ON T   Ethical Hacking   TI A AU ERC K  C ORKHA W                                                     1             Intell...
Introduction to Ethical Hacking   Ethical hackers       Employed by companies to perform penetration tests   Penetratio...
What is Hacking?   Hacking is an act of penetrating computer    systems to gain knowledge about the system    and how it ...
Who is an Hacker?   Hackers are actually computer enthusiasts who know    a lot about computers and computer networks and...
What is Ethical Hacking?   Ethical hacking is the use of hacking    knowledge to attempt to enter a network to    find it...
Who is Ethical Hacker?■  Ethical hackers typically have very strongprogramming and computer networking skill■  Ethical hac...
Roll of Hacker   Ethical hackers are motivated by different reasons,    but their purpose is usually the same as that of ...
Roll of Hacker   Hackers      Access computer system or network without       authorization      Breaks the law; can go...
Why perform an ethical hack?   To determine flaws and vulnerabilities   To provide a quantitative metric for evaluating ...
Skills Required Becoming an             Ethical Hacker   Criminal mindset   Thorough knowledge about Computer    program...
Levels in Ethical Hacking                                               11       Intelligent Quotient System Pvt. Ltd.
Ethical Hacking Steps                                             12     Intelligent Quotient System Pvt. Ltd.
Footprinting   Definition: the gathering of information about a    potential system or network.   Attacker’s point of vi...
Footprinting   Gathering information of target information       Internet                        Domain name, network    ...
Scanning   After obtaining a list of network and IP addresses    scanning starts:       ping sweeps (active machines): u...
More in Scanning   OS detection (stack fingerprinting):      probe the TCP/IP stack, because it varies with OSs. Require...
Types of Scanning    Scanning Type               PurposePort scanning         Determines open ports and                   ...
Scanning Methodology     Check for Live System      Check for Open Ports      Service Identification      Banner Grabbing ...
Scanning Methodology        Vulnerability         Scanning     Draw Network Diagrams       of Vulnerable Hosts        Prep...
Scanning Tools■   Nmap■   Nessus■   SNMP Scanner■   THC-Scan■   Netscan■   IPSecScan
Enumeration   Enumeration occurs after scanning and is the    process of gathering and compiling usernames,    machine na...
Enumeration Steps    Hackers need to be methodical in their approach to    hacking. The following steps are an example of ...
SQL injection   SQL injection is a code injection technique that    exploits a security vulnerability occurring in the   ...
SQL injection   During a SQL injection attack, malicious code is    inserted into a web form field or the website’s code ...
Wireless Hacking Techniques   Cracking encryption and authentication    mechanism   Eavesdropping or sniffing   Denial ...
Securing Your Wireless Network   Use Strong Encryption Protocol   Don’t Announce Yourself-Disable SSID   Change Default...
Upcoming SlideShare
Loading in …5
×

Chapter 2

2,032 views

Published on

Published in: Technology
1 Comment
2 Likes
Statistics
Notes
  • free free download this latest version 100% working.
    download link- http://gg.gg/hqcf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
2,032
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
173
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Chapter 2

  1. 1. ON T Ethical Hacking TI A AU ERC K C ORKHA W 1 Intelligent Quotient System Pvt. Ltd.
  2. 2. Introduction to Ethical Hacking Ethical hackers  Employed by companies to perform penetration tests Penetration test  Legal attempt to break into a company’s network to find its weakest link  Tester only reports findings Security test  More than an attempt to break in; also includes analyzing company’s security policy and procedures  Tester offers solutions to secure or protect the network 2
  3. 3. What is Hacking? Hacking is an act of penetrating computer systems to gain knowledge about the system and how it works. Hacking is the act of gaining access without legal authorization to a computer or computer network or network resources. 3
  4. 4. Who is an Hacker? Hackers are actually computer enthusiasts who know a lot about computers and computer networks and use this knowledge with a criminal intent. Hacker: is person who uses his hacking skills and tool sets for destructive or offensive purposes such as disseminating viruses or performing DoS attacks to compromise or bring down systems and networks. Hackers are sometimes paid to damage corporate reputations or steal or reveal credit-card information 4
  5. 5. What is Ethical Hacking? Ethical hacking is the use of hacking knowledge to attempt to enter a network to find its loopholes and back doors. It is often referred to as ‘legalized hacking’ and yes it is indeed legal and can even reap a lot of profits for highly skilled individuals.
  6. 6. Who is Ethical Hacker?■ Ethical hackers typically have very strongprogramming and computer networking skill■ Ethical hackers who stay a step ahead ofmalicious hackers must be computer systemsexperts who are very knowledgeable aboutComputer programming, Networking andoperating systems. 6
  7. 7. Roll of Hacker Ethical hackers are motivated by different reasons, but their purpose is usually the same as that of crackers: Find out the frequent weaknesses in the security of target systems. They’re trying to determine what an intruder can see on a targeted network or system, and what the hacker can do with that information. This process of testing the security of a system or network is known as a penetration test. 7 Intelligent Quotient System Pvt. Ltd.
  8. 8. Roll of Hacker Hackers  Access computer system or network without authorization  Breaks the law; can go to prison Crackers  Break into systems to steal or destroy data  U.S. Department of Justice calls both hackers Ethical hacker  Performs most of the same activities but with owner’s permission 8
  9. 9. Why perform an ethical hack? To determine flaws and vulnerabilities To provide a quantitative metric for evaluating systems and networks To measure against pre-established baselines To determine risk to the organization To design mitigating controls 9 Intelligent Quotient System Pvt. Ltd.
  10. 10. Skills Required Becoming an Ethical Hacker Criminal mindset Thorough knowledge about Computer programming, Networking and operating systems. highly targeted platforms (such as Windows, Unix, and Linux), etc. Patience, persistence, and immense perseverance 10 Intelligent Quotient System Pvt. Ltd.
  11. 11. Levels in Ethical Hacking 11 Intelligent Quotient System Pvt. Ltd.
  12. 12. Ethical Hacking Steps 12 Intelligent Quotient System Pvt. Ltd.
  13. 13. Footprinting Definition: the gathering of information about a potential system or network. Attacker’s point of view  Identify potential target systems  Identify which types of attacks may be useful on target systems Defender’s point of view  Know available tools  Vulnerability analysis: know what information you’re giving away, what weaknesses you have. 13 Intelligent Quotient System Pvt. Ltd.
  14. 14. Footprinting Gathering information of target information Internet Domain name, network blocks, IP addresses open to Net, TCP and UDP services running, ACLs, IDSes Intranet Protocols (IP,NETBIOS), internal domain names, etc Remote access Phone numbers, remote control, telnet, authentication Extranet Connection origination, destination, type, access control 14 Intelligent Quotient System Pvt. Ltd.
  15. 15. Scanning After obtaining a list of network and IP addresses scanning starts:  ping sweeps (active machines): user pinger in Windows and nmap in Linux/UNIX. This is an example of pinger.  TCP port scanning (open ports in active machines): SYN and connect scans work with most hosts. SYN is stealthier and may not be logged.  In Windows NT use SuperScan and in Linux/UNIX use nmap. See an example of SuperScan. BUT, hackers use scripts with binary files, not graphical tools. 15 Intelligent Quotient System Pvt. Ltd.
  16. 16. More in Scanning OS detection (stack fingerprinting):  probe the TCP/IP stack, because it varies with OSs. Requires at least one listening port to make determination.  why is it important? There are hacker tools OS and Net device specific. In Linux/UNIX use nmap with -O. You can use the Netcraft site to check the OS of a host running a Web server. OS detection (passive signatures):  monitoring the traffic the operating system can be detected, among other things. Siphon is a recent Linux/UNIX tool.  Once the OS is identified enumeration can take place. 16 Intelligent Quotient System Pvt. Ltd.
  17. 17. Types of Scanning Scanning Type PurposePort scanning Determines open ports and servicesNetwork scanning IP addressesVulnerability scanning Presence of known weaknesses
  18. 18. Scanning Methodology Check for Live System Check for Open Ports Service Identification Banner Grabbing / OS Fingerprinting
  19. 19. Scanning Methodology Vulnerability Scanning Draw Network Diagrams of Vulnerable Hosts Prepare Proxies Attack
  20. 20. Scanning Tools■ Nmap■ Nessus■ SNMP Scanner■ THC-Scan■ Netscan■ IPSecScan
  21. 21. Enumeration Enumeration occurs after scanning and is the process of gathering and compiling usernames, machine names, network resources, shares, and services. It also refers to actively querying or connecting to a target system to acquire this information.
  22. 22. Enumeration Steps Hackers need to be methodical in their approach to hacking. The following steps are an example of those a hacker might perform in preparation for hacking a target system: 1. Extract usernames using enumeration. 2. Gather information about the host using null sessions. 3. Perform Windows enumeration using the Superscan tool. 4. Acquire the user accounts using the tool GetAcct. 5. Perform SNMP port scanning.
  23. 23. SQL injection SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
  24. 24. SQL injection During a SQL injection attack, malicious code is inserted into a web form field or the website’s code to make a system execute a command shell or other arbitrary commands. Just as a legitimate user enters queries and additions to the SQL database via a web form, the hacker can insert commands to the SQL server through the same web form field.
  25. 25. Wireless Hacking Techniques Cracking encryption and authentication mechanism Eavesdropping or sniffing Denial of Service AP masquerading or spoofing MAC spoofing
  26. 26. Securing Your Wireless Network Use Strong Encryption Protocol Don’t Announce Yourself-Disable SSID Change Default Administrator Passwords and Usernames Limit Access To Your Access Point Do Not Auto-Connect to Open Wi-Fi Networks Assign Static IP Addresses to Devices Enable Firewalls On Each Computer and the Router Position the Router or Access Point Safe

×