Do not reveal any personal information on the social
networking sites such as on Facebook and Twitter.
13. Recent Cases of Hacking
In August 2013, 1 billion
yahoo mail account passwords
has been leaked and the
information were compromised.
This is one of biggest data
breach in the history.
3.2 million SBI bank account
was hacked by the hackers of
China and unauthorised transection
is done, this is the biggest breach in
the history of the Indian bank.
14. References
Kimberly Graves. “CEH: Certified Ethical Hacker Study Guide”, John Wiley &
Sons, Inc.
C. Palmer. “Ethical hacking”, IBM SYSTEMS JOURNAL, VOL 40, NO 3, 2001.
Steven DeFino, Larry Greenblatt. “CEH: Certified Ethical Hacker Review Guide
version7.1”
Ethical Hacking – GIAC, URL: www.giac.org/paper/gsec/2468/ethical-
hacking/104292