Uploaded byasharshaikh8
82 views

3.Seminar Report Ashar Shaikh Final.docx

The document is a seminar report submitted by Ashar Shaikh on the topic of "Ethical Hacking as a Method to Enhance Information Security". It discusses ethical hacking and how it can be used to improve cybersecurity. The report includes an introduction, literature review, advantages and disadvantages of ethical hacking, the phases of ethical hacking (reconnaissance, scanning, gaining access, maintaining access, and takeover), and applications of ethical hacking such as finding vulnerabilities and demonstrating hacking methods. It also briefly discusses future scope in cyber security and concludes that ethical hacking is an important examination method to check systems for potential security issues and help enhance information protection.

Embed presentation

A SEMINAR REPORT ON “ETHICAL HACKING AS A METHOD TO ENHANCE INFORMATION SECURITY” Submitted by ASHAR SHAIKH UNDER THE GUIDANCE OF Dr. Sunil Rathod Towards the partial fulfillment of Third Year Under Graduate Course in Computer Engineering of SAVITRIBAI PHULE UNIVERSITY OF PUNE In the academic year 2021-22 DEPARTMENT OF COMPUTER ENGINEERING, Dr. D. Y. Patil Educational Enterprises Charitable Trust’s Dr. D. Y. Patil School of Engineering Dr. D. Y. Patil Knowledge City, Charholi (Bk), Lohegaon, Pune - 412 105
DEPARTMENT OF COMPUTER ENGINEERING, Dr. D. Y. Patil Educational Enterprises Charitable Trust’s Dr. D. Y. Patil School of Engineering Dr. D. Y. Patil Knowledge City, Charholi (Bk), Lohgaon, Pune - 412 105 CERTIFICATE This is to certify that Seminar Report On “ETHICAL HACKING AS A METHOD TO ENHANCE INFORMATION SECURITY” Submitted by Exam seat no: ASHAR SHAIKH Towards the partial fulfillment of Third Year Under Graduate Course in Computer Engineering Of SAVITRIBAI PHULE UNIVERSITY OF PUNE In the academic year 2020-21 Dr. Sunil Rathod Dr. Pankaj Agarkar Seminar Guide HOD DR. Farooq Sayyad Principal
AKNOWLEDGEMENT It gives me a great pleasure and immense satisfaction to present this special topic Seminar report on “Ethical Hacking As A Method To Enhance Information Security” which is the result of unwavering support, expert guidance and focused direction of my guide Dr. Sunil Rathod to whom I express my deep sense of gratitude and humble thanks, for his valuable guidance throughout the presentation work. The success of this Seminar-I has throughout depended upon an exact blend of hard work and unending co-operation and guidance, extended to me by the superiors at our college. Furthermore, I am indebted to Dr. Pankaj Agarkar, HOD Computer and Dr.Farooq Sayyad, Principal whose constant encouragement and motivation inspired me to do my best. Last but not the least I sincerely thanks to my colleagues, the staff and all others who directly or indirectly helped us and made numerous suggestions which have surely improved the quality of my work. Ashar Shaikh (T.E. Computer Engineering)
INDEX NO. CHAPTER NAME PAGE NO. ABSTRACT 1 1 INTRODUCTION 2 2 IMAGE CLASSIFICATION 3 2.1. INTRODUCTION 3 2.2. IMAGE CLASSIFICATION (PHASES OF HACKING) 4 3 MOTIVATION 4 4 LITERATURE SURVEY 5 5 CURRENT STATUS 6 6 ADVANTAGES AND DISADVANTAGES OF ETHICAL HACKING 6 6.1. ADVANTAGES 6 6.2. DISADVANTAGES 7 7 WORKING AND FEASIBILITY OF ETHICAL HACKING 8 7.1. First Phase: Reconnaissance 8 7.2. Second Phase: Scanning 9 7.3. Third Phase: Gaining Access 9 7.4. Fourth Phase: Maintaining access 10 7.5. Fifth Phase: Takeover 10 8 APPLICATION OF ETHICAL HACKING 11 9 FUTURE SCOPE OF CYBER SECURITY 13 10 CONCLUSION 14 REFERENCES 15
ABSTRACT In modern technical world internet is the main information provider and storing method. The security state on the internet is getting worse. Ethical Hacking techniques are introduced to increase online security by identifying known security vulnerabilities related with systems of others. The public and private organizations immigrate most of their crutial data to the internet, hackers and crackers have more opportunity to gain access to sensitive information through the online application. Therefore, the importance of securing the systems from the affliction of immense hacking is to encourage the persons who will caster back the illegal attacks on a computer system. Ethical hacking is an examination to check an information technology environment for potential exhausted links and vulnerabilities. Ethical hacking traverses the technique of hacking a network in an ethical manner including with virtuous viewpoint. This research paper explores ethical hacking introduction, types of ethical hackers, ethics behind ethical hacking, ethical hacking methodology, some tools which can be used for an ethical hack, cyber security concepts
1. INTRODUCTION The immense advancement of Internet has brought large amount of improvements like electronic commerce, email, easy access to giant depot of reference material, distance learning facilities, electronic banking. Calling to the disadvantages, the technical development, criminal hackers who will furtively steal the organization’s or administrative data and information to transmit them to the open internet without privacy. This process is done by black hat hackers. The white hat hackers or Ethical hackers are another group of hackers who came into persistence to silence and overcome from the major issues done by black hat hackers. This research paper explains about ethical hackers, their skills, how ethical hackers helping their customers and plug up security holes and effects of cyber security. Ethical hackers conduct the hacking always legally and trustworthy manner as a security test for the systems. Therefore, ethical hacking raised as the testing of wealth for the technological betterment with focusing on s and protecting and securing IP systems. For the enhancement of Information security ethical hacker teams are applying the similar techniques and methodologies of a hacker but in a legal manner without harming the targeted systems or stealing the information. They evaluate the targeted system’s security and report back to the owners with the vulnerabilities. They encountered and ordering with rectification instructions. Completing an ethical hack assessment through a system does not mean that the system is fully secured. An ethical hack’s quotient is a well explained report based on the explorations and evidences. There by, a hacker consisting of certain amount of skills is or is not possible for the victoriously attack to a system and get access to kind of information. Ethical hacking can be classified as a security assessment, a way of practicing, an examination for security of an information technology background. The Ethical hack illustrate the risks that information technology background is confront of, and procedures that allows to minimize certain risks or to accept them. The following figure shows security life cycle which shows the Ethical hacking procedure ideally.
2. IMAGE CLASSIFICATION First Phase: Reconnaissance A hacker should have knowledge well about the hacking target to do an attack systematically for a system. It is noticeable to take an overview about the used systems and the network. Information transverse as DNS servers, the administrator contacts and IP address ranges are collected. Different kinds of tools are used in this phase like network, network mapping, and vulnerability scanning tools are most commonly used tools. As an example, Cheops can be mentioned. It is an excellent network mapping tool which can produce networking graphs. Second Phase: Scanning During the Scanning phase probe and attack are the two main processes that are proceed on. There by, excavate in, reaching to the closer and sensing a feeling to the target. Therefore, in this time, hacker must compete for the gathered, feasible vulnerabilities founded from the first phase (reconnaissance phase). Tools that are assigned to this phase are multi sided like web exploits. Buffer overflows and the brute force are required in this phase tool activating process. Third Phase: Gaining Access This is known as first access wherever this phase is not about the taking of root access only about taking any kind of access to the system, maybe it is a user account or root account. Since this access action is available with, this makes relevant time for going a premium access levels or newer systems which are currently reachable through the acquired system. Fourth Phase: Maintaining access Covering Tracks Maintaining Access Gaining Access Scanning Reconnaissance
This phase is an addition of stealth process and advancement. An advancement phase is presumably the vast creative demanding step, from all the unlimitedly opened possibilities. Sniffing network-traffic might uncover significant passwords, wanted usernames and traffic related to e-mail with the associated information. Sending e-mails to the administrators by faking the certain well-known users or clients might help in taking expected information, data or access to a fresh system. Fifth Phase: Takeover Takeover is a process which, once the root access is arrived, the is considered as winner. Then after onwards it makes possible for installing any kind of tools, thereby it can perform each and every task and start each and every service upon the particular assigned machine. Based on the machine, now it is possible to wrongly access trust and worthy relationships, create new bondings or damage significant security checkups.
3. MOTIVATION Ethical hacking is used to secure important data from enemies. It works as a safeguard of your computer from blackmail by the people who want to exploit the vulnerability. Using ethical hacking, a company or organization can find out security vulnerability and risks. Governments use State-sponsored hacking to prevent intelligence information about influence politics, an enemy state, etc. Ethical hacking can ensure the safety of the nation by preventing cyber-terrorism and terrorist attacks. Hackers can think from an attacker's perspective and find the potential entry point and fix them before any attacks. Ethical hacking helps us learn new skills used in many roles like software developer, risk management, quality assurance tester, and network defender.
4. LITERATURE SURVEY Hacking can be explained as one of the misunderstood major cyber concepts. The greatest number of individuals think that hacking as something illegal or evil, but nothing can be farther from represented truth. It is clear that, hacking may be an actual threat, but to stop hacking yourself by someone , it is a must for you to learn hacking techniques.[3]Aman Gupta explained well about techniques and methods such as Wi-Fi hacking ,penetration testing and DOS attacks with the aim of providing a better knowledge in hacking methodologies and eventually preclude your devices or computer from being a target easily.[10] History of Computing carries all together up on to one minute coverage about all basic hacking concepts, issues and terminology , with all skills you have to keep developed in this field. The research thoroughly cover ups core hacking topics, such as assessments of vulnerabilities, virus attacks to the sites, hacking techniques, spyware and its activities, network defenses, passwords protection and detections, firewalls and its behavior, intrusion detection and VPN.[2] Ethical Hacking: The Security Justification Redux is a research with all extensively and clearly mentioned about art in both attacks and defense
5. CURRENT STATUS Today, you can find Certified Ethical Hackers working with some of the finest and largest companies across industries like healthcare, financial, government, energy and much more! Ethical Hacking and its types. What are the types of ethical hacking? 1. Web application hacking. 2. Social engineering. 3. System hacking. 4. Hacking wireless networks. 5. Web server hacking.
6. ADVANTAGES AND DISADVANTAGES OF ETHICAL HACKING 6.1 Advantages Since ethical hacking engage with an excellent role model in modern security era, where the network using individuals are frequently increasing. The hacker types who gaining the advantages of network while staying at the home place. The following are the identified main advantages of ethical hacking. a. The conflict against terrorism issues and security issues. b. Preventing the action of malicious hackers to take the access of crucial data. c. Ethical hackers think that an individual can protect in best way , the systems allowing them in the way of causing non damage and eventually fixing the founded vulnerabilities. d. Ethical hackers deploy their knowledge as risk management techniques. Network testing is the most important type of ethical hack for keeping information assets secure. The top three benefits of ethical hacks, in order of importance, are improving overall security posture, protecting against theft of intellectual property and fulfilling regulatory/legislative mandates. A majority of IT organizations conduct ethical hacks on wireline and wireless networks, applications and operating systems either annually or more frequently. There is no single set of methodology that can be adopted for ethical hacking.
6.2 Disadvantages Calling to the disadvantages, the technical development, criminal hackers who will furtively steal the organization’s or administrative data and information to transmit them to the open internet without privacy. This process is done by black hat hackers. The white hat hackers or Ethical hackers are another group of hackers who came into persistence to silence and overcome from the major issues done by black hat hackers. the security protection of other external person with having a malicious or bad desire or intentions to damage or steal their secret, curtail and important information. This is compromising the protection of the large organizations, closing down or functions altering of networks and websites. They exceed the security of the computer for their personal benefits. They are individuals who are generally needs to prove their comprehensive knowledge inside the computers and accomplish different types of cybercrimes like credit card fraud and identity stealing.
7. Working And Feasibility Of Ethical Hacking 7.1. First Phase: Reconnaissance A hacker should have knowledge well about the hacking target to do an attack systematically for a system. It is noticeable to take an overview about the used systems and the network. The attacker must possess a bundle of information and data about the target at the end of this phase. A promising attack path is built up using this all information collected by reconnaissance phase. To do a successful internal ethical hacking this tool is essential. The attacker must possess a bundle of information and data about the target at the end of this phase. A promising attack path is built up using this all information collected by reconnaissance phase. 7.2. Second Phase: Scanning During the Scanning phase probe and attack are the two main processes that are proceed on. There by, excavate in, reaching to the closer and sensing a feeling to the target. Therefore, in this time, hacker must compete for the gathered, feasible vulnerabilities founded from the first phase (reconnaissance phase). Tools that are assigned to this phase are multi sided like web exploits. Buffer overflows and the brute force are required in this phase tool activating process. Listening is another second phase process. Probe, attack and listening are the main combinations of Scanning process. Having a listening to the network traffic or to having a listening to application data are instantly helpful to riposte a system for developing deep into a corporate or an associate network.
7.3. Third Phase: Gaining Access This is known as first access wherever this phase is not about the taking of root access only about taking any kind of access to the system, maybe it is a user account or root account. Since this access action is available with, this makes relevant time for going a premium access levels or newer systems which are currently reachable through the acquired system. 7.4. Fourth Phase: Maintaining access This phase is an addition of stealth process and advancement. An advancement phase is presumably the vast creative demanding step, from all the unlimitedly opened possibilities Sniffing network-traffic might uncover significant passwords, wanted usernames and traffic related to e-mail with the associated information. Sending e-mails to the administrators by faking the certain well-known users or clients might help in taking expected information, data or access to a fresh system. 7.5. Fifth Phase: Takeover Takeover is a process which, once the root access is arrived, the is considered as winner. Then after onwards it makes possible for installing any kind of tools, thereby it can perform each and every task and start each and every service upon the particular assigned machine. Based on the machine, now it is possible to wrongly access trust and worthy relationships, create new bondings or damage significant security checkups. Cleanup: This is an instruction set in a finalized report about the way of removing identified trojans. Even though of this is an action of the hacker itself. By removing and cleaning all the traces to the its greater extent is a way of duty for the hacking craft. In an ethical hack, it most occasions have a significant risk, only if the task could not properly complete. Therefore, a hacker is using all the dilated tools to hide its attacks from the attacks formed by the ethical hackers.
8. APPLICATION OF ETHICAL HACKING AS A METHOD TO ENHANCE INFORMATION SECURITY Finding vulnerabilities. Ethical hackers help companies determine which of their IT security measures are effective, which need updating and which contain vulnerabilities that can be exploited. When ethical hackers finish evaluating an organization's systems, they report back to company leaders about those vulnerable areas, which may include a lack of sufficient password encryption, insecure applications or exposed systems running unpatched software. Organizations can use the data from these tests to make informed decisions about where and how to improve their security posture to prevent cyber-attacks. Demonstrating methods used by cybercriminals. These demonstrations show executives the hacking techniques that malicious actors could use to attack their systems and wreak havoc on their businesses. Companies that have in-depth knowledge of the methods the attackers use to break into their systems are better able to prevent those incursions. Helping to prepare for a cyber attack. Cyber attacks can cripple or destroy a business -- especially a smaller business -- but most companies are still unprepared for cyber attacks. Ethical hackers understand how threat actors operate, and they know how these bad actors will use new information and techniques to attack systems. Security professionals who work with ethical hackers are better able to prepare for future attacks because they can better react to the constantly changing nature of online threats.
ETHICAL HACKING VS PENETRATION TESTING Pen testing and ethical hacking are often used as interchangeable terms, but there is some nuance that distinguishes the two roles. Many organizations will use both ethical hackers and pen testers to bolster IT security. Ethical hackers routinely test IT systems looking for flaws and to stay abreast of ransomware or emerging computer viruses. Their work often entails pen tests as part of an overall IT security assessment. Pen testers seeks to accomplish many of the same goals, but their work is often conducted on a defined schedule. Pen testing is also more narrowly focused on specific aspects of a network, rather than on ongoing overall security. For example, the person performing the pen testing may have limited access only to the systems that are subject to testing and only for the duration of the testing.
9. FUTURE SCOPE OF Cyber Security
10. CONCLUSION According to the constructed information for the justification of security in ethical hacking, it is divided into two types as: Exposing security transversions must not be rewarded or encouraged and Every company is not consisting of resources to shield existing versions on the system software. Though it might be not certain as the past, the present network systems are significantly dependent on each-other for the aspect of security. One unsecured device placed within a major network can apply as a platform which is up to activate the attacks. The spreded denial of service attack actions are of February 2000 used compromision based hardware devices to flood the Electronic commerce sites in indirect manner. Anyway, each of the computer security is depending on the security of other computers which are situated within the its own community interest. Likewise, the deploying the flaw of security is a positive procedure in both self-interested and public betterment. In consideration with the present site’s protection types, the week security on internet, the concept of ethical hacking is the most effective methodology to proactively plug all the identified security chambers and prevent from all the intrusions. Ethical hacking tools like scanners are having notorious type of tools for the crackers. A fine-line having in between hacking to public interest and public community betterment versus leaving tools that might really enable for the attacks and in the aggregates making the internet as unsecure whenever it used to consider in all.
REFERENCES 1. Ajinkya A. Farsole, Amurta G. Kashikar and Apurva Zunzunwala , “Ethical Hacking ” , International journal of Computer Applications (0975-8887), 2010. 2. Aman Gupta, Abhineet Anand Student, School of Computer Science and Engineering,Galgotias University,Greater Noida, India amang9578@gmail.com Professor, Department of Computer Science and Engineering, Galgotias University,Greater Noida, India Abhineet.mnnit@gmail.com IJECS Volume 6 Issue 4 April, 2017 Page No. 21042-21050J. International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 6 Issue 4 April 2017, Page No. 21042-21050 Index Copernicus value (2015): 58.10 DOI: 10.18535/ijecs/v6i4.42 . 3. Engineering, Guru Nanak Dev Engineering College, Ludhiana, India Ethical hacking: a technique to enhance information security. International Journal of Innovative Research in Science, Engineering and Technology (An ISO 3297: 2007 Certified Organization) Vol. 2, Issue12,December2013. 4. Halil Ebrahim, Ihsan, Batmaz, “Wireless Network security comparison of WEP mechanism, WPA and RSN security protocols”. 5. J. Danish and A. N. Muhammad, “Is Ethical Hacking Ethical? “ International journal of Engineering Science and Technology, Vol 3 No. 5, pp. 3758-3763, May 2011 6. James Corley, Kent Backman, and Michael “Hands-On Ethical Hacking and Network Defence”, 2006. 7. Neeraj Rathore, Assistant Professor, Department of Computer Science and Engineering, Jaypee University of Engineering and Technology, Guna, Madhya Pradesh, India. Ethical hacking & security against cyber crime.Article January 2016 DOI: 10.26634/JIT.5.1.4796 . 8. P. Harika Reddy1 Surapaneni Gopi Siva Sai Teja2 1 Student, Sreenidhi Institute Of Science and Technology, Hyderabad, India. Cyber Security and Ethical Hacking. International Journal for Research in Applied Science & Engineering
Technology (IJRASET) ISSN: 2321-9653; IC Value: 45.98; SJ Impact Factor: 6.887 Volume 6 Issue VI, June 2018- Available at www.ijraset.com . 9. R Rafay Baloch, “Ethical Hacking and Penetration Testing Guide”, 2014. 10. R.R.Schell,P.J.Downey,andG.J.Popek,PreliminaryNotes ontheDesignofSecureMilitaryComputerSystems,MCI-73-1, ESD/AFSC, Hanscom Air Force Base, Bedford, MA (January 1973).

More Related Content

DOCX
Final report ethical hacking
bysamprada123
 
PDF
Ethical hacking
byMohammad Affan
 
PDF
A REVIEW PAPER ON ETHICAL HACKING
byNathan Mathis
 
PDF
Vulnerability Prevention Using Ethical Hacking.pdf
byMithunJV
 
PDF
cyber security course in kochi hacking,,
byksnikhitha676
 
PDF
Black and Blue Modern Earth Presentatio.
byksnikhitha676
 
DOCX
Ethical hacking
byAsaduzzaman Kanok
 
PPTX
Ashar Shaikh A-84 SEMINAR.pptx
byasharshaikh8
 
Final report ethical hacking
bysamprada123
 
Ethical hacking
byMohammad Affan
 
A REVIEW PAPER ON ETHICAL HACKING
byNathan Mathis
 
Vulnerability Prevention Using Ethical Hacking.pdf
byMithunJV
 
cyber security course in kochi hacking,,
byksnikhitha676
 
Black and Blue Modern Earth Presentatio.
byksnikhitha676
 
Ethical hacking
byAsaduzzaman Kanok
 
Ashar Shaikh A-84 SEMINAR.pptx
byasharshaikh8
 

Similar to 3.Seminar Report Ashar Shaikh Final.docx

PPTX
Ethical Hacking .pptx
byjohnnymaaza
 
PDF
A Beginner’s Guide to Ethical Hacking.pdf
byuzair
 
PPTX
ethical hacking
bysamprada123
 
DOCX
Full seminar report on ethical hacking
byGeorgekutty Francis
 
PPTX
Cyber Security PPT
byashish kumar
 
DOCX
Ethical hacking.
byKhushboo Aggarwal
 
PPTX
Ethical hacking
bySaqib Raza
 
PPTX
PPPPT ON ETHICAL HACKING212313213213213213
byhellomorekp111
 
PPTX
Ethical hacking11601031 (1)
byMohammad Affan
 
PPT
Ethical hacking
byRamchandraRegmi
 
DOCX
Ethical hacking
byNitheesh Adithyan
 
PPTX
ethical cyber security Presentation.pptx
byancymichael123
 
PPTX
ETHICAL HACKING.pptx
byethicalhackerhub
 
PDF
BASICS OF ETHICAL HACKING
byDrm Kapoor
 
PDF
IRJET-Ethical Hacking
byIRJET Journal
 
PDF
Ethical Hacking A high-level information security study on protecting a comp...
byQuinnipiac University
 
PDF
IRJET- Ethical Hacking
byIRJET Journal
 
PDF
IRJET- An Overview of Ethical Hacking
byIRJET Journal
 
PDF
Hacking and Ethical Hacking
byMasih Karimi
 
PPTX
ethical hacking.pptx
bydaxgame
 
Ethical Hacking .pptx
byjohnnymaaza
 
A Beginner’s Guide to Ethical Hacking.pdf
byuzair
 
ethical hacking
bysamprada123
 
Full seminar report on ethical hacking
byGeorgekutty Francis
 
Cyber Security PPT
byashish kumar
 
Ethical hacking.
byKhushboo Aggarwal
 
Ethical hacking
bySaqib Raza
 
PPPPT ON ETHICAL HACKING212313213213213213
byhellomorekp111
 
Ethical hacking11601031 (1)
byMohammad Affan
 
Ethical hacking
byRamchandraRegmi
 
Ethical hacking
byNitheesh Adithyan
 
ethical cyber security Presentation.pptx
byancymichael123
 
ETHICAL HACKING.pptx
byethicalhackerhub
 
BASICS OF ETHICAL HACKING
byDrm Kapoor
 
IRJET-Ethical Hacking
byIRJET Journal
 
Ethical Hacking A high-level information security study on protecting a comp...
byQuinnipiac University
 
IRJET- Ethical Hacking
byIRJET Journal
 
IRJET- An Overview of Ethical Hacking
byIRJET Journal
 
Hacking and Ethical Hacking
byMasih Karimi
 
ethical hacking.pptx
bydaxgame
 

Recently uploaded

PPTX
firewall Selection in production life pptx
byssuserb1479b
 
PPTX
Importance of Instrument Calibration — Improve Accuracy, Reliability & Mainte...
byMaintWiz Technologies Private Limited
 
PPTX
Avoiding Pitfalls: The 7 Biggest Maintenance Mistakes Plant Managers Make
byMaintWiz Technologies Private Limited
 
PPTX
Assessment 4 SRS Presentation - Final (2).pptx
byayush445302
 
PPTX
Basic Electrical Engineering-Introduction to Light Sources
byKhuman Haobam
 
PPTX
Lean Maintenance: Streamlining Operations for Efficiency & Reliability
byMaintWiz Technologies Private Limited
 
PPTX
Inventory Excellence: Achieve Efficient Inventory Management with CMMS
byMaintWiz Technologies Private Limited
 
PDF
ACI 318-2205_American Concrete Institute.pdf
byericaguilerasoto1
 
PPTX
Technology Stack Evolution: Analyzing Programming Language & Database Trends ...
byzouhairfezzaz54
 
PPT
Pointer in C: declaration and initialization
byMinakshee Patil
 
PPTX
Emerging Trends and Research Frontiers in Chemical Engineering for Green and ...
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PPTX
Step-by-step guide to designing standard a microbiology laboratory in pharmac...
byshawkyabdo1
 
PPTX
Chen,Usmani,Li - Optimizing PATH Weekend Operations - Presentation.pptx
byLeyanChen3
 
PPTX
Lecture-15- Thermodynamics II Mohamed salem-NO COMMENTARY.pptx
byDinaSaad22
 
PPTX
Salesforce Bulk Connector V1 and V2 Deep Dive!
byRajeevRanjan368982
 
PPTX
IEC60079-10-1 -Annex F -Hazardous Area Classification -HAC-Annex F.pptx
byasifmirzamakki
 
PPTX
Design and Thermal Analysis of Plate Type Heat Exchanger
byKhageshKumarDansena
 
PDF
STOP CONSOLIDATION: Optimizing Transit Speed & Rider Experience
byti2208
 
PPT
63490613-Boiler-Tube-Leakage-analysis-symptoms-causes.ppt
byallahdittashafi
 
PPTX
علي نفط.pptx هندسة النفط هندسة النفط والغاز
byengpe23e27
 
firewall Selection in production life pptx
byssuserb1479b
 
Importance of Instrument Calibration — Improve Accuracy, Reliability & Mainte...
byMaintWiz Technologies Private Limited
 
Avoiding Pitfalls: The 7 Biggest Maintenance Mistakes Plant Managers Make
byMaintWiz Technologies Private Limited
 
Assessment 4 SRS Presentation - Final (2).pptx
byayush445302
 
Basic Electrical Engineering-Introduction to Light Sources
byKhuman Haobam
 
Lean Maintenance: Streamlining Operations for Efficiency & Reliability
byMaintWiz Technologies Private Limited
 
Inventory Excellence: Achieve Efficient Inventory Management with CMMS
byMaintWiz Technologies Private Limited
 
ACI 318-2205_American Concrete Institute.pdf
byericaguilerasoto1
 
Technology Stack Evolution: Analyzing Programming Language & Database Trends ...
byzouhairfezzaz54
 
Pointer in C: declaration and initialization
byMinakshee Patil
 
Emerging Trends and Research Frontiers in Chemical Engineering for Green and ...
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
Step-by-step guide to designing standard a microbiology laboratory in pharmac...
byshawkyabdo1
 
Chen,Usmani,Li - Optimizing PATH Weekend Operations - Presentation.pptx
byLeyanChen3
 
Lecture-15- Thermodynamics II Mohamed salem-NO COMMENTARY.pptx
byDinaSaad22
 
Salesforce Bulk Connector V1 and V2 Deep Dive!
byRajeevRanjan368982
 
IEC60079-10-1 -Annex F -Hazardous Area Classification -HAC-Annex F.pptx
byasifmirzamakki
 
Design and Thermal Analysis of Plate Type Heat Exchanger
byKhageshKumarDansena
 
STOP CONSOLIDATION: Optimizing Transit Speed & Rider Experience
byti2208
 
63490613-Boiler-Tube-Leakage-analysis-symptoms-causes.ppt
byallahdittashafi
 
علي نفط.pptx هندسة النفط هندسة النفط والغاز
byengpe23e27
 

3.Seminar Report Ashar Shaikh Final.docx

  • 1.
    A SEMINAR REPORT ON “ETHICALHACKING AS A METHOD TO ENHANCE INFORMATION SECURITY” Submitted by ASHAR SHAIKH UNDER THE GUIDANCE OF Dr. Sunil Rathod Towards the partial fulfillment of Third Year Under Graduate Course in Computer Engineering of SAVITRIBAI PHULE UNIVERSITY OF PUNE In the academic year 2021-22 DEPARTMENT OF COMPUTER ENGINEERING, Dr. D. Y. Patil Educational Enterprises Charitable Trust’s Dr. D. Y. Patil School of Engineering Dr. D. Y. Patil Knowledge City, Charholi (Bk), Lohegaon, Pune - 412 105
  • 2.
    DEPARTMENT OF COMPUTERENGINEERING, Dr. D. Y. Patil Educational Enterprises Charitable Trust’s Dr. D. Y. Patil School of Engineering Dr. D. Y. Patil Knowledge City, Charholi (Bk), Lohgaon, Pune - 412 105 CERTIFICATE This is to certify that Seminar Report On “ETHICAL HACKING AS A METHOD TO ENHANCE INFORMATION SECURITY” Submitted by Exam seat no: ASHAR SHAIKH Towards the partial fulfillment of Third Year Under Graduate Course in Computer Engineering Of SAVITRIBAI PHULE UNIVERSITY OF PUNE In the academic year 2020-21 Dr. Sunil Rathod Dr. Pankaj Agarkar Seminar Guide HOD DR. Farooq Sayyad Principal
  • 3.
    AKNOWLEDGEMENT It gives mea great pleasure and immense satisfaction to present this special topic Seminar report on “Ethical Hacking As A Method To Enhance Information Security” which is the result of unwavering support, expert guidance and focused direction of my guide Dr. Sunil Rathod to whom I express my deep sense of gratitude and humble thanks, for his valuable guidance throughout the presentation work. The success of this Seminar-I has throughout depended upon an exact blend of hard work and unending co-operation and guidance, extended to me by the superiors at our college. Furthermore, I am indebted to Dr. Pankaj Agarkar, HOD Computer and Dr.Farooq Sayyad, Principal whose constant encouragement and motivation inspired me to do my best. Last but not the least I sincerely thanks to my colleagues, the staff and all others who directly or indirectly helped us and made numerous suggestions which have surely improved the quality of my work. Ashar Shaikh (T.E. Computer Engineering)
  • 4.
    INDEX NO. CHAPTER NAME PAGE NO. ABSTRACT1 1 INTRODUCTION 2 2 IMAGE CLASSIFICATION 3 2.1. INTRODUCTION 3 2.2. IMAGE CLASSIFICATION (PHASES OF HACKING) 4 3 MOTIVATION 4 4 LITERATURE SURVEY 5 5 CURRENT STATUS 6 6 ADVANTAGES AND DISADVANTAGES OF ETHICAL HACKING 6 6.1. ADVANTAGES 6 6.2. DISADVANTAGES 7 7 WORKING AND FEASIBILITY OF ETHICAL HACKING 8 7.1. First Phase: Reconnaissance 8 7.2. Second Phase: Scanning 9 7.3. Third Phase: Gaining Access 9 7.4. Fourth Phase: Maintaining access 10 7.5. Fifth Phase: Takeover 10 8 APPLICATION OF ETHICAL HACKING 11 9 FUTURE SCOPE OF CYBER SECURITY 13 10 CONCLUSION 14 REFERENCES 15
  • 5.
    ABSTRACT In modern technicalworld internet is the main information provider and storing method. The security state on the internet is getting worse. Ethical Hacking techniques are introduced to increase online security by identifying known security vulnerabilities related with systems of others. The public and private organizations immigrate most of their crutial data to the internet, hackers and crackers have more opportunity to gain access to sensitive information through the online application. Therefore, the importance of securing the systems from the affliction of immense hacking is to encourage the persons who will caster back the illegal attacks on a computer system. Ethical hacking is an examination to check an information technology environment for potential exhausted links and vulnerabilities. Ethical hacking traverses the technique of hacking a network in an ethical manner including with virtuous viewpoint. This research paper explores ethical hacking introduction, types of ethical hackers, ethics behind ethical hacking, ethical hacking methodology, some tools which can be used for an ethical hack, cyber security concepts
  • 6.
    1. INTRODUCTION The immenseadvancement of Internet has brought large amount of improvements like electronic commerce, email, easy access to giant depot of reference material, distance learning facilities, electronic banking. Calling to the disadvantages, the technical development, criminal hackers who will furtively steal the organization’s or administrative data and information to transmit them to the open internet without privacy. This process is done by black hat hackers. The white hat hackers or Ethical hackers are another group of hackers who came into persistence to silence and overcome from the major issues done by black hat hackers. This research paper explains about ethical hackers, their skills, how ethical hackers helping their customers and plug up security holes and effects of cyber security. Ethical hackers conduct the hacking always legally and trustworthy manner as a security test for the systems. Therefore, ethical hacking raised as the testing of wealth for the technological betterment with focusing on s and protecting and securing IP systems. For the enhancement of Information security ethical hacker teams are applying the similar techniques and methodologies of a hacker but in a legal manner without harming the targeted systems or stealing the information. They evaluate the targeted system’s security and report back to the owners with the vulnerabilities. They encountered and ordering with rectification instructions. Completing an ethical hack assessment through a system does not mean that the system is fully secured. An ethical hack’s quotient is a well explained report based on the explorations and evidences. There by, a hacker consisting of certain amount of skills is or is not possible for the victoriously attack to a system and get access to kind of information. Ethical hacking can be classified as a security assessment, a way of practicing, an examination for security of an information technology background. The Ethical hack illustrate the risks that information technology background is confront of, and procedures that allows to minimize certain risks or to accept them. The following figure shows security life cycle which shows the Ethical hacking procedure ideally.
  • 7.
    2. IMAGE CLASSIFICATION FirstPhase: Reconnaissance A hacker should have knowledge well about the hacking target to do an attack systematically for a system. It is noticeable to take an overview about the used systems and the network. Information transverse as DNS servers, the administrator contacts and IP address ranges are collected. Different kinds of tools are used in this phase like network, network mapping, and vulnerability scanning tools are most commonly used tools. As an example, Cheops can be mentioned. It is an excellent network mapping tool which can produce networking graphs. Second Phase: Scanning During the Scanning phase probe and attack are the two main processes that are proceed on. There by, excavate in, reaching to the closer and sensing a feeling to the target. Therefore, in this time, hacker must compete for the gathered, feasible vulnerabilities founded from the first phase (reconnaissance phase). Tools that are assigned to this phase are multi sided like web exploits. Buffer overflows and the brute force are required in this phase tool activating process. Third Phase: Gaining Access This is known as first access wherever this phase is not about the taking of root access only about taking any kind of access to the system, maybe it is a user account or root account. Since this access action is available with, this makes relevant time for going a premium access levels or newer systems which are currently reachable through the acquired system. Fourth Phase: Maintaining access Covering Tracks Maintaining Access Gaining Access Scanning Reconnaissance
  • 8.
    This phase isan addition of stealth process and advancement. An advancement phase is presumably the vast creative demanding step, from all the unlimitedly opened possibilities. Sniffing network-traffic might uncover significant passwords, wanted usernames and traffic related to e-mail with the associated information. Sending e-mails to the administrators by faking the certain well-known users or clients might help in taking expected information, data or access to a fresh system. Fifth Phase: Takeover Takeover is a process which, once the root access is arrived, the is considered as winner. Then after onwards it makes possible for installing any kind of tools, thereby it can perform each and every task and start each and every service upon the particular assigned machine. Based on the machine, now it is possible to wrongly access trust and worthy relationships, create new bondings or damage significant security checkups.
  • 9.
    3. MOTIVATION Ethical hackingis used to secure important data from enemies. It works as a safeguard of your computer from blackmail by the people who want to exploit the vulnerability. Using ethical hacking, a company or organization can find out security vulnerability and risks. Governments use State-sponsored hacking to prevent intelligence information about influence politics, an enemy state, etc. Ethical hacking can ensure the safety of the nation by preventing cyber-terrorism and terrorist attacks. Hackers can think from an attacker's perspective and find the potential entry point and fix them before any attacks. Ethical hacking helps us learn new skills used in many roles like software developer, risk management, quality assurance tester, and network defender.
  • 10.
    4. LITERATURE SURVEY Hackingcan be explained as one of the misunderstood major cyber concepts. The greatest number of individuals think that hacking as something illegal or evil, but nothing can be farther from represented truth. It is clear that, hacking may be an actual threat, but to stop hacking yourself by someone , it is a must for you to learn hacking techniques.[3]Aman Gupta explained well about techniques and methods such as Wi-Fi hacking ,penetration testing and DOS attacks with the aim of providing a better knowledge in hacking methodologies and eventually preclude your devices or computer from being a target easily.[10] History of Computing carries all together up on to one minute coverage about all basic hacking concepts, issues and terminology , with all skills you have to keep developed in this field. The research thoroughly cover ups core hacking topics, such as assessments of vulnerabilities, virus attacks to the sites, hacking techniques, spyware and its activities, network defenses, passwords protection and detections, firewalls and its behavior, intrusion detection and VPN.[2] Ethical Hacking: The Security Justification Redux is a research with all extensively and clearly mentioned about art in both attacks and defense
  • 11.
    5. CURRENT STATUS Today,you can find Certified Ethical Hackers working with some of the finest and largest companies across industries like healthcare, financial, government, energy and much more! Ethical Hacking and its types. What are the types of ethical hacking? 1. Web application hacking. 2. Social engineering. 3. System hacking. 4. Hacking wireless networks. 5. Web server hacking.
  • 12.
    6. ADVANTAGES ANDDISADVANTAGES OF ETHICAL HACKING 6.1 Advantages Since ethical hacking engage with an excellent role model in modern security era, where the network using individuals are frequently increasing. The hacker types who gaining the advantages of network while staying at the home place. The following are the identified main advantages of ethical hacking. a. The conflict against terrorism issues and security issues. b. Preventing the action of malicious hackers to take the access of crucial data. c. Ethical hackers think that an individual can protect in best way , the systems allowing them in the way of causing non damage and eventually fixing the founded vulnerabilities. d. Ethical hackers deploy their knowledge as risk management techniques. Network testing is the most important type of ethical hack for keeping information assets secure. The top three benefits of ethical hacks, in order of importance, are improving overall security posture, protecting against theft of intellectual property and fulfilling regulatory/legislative mandates. A majority of IT organizations conduct ethical hacks on wireline and wireless networks, applications and operating systems either annually or more frequently. There is no single set of methodology that can be adopted for ethical hacking.
  • 13.
    6.2 Disadvantages Calling tothe disadvantages, the technical development, criminal hackers who will furtively steal the organization’s or administrative data and information to transmit them to the open internet without privacy. This process is done by black hat hackers. The white hat hackers or Ethical hackers are another group of hackers who came into persistence to silence and overcome from the major issues done by black hat hackers. the security protection of other external person with having a malicious or bad desire or intentions to damage or steal their secret, curtail and important information. This is compromising the protection of the large organizations, closing down or functions altering of networks and websites. They exceed the security of the computer for their personal benefits. They are individuals who are generally needs to prove their comprehensive knowledge inside the computers and accomplish different types of cybercrimes like credit card fraud and identity stealing.
  • 14.
    7. Working AndFeasibility Of Ethical Hacking 7.1. First Phase: Reconnaissance A hacker should have knowledge well about the hacking target to do an attack systematically for a system. It is noticeable to take an overview about the used systems and the network. The attacker must possess a bundle of information and data about the target at the end of this phase. A promising attack path is built up using this all information collected by reconnaissance phase. To do a successful internal ethical hacking this tool is essential. The attacker must possess a bundle of information and data about the target at the end of this phase. A promising attack path is built up using this all information collected by reconnaissance phase. 7.2. Second Phase: Scanning During the Scanning phase probe and attack are the two main processes that are proceed on. There by, excavate in, reaching to the closer and sensing a feeling to the target. Therefore, in this time, hacker must compete for the gathered, feasible vulnerabilities founded from the first phase (reconnaissance phase). Tools that are assigned to this phase are multi sided like web exploits. Buffer overflows and the brute force are required in this phase tool activating process. Listening is another second phase process. Probe, attack and listening are the main combinations of Scanning process. Having a listening to the network traffic or to having a listening to application data are instantly helpful to riposte a system for developing deep into a corporate or an associate network.
  • 15.
    7.3. Third Phase:Gaining Access This is known as first access wherever this phase is not about the taking of root access only about taking any kind of access to the system, maybe it is a user account or root account. Since this access action is available with, this makes relevant time for going a premium access levels or newer systems which are currently reachable through the acquired system. 7.4. Fourth Phase: Maintaining access This phase is an addition of stealth process and advancement. An advancement phase is presumably the vast creative demanding step, from all the unlimitedly opened possibilities Sniffing network-traffic might uncover significant passwords, wanted usernames and traffic related to e-mail with the associated information. Sending e-mails to the administrators by faking the certain well-known users or clients might help in taking expected information, data or access to a fresh system. 7.5. Fifth Phase: Takeover Takeover is a process which, once the root access is arrived, the is considered as winner. Then after onwards it makes possible for installing any kind of tools, thereby it can perform each and every task and start each and every service upon the particular assigned machine. Based on the machine, now it is possible to wrongly access trust and worthy relationships, create new bondings or damage significant security checkups. Cleanup: This is an instruction set in a finalized report about the way of removing identified trojans. Even though of this is an action of the hacker itself. By removing and cleaning all the traces to the its greater extent is a way of duty for the hacking craft. In an ethical hack, it most occasions have a significant risk, only if the task could not properly complete. Therefore, a hacker is using all the dilated tools to hide its attacks from the attacks formed by the ethical hackers.
  • 16.
    8. APPLICATION OFETHICAL HACKING AS A METHOD TO ENHANCE INFORMATION SECURITY Finding vulnerabilities. Ethical hackers help companies determine which of their IT security measures are effective, which need updating and which contain vulnerabilities that can be exploited. When ethical hackers finish evaluating an organization's systems, they report back to company leaders about those vulnerable areas, which may include a lack of sufficient password encryption, insecure applications or exposed systems running unpatched software. Organizations can use the data from these tests to make informed decisions about where and how to improve their security posture to prevent cyber-attacks. Demonstrating methods used by cybercriminals. These demonstrations show executives the hacking techniques that malicious actors could use to attack their systems and wreak havoc on their businesses. Companies that have in-depth knowledge of the methods the attackers use to break into their systems are better able to prevent those incursions. Helping to prepare for a cyber attack. Cyber attacks can cripple or destroy a business -- especially a smaller business -- but most companies are still unprepared for cyber attacks. Ethical hackers understand how threat actors operate, and they know how these bad actors will use new information and techniques to attack systems. Security professionals who work with ethical hackers are better able to prepare for future attacks because they can better react to the constantly changing nature of online threats.
  • 17.
    ETHICAL HACKING VSPENETRATION TESTING Pen testing and ethical hacking are often used as interchangeable terms, but there is some nuance that distinguishes the two roles. Many organizations will use both ethical hackers and pen testers to bolster IT security. Ethical hackers routinely test IT systems looking for flaws and to stay abreast of ransomware or emerging computer viruses. Their work often entails pen tests as part of an overall IT security assessment. Pen testers seeks to accomplish many of the same goals, but their work is often conducted on a defined schedule. Pen testing is also more narrowly focused on specific aspects of a network, rather than on ongoing overall security. For example, the person performing the pen testing may have limited access only to the systems that are subject to testing and only for the duration of the testing.
  • 18.
    9. FUTURE SCOPEOF Cyber Security
  • 19.
    10. CONCLUSION According tothe constructed information for the justification of security in ethical hacking, it is divided into two types as: Exposing security transversions must not be rewarded or encouraged and Every company is not consisting of resources to shield existing versions on the system software. Though it might be not certain as the past, the present network systems are significantly dependent on each-other for the aspect of security. One unsecured device placed within a major network can apply as a platform which is up to activate the attacks. The spreded denial of service attack actions are of February 2000 used compromision based hardware devices to flood the Electronic commerce sites in indirect manner. Anyway, each of the computer security is depending on the security of other computers which are situated within the its own community interest. Likewise, the deploying the flaw of security is a positive procedure in both self-interested and public betterment. In consideration with the present site’s protection types, the week security on internet, the concept of ethical hacking is the most effective methodology to proactively plug all the identified security chambers and prevent from all the intrusions. Ethical hacking tools like scanners are having notorious type of tools for the crackers. A fine-line having in between hacking to public interest and public community betterment versus leaving tools that might really enable for the attacks and in the aggregates making the internet as unsecure whenever it used to consider in all.
  • 20.
    REFERENCES 1. Ajinkya A.Farsole, Amurta G. Kashikar and Apurva Zunzunwala , “Ethical Hacking ” , International journal of Computer Applications (0975-8887), 2010. 2. Aman Gupta, Abhineet Anand Student, School of Computer Science and Engineering,Galgotias University,Greater Noida, India amang9578@gmail.com Professor, Department of Computer Science and Engineering, Galgotias University,Greater Noida, India Abhineet.mnnit@gmail.com IJECS Volume 6 Issue 4 April, 2017 Page No. 21042-21050J. International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 6 Issue 4 April 2017, Page No. 21042-21050 Index Copernicus value (2015): 58.10 DOI: 10.18535/ijecs/v6i4.42 . 3. Engineering, Guru Nanak Dev Engineering College, Ludhiana, India Ethical hacking: a technique to enhance information security. International Journal of Innovative Research in Science, Engineering and Technology (An ISO 3297: 2007 Certified Organization) Vol. 2, Issue12,December2013. 4. Halil Ebrahim, Ihsan, Batmaz, “Wireless Network security comparison of WEP mechanism, WPA and RSN security protocols”. 5. J. Danish and A. N. Muhammad, “Is Ethical Hacking Ethical? “ International journal of Engineering Science and Technology, Vol 3 No. 5, pp. 3758-3763, May 2011 6. James Corley, Kent Backman, and Michael “Hands-On Ethical Hacking and Network Defence”, 2006. 7. Neeraj Rathore, Assistant Professor, Department of Computer Science and Engineering, Jaypee University of Engineering and Technology, Guna, Madhya Pradesh, India. Ethical hacking & security against cyber crime.Article January 2016 DOI: 10.26634/JIT.5.1.4796 . 8. P. Harika Reddy1 Surapaneni Gopi Siva Sai Teja2 1 Student, Sreenidhi Institute Of Science and Technology, Hyderabad, India. Cyber Security and Ethical Hacking. International Journal for Research in Applied Science & Engineering
  • 21.
    Technology (IJRASET) ISSN:2321-9653; IC Value: 45.98; SJ Impact Factor: 6.887 Volume 6 Issue VI, June 2018- Available at www.ijraset.com . 9. R Rafay Baloch, “Ethical Hacking and Penetration Testing Guide”, 2014. 10. R.R.Schell,P.J.Downey,andG.J.Popek,PreliminaryNotes ontheDesignofSecureMilitaryComputerSystems,MCI-73-1, ESD/AFSC, Hanscom Air Force Base, Bedford, MA (January 1973).