1. Ethical hacking involves legally accessing a computer system or network to test security by finding vulnerabilities. It is done with permission and as part of an overall security program. 2. The process of ethical hacking involves preparation, footprinting, identification of vulnerabilities through techniques like port scanning, and then reporting findings to the organization without causing damage. 3. An ethical hacker has the same skills as a hacker but performs security testing in a legal, consensual, and non-destructive manner by obtaining permission and following predefined rules of engagement.

1. 1

2. What is Ethical Hacking ?
Ethical Hacking - Process
Why – Ethical Hacking ?
Reporting
Ethical Hacking – Commandments
2

3. What is Ethical Hacking ??
Also Called – Attack & Penetration Testing,
White-hat hacking, Red teaming.
Process of breaking into systems for :-
 Personal or Commercial Gains.
 Malicious Intent – Causing sever damage to
Information & Assets.
3

4. SOMEONE WHO
LIKES TO TINKER
WITH SOFTWARE
OR ELECTRONIC
SYSTEMS
4

5. WHITE-HAT
HACKERS
BLACK-HAT
HACKERS
GRAY-HAT
HACKERS
5

6. 6
It is Legal.
Permission is obtained from the target.
Part of an overall security program.
Identify vulnerabilities visible from Internet a
particular point of time.
Ethical hackers possesses same skills, mindset and
tools of a hacker but the attacks are done in a non-
destructive manner.

7. 7

8. 8
Defacement Statistics for Indian Websites
June 01, 2004 to Dec.31, 2014
Domains No of Defacements
.com 922
.gov.in 24
.org 53
.net 39
.biz 12
.co.in 48
.ac.in 13
.info 3
.nic.in 2
.edu 2
other 13
Total 1131
Source: CERT-India

9. 9

10. 10
Viruses, Trojan
Horses,
and Worms
Social
Engineering
Automated
Attacks
Accidental
Breaches in
Security Denial of
Service (DoS)
Organizational
Attacks
Restricted
Data
Protection from possible External attacks

11. 11
Will have same mind set & tools as do
hackers have but in a non destructive
manner.
Will have permissions to enter into the
target network.
To find the vulnerability.
To report the vulnerability to the
organization.

12. 12
 Preparation.
 Foot-printing.
 Enumeration & Fingerprinting.
 Identification of Vulnerabilities
 Attack – Exploit the Vulnerabilities.
 Clearing tracks.

13. 13
Specific systems to be tested.
Risks that are involved.
When the tests are to be performed & the overall
time.
Amount of knowledge of the systems.
What is to be done when vulnerability is discovered.

14. 14
Collecting as much information about the target
DNS Servers
IP Ranges
Administrative Contacts
Problems revealed by administrators
oInformation Sources
oSearch engines
oForums
oDatabases – whois, ripe, arin, apnic
Tools – PING, whois, Traceroute, DIG, nslookup,
samspade.

15. 15
Specific targets determined
Identification of Services / open ports.
To find other hosts in the entire network.
Tools :-Nmap, FScan, Hping,
Firewalk, netcat, tcpdump,
ssh, telnet, SNMP Scanner.

16. 16
 Insecure Configuration.
 Weak Passwords – Default Passwords, Brute
force, Social Engineering, Listening to Traffic.
 Insecure Programming – SQL Injection,
Listening to Traffic.
Weak Access Control – Using the Application
Logic, SQL Injection Weak Access Control.
VULNERABILITIES :-

17. 17
Application Specific Attacks
Exploiting implementations of HTTP, SMTP protocols.
Gaining access to application Databases.
SQL Injection.
Spamming

18. 18
•Helps in closing the open holes in the system network.
•Provides security to banking and financial establishments.
•Prevents website defacements .
•“To catch a thief you have to think like a thief”.
•All depends upon the trustworthiness of the ethical hacker.
•Hiring professionals is expensive.

19. 19