The document discusses ethical hacking, which involves finding weaknesses in a system without malicious intent. There are different types of hackers: white hat hackers test security for penetration testing; black hat hackers access systems illegally to harm them; grey hats exploit weaknesses to bring attention to issues but without permission. The ethical hacking process involves reconnaissance, scanning, gaining access, maintaining access, clearing tracks, and reporting findings. Ethical hacking helps strengthen security and prevent breaches, though it requires specific skills and knowledge of networks, protocols, and software.
2. WHAT IS ETHICAL HACKING?
Hacking is usually legal as long as it is being done to
find weaknesses in a computer or
network system for testing purpose. This sort of
hacking is what we call Ethical Hacking.
3. Types of Hackers
• White Hat Hackers
• Black Hat Hackers
• Grey Hat Hackers
• Miscellaneous Hackers
4. WHITE HAT HACKER
They never intent to harm a system,
rather they try to find out weaknesses
in a computer or a network system as a
part of penetration testing and
vulnerability assessments.
5. BLACK HAT HACKER
Also known as crackers, are those who
hack in order to gain unauthorized
access to a system and harm its
operations or steal sensitive
information.
6. GREY HAT HACKER
Grey hat hackers are a blend of both black
hat and white hat hackers. They act
without malicious intent but for their fun,
they exploit a security weakness in a
computer system or network without the
owner’s permission. Their intent is to
bring the weakness to the attention of the
owners and getting appreciation or a little
bounty from the owners.
9. PROCESS
Reconnaissance
Reconnaissance is the phase
where active or passive means
are used for information
gathering. Some of the tools used
are for this purpose are: NMAP,
Hping, Maltego, and Google
Dorks.
Scanning
In this process, a network or a
target machine is probed by the
attacker to exploit the
vulnerabilities. Some of the tools
used in this process are Nessus,
Nexpose, and NMAP.
10. PROCESS
Gaining Access
In this process, to enter into the
system, vulnerabilities are located
and attempts are made to exploit.
The main tool used in this process
is Metasploit.
Maintaining Access
The access to a system is gained
already by the hacker. Some
backdoors are installed such that
the hacker can access the system
when he desires access in owned
system in future. The tool used in
this process is Metasploit.
11. PROCESS
Clearing Tracks
Clearing Tracks is an unethical
activity. The logs of the activities
which take place during the
process of hacking are deleted in
this process.
Reporting
The last step of the ethical
hacking is Reporting. A report is
compiled by the hacker with the
findings and the job done
including the tools used, the
success rate, vulnerabilities
found, and the exploit processes.
13. HACKERS SKILL SET
Knowledge about:
• Network Protocols like HTTPS, HTTP
• Authentication techniques
• Firewall Architectures
• Network Architecture
• Web Server Configurations
• Web Application Structures
• Database Setups with Client Servers Architecture
• HTML, JavaScript, Python,
14. ADVANTAGES
• To recover lost information, especially
in case you lost your password.
• To perform penetration testing to
strengthen computer and network
security.
• To put adequate preventative measures
in place to prevent security breaches.
• To have a computer system that
prevents malicious hackers from
gaining access.
15. DIS-ADVANTAGE
• Massive security breach.
• Unauthorized system access on
private information.
• Privacy violation.
• Hampering system operation.
• Denial of service attacks
• Malicious attack on the system.
16. CONCLUSION
Ethical hacking is not a criminal activity and should not
be considered as such. While it is true that
malicious hacking is a computer crime and criminal
activity, ethical hacking is never a crime. Ethical
hacking is in line with industry regulation and
organizational IT policies.