SlideShare a Scribd company logo

Ethical hacking

Download as PPTX, PDF
S
Saqib Raza

This lecture includes detail about ethical hacking profession, there jobs description, responsibilities duties and skills required to excel in their field.

Education
1 of 39
ETHICAL HACKING SYED SAQIB RAZA RIZVI
OVERVIEW OF HACKING :  HACK :  EXAMINE SOMETHING VERY MINUTELY.  THE RAPID CRAFTING OF NEW PROGRAM OR THE MAKING OF CHANGES TO EXISTING , USUALLY COMPLICATED SOFTWARE .  HACKER :  THE PERSON WHO HACKS . CRACKER :  SYSTEM INTRUDER OR DESTROYER .
WHAT IS ETHICAL HACKING ?  INDEPENDENT COMPUTER SECURITY PROFESSSIONALS BREAKING INTO THE COMPUTER SYSTEM .  NEITHER DAMAGE THE TARGET SYSTEMS NOR STEAL THE INFORMATION.  EVALUATE TARGET SYSTEM SECURITY AND REPORT BACK TO OWNER ABOUT THE VULNERABALITIES FOUND .
TYPES OF HACKERS BLACK HATS WHITE HATS GREY HATS
DESCRIPTION ABOUT THE TYPES OF HACKERS : PROFESSIONAL HACKERS :  BLACK HATS _____ THE BAD GUYS  WHITE HATS _____PROFESSIONAL SECURITY EXPERTS SCRIPT KIDDIES : MOSTLY KIDS /STUDENTS : • Use tools created by black hats , - To get free stuff - Impress their peers - Not to get caught
o UNEMPLOYED ADULT HACKERS : • FORMER SCRIPT KIDDIES - CAN’T GET EMPLOYMENT IN THE FIELD - WANT RECOGNITION IN HACKER’S COMMUNITY - BIG IN EASTERN EUROPEAN COUNTRIES o IDEOLOGICAL HACKERS :  HACK AS A MECHANISM TO PROMOTE SOME POLITICAL AND IDEOLOGICAL PURPOSE  USUALLY CONCIDE WITH POLITICAL EVENTS .
TYPES OF HACKING LOCAL HACKING REMOTE HACKINGSOCIAL ENGINEERIN G
DESCRIPTION : LOCAL HACKING •LOCAL HACKING IS DONE FROM LOCAL AREA WHERE WE HAVE PHYSICAL ACCESS LIKE THROUGH PRINTER ETC . •WE CAN DO THIS TYPE OF HACKING THROUGH TROJAN AND VIRUSES WITH THE HELP OF HARD DISK AND PENDRIVE. : REMOTE HACKING •REMOTE HACKING IS DONE REMOTELY BY TAKING ADVENTAGE OF THE VULNERABALITY OF THE TARGET SYSTEM . : SOCIAL ENGINEERING •SOCIAL ENGINEERING IS THE ACT OF MANIPULATING PEOPLE INTO PERFORMING ACTIONS OR DIVULGING CONFIDENTIAL INFORMATION . • IN MOST CASES THE ATTACKER NEVER COMES FACE TO FACE .
ETHICAL HACKERS ARE NOT CRIMINA L HACKERS
BUT HOW ????
 COMPLETELY TRUSTWORTHY  STRONG PROGRAMMING AND COMPUTER NETWORKING SKILLS  LEARN ABOUT THE SYSTEM AND TRYING TO FIND ITS WEEKNESSES  TECHNIQUES OF CRIMINAL- HACKERS – DETECTION – PREVENTION  NO EX- HACKERS PUBLISH RESEARCH PAPERS AND RELEASED SECURITY
DIFFERENCE B/W HACKER • ACCESS COMPUTER SYSTEM OR NETWORK WITHOUT AUTHORIZATION AND BREAKS THE LAW ETHICAL HACKER • PERFORM MOST OF THE SAME ACTIVITIES BUT WITH THE OWNER’S PERMISSION AND EMPLOYED BY COMPANIES TO PERFORM
MODES OF ETHICAL HACKING  INSIDER ATTACK  OUTSIDER ATTACK  STOLEN EQUIPMENT ATTACK  PHYSICAL ENTRY
THE ETHICAL HACKING PROCESS
ETHICAL HACKERS MUST FOLLOW A STRICT SCIENTIFIC PROCESS IN ORDER TO OBTAIN USEABLE AND LEGAL RESULTS 1. Planning 2. Reconnaissance 3. Enumeration 4. Vulnerability Analysis 5. Exploitation 6. Final Analysis 7. Deliverables 8. Integration
1- PLANNING : • Planning is essential for having a successful project. It provides an opportunity to give critical thought to what needs to be done, allows for goals to be set, and allows for a risk assessment to evaluate how a project should be carried out. • There are a large number of external factors that need to be considered when planning to carry out an ethical hack. These factors include existing security policies , culture, laws and regulations, best practices, and industry requirements. Each of these factors play an integral role in the decision making process when it comes to ethical hacking. The planning phase of an ethical hack will have a profound influence on how the hack is performed and the information shared and collected, and will directly influence the deliverable and integration of the results into the security program. • The planning phase will describe many of the details of a controlled attack. It will attempt to answer questions regarding how the attack
2- RECONNAISSANCE • Reconnaissance is the search for freely available information to assist in an attack. This can be as simple as a ping or browsing newsgroups on the Internet in search of disgruntled employees divulging secret information or as messy as digging through the trash to find receipts or letters. • Reconnaissance can include social engineering, tapping phones and networks, or even theft. The search for information is limited only by the extremes at which the organization and ethical hacker are willing to go in order to recover the information they are searching for. • The reconnaissance phase introduces the relationship between the tasks that must be completed and the methods that will need to be used in order to protect the organization's assets
3- ENUMERATION • Enumeration is also known as network or vulnerability discovery. It is the act of obtaining information that is readily available from the target's system, applications and networks. It is important to note that the enumeration phase is often the point where the line between an ethical hack and a malicious attack can become blurred as it is often easy to go outside of the boundaries outlined in the original attack plan. • In order to construct a picture of an organization's environment, several tools and techniques are available. These tools and techniques include port scanning and NMap . Although it is rather simple to collect information, it is rather difficult to determine the value of the information in the hands of a hacker. • At first glance, enumeration is simple: take the collected data and evaluate it collectively to establish a plan for more reconnaissance or building a matrix for the vulnerability analysis phase. However, the
4- VULNERABILITY ANALYSIS • In order to effectively analyze data, an ethical hacker must employ a logical and pragmatic approach. In the vulnerability analysis phase, the collected information is compared with known vulnerabilities in a practical process. • Information is useful no matter what the source. Any little bit can help in discovering options for exploitation and may possibly lead to discoveries that may not have been found otherwise. Known vulnerabilities, incidents, service packs, updates, and even available hacker tools help in identifying a point of attack. The Internet provides a vast amount of information that can easily be associated with the architecture and strong and weak points of a system
5-EXPLOITATION • A significant amount of time is spent planning and evaluated an ethical hack. Of course, all this planning must eventually lead to some form of attack. The exploitation of a system can be as easy as running a small tool or as intricate as a series of complex steps that must be executed in a particular way in order to gain access. • The exploitation process is broken down into a set of subtasks which can be many steps or a single step in performing the attack. As each step is performed, an evaluation takes place to ensure that the expected outcome is being met. Any divergence from the attack plan is classified into two determinations: Expectations: Are the expectations of the exploitation being met or are the results conflicting with the organization's assumptions? Technical: Is the system reacting in an unexpected manner, which is having an
6- FINAL ANALYSIS • Although the exploitation phase has a number of checks and validations to ensure success, a final analysis is required to categorize the vulnerabilities of the system in terms of their level of exposure and to assist in the derivation of a mitigation plan. The final analysis phase provides a link between the exploitation phase and the creation of a deliverable. • A comprehensive view of the entire attack must exist in order to construct a bigger picture of the security posture of the environment and express the vulnerabilities in a clear and useful manner. The final analysis is part interpretation and part empirical results
7- DELIVERABLES •Deliverables communicate the results of tests in numerous ways. Some deliverables are short and concise, only providing a list of vulnerabilities and how to fix them, while others are long and detailed, providing a list of vulnerabilities with detailed descriptions regarding how they were found, how to exploit them, the implications of having such a vulnerability and how to remedy the situation. •The deliverable phase is a way for an ethical hacker to convey the results of their tests. Recently, ethical hacking has become so commoditized that if a deliverable does not
8- INTEGRATION • Finally, it essential that there is some means of using the test results for something productive. Often, the deliverable is combined with existing materials, such as a risk analysis, security policy, previous test results, and information associated with a security program to enhance mitigation and develop remedies and patches for vulnerabilities. • There are three distinguishing factors that should be considered during the integration of any test results • Mitigation: If vulnerability beyond acceptable risk was found, then it would need to be fixed. Mitigation of a vulnerability can include testing, piloting, implementing, and validating changes to systems. • Defense: Vulnerabilities need to be addressed in a strategic manner in order to minimize future or undetected vulnerabilities. Defense planning is establishing a foundation of security to grow on and ensure long-term success. • Incident Management: The ability to detect, respond, and recover from an attack is essential. Knowing how attacks are made and the potential impacts
ETHICAL HACKING SKILLS AND KNOWLEDG E
REQUIRED SKILLS • An ethical hacker is required to possess a vast arrangement of computer skills. It is not feasible for each ethical hacker to be an expert is every field and thus ethical hacking tiger teams whose members have complementing skills are created to provide an organization with a team possessing the complete skill set required of an ethical hacker. • Organizations may have a wide variety of computer systems and it is essential for any ethical hacker to have expertise in operating systems , as well as network hardware platforms. It is also fundamental that an ethical hacker posses a solid foundation of the principles
SALARIE S AND TRENDS
A SURVEY DONE BY THE INTERNATIONAL DATA CORP (IDC) SAYS THAT THE WORLDWIDE DEMAND FOR INFORMATION SECURITY PROFESSIONALS STANDS AT 60,000 AND COMPANIES SUCH AS WIPRO, INFOSYS, IBM, AIRTEL AND RELIANCE ARE ALWAYS LOOKING FOR GOOD ETHICAL HACKERS
IN THE UNITED KINGDOM, THE FOLLOWING TRENDS HAVE BEEN SEEN FOR DEMAND AND SALARIES OF ETHICAL HACKERS.
ALTHOUGH THERE ARE BENEFITS TO TEACHING AND EMPLOYING ETHICAL HACKING TECHNIQUES, THERE ARE PROBLEMS THAT LEAD SOME TO QUESTION THE PRACTICE. IT IS FEARED THAT SCHOOLS MAY BE TEACHING DANGEROUS SKILLS TO STUDENTS THAT ARE UNABLE TO MAKE CORRECT DECISIONS
MARCUS J. RANUM, A COMPUTER SECURITY PROFESSIONAL HAS OPENLY OBJECTED TO THE TERM ETHICAL HACKER, SAYING "THERE'S NO SUCH THING AS AN 'ETHICAL HACKER' - THAT'S LIKE SAYING 'ETHICAL RAPIST' - IT'S A CONTRADICTION IN TERMS" [9]. A SIGNIFICANT PART OF THE CONTROVERSY SURROUNDING ETHICAL HACKING ARISES FROM THE OLDER DEFINITION OF HACKER AND ITS ASSOCIATION WITH THE IDEA OF A COMPUTER CRIMINAL. HOWEVER, SOME ORGANIZATIONS DO NOT SEEM TO MIND THE ASSOCIATION AND HAVE HAD A SIGNIFICANT INCREASE IN CAREERS WHERE CEH AND OTHER ETHICAL HACKING CERTIFICATIONS ARE PREFERRED OR REQUIRED.
1. ETHICAL ISSUES One of the concerns about teaching ethical hacking is that the wrong people may be taught very dangerous skills. Hacking skills were traditionally acquired by many hours of practice or intense tutoring from another hacker. University programs and commercial training classes are now offering a new way for aspiring hackers to learn how to penetrate systems. Teaching students how to attack systems without providing ethical training may be teaching criminals and terrorists how to pursue their illegal activities. Some individuals have
2. LEGAL LIABILITY • Adding ethical hacking to a curriculum raises a variety of legal issues where schools and faculty members may be held responsible for the actions of their students. The use of many hacking tools outside of an isolated test network may be illegal. By allowing unmonitored hacking sessions, the school or faculty member may be allowing a breach of the law or violation of software licensing agreements. • In a case of The United States versus Morris, a judge determined that the Computer Fraud and Misuse Act (18 USC 1030) applies to educational institutions and that an individual is liable for the accidental release of malware . The schools that facilitated the creation of malware would be liable for damages
FORCING SERVICES AND INFORMATION ON ORGANIZATIONS AND SOCIETY • Sometimes ethical hackers operate without the permission or knowledge of the owners of a system. The rationale given for this is that they are only testing security and do not intend to cause damage or compromise any individual’s privacy. • However, ethical hackers may be able to uncover information about Web sites and applications that the owners of these sites and applications do not want uncovered. The situation is compared to finding a note on your refrigerator informing you that "I was testing the security of back doors in the neighborhood and found yours unlocked. I just looked around. I didn't take anything. You should fix your lock." This situation is what leads to the necessity for a proper test plan and
FUTURE SCOPE OF ETHICAL HACKIN G
 AS IT IS AN INVOLVING BRANCH ,THE SCOPE OF ENHANCEMENT IN TECHNOLOGY IS IMMENSE . NO ETHICAL HACKER CAN ENSURE THE SYSTEM SECURITY BY USING THE SAME TECHNIQUES REPEATEDLY . HOW WOULD HAVE TO IMPROVE , DEVELOP AND EXPLORE NEW AVENUES REPEATEDLY. MORE ENHANCED SOFTWARE’S SHOULD BE USED FOR OPTIMUM PROTECTION . TOOLS USED, NEED TO BE UPDATED REGULARLY AND MORE EFFICIENT ONES NEED TO BE DEVELOPED
REFERENCES• Twincling Society Ethical Hacking Seminar 2006. Retrieved March 27, 2009. • Krutz, Ronald L. and Vines, Russell Dean. The CEH Prep Guide: The Comprehensive Guide to Certified Ethical Hacking .Published by John Wiley and Sons, 2007. • Palmer, Charles. Ethical Hacking Published in IBM Systems Journal: End-to-End Security, Volume 40, Issue 3, 2001. • Tiller, James S. The ethical hack: a framework for business value penetration testing Published by CRC Press, 2005. • Beaver, Kevin and McClure, Stuart. Hacking For Dummies Published by For Dummies, 2006. • Certified Ethical Hacking Seminar 2006. Retrieved March 27, 2009. • Certified Ethical Hacking EC-Council 2009. Retrieved March 27, 2009. • Certified Ethical Hacking EC-Council 2009. Retrieved March 27, 2009. • Ethical Hacking Jobs 2009. Retrieved March 27, 2009. • D'Ottavi, Alberto. Interview: Father of the Firewall 2003. Retrieved March 27, 2009. • Livermore, Jeffery. What Are Faculty Attitudes Toward Teaching Ethical Hacking and Penetration Testing? Published in Proceedings of the 11th Colloquium for Information Systems Security Education, 2007
Ethical hacking

Recommended

Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditingSweta Kumari Barnwal
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
System security
System securitySystem security
System securitysommerville-videos
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 

Recommended

Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditingSweta Kumari Barnwal
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
System security
System securitySystem security
System securitysommerville-videos
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Key management
Key managementKey management
Key managementSujata Regoti
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAltacit Global
 
Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101rahat ali
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer CrimeAlexander Zhuravlev
 
Knowledge Representation in Artificial intelligence
Knowledge Representation in Artificial intelligence Knowledge Representation in Artificial intelligence
Knowledge Representation in Artificial intelligence Yasir Khan
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies Network Intelligence India
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingMonika Deswal
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Database forensics
Database forensicsDatabase forensics
Database forensicsDenys A. Flores, PhD
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks Anuradha Moti T
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAsaduzzaman Kanok
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical HackingIRJET Journal
 

More Related Content

What's hot

Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101rahat ali
 
Operating system security
Operating system securityOperating system security
Operating system securityRamesh Ogania
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Knowledge Representation in Artificial intelligence
Knowledge Representation in Artificial intelligence Knowledge Representation in Artificial intelligence
Knowledge Representation in Artificial intelligence Yasir Khan
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies Network Intelligence India
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - NotesKranthi
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security toolsVicky Fernandes
 

What's hot (20)

Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Key management
Key managementKey management
Key management
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
 
Knowledge Representation in Artificial intelligence
Knowledge Representation in Artificial intelligence Knowledge Representation in Artificial intelligence
Knowledge Representation in Artificial intelligence
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniques
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
 
Database forensics
Database forensicsDatabase forensics
Database forensics
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes02 Types of Computer Forensics Technology - Notes
02 Types of Computer Forensics Technology - Notes
 
Cyber security and demonstration of security tools
Cyber security and demonstration of security toolsCyber security and demonstration of security tools
Cyber security and demonstration of security tools
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 

Similar to Ethical hacking

IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical HackingIRJET Journal
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimemuhammad awais
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxGovandJamalSaeed
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.Expeed Software
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancementcyberprosocial
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxBishalRay8
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security BreakfastRackspace
 
Threat intelligence life cycle steps by steps
Threat intelligence life cycle steps by stepsThreat intelligence life cycle steps by steps
Threat intelligence life cycle steps by stepsJayeshGadhave1
 
Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01rajkumar jonuboyena
 
Cyber Security Company.pdf
Cyber Security Company.pdfCyber Security Company.pdf
Cyber Security Company.pdfpdfcompressor1
 
Attackers process
Attackers processAttackers process
Attackers processbegmohsin
 

Similar to Ethical hacking (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical Hacking
 
How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)How to Build and Validate Ransomware Attack Detections (Secure360)
How to Build and Validate Ransomware Attack Detections (Secure360)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Vapt life cycle
Vapt life cycleVapt life cycle
Vapt life cycle
 
chapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crimechapter 3 ethics: computer and internet crime
chapter 3 ethics: computer and internet crime
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptxEthical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
Ethical hacking seminardk fas kjfdhsakjfh askfhksahf.pptx
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical Hacking
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
 
The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.The Art of Penetration Testing in Cybersecurity.
The Art of Penetration Testing in Cybersecurity.
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptx
 
Iscsp apt
Iscsp aptIscsp apt
Iscsp apt
 
Incident Response
Incident ResponseIncident Response
Incident Response
 
RMS Security Breakfast
RMS Security BreakfastRMS Security Breakfast
RMS Security Breakfast
 
Threat intelligence life cycle steps by steps
Threat intelligence life cycle steps by stepsThreat intelligence life cycle steps by steps
Threat intelligence life cycle steps by steps
 
Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01Ethicalhackingalicencetohack 120223062548-phpapp01
Ethicalhackingalicencetohack 120223062548-phpapp01
 
Cyber Security Company.pdf
Cyber Security Company.pdfCyber Security Company.pdf
Cyber Security Company.pdf
 
Attackers process
Attackers processAttackers process
Attackers process
 

More from Saqib Raza

The Design and Analysis of Algorithms.pdf
The Design and Analysis of Algorithms.pdfThe Design and Analysis of Algorithms.pdf
The Design and Analysis of Algorithms.pdfSaqib Raza
 
An Introduction to the Analysis of Algorithms (2nd_Edition_Robert_Sedgewick,_...
An Introduction to the Analysis of Algorithms (2nd_Edition_Robert_Sedgewick,_...An Introduction to the Analysis of Algorithms (2nd_Edition_Robert_Sedgewick,_...
An Introduction to the Analysis of Algorithms (2nd_Edition_Robert_Sedgewick,_...Saqib Raza
 
Data_Mining: Practical Machine Learning Tools and Techniques 2ndEd.pdf
Data_Mining: Practical Machine Learning Tools and Techniques 2ndEd.pdfData_Mining: Practical Machine Learning Tools and Techniques 2ndEd.pdf
Data_Mining: Practical Machine Learning Tools and Techniques 2ndEd.pdfSaqib Raza
 
Social Impacts of Artificial intelligence
Social Impacts of Artificial intelligenceSocial Impacts of Artificial intelligence
Social Impacts of Artificial intelligenceSaqib Raza
 
Professional Practice Course Outline
Professional Practice Course OutlineProfessional Practice Course Outline
Professional Practice Course OutlineSaqib Raza
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
Software Engineering Code Of Ethics And Professional Practice
Software Engineering Code Of Ethics And Professional Practice Software Engineering Code Of Ethics And Professional Practice
Software Engineering Code Of Ethics And Professional Practice Saqib Raza
 
7 Engineering Profession
7 Engineering Profession7 Engineering Profession
7 Engineering ProfessionSaqib Raza
 
6 software contracts
6 software contracts6 software contracts
6 software contractsSaqib Raza
 
Introduction to Intellectual Property
Introduction to Intellectual PropertyIntroduction to Intellectual Property
Introduction to Intellectual PropertySaqib Raza
 
Itroduction to Business Ethics
Itroduction to Business EthicsItroduction to Business Ethics
Itroduction to Business EthicsSaqib Raza
 
Types of Ethics
Types of EthicsTypes of Ethics
Types of EthicsSaqib Raza
 
Introduction to ethics
Introduction to ethicsIntroduction to ethics
Introduction to ethicsSaqib Raza
 
Project Management Concepts
Project Management ConceptsProject Management Concepts
Project Management ConceptsSaqib Raza
 
Software Re-Engineering
Software Re-EngineeringSoftware Re-Engineering
Software Re-EngineeringSaqib Raza
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality AssuranceSaqib Raza
 
User Interface Analysis and Design
User Interface Analysis and Design User Interface Analysis and Design
User Interface Analysis and Design Saqib Raza
 
Architecture Design
Architecture DesignArchitecture Design
Architecture DesignSaqib Raza
 
REQUIREMENT ENGINEERING
REQUIREMENT ENGINEERINGREQUIREMENT ENGINEERING
REQUIREMENT ENGINEERINGSaqib Raza
 

More from Saqib Raza (20)

The Design and Analysis of Algorithms.pdf
The Design and Analysis of Algorithms.pdfThe Design and Analysis of Algorithms.pdf
The Design and Analysis of Algorithms.pdf
 
An Introduction to the Analysis of Algorithms (2nd_Edition_Robert_Sedgewick,_...
An Introduction to the Analysis of Algorithms (2nd_Edition_Robert_Sedgewick,_...An Introduction to the Analysis of Algorithms (2nd_Edition_Robert_Sedgewick,_...
An Introduction to the Analysis of Algorithms (2nd_Edition_Robert_Sedgewick,_...
 
Data_Mining: Practical Machine Learning Tools and Techniques 2ndEd.pdf
Data_Mining: Practical Machine Learning Tools and Techniques 2ndEd.pdfData_Mining: Practical Machine Learning Tools and Techniques 2ndEd.pdf
Data_Mining: Practical Machine Learning Tools and Techniques 2ndEd.pdf
 
Social Impacts of Artificial intelligence
Social Impacts of Artificial intelligenceSocial Impacts of Artificial intelligence
Social Impacts of Artificial intelligence
 
Professional Practice Course Outline
Professional Practice Course OutlineProfessional Practice Course Outline
Professional Practice Course Outline
 
12 security policies
12 security policies12 security policies
12 security policies
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
 
Software Engineering Code Of Ethics And Professional Practice
Software Engineering Code Of Ethics And Professional Practice Software Engineering Code Of Ethics And Professional Practice
Software Engineering Code Of Ethics And Professional Practice
 
7 Engineering Profession
7 Engineering Profession7 Engineering Profession
7 Engineering Profession
 
6 software contracts
6 software contracts6 software contracts
6 software contracts
 
Introduction to Intellectual Property
Introduction to Intellectual PropertyIntroduction to Intellectual Property
Introduction to Intellectual Property
 
Itroduction to Business Ethics
Itroduction to Business EthicsItroduction to Business Ethics
Itroduction to Business Ethics
 
Types of Ethics
Types of EthicsTypes of Ethics
Types of Ethics
 
Introduction to ethics
Introduction to ethicsIntroduction to ethics
Introduction to ethics
 
Project Management Concepts
Project Management ConceptsProject Management Concepts
Project Management Concepts
 
Software Re-Engineering
Software Re-EngineeringSoftware Re-Engineering
Software Re-Engineering
 
Software Quality Assurance
Software Quality AssuranceSoftware Quality Assurance
Software Quality Assurance
 
User Interface Analysis and Design
User Interface Analysis and Design User Interface Analysis and Design
User Interface Analysis and Design
 
Architecture Design
Architecture DesignArchitecture Design
Architecture Design
 
REQUIREMENT ENGINEERING
REQUIREMENT ENGINEERINGREQUIREMENT ENGINEERING
REQUIREMENT ENGINEERING
 

Recently uploaded

Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationAadityaSharma884161
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.arsicmarija21
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........LeaCamillePacle
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 

Recently uploaded (20)

Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint Presentation
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.AmericanHighSchoolsprezentacijaoskolama.
AmericanHighSchoolsprezentacijaoskolama.
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........Atmosphere science 7 quarter 4 .........
Atmosphere science 7 quarter 4 .........
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 

Ethical hacking

  • 2. OVERVIEW OF HACKING :  HACK :  EXAMINE SOMETHING VERY MINUTELY.  THE RAPID CRAFTING OF NEW PROGRAM OR THE MAKING OF CHANGES TO EXISTING , USUALLY COMPLICATED SOFTWARE .  HACKER :  THE PERSON WHO HACKS . CRACKER :  SYSTEM INTRUDER OR DESTROYER .
  • 3. WHAT IS ETHICAL HACKING ?  INDEPENDENT COMPUTER SECURITY PROFESSSIONALS BREAKING INTO THE COMPUTER SYSTEM .  NEITHER DAMAGE THE TARGET SYSTEMS NOR STEAL THE INFORMATION.  EVALUATE TARGET SYSTEM SECURITY AND REPORT BACK TO OWNER ABOUT THE VULNERABALITIES FOUND .
  • 5. DESCRIPTION ABOUT THE TYPES OF HACKERS : PROFESSIONAL HACKERS :  BLACK HATS _____ THE BAD GUYS  WHITE HATS _____PROFESSIONAL SECURITY EXPERTS SCRIPT KIDDIES : MOSTLY KIDS /STUDENTS : • Use tools created by black hats , - To get free stuff - Impress their peers - Not to get caught
  • 6. o UNEMPLOYED ADULT HACKERS : • FORMER SCRIPT KIDDIES - CAN’T GET EMPLOYMENT IN THE FIELD - WANT RECOGNITION IN HACKER’S COMMUNITY - BIG IN EASTERN EUROPEAN COUNTRIES o IDEOLOGICAL HACKERS :  HACK AS A MECHANISM TO PROMOTE SOME POLITICAL AND IDEOLOGICAL PURPOSE  USUALLY CONCIDE WITH POLITICAL EVENTS .
  • 8. DESCRIPTION : LOCAL HACKING •LOCAL HACKING IS DONE FROM LOCAL AREA WHERE WE HAVE PHYSICAL ACCESS LIKE THROUGH PRINTER ETC . •WE CAN DO THIS TYPE OF HACKING THROUGH TROJAN AND VIRUSES WITH THE HELP OF HARD DISK AND PENDRIVE. : REMOTE HACKING •REMOTE HACKING IS DONE REMOTELY BY TAKING ADVENTAGE OF THE VULNERABALITY OF THE TARGET SYSTEM . : SOCIAL ENGINEERING •SOCIAL ENGINEERING IS THE ACT OF MANIPULATING PEOPLE INTO PERFORMING ACTIONS OR DIVULGING CONFIDENTIAL INFORMATION . • IN MOST CASES THE ATTACKER NEVER COMES FACE TO FACE .
  • 11.  COMPLETELY TRUSTWORTHY  STRONG PROGRAMMING AND COMPUTER NETWORKING SKILLS  LEARN ABOUT THE SYSTEM AND TRYING TO FIND ITS WEEKNESSES  TECHNIQUES OF CRIMINAL- HACKERS – DETECTION – PREVENTION  NO EX- HACKERS PUBLISH RESEARCH PAPERS AND RELEASED SECURITY
  • 12. DIFFERENCE B/W HACKER • ACCESS COMPUTER SYSTEM OR NETWORK WITHOUT AUTHORIZATION AND BREAKS THE LAW ETHICAL HACKER • PERFORM MOST OF THE SAME ACTIVITIES BUT WITH THE OWNER’S PERMISSION AND EMPLOYED BY COMPANIES TO PERFORM
  • 13. MODES OF ETHICAL HACKING  INSIDER ATTACK  OUTSIDER ATTACK  STOLEN EQUIPMENT ATTACK  PHYSICAL ENTRY
  • 14.
  • 16. ETHICAL HACKERS MUST FOLLOW A STRICT SCIENTIFIC PROCESS IN ORDER TO OBTAIN USEABLE AND LEGAL RESULTS 1. Planning 2. Reconnaissance 3. Enumeration 4. Vulnerability Analysis 5. Exploitation 6. Final Analysis 7. Deliverables 8. Integration
  • 17. 1- PLANNING : • Planning is essential for having a successful project. It provides an opportunity to give critical thought to what needs to be done, allows for goals to be set, and allows for a risk assessment to evaluate how a project should be carried out. • There are a large number of external factors that need to be considered when planning to carry out an ethical hack. These factors include existing security policies , culture, laws and regulations, best practices, and industry requirements. Each of these factors play an integral role in the decision making process when it comes to ethical hacking. The planning phase of an ethical hack will have a profound influence on how the hack is performed and the information shared and collected, and will directly influence the deliverable and integration of the results into the security program. • The planning phase will describe many of the details of a controlled attack. It will attempt to answer questions regarding how the attack
  • 18. 2- RECONNAISSANCE • Reconnaissance is the search for freely available information to assist in an attack. This can be as simple as a ping or browsing newsgroups on the Internet in search of disgruntled employees divulging secret information or as messy as digging through the trash to find receipts or letters. • Reconnaissance can include social engineering, tapping phones and networks, or even theft. The search for information is limited only by the extremes at which the organization and ethical hacker are willing to go in order to recover the information they are searching for. • The reconnaissance phase introduces the relationship between the tasks that must be completed and the methods that will need to be used in order to protect the organization's assets
  • 19. 3- ENUMERATION • Enumeration is also known as network or vulnerability discovery. It is the act of obtaining information that is readily available from the target's system, applications and networks. It is important to note that the enumeration phase is often the point where the line between an ethical hack and a malicious attack can become blurred as it is often easy to go outside of the boundaries outlined in the original attack plan. • In order to construct a picture of an organization's environment, several tools and techniques are available. These tools and techniques include port scanning and NMap . Although it is rather simple to collect information, it is rather difficult to determine the value of the information in the hands of a hacker. • At first glance, enumeration is simple: take the collected data and evaluate it collectively to establish a plan for more reconnaissance or building a matrix for the vulnerability analysis phase. However, the
  • 20. 4- VULNERABILITY ANALYSIS • In order to effectively analyze data, an ethical hacker must employ a logical and pragmatic approach. In the vulnerability analysis phase, the collected information is compared with known vulnerabilities in a practical process. • Information is useful no matter what the source. Any little bit can help in discovering options for exploitation and may possibly lead to discoveries that may not have been found otherwise. Known vulnerabilities, incidents, service packs, updates, and even available hacker tools help in identifying a point of attack. The Internet provides a vast amount of information that can easily be associated with the architecture and strong and weak points of a system
  • 21. 5-EXPLOITATION • A significant amount of time is spent planning and evaluated an ethical hack. Of course, all this planning must eventually lead to some form of attack. The exploitation of a system can be as easy as running a small tool or as intricate as a series of complex steps that must be executed in a particular way in order to gain access. • The exploitation process is broken down into a set of subtasks which can be many steps or a single step in performing the attack. As each step is performed, an evaluation takes place to ensure that the expected outcome is being met. Any divergence from the attack plan is classified into two determinations: Expectations: Are the expectations of the exploitation being met or are the results conflicting with the organization's assumptions? Technical: Is the system reacting in an unexpected manner, which is having an
  • 22. 6- FINAL ANALYSIS • Although the exploitation phase has a number of checks and validations to ensure success, a final analysis is required to categorize the vulnerabilities of the system in terms of their level of exposure and to assist in the derivation of a mitigation plan. The final analysis phase provides a link between the exploitation phase and the creation of a deliverable. • A comprehensive view of the entire attack must exist in order to construct a bigger picture of the security posture of the environment and express the vulnerabilities in a clear and useful manner. The final analysis is part interpretation and part empirical results
  • 23. 7- DELIVERABLES •Deliverables communicate the results of tests in numerous ways. Some deliverables are short and concise, only providing a list of vulnerabilities and how to fix them, while others are long and detailed, providing a list of vulnerabilities with detailed descriptions regarding how they were found, how to exploit them, the implications of having such a vulnerability and how to remedy the situation. •The deliverable phase is a way for an ethical hacker to convey the results of their tests. Recently, ethical hacking has become so commoditized that if a deliverable does not
  • 24. 8- INTEGRATION • Finally, it essential that there is some means of using the test results for something productive. Often, the deliverable is combined with existing materials, such as a risk analysis, security policy, previous test results, and information associated with a security program to enhance mitigation and develop remedies and patches for vulnerabilities. • There are three distinguishing factors that should be considered during the integration of any test results • Mitigation: If vulnerability beyond acceptable risk was found, then it would need to be fixed. Mitigation of a vulnerability can include testing, piloting, implementing, and validating changes to systems. • Defense: Vulnerabilities need to be addressed in a strategic manner in order to minimize future or undetected vulnerabilities. Defense planning is establishing a foundation of security to grow on and ensure long-term success. • Incident Management: The ability to detect, respond, and recover from an attack is essential. Knowing how attacks are made and the potential impacts
  • 26. REQUIRED SKILLS • An ethical hacker is required to possess a vast arrangement of computer skills. It is not feasible for each ethical hacker to be an expert is every field and thus ethical hacking tiger teams whose members have complementing skills are created to provide an organization with a team possessing the complete skill set required of an ethical hacker. • Organizations may have a wide variety of computer systems and it is essential for any ethical hacker to have expertise in operating systems , as well as network hardware platforms. It is also fundamental that an ethical hacker posses a solid foundation of the principles
  • 27.
  • 29. A SURVEY DONE BY THE INTERNATIONAL DATA CORP (IDC) SAYS THAT THE WORLDWIDE DEMAND FOR INFORMATION SECURITY PROFESSIONALS STANDS AT 60,000 AND COMPANIES SUCH AS WIPRO, INFOSYS, IBM, AIRTEL AND RELIANCE ARE ALWAYS LOOKING FOR GOOD ETHICAL HACKERS
  • 30. IN THE UNITED KINGDOM, THE FOLLOWING TRENDS HAVE BEEN SEEN FOR DEMAND AND SALARIES OF ETHICAL HACKERS.
  • 31. ALTHOUGH THERE ARE BENEFITS TO TEACHING AND EMPLOYING ETHICAL HACKING TECHNIQUES, THERE ARE PROBLEMS THAT LEAD SOME TO QUESTION THE PRACTICE. IT IS FEARED THAT SCHOOLS MAY BE TEACHING DANGEROUS SKILLS TO STUDENTS THAT ARE UNABLE TO MAKE CORRECT DECISIONS
  • 32. MARCUS J. RANUM, A COMPUTER SECURITY PROFESSIONAL HAS OPENLY OBJECTED TO THE TERM ETHICAL HACKER, SAYING "THERE'S NO SUCH THING AS AN 'ETHICAL HACKER' - THAT'S LIKE SAYING 'ETHICAL RAPIST' - IT'S A CONTRADICTION IN TERMS" [9]. A SIGNIFICANT PART OF THE CONTROVERSY SURROUNDING ETHICAL HACKING ARISES FROM THE OLDER DEFINITION OF HACKER AND ITS ASSOCIATION WITH THE IDEA OF A COMPUTER CRIMINAL. HOWEVER, SOME ORGANIZATIONS DO NOT SEEM TO MIND THE ASSOCIATION AND HAVE HAD A SIGNIFICANT INCREASE IN CAREERS WHERE CEH AND OTHER ETHICAL HACKING CERTIFICATIONS ARE PREFERRED OR REQUIRED.
  • 33. 1. ETHICAL ISSUES One of the concerns about teaching ethical hacking is that the wrong people may be taught very dangerous skills. Hacking skills were traditionally acquired by many hours of practice or intense tutoring from another hacker. University programs and commercial training classes are now offering a new way for aspiring hackers to learn how to penetrate systems. Teaching students how to attack systems without providing ethical training may be teaching criminals and terrorists how to pursue their illegal activities. Some individuals have
  • 34. 2. LEGAL LIABILITY • Adding ethical hacking to a curriculum raises a variety of legal issues where schools and faculty members may be held responsible for the actions of their students. The use of many hacking tools outside of an isolated test network may be illegal. By allowing unmonitored hacking sessions, the school or faculty member may be allowing a breach of the law or violation of software licensing agreements. • In a case of The United States versus Morris, a judge determined that the Computer Fraud and Misuse Act (18 USC 1030) applies to educational institutions and that an individual is liable for the accidental release of malware . The schools that facilitated the creation of malware would be liable for damages
  • 35. FORCING SERVICES AND INFORMATION ON ORGANIZATIONS AND SOCIETY • Sometimes ethical hackers operate without the permission or knowledge of the owners of a system. The rationale given for this is that they are only testing security and do not intend to cause damage or compromise any individual’s privacy. • However, ethical hackers may be able to uncover information about Web sites and applications that the owners of these sites and applications do not want uncovered. The situation is compared to finding a note on your refrigerator informing you that "I was testing the security of back doors in the neighborhood and found yours unlocked. I just looked around. I didn't take anything. You should fix your lock." This situation is what leads to the necessity for a proper test plan and
  • 37.  AS IT IS AN INVOLVING BRANCH ,THE SCOPE OF ENHANCEMENT IN TECHNOLOGY IS IMMENSE . NO ETHICAL HACKER CAN ENSURE THE SYSTEM SECURITY BY USING THE SAME TECHNIQUES REPEATEDLY . HOW WOULD HAVE TO IMPROVE , DEVELOP AND EXPLORE NEW AVENUES REPEATEDLY. MORE ENHANCED SOFTWARE’S SHOULD BE USED FOR OPTIMUM PROTECTION . TOOLS USED, NEED TO BE UPDATED REGULARLY AND MORE EFFICIENT ONES NEED TO BE DEVELOPED
  • 38. REFERENCES• Twincling Society Ethical Hacking Seminar 2006. Retrieved March 27, 2009. • Krutz, Ronald L. and Vines, Russell Dean. The CEH Prep Guide: The Comprehensive Guide to Certified Ethical Hacking .Published by John Wiley and Sons, 2007. • Palmer, Charles. Ethical Hacking Published in IBM Systems Journal: End-to-End Security, Volume 40, Issue 3, 2001. • Tiller, James S. The ethical hack: a framework for business value penetration testing Published by CRC Press, 2005. • Beaver, Kevin and McClure, Stuart. Hacking For Dummies Published by For Dummies, 2006. • Certified Ethical Hacking Seminar 2006. Retrieved March 27, 2009. • Certified Ethical Hacking EC-Council 2009. Retrieved March 27, 2009. • Certified Ethical Hacking EC-Council 2009. Retrieved March 27, 2009. • Ethical Hacking Jobs 2009. Retrieved March 27, 2009. • D'Ottavi, Alberto. Interview: Father of the Firewall 2003. Retrieved March 27, 2009. • Livermore, Jeffery. What Are Faculty Attitudes Toward Teaching Ethical Hacking and Penetration Testing? Published in Proceedings of the 11th Colloquium for Information Systems Security Education, 2007