SlideShare a Scribd company logo

Ethical Hacking & Network Security

Lokender Yadav
Lokender Yadav

This document discusses cyber ethics and hacking. It begins with an introduction to why security is important and defines hacking. It then discusses different types of hackers like hackers, crackers, phreaks, and script kiddies. The document outlines strategies for ethical hackers and malicious hackers. It also discusses the importance of vulnerability research and provides conclusions about security.

Internet
1 of 55
Cyber Ethics-hacking introduction And IT Security Author: Lokender Yadav
SESSION FLOW Why Security? Hacking – Introduction Hacker Communities Types of Hackers. Malicious Hacker Strategies Ethical Hacker Strategies Steps for conducting Ethical Hacking. Importance of Vulnerability Research. Vulnerability Research References. Conclusion.
WHY SECURITY ? • Increasing use of Complex computer infrastructure. • Increasing use of Network elements & applications. • Decreasing level of skill set. • Any Security breach in company will affect its asset & goodwill. •Any Security breach in government can affect its operations & reputation.
HACKING-DEFINITION • The Art of exploring various security breaches is termed as Hacking. •It’s an anti-society activity. •It says, there always exists more than one way to solve the problem. •The terms Hacker and Hacking are being misinterpreted and misunderstood with negative sidelines.
COMMUNITIES OF HACKER  Hackers  Crackers  Phreaks  Script Kiddies
HACKER WHO ARE THEY ?  Hackers are Intelligent Computer Professionals. Motive/Intent To gain in-depth knowledge of a system, what’s happening at the backend, behind the screen To find possible security vulnerabilities in a system. They create security awareness by sharing knowledge. It’s a team work.
CRACKERS/ATTACKERS An Individuals who break into computers with malicious intent. Motive/Intent – •To seek unauthorized access into a system and cause damage or destroy or reveal confidential information. •To compromise the system to deny services to legitimate users for troubling, harassing them or for taking revenge. Effects- Can cause financial losses & image/reputation damages, •Defamation in the society for individuals or organizations
PHREAKS •Phreaks – These are persons who use computer devices and software to break into phone networks. •Motive/Intention- To find loopholes in security in phone network and to makes phone calls at free of cost!!! •Effects- You may have to big amount of phone bills, for doing nothing!!!
SCRIPT KIDDIES •Script Kiddies – These are persons not having technical skills to hack computers. •Motive/Intention- They use the available information about known vulnerabilities to break into remote system. •it’s an act performed for a fun or out of curiosity.
HATS OFF •White Hat Hackers – They use their knowledge and skill set for good, constructive intents. They find out new Security loopholes and their solution. E.g.- LIKE ME.. As I’m Doing It Right Now ( I Hope So!!!) • Black Hat Hacker- They use their knowledge and skill set for illegal activities destructive intents. E.g.- to gain money (online robbery), to take revenge. Disgruntled Employees is the best example of Black Hats. Attackers (Black Hat HACKERS) are not at all concerned with security professionals (White hat hackers). Actually these hackers are Bad Guys!!!`
HOW HACKERS WORKS…….
ETHICAL HACKER STRATEGIES “The one who can hack it, can only secure it” “If you want to catch criminal then you’ll have to think like criminal” • What to protect? • How to protect? • Against whom? • How much resources needed?
•Understand Client Requirements for Security / Vulnerability Testing. • In Preparation Phase, EH will sign an NDA with the client. • Internal / External Testing. • Conduct Network Security Audits/ VAPT. • Risk Assessment & Mitigation •Documenting Auditing Reports as per Standards. •Submitting Developer as well as remediation reports. • Implement remediation for found vulnerabilities. ETHICAL HACKER STRATEGIES
Social Engineering…. social engineering is the single greatest threat to enterprise security.
Social Engineering…. A Case Study……
A consultant was hired by a business executive to test the security of the executive's enterprise. The consultant was not hired to try to hack through the firewall or bypass the intrusion detection system. He was hired to see how easy it would be for a motivated intruder to gain physical access to the company's mission-critical systems. So the consultant created a fake company ID badge for himself. He even simulated a magnetic swiping strip on the back of the ID by using a piece of electrical tape. He used this fake ID to get into the company's main building, then made his way up to the data centre where he began swiping his fake ID badge through the scanner. After several failed attempts, a friendly employee walked up and said, "Sometimes, that thing doesn't work." The friendly fellow proceeded to swipe his own badge, letting the consultant into the data centre.
At that point, the consultant walked to the centre of the room, raised his arms, and said, "Okay everyone, I'm conducting a surprise security audit. I need everyone to leave the room immediately." Although there were a few surprised faces, all the employees in the data centre filed out. The consultant pulled out his cell phone, called the executive who hired him, and said, "Guess where I am?"
How to Prevent Social Engineering Attack……………………….
Information gathering
VULNERABILITY RESEARCH  Vulnerability research is process of finding vulnerabilities, threats & loopholes in server/ system.  Includes Vulnerability Assessment & Penetration Testing.  Vulnerability notes can be search on internet via Number, CVE.
VULNERABILITY RESEARCH REFERENCES • Common Vulnerability database is available at http://cve.mitre.org/ •National Vulnerability Database is available at http://web.nvd.nist.gov/ • US – CERT also publishes CVD on http://www.us-cert.gov 1. Contains Alerts which can be helpful to administrator. 2. It doesn’t contain solutions.
VULNERABILITY RESEARCH REFERENCES
CONCLUSION  Security is important because prevention is better than cure.  Community of Hackers.  Security Involves five phases.  Ethical Hacking involves Conducting Security Audits, Vulnerability, Assessment & Penetration testing.  Vulnerability Research is process of discovering different vulnerabilities in technology & applications.
SQL Injection Attack Allow remote attacker to execute arbitrary database commands Relies on poorly formed database queries and insuiffcient Input validation Often facilated,but does not rely unhandled exceptions and ODBC error messages. Impact:Massive This is one of the most dangerous vulnerability on the web.
CYBER CRIME INVESTIGATION
How? • Information Gathering- Definition • Initial Info gathering of websites. • Info Gathering using search engine , blogs & forums. • Info gathering using job, matrimonial websites.
Why Information Gathering ? • Information Gathering can reveal online footprints of criminal. • Information Gathering can help investigator to profile criminals
Information Gathering Of Websites Who is Information •Owner of website. •Email id used to register domain. •Domain registrar. • Domain name server information. • Related websites.
WHO IS. Who is. is query to database to get following information. 1.Owner of website. 2.Email id used to register domain. 3.Domain registrar. 4. Domain name server information. 5. Related websites.
Reverse IP -Mapping • Reverse IP will give number of websites hosted on same server. •If one website is vulnerable on the server then hacker can easily root the server.
Info. Gathering Using Search Engine • Search engines are efficient mediums to get specific results according to your requirements. •Google & yahoo search engine gives best results out of all
Info. Gathering Using Search Engine • This type of search engines retrieves results from different search engine & make relation or connections between those results.
Info.Gathering Using Search Engine • Maltego is an open source intelligence and forensics application. • It allows for the mining and gathering of information as well as the representation of this information in a meaningful way. • Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them.
Information Gathering Almost 80% internet users use blogs/forums for knowledge sharing purpose. Information gathering from specific blog will also helpful in investigations.  Information gathering from Social Networking websites can also reveal personal info about suspect.  Many websites stored email id lists for newsletters. these email ids can also be retrieved using email spiders.
Phishing Frauds In the cyber-world phishing is a form of illegal act whereby fraudulently sensitive information is acquired, such as passwords and credit card details, by a person/entity masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e- mail or instantaneous communication.
Investigation Steps  Investigator should trace Email using Headers.  As it is going to be Spoof Mail in every case, Investigator should gather information about hosting server from which it is originated.  Contacting Hosting Server with Message ID & Headers for Real IP Address.  Asking for Domain names registered within specific time duration during which this incident reported.  Credit Card or Paypal account or any other online payment account which was used for transaction.
Cont…….. Bank Statement with online banking A/C Access log which gives IP address of the culprit.  Beneficiary Bank account statement.  Beneficiary Bank account Access Log.
Prevention is Better Harden the server Monitor alerts Scan and apply patches Monitor log Good physical Security Intrusion detection system. Train the technical staff only Serous policy and procedure.
Scan and apply patches
Monitor Logs Monitor Log
Good Physical Security Preimeter Security Computer room security Desktop security Close monitoring of admin’s work area No floppy drive No bootable CD’s
Security Awareness Sharing admin accounts Service accounts Accounts naming conventions Hardening Passwords (Understand NT passwords !) Two-factor authentication
Serious Policy & Procedures Top-down commitment Investment Designed-in security Regular audits Regular penetration Testing Education & awareness
Ethical Hacking & Network Security
Ethical Hacking & Network Security

Recommended

Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Security
sumit dimri
 
Ethical hacking Presentation
Ethical hacking PresentationEthical hacking Presentation
Ethical hacking Presentation
AmbikaMalgatti
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
ADGP, Public Grivences, Bangalore
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Suryansh Srivastava
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Maryam Hidayatallah CPFA,MIPA,MA,CICA
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 

Recommended

Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Security
sumit dimri
 
Ethical hacking Presentation
Ethical hacking PresentationEthical hacking Presentation
Ethical hacking Presentation
AmbikaMalgatti
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
ADGP, Public Grivences, Bangalore
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
Suryansh Srivastava
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Maryam Hidayatallah CPFA,MIPA,MA,CICA
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Namrata Raiyani
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Soo Chin Hock
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Monika Deswal
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
PranjalShah18
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
Jay Nagar
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Foram Gosai
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
VipinYadav257
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber Security
Mohammed Adam
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
Nikunj Thakkar
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
Tapan Khilar
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
Dominic Rajesh
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingTharindu Kalubowila
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Arshad Khan
 
Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
Ajay Dhamija
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
Neel Kamal
 

More Related Content

What's hot

Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Namrata Raiyani
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Soo Chin Hock
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Monika Deswal
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
PranjalShah18
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
Jay Nagar
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Foram Gosai
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
VipinYadav257
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber Security
Mohammed Adam
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
Nikunj Thakkar
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
Tapan Khilar
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
Dominic Rajesh
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Arshad Khan
 

What's hot (20)

Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
cyber security
cyber securitycyber security
cyber security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdfCybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
Cybersecurity Awareness Month_2021_PartnerPresentation_Final.pdf
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber Security
 
Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 

Viewers also liked

Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
Ajay Dhamija
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
Neel Kamal
 
Akbank Saltimbanco Sunum
Akbank Saltimbanco SunumAkbank Saltimbanco Sunum
Akbank Saltimbanco SunumHande Karaca
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
Peter Wood
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
Cryptzone
 
Ethical Hacking & IT Security Courses in SIFS
Ethical Hacking & IT Security Courses in SIFSEthical Hacking & IT Security Courses in SIFS
Ethical Hacking & IT Security Courses in SIFS
Sifs India
 
Subnetting
SubnettingSubnetting
Subnetting
Sripati Mahapatra
 
A Complete Guide Cloud Computing
A Complete Guide Cloud ComputingA Complete Guide Cloud Computing
A Complete Guide Cloud Computing
Sripati Mahapatra
 
Day3 Backup
Day3 BackupDay3 Backup
Day3 Backup
Jai4uk
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
Parth Makadiya
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
Sripati Mahapatra
 
Network security engineer performance appraisal
Network security engineer performance appraisalNetwork security engineer performance appraisal
Network security engineer performance appraisal
deant0017
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
Karwan Mustafa Kareem
 
Modelo apt 1
Modelo apt 1Modelo apt 1
Modelo apt 1
john yepes
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
Shubham Takode
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hacking
satish kumar
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
btpsec
 
How to become a hacker
How to become a hackerHow to become a hacker
How to become a hacker
Pejman Dashtinejad
 

Viewers also liked (20)

Ethical hacking & Information Security
Ethical hacking & Information SecurityEthical hacking & Information Security
Ethical hacking & Information Security
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Network security
Network securityNetwork security
Network security
 
Akbank Saltimbanco Sunum
Akbank Saltimbanco SunumAkbank Saltimbanco Sunum
Akbank Saltimbanco Sunum
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
Ethical Hacking & IT Security Courses in SIFS
Ethical Hacking & IT Security Courses in SIFSEthical Hacking & IT Security Courses in SIFS
Ethical Hacking & IT Security Courses in SIFS
 
Subnetting
SubnettingSubnetting
Subnetting
 
A Complete Guide Cloud Computing
A Complete Guide Cloud ComputingA Complete Guide Cloud Computing
A Complete Guide Cloud Computing
 
Day3 Backup
Day3 BackupDay3 Backup
Day3 Backup
 
Cyber security and Hacking
Cyber security and HackingCyber security and Hacking
Cyber security and Hacking
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
 
Network security engineer performance appraisal
Network security engineer performance appraisalNetwork security engineer performance appraisal
Network security engineer performance appraisal
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
 
APT Webinar
APT WebinarAPT Webinar
APT Webinar
 
Modelo apt 1
Modelo apt 1Modelo apt 1
Modelo apt 1
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
 
It security &_ethical_hacking
It security &_ethical_hackingIt security &_ethical_hacking
It security &_ethical_hacking
 
What is Penetration Testing?
What is Penetration Testing?What is Penetration Testing?
What is Penetration Testing?
 
How to become a hacker
How to become a hackerHow to become a hacker
How to become a hacker
 

Similar to Ethical Hacking & Network Security

Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
Shawon Raffi
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
Rashed Sayyed
 
Hackingppt 160730081605
Hackingppt 160730081605Hackingppt 160730081605
Hackingppt 160730081605
RAKESH SHARMA
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
Rashed Sayyed
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
Rwik Kumar Dutta
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
HACKING
HACKINGHACKING
HACKING
Shubham Agrawal
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
Vi Tính Hoàng Nam
 
Cyber crime in pakistan by zubair
Cyber crime in pakistan by zubairCyber crime in pakistan by zubair
Cyber crime in pakistan by zubair
Muhammad Zubair
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
prosunghosh7
 
Ethical hacking & cyber security
Ethical hacking & cyber securityEthical hacking & cyber security
Ethical hacking & cyber security
ankit gandharkar
 
Hacking
HackingHacking
Hacking
VipinYadav257
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking Attacks
Aman Gupta
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
Mehedi Hasan
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
ShivamSharma909
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
Shivam Sahu
 
Ethical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxEthical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptx
Nargis Parveen
 
Hacking
HackingHacking
Hacking
Ranjan Som
 

Similar to Ethical Hacking & Network Security (20)

Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Hackingppt 160730081605
Hackingppt 160730081605Hackingppt 160730081605
Hackingppt 160730081605
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
HACKING
HACKINGHACKING
HACKING
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
Cyber crime in pakistan by zubair
Cyber crime in pakistan by zubairCyber crime in pakistan by zubair
Cyber crime in pakistan by zubair
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
 
Ethical hacking & cyber security
Ethical hacking & cyber securityEthical hacking & cyber security
Ethical hacking & cyber security
 
Hacking
HackingHacking
Hacking
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking Attacks
 
Workshop on Cyber security and investigation
Workshop on Cyber security and investigationWorkshop on Cyber security and investigation
Workshop on Cyber security and investigation
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 
Ethical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptxEthical hacking Chapter 1 - Overview.pptx
Ethical hacking Chapter 1 - Overview.pptx
 
Hacking
HackingHacking
Hacking
 

More from Lokender Yadav

Nuclear imaging and PET physics
Nuclear imaging and PET physicsNuclear imaging and PET physics
Nuclear imaging and PET physics
Lokender Yadav
 
Clinical applications of CBCT
Clinical applications of CBCTClinical applications of CBCT
Clinical applications of CBCT
Lokender Yadav
 
Dental lab basics & CAD CAM
Dental lab basics & CAD CAMDental lab basics & CAD CAM
Dental lab basics & CAD CAM
Lokender Yadav
 
Training development
Training developmentTraining development
Training development
Lokender Yadav
 
Satellite
SatelliteSatellite
Satellite
Lokender Yadav
 
Remote sensing
Remote sensingRemote sensing
Remote sensing
Lokender Yadav
 
Dicom
DicomDicom
Dicom
Lokender Yadav
 
Chromotherapy
ChromotherapyChromotherapy
Chromotherapy
Lokender Yadav
 
Dental Light Cure
Dental Light CureDental Light Cure
Dental Light Cure
Lokender Yadav
 
Basics of Lasers
Basics of Lasers Basics of Lasers
Basics of Lasers
Lokender Yadav
 
Soft Skills
Soft Skills Soft Skills
Soft Skills
Lokender Yadav
 
How to handle sales objections
How to handle sales objections How to handle sales objections
How to handle sales objections
Lokender Yadav
 
Solar energy business opportunity
Solar energy business opportunitySolar energy business opportunity
Solar energy business opportunity
Lokender Yadav
 
Nuclear medicine in gastroenterology
Nuclear medicine in gastroenterologyNuclear medicine in gastroenterology
Nuclear medicine in gastroenterologyLokender Yadav
 
Nuclear medicine in nerphology
Nuclear medicine in nerphologyNuclear medicine in nerphology
Nuclear medicine in nerphologyLokender Yadav
 
Nuclear Medicine in Thyroidology
Nuclear Medicine in ThyroidologyNuclear Medicine in Thyroidology
Nuclear Medicine in ThyroidologyLokender Yadav
 
Role of nuclear medicine
Role of nuclear medicineRole of nuclear medicine
Role of nuclear medicine
Lokender Yadav
 
secrets of presentation skill
secrets of presentation skillsecrets of presentation skill
secrets of presentation skillLokender Yadav
 

More from Lokender Yadav (20)

Nuclear imaging and PET physics
Nuclear imaging and PET physicsNuclear imaging and PET physics
Nuclear imaging and PET physics
 
Clinical applications of CBCT
Clinical applications of CBCTClinical applications of CBCT
Clinical applications of CBCT
 
Dental lab basics & CAD CAM
Dental lab basics & CAD CAMDental lab basics & CAD CAM
Dental lab basics & CAD CAM
 
Training development
Training developmentTraining development
Training development
 
Satellite
SatelliteSatellite
Satellite
 
Remote sensing
Remote sensingRemote sensing
Remote sensing
 
Dicom
DicomDicom
Dicom
 
Chromotherapy
ChromotherapyChromotherapy
Chromotherapy
 
Dental Light Cure
Dental Light CureDental Light Cure
Dental Light Cure
 
Basics of Lasers
Basics of Lasers Basics of Lasers
Basics of Lasers
 
Soft Skills
Soft Skills Soft Skills
Soft Skills
 
How to handle sales objections
How to handle sales objections How to handle sales objections
How to handle sales objections
 
Solar energy business opportunity
Solar energy business opportunitySolar energy business opportunity
Solar energy business opportunity
 
Nuclear medicine in gastroenterology
Nuclear medicine in gastroenterologyNuclear medicine in gastroenterology
Nuclear medicine in gastroenterology
 
Nuclear medicine in nerphology
Nuclear medicine in nerphologyNuclear medicine in nerphology
Nuclear medicine in nerphology
 
Nuclear Medicine in Thyroidology
Nuclear Medicine in ThyroidologyNuclear Medicine in Thyroidology
Nuclear Medicine in Thyroidology
 
Role of nuclear medicine
Role of nuclear medicineRole of nuclear medicine
Role of nuclear medicine
 
Physics of ct mri
Physics of ct mriPhysics of ct mri
Physics of ct mri
 
secrets of presentation skill
secrets of presentation skillsecrets of presentation skill
secrets of presentation skill
 
Patient Safety
Patient SafetyPatient Safety
Patient Safety
 

Recently uploaded

Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
VivekSinghShekhawat2
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 

Recently uploaded (20)

Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 

Ethical Hacking & Network Security

  • 1. Cyber Ethics-hacking introduction And IT Security Author: Lokender Yadav
  • 2. SESSION FLOW Why Security? Hacking – Introduction Hacker Communities Types of Hackers. Malicious Hacker Strategies Ethical Hacker Strategies Steps for conducting Ethical Hacking. Importance of Vulnerability Research. Vulnerability Research References. Conclusion.
  • 3. WHY SECURITY ? • Increasing use of Complex computer infrastructure. • Increasing use of Network elements & applications. • Decreasing level of skill set. • Any Security breach in company will affect its asset & goodwill. •Any Security breach in government can affect its operations & reputation.
  • 4. HACKING-DEFINITION • The Art of exploring various security breaches is termed as Hacking. •It’s an anti-society activity. •It says, there always exists more than one way to solve the problem. •The terms Hacker and Hacking are being misinterpreted and misunderstood with negative sidelines.
  • 5. COMMUNITIES OF HACKER  Hackers  Crackers  Phreaks  Script Kiddies
  • 6. HACKER WHO ARE THEY ?  Hackers are Intelligent Computer Professionals. Motive/Intent To gain in-depth knowledge of a system, what’s happening at the backend, behind the screen To find possible security vulnerabilities in a system. They create security awareness by sharing knowledge. It’s a team work.
  • 7. CRACKERS/ATTACKERS An Individuals who break into computers with malicious intent. Motive/Intent – •To seek unauthorized access into a system and cause damage or destroy or reveal confidential information. •To compromise the system to deny services to legitimate users for troubling, harassing them or for taking revenge. Effects- Can cause financial losses & image/reputation damages, •Defamation in the society for individuals or organizations
  • 8. PHREAKS •Phreaks – These are persons who use computer devices and software to break into phone networks. •Motive/Intention- To find loopholes in security in phone network and to makes phone calls at free of cost!!! •Effects- You may have to big amount of phone bills, for doing nothing!!!
  • 9. SCRIPT KIDDIES •Script Kiddies – These are persons not having technical skills to hack computers. •Motive/Intention- They use the available information about known vulnerabilities to break into remote system. •it’s an act performed for a fun or out of curiosity.
  • 10. HATS OFF •White Hat Hackers – They use their knowledge and skill set for good, constructive intents. They find out new Security loopholes and their solution. E.g.- LIKE ME.. As I’m Doing It Right Now ( I Hope So!!!) • Black Hat Hacker- They use their knowledge and skill set for illegal activities destructive intents. E.g.- to gain money (online robbery), to take revenge. Disgruntled Employees is the best example of Black Hats. Attackers (Black Hat HACKERS) are not at all concerned with security professionals (White hat hackers). Actually these hackers are Bad Guys!!!`
  • 12. ETHICAL HACKER STRATEGIES “The one who can hack it, can only secure it” “If you want to catch criminal then you’ll have to think like criminal” • What to protect? • How to protect? • Against whom? • How much resources needed?
  • 13. •Understand Client Requirements for Security / Vulnerability Testing. • In Preparation Phase, EH will sign an NDA with the client. • Internal / External Testing. • Conduct Network Security Audits/ VAPT. • Risk Assessment & Mitigation •Documenting Auditing Reports as per Standards. •Submitting Developer as well as remediation reports. • Implement remediation for found vulnerabilities. ETHICAL HACKER STRATEGIES
  • 14. Social Engineering…. social engineering is the single greatest threat to enterprise security.
  • 15.
  • 16.
  • 18. A consultant was hired by a business executive to test the security of the executive's enterprise. The consultant was not hired to try to hack through the firewall or bypass the intrusion detection system. He was hired to see how easy it would be for a motivated intruder to gain physical access to the company's mission-critical systems. So the consultant created a fake company ID badge for himself. He even simulated a magnetic swiping strip on the back of the ID by using a piece of electrical tape. He used this fake ID to get into the company's main building, then made his way up to the data centre where he began swiping his fake ID badge through the scanner. After several failed attempts, a friendly employee walked up and said, "Sometimes, that thing doesn't work." The friendly fellow proceeded to swipe his own badge, letting the consultant into the data centre.
  • 19. At that point, the consultant walked to the centre of the room, raised his arms, and said, "Okay everyone, I'm conducting a surprise security audit. I need everyone to leave the room immediately." Although there were a few surprised faces, all the employees in the data centre filed out. The consultant pulled out his cell phone, called the executive who hired him, and said, "Guess where I am?"
  • 20.
  • 21. How to Prevent Social Engineering Attack……………………….
  • 22.
  • 24. VULNERABILITY RESEARCH  Vulnerability research is process of finding vulnerabilities, threats & loopholes in server/ system.  Includes Vulnerability Assessment & Penetration Testing.  Vulnerability notes can be search on internet via Number, CVE.
  • 25. VULNERABILITY RESEARCH REFERENCES • Common Vulnerability database is available at http://cve.mitre.org/ •National Vulnerability Database is available at http://web.nvd.nist.gov/ • US – CERT also publishes CVD on http://www.us-cert.gov 1. Contains Alerts which can be helpful to administrator. 2. It doesn’t contain solutions.
  • 27.
  • 28.
  • 29. CONCLUSION  Security is important because prevention is better than cure.  Community of Hackers.  Security Involves five phases.  Ethical Hacking involves Conducting Security Audits, Vulnerability, Assessment & Penetration testing.  Vulnerability Research is process of discovering different vulnerabilities in technology & applications.
  • 30.
  • 31. SQL Injection Attack Allow remote attacker to execute arbitrary database commands Relies on poorly formed database queries and insuiffcient Input validation Often facilated,but does not rely unhandled exceptions and ODBC error messages. Impact:Massive This is one of the most dangerous vulnerability on the web.
  • 33. How? • Information Gathering- Definition • Initial Info gathering of websites. • Info Gathering using search engine , blogs & forums. • Info gathering using job, matrimonial websites.
  • 34. Why Information Gathering ? • Information Gathering can reveal online footprints of criminal. • Information Gathering can help investigator to profile criminals
  • 35. Information Gathering Of Websites Who is Information •Owner of website. •Email id used to register domain. •Domain registrar. • Domain name server information. • Related websites.
  • 36. WHO IS. Who is. is query to database to get following information. 1.Owner of website. 2.Email id used to register domain. 3.Domain registrar. 4. Domain name server information. 5. Related websites.
  • 37. Reverse IP -Mapping • Reverse IP will give number of websites hosted on same server. •If one website is vulnerable on the server then hacker can easily root the server.
  • 38.
  • 39. Info. Gathering Using Search Engine • Search engines are efficient mediums to get specific results according to your requirements. •Google & yahoo search engine gives best results out of all
  • 40. Info. Gathering Using Search Engine • This type of search engines retrieves results from different search engine & make relation or connections between those results.
  • 41. Info.Gathering Using Search Engine • Maltego is an open source intelligence and forensics application. • It allows for the mining and gathering of information as well as the representation of this information in a meaningful way. • Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them.
  • 42.
  • 43.
  • 44. Information Gathering Almost 80% internet users use blogs/forums for knowledge sharing purpose. Information gathering from specific blog will also helpful in investigations.  Information gathering from Social Networking websites can also reveal personal info about suspect.  Many websites stored email id lists for newsletters. these email ids can also be retrieved using email spiders.
  • 45. Phishing Frauds In the cyber-world phishing is a form of illegal act whereby fraudulently sensitive information is acquired, such as passwords and credit card details, by a person/entity masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e- mail or instantaneous communication.
  • 46. Investigation Steps  Investigator should trace Email using Headers.  As it is going to be Spoof Mail in every case, Investigator should gather information about hosting server from which it is originated.  Contacting Hosting Server with Message ID & Headers for Real IP Address.  Asking for Domain names registered within specific time duration during which this incident reported.  Credit Card or Paypal account or any other online payment account which was used for transaction.
  • 47. Cont…….. Bank Statement with online banking A/C Access log which gives IP address of the culprit.  Beneficiary Bank account statement.  Beneficiary Bank account Access Log.
  • 48. Prevention is Better Harden the server Monitor alerts Scan and apply patches Monitor log Good physical Security Intrusion detection system. Train the technical staff only Serous policy and procedure.
  • 49. Scan and apply patches
  • 51. Good Physical Security Preimeter Security Computer room security Desktop security Close monitoring of admin’s work area No floppy drive No bootable CD’s
  • 52. Security Awareness Sharing admin accounts Service accounts Accounts naming conventions Hardening Passwords (Understand NT passwords !) Two-factor authentication
  • 53. Serious Policy & Procedures Top-down commitment Investment Designed-in security Regular audits Regular penetration Testing Education & awareness