Download to read offline
Ethical Hacking basics ppt, all types hacking
- 1.
- 2. PRESENTED BY N.DEVAKI P.PRIYA (3 rdCSE ) DHANALAKSHIMI SRINIVASAN INSTITUTE OF TECHNOLOGY SAMAYAPURAM.
- 3. Security isthe degree of resistance to,or protection from, harm It is the state of being free from danger or threat. WHAT IS SECURITY
- 4. Difference Between Security andProtection Security and protection are extremely close concepts though not same. Security measures are adopted to increase the level of protection The feeling of protection arises when one has enough security measures Security is a type of protection against external threats.
- 5. What is Ethical Hacking It is Legal Permission is obtained from the target Part of an overall security program Identify vulnerabilities visible from Internet at particular point of time Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
- 6. Overview of EthicalHacking Hack • Examine something very minutely • The rapid crafting of new program or the making of changes to existing, usually complicated software Hacker • The person who hacks Cracker • System intruder/ destroyer
- 7. Why – Ethical Hacking Viruses,Trojan Horses, and Worms Social Engineering Automated Attacks Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Accidental Protection from possible External Attacks
- 8. Types of Hacker White Hat Hacker • Good guys • Don’t use their skill for illegal purpose • Computer security experts and help to protect from Black Hats. Black Hat Hacker • Bad guys • Use their skill maliciously for personal gain • Hack banks, steal credit cards and deface websites Grey Hat Hacker • It is a combination of White hat n Black Hat Hackers • Goal of grey hat hackers is to provide national security
- 9. Hacking Process Footprinting Scanning Enumeration Attack andGaining Access Escalating Privilege, Covering Tracks and Creating Backdoors
- 10. Ethical Hacking -Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
- 11. Preparation Identification ofTargets – company websites, mail servers, extranets, etc. Signing of Contract Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the
- 12. Footprinting Collecting as muchinformation about the target DNS Servers IP Ranges Administrati ve Contacts Problems revealed by administrato rs Information Sources Search engines Forums Databases – whois, ripe, arin, apnic Tools – PING, whois, Traceroute,
- 13. Enumeration & Fingerprinting Specifictargets determined Identification of Services / open ports Operating System Enumeration Methods Banner grabbing Responses to various protocol (ICMP &TCP) commands Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
- 14. Identification of Vulnerabilities Vulnerabilities Insecure Configuration Weak passwords Unpatched vulnerabilities in services, Operating systems, applications Possible Vulnerabilities in Services, Operating Systems Insecure programming Weak Access Control
- 15. Identification of Vulnerabilities Methods Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic Insecure Programming – SQL Injection, Listening to Traffic Weak Access Control – Using the Application Logic, SQL Injection
- 16. Identification of Vulnerabilities Tools VulnerabilityScanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites Common Vulnerabilities & Exposures – http://cve.mitre.org Bugtraq – www.securityfocus.com Other Vendor Websites
- 17. Attack – Exploitthe vulnerabilities Obtain as much information (trophies) from the Target Asset Gaining Normal Access Escalation of privileges Obtaining access to other connected systems Last Ditch Effort – Denial of Service
- 18. Attack – Exploitthe vulnerabilities Network Infrastructure Attacks Connecting to the network through modem Weaknesses in TCP / IP, NetBIOS Flooding the network to cause DOS Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security
- 19. Attack – Exploitthe vulnerabilities Application Specific Attacks Exploiting implementations of HTTP, SMTP protocols Gaining access to application Databases SQL Injection Spamming
- 20. Some Tools • Whois, ping • Traceroot, nslookup Footprinting • nmap • nessus Scanning • Netcat. tcpdump • Telnet, firewalk Enumeration