The document discusses ethical hacking and provides information on:
- What ethical hacking is and the difference between ethical and non-ethical hacking
- The need for security and what an ethical hacker does such as testing vulnerabilities with permission
- Types of ethical hacks including remote network hacking, social engineering, and wireless network testing
- Applications that can benefit from ethical hacking like web applications and resources used like routers and firewalls
- Ways to conduct an ethical hack including IP hacking and port scanning to identify vulnerabilities
3. CONTENT:-
WHAT IS ETHICAL HACKING??
Difference between Hacking and Ethical Hacking??
NEED FOR SECURITY??
What do an Ethical Hacker do??
Types of ethical hackings??
Applications and resources
different ways of doing An ethical hack of your system:
Advantage:
ETHICAL HACKING CONCEPT
Benefits of ethical hacking:
Conclusion with future work:
4.
5. WHAT IS ETHICAL HACKING
It is legal
Permission is obtained from the target
Part of an overall security program
Identify vulnerabilities visible from internet at
particular point of time
Ethical hacker process same skill ,mindset and
tools of a hacker but the attacks are done in a non-
destructive manner
The growth of the Internet, computer security has
become a major concern for businesses and
governments
6. DIFFERENCE BETWEEN HACKING AND ETHICAL HACKING
hacking
Hacking is getting "unauthorized" access to a computer system or a
resource Ethical hacking involves getting authorized access to resources in
order to test if that resource is vulnerable against attacks. The main difference
between both the terms lies in the intent of the hacker. A hacker(cracker)
breaks into a system or network to use the gathered information in a illegal
way whereas an ethical hacker finds the loopholes in the security system only
to strengthen it.
Ethical Hacker
An ethical hacker is a computer and network expert who
attacks a security system on behalf of its owners, seeking
vulnerabilities that a malicious hacker could exploit. To test
a security system, ethical hackers use the same methods
as their less principled counterparts, but report problems
instead of taking advantage of them. Ethical hacking is also
known as penetration testing, intrusion testing and red
teaming. An ethical hacker is sometimes called a white hat,
a term that comes from old Western movies, where the
"good guy" wore a white hat and the "bad guy" wore a
black hat.
7. Ethical hackers attempt to assess the vulnerability of
computer systems or networks at the request of the system or
network owners. By using the same methodology and
resources available to criminal hackers, ethical hackers help
identify the weak spots which can be exploited and then
programmers are roped in to build up defences to protect the
hardware or software. The information security industry is
growing at a rate of 21% globally. Frost and Sullivan has
estimated that there are 2.28 million information security
skilled personnel around the world, which is expected to grow
up to 4.2 million by 2015. Ethical hacking is also known as
penetration testing, intrusion testing and red teaming
An ethical hacker’s work is interesting in a way that s/he
develops, tests and implements ways in which a network and
its data can be protected. An ethical hacker is sometimes
called a white hat, a term that comes from old Western
movies, where the good guy wears a white hat and the bad
guy wears a black hat
8. NEED FOR SECURITY
Computer security is required because most
organizations can be damaged by hostile software
or intruders.
There may be several forms of damage which are
obviously interrelated which are produced by the
intruders. These include:
● lose of confidential data
● Damage or destruction of data
● Damage or destruction of computer system●
Loss of reputation of a company
9. WHAT DO AN ETHICAL HACKER DO
An ethical hacker is a person doing ethical hacking that
is he is a security personal who tries to penetrate in to a
network to find if there is some vulnerability in the
system. An ethical hacker will always have
the permission to enter into the target network. An
ethical hacker will first think with a mindset of a hacker
who tries to get in to the system . He will first find out
what an intruder can see or what others can see.
Finding these an ethical hacker will try to get into the
system with that information in whatever method he can.
If he succeeds in penetrating into the system then he
will report to the company with a detailed report about
the particular vulnerability exploiting which he got in to
the system. He may also sometimes make patches for
that particular vulnerability or he may suggest some
methods to prevent the vulnerability.
10. TYPES OF ETHICAL HACKINGS
Ethical hackers use various methods for breaking the security system in the
organizations in the period of cyber attack.
Various types of ethical hacks are:
Remote Network: This process in especially utilized to recognize the attacks
that are causing among the internet. Usually the ethical hacker always tries to
identify the default and proxy information in the networks some of then are
firewalls, proxy etc.
Remote dial up network: Remote dial up network hack identify and try to
protest from the attack that is causing among the client modern pool. For
finding the open system the organizations will make use of the method called
war dialing for the representative dialing. Open system is one of the examples
for this type of attacks.
Local Network: local network hack is the process which is used to access the
illegal information by making use of someone with physical access gaining
through the local network. To start on this procedure the ethical hacker should
ready to access the local network directly.
Stolen Equipment: By making use of the stolen equipment hack it is easy to
identify the information of the thefts such as the laptops etc. the information
secured by the owner of the laptop can be identified (Kimberly graves, 2007).
Information like username, password and the security settings that are in the
equipment are encoded by stealing the laptop.
11. Social engineering: A social engineering attack is the process which is used to check the
reliability of the organization; this can be done by making use of the telecommunication or
face to face communication by collecting the data which can be used in the attacks (Bryan
Foss and Merlin Stone, 2002). This method is especially utilized to know the security
information that is used in the organizations.
Physical Entry: This Physical entry organization is used in the organizations to control the
attacks that are obtained through the physical premises (Ronald l. Krutz and russel dean
Vines, 2007). By using the physical entire the ethical hacker can increase and can produce
virus and other Trojans directly onto the network.
Application network: the logic flaws present in the applications may result to the illegal
access of the network and even in the application and the information that is provided in
the applications.
Network testing: In this process it mainly observes the unsafe data that is present in the
internal and the external network, not only in the particular network also in the devices and
including the virtual private network technologies
Wireless network testing: In this process the wireless network reduces the network
liability to the attacker by using the radio access to the given wireless network space.
Code review: This process will observe the source code which is in the part of the
verification system and will recognize the strengths and the weakness of the modules that
are in the software.
War dialing: it simply identifies the default information that is observed in the modem which
is very dangerous to the corporate organizations
12. APPLICATIONS AND RESOURCES
Ethical hacking can be used in many applications in case of web
applications which are often beaten down. This generally includes
Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer
Protocol (SMTP) applications are most frequently attacked because
most of the firewalls and other security are things has complete
access to these programs from the Internet. Malicious software
includes viruses and Trojan horses which take down the system.
Spam is a junk e-mail which causes violent and needless
disturbance on system and storage space and carry the virus, so
ethical hacking helps to reveal such attacks against in computer
systems and provides the security of the system. The main
application of this is to provide the security on wireless infrastructure
which is the main purpose of present business organization (BT,
2008). Ethical hacking has become main stream in organizations
which are wishing to test their intellectual and technical courage
against the underworld. Ethical hacking plays important role in
providing security. Resources are the computer related services that
performs the tasks on behalf of user.
13. The ethical hacking has advantages of gaining access to an
organizations network and information systems. This provides the
security in the area of Information technology called as Infosec.
This provides security to the high level attacks such as viruses
and traffic trough a firewall. This has been providing the security
for various applications which are even bypassing the firewalls,
Intrusion-detection systems and antivirus software. This includes
hacking specific applications including coverage of e-mails
systems, instant messaging The resources i.e. devices, systems,
and applications that are generally used while performing the
hacking process are Routers, Firewalls, Network infrastructure as
a whole, wireless access points and bridges, web application and
database servers, E-mail and file servers, workstations, laptops
and tablet PCs, Mobile devices, client and server operating
systems, client and server applications . Ethical hacking tests both
the safety and the security issues of the programs . the ethical
hacking is important in the present scenario as providing security
is very important now a day. This is very important in web
applications as the hacking can be easily done in this case.
14. THERE ARE BASICALLY 4 DIFFERENT WAYS OF DOING AN
ETHICAL HACK OF YOUR SYSTEM:
IP Hack
The contractor is supposed to hack a specific IP address that you give without
any additional information. Ensure that the address is not the address of the
wrong server. You wouldn’t want you contractors to be accidentally committing
a crime.
Application Hack
A much more advanced hack which can dig deep into databases and
production servers. Only disciplined and experienced hackers should be
allowed to go through with such tests as it can easily be abused. For security
reasons, NEVER hire a former illegal hacker for this kind of job.
Physical Infrastructure Hack
This involves physical entry into the organization to find information that is lying
around such as passwords on post-it notes etc. It is to test the physical security
of a corporation.
Wireless Hack
This involves exploiting wireless access points from the back of a van. Ethical
hackers will hack and report the findings to you. They should also check your
teleworkers to determine if there is a source of entry into your network from
home officce.
15. ADVANTAGE:
Ethical hacking will reveal the flaws of what is being
hacked (software, a website, a network, etc.) without
actually causing any damage. An ethical hacker will find
the flaw and report it to the owner so that it can be fixed
as soon as possible.
Disadvantage:
The ethical hacker using the knowledge they gain to do
malicious hacking activities
Allowing the company's financial and banking details to
be seen
The possibility that the ethical hacker will send and/or
place malicious code, viruses, malware and other
destructive and harmful things on a computer system
Massive security breach
16. ETHICAL HACKING CONCEPT
With the growth of the Internet, computer security has become a major
concern for businesses and governments. They want to be able to take
advantage of the Internet for electronic commerce, advertising, information
distribution and access, and other pursuits, but they are worried about
the possibility of being "hacked." At the same time, the potential
customers of these services are worried about maintaining control of
personal
information that varies from credit card numbers to social security
numbers and home addresses.
In their search for a way to approach the problem, organizations came to
realize that one of the best ways to evaluate the intruder threat to their
interests would be to have independent computer security professionals
attempt to break into their computer systems. This scheme is similar to
having independent auditors come into an organization to verify its
bookkeeping records. In the case of computer security, these "tiger
teams" or
17. ethical hackers" would employ the same tools and techniques as the intruders, but
they would neither damage the target systems nor steal
information. Instead, they would evaluate the target systems security and report
back to the owners with the vulnerabilities they found and
instructions for how to remedy them.
This method of evaluating the security of a system has been in use from the early
days of computers. In one early ethical hack, the United States
Air Force conducted a "security evaluation" of the Multics operating systems for
"potential use as a two-level (secret/top secret) system.'Their
evaluation found that while Multics was "significantly better than other conventional
systems," it also had "... vulnerabilities in hardware security,
software security, and procedural security" that could be uncovered with "a relatively
low level of effort." The authors performed their tests under
a guideline of realism, so that their results would accurately represent the kinds of
access that an intruder could potentially achieve. They
performed tests that were simple information-gathering exercises, as well as other
tests that were outright attacks upon the system that might
damage its integrity. Clearly, their audience wanted to know both results. There are
several other now unclassified reports that describe ethical
hacking activities within the U.S. military.
With the growth of computer networking, and of the Internet in particular, computer
and network vulnerability studies began to appear outside of
the military establishment. Most notable of these was the work by Farmer and
Venema.which was originally posted to Usenet in December of 1993.
18. There are various benefits of ethical hacking. This article lists the benefits of this kind of hacking.
1. To fight against terrorism:
There are many terrorists and terrorist organizations that are trying to create havoc in the world with the use
of computer technology. They break into various government defense systems and then use this for their
terrorist activities. This can be prevented by using the services of ethical hackers who counter the terrorists
by misleading them.
2. To take preventive action against hackers:
Preventive action against the terrorists can be taken by the ethical hackers. This can be done because the
ethical hackers use their expertise to create alternate information that is false, of the hackers to get while the
real information that is necessary and important is hidden from the terrorists. Preventive action that is taken
by the governments against the breaking of the networks saves money in billions of dollars as rectifying and
building new systems will cost a lot and also is very time taking. So the use of ethical hackers in doing this
work of preventing the real hackers from getting to the important information helps save a lot of money and
also time.
3. To build a system that helps prevent penetration by hackers:
The ethical hackers are also used to try and test the existing defense systems. These people are also used to
build a foolproof system that prevents the breakdown of the existing system. Using the powers of the
hackers to get a proper system built helps to prevent penetration by the hackers and saves the information in
the various government networks.
Benefits of ethical hacking:
19. CONCLUSION WITH FUTURE WORK:
In this research we reported experimental results of network intrusion simulation
using previously captured Firewall hacking data as the traffic sources. We
demonstrated the use of pre-processing tools to facilitate intrusion simulation using
the OPNET software. Our work demonstrated several applications of intrusion
simulation using OPNET:
Detecting intrusions by displaying and identifying patterns of suspicious data
packets, employing various intrusion detection techniques in a firewall;
Analyzing network performance and the overhead trade-offs of intrusion detection
algorithms; and
Ethical hacking is the term which is used in many organizations to provide security.
The main difference between ethical hacking and hacking is ethical hacking is
performed legally to solve the problems in organization where hacking is performed
illegally to gain access to other system. It follows some rules and regulati ons and so
the companies follow it
a vendor is chosen, the outline and scope of the project should be made very clear.
Somebody with authority should be delegated as the person to be contacted by the
hackers in case any problem arises or any authority is required. He must be
contacted at all times of the day. Ethical hacking is just a tool it does not solve all the
problems. Always ensure that the company is not complacent with its own security
20. Due to the indifferences caused through the activities of unethical hacking, ethical hacking is
established. Now-a-days it is becoming more and more popular as many institutions are providing
course for ethical hacking. If this hacking process is still continued and if it is not eliminated, many
problems take place in the future and it will cross the limitations by performing unlawful acts
through enclosure of women, changing whole data in the organization. It spoils the reputation of
the company through it. In some cases ethical hackers modify the actual content of the data; this is
one of the major problems in ethical hacking. Measures should be taken to avoid this problem. As
internet usage is increasing day by day, hacking of data is increased. Since users are very much
concern about the security for the data, ethical hacking helps to provide security for them.
Discussing with the people about the hacking and gaining knowledge about that with some ideas
also helps to stop hacking. Time to time judgement, administrating system performance correctly,
knowledge about computer hacking are some of the reasons which provide security to the system.
Missing any one of the above reasons incurs loss to the system. The duty of ethical hacker is to
provide awareness to the user for security of the system, but it is up to the user that how he will
follow it and provide security. Not only the users working in organization but also students and the
professionals should have enough knowledge about hacking and should perform necessary steps
to solve it. Students should understand that no software is built with zero errors and study the
various potentials in hacking and precautions to solve them since they are the future professionals.
Professionals should be very conservative about security issues as any business is developed
based on the security provided to it. They should build new software with fewer errors. Every
software which is been created by the software professionals must possess the help of users or
else the software built is not successful. Communication between the users and software
professionals helps in providing higher security for the newly built software. The users who make
use of the software should have updated information about that because it is used for authorized
and consistent purposes. All the users, students and employees should have awareness about
ethical hacking. Many security measures like firewalls; which help in receiving only authorized data
in a system and intrusion systems; which monitors network systems for cruel activities. Almost all
the employees in an organization possess unique ID and password to access the system. So the
password created should be effective and strong with many letters in order to avoid hacking.
Ethical hacking should be performed regularly in an organization at regular intervals in order to