2. What is Ethical Hacking ?
Ethical Hacking - Process
Why – Ethical Hacking ?
Reporting
Ethical Hacking – Commandments
2
3. What is Ethical Hacking ??
Also Called – Attack & Penetration Testing,
White-hat hacking, Red teaming.
Process of breaking into systems for :-
Personal or Commercial Gains.
Malicious Intent – Causing sever damage to
Information & Assets.
3
6. 6
It is Legal.
Permission is obtained from the target.
Part of an overall security program.
Identify vulnerabilities visible from Internet a
particular point of time.
Ethical hackers possesses same skills, mindset and
tools of a hacker but the attacks are done in a non-
destructive manner.
11. 11
Will have same mind set & tools as do
hackers have but in a non destructive
manner.
Will have permissions to enter into the
target network.
To find the vulnerability.
To report the vulnerability to the
organization.
13. 13
Specific systems to be tested.
Risks that are involved.
When the tests are to be performed & the overall
time.
Amount of knowledge of the systems.
What is to be done when vulnerability is discovered.
14. 14
Collecting as much information about the target
DNS Servers
IP Ranges
Administrative Contacts
Problems revealed by administrators
oInformation Sources
oSearch engines
oForums
oDatabases – whois, ripe, arin, apnic
Tools – PING, whois, Traceroute, DIG, nslookup,
samspade.
15. 15
Specific targets determined
Identification of Services / open ports.
To find other hosts in the entire network.
Tools :-Nmap, FScan, Hping,
Firewalk, netcat, tcpdump,
ssh, telnet, SNMP Scanner.
16. 16
Insecure Configuration.
Weak Passwords – Default Passwords, Brute
force, Social Engineering, Listening to Traffic.
Insecure Programming – SQL Injection,
Listening to Traffic.
Weak Access Control – Using the Application
Logic, SQL Injection Weak Access Control.
VULNERABILITIES :-
18. 18
•Helps in closing the open holes in the system network.
•Provides security to banking and financial establishments.
•Prevents website defacements .
•“To catch a thief you have to think like a thief”.
•All depends upon the trustworthiness of the ethical hacker.
•Hiring professionals is expensive.