Ethical hacking a licence to hack


Published on

Published in: Technology
  • Be the first to comment

Ethical hacking a licence to hack

  1. 1. ETHICAL HACKING A LICENCE TO HACK Gadde Srikanth A. Ravali Rukmini Information technology Computer science B.TECH- II YR VELLORE INSTITUTE OF TECHNOLOGY School of Computer Sciences
  2. 2. INTRODUCTION <ul><li>Ethical hacking- also known as penetration testing or intrusion testing or red teaming has become a major concern for businesses and governments. </li></ul><ul><li>Companies are worried about the possibility of being “hacked” and potential customers are worried about maintaining control of personal information. </li></ul><ul><li>Necessity of computer security professionals to break into the systems of the organisation. </li></ul>
  3. 3. <ul><li>Ethical hackers employ the same tools and techniques as the intruders. </li></ul><ul><li>They neither damage the target systems nor steal information. </li></ul><ul><li>The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them. </li></ul>INTRODUCTION
  4. 4. PLANNING THE TEST <ul><li>Aspects that should be focused on: </li></ul><ul><li>Who should perform penetration testing? </li></ul><ul><li>How often the tests have to be conducted? </li></ul><ul><li>What are the methods of measuring and communicating the results? </li></ul><ul><li>What if something unexpected happens during the test and brings the whole system down? </li></ul><ul><li>What are the organization's security policies? </li></ul>
  5. 5. The minimum security policies that an organization should posses <ul><li>Information policy </li></ul><ul><li>Security policy </li></ul><ul><li>Computer use </li></ul><ul><li>User management </li></ul><ul><li>System administration procedures </li></ul><ul><li>Incident response procedures </li></ul><ul><li>Configuration management </li></ul><ul><li>Design methodology </li></ul><ul><li>Disaster methodology </li></ul><ul><li>Disaster recovery plans. </li></ul>
  6. 6. Ethical hacking- a dynamic process <ul><li>Running through the penetration test once gives the current set of security issues which subject to change. </li></ul><ul><li>Penetration testing must be continuous to ensure that system movements and newly installed applications do not introduce new vulnerabilities into the system. </li></ul>
  7. 7. Who are ethical hackers <ul><li>The skills ethical hackers should posses </li></ul><ul><li>They must be completely trustworthy. </li></ul><ul><li>Should have very strong programming and computer networking skills and have been in networking field for several years. </li></ul>
  8. 8. <ul><li>Should have more patience. </li></ul><ul><li>Continuous updating of the knowledge on computer and network security is required. </li></ul><ul><li>They should know the techniques of the criminals, how their activities might be detected and how to stop them. </li></ul>Who are ethical hackers
  9. 9. Choice of an ethical hacker <ul><li>An independent external agency. </li></ul><ul><li>black box testing . </li></ul><ul><li>An expertise with in your own organization. </li></ul><ul><li>white box testing . </li></ul>
  10. 10. AREAS TO BE TESTED <ul><li>Application servers </li></ul><ul><li>Firewalls and security devices </li></ul><ul><li>Network security </li></ul><ul><li>Wireless security </li></ul>
  11. 11. Red Team-Multilayered Assessment <ul><li>Various areas of security </li></ul><ul><li>are evaluated using a </li></ul><ul><li>multilayered approach. </li></ul><ul><li>Each area of security defines how the target will be assessed. </li></ul><ul><li>An identified vulnerability at one layer may be protected at another layer minimizing the associated risk of the vulnerability. </li></ul>
  12. 12. Information security (INFOSEC)- A revolving process
  13. 14. Attacks on Websites:- Denial of service attack <ul><li>Some hackers hack your websites just because they can. </li></ul><ul><li>They try to do something spectacular to exhibit their talents. </li></ul><ul><li>Their comes the denial of service attack. </li></ul><ul><li>During the attacks, customers were unable to reach the websites, resulting in loss of revenue and “mind share”. </li></ul><ul><li>On January 17, 2000, a U.S. library of congress website was attacked. </li></ul>
  14. 17. The ethical hack itself <ul><li>Testing itself poses some risk to the client. </li></ul><ul><li>Criminal hacker monitoring the transmissions of ethical hacker could trap the information. </li></ul><ul><li>Best approach is to maintain several addresses around the internet from which ethical hackers originate. </li></ul><ul><li>Additional intrusion monitoring software can be deployed at the target. </li></ul>
  15. 18. IBM’S Immune system for Cyber space <ul><li>Any of the following combination may be used </li></ul><ul><li>Remote network. </li></ul><ul><li>Remote dial-up network. </li></ul><ul><li>Local network. </li></ul><ul><li>Stolen laptop computer. </li></ul><ul><li>Social engineering. </li></ul><ul><li>Physical entry. </li></ul>
  16. 20. Competitive Intelligence <ul><li>A systematic and ethical program for maintaining external information that can affect your company’s plans. </li></ul><ul><li>It is legal collection and analysis of information regarding the vulnerabilities of the business partners. </li></ul><ul><li>The same information used to aid a company can be used to compete with the company. </li></ul><ul><li>The way to protect the information is to be aware of how it may be used. </li></ul>
  17. 21. Information Security Goals <ul><li>Improve IS awareness. </li></ul><ul><li>Assess risk. </li></ul><ul><li>Mitigate risk immediately. </li></ul><ul><li>Assist in the decision making process. </li></ul><ul><li>Conduct drills on emergency response procedures. </li></ul>
  18. 22. Conclusions <ul><li>Never underestimate the attacker or overestimate our existing posture. </li></ul><ul><li>A company may be target not just for its information but potentially for its various transactions. </li></ul><ul><li>To protect against an attack, understanding where the systems are vulnerable is necessary. </li></ul><ul><li>Ethical hacking helps companies first comprehend their risk and then, manage them. </li></ul>
  19. 23. <ul><li>Always security professionals are one step behind the hackers and crackers. </li></ul><ul><li>Plan for the unplanned attacks. </li></ul><ul><li>The role of ethical hacking in security is to provide customers with awareness of how they could be attacked and why they are targeted. </li></ul><ul><li>“ Security though a pain”, is necessary. </li></ul>Conclusions
  20. 24. References <ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li>5.”Information Technology” journal,september,august 2005,published by EFY. </li></ul><ul><li>6.IEEE journal on&quot; security and privacy” </li></ul>
  21. 25. Queries?