Ethical hacking (legal)

877 views

Published on

A complete description about hacking and some internal attacks..
just shows gaining access.

  • Be the first to comment

Ethical hacking (legal)

  1. 1. ETHICAL HACKING
  2. 2. AGENDA • WHAT IS ‘HACKING’? • WHY HACKING IS CONSIDERED AS ‘CYBER FRAUD’? • WHAT IS ‘ETHICAL HACKING’? • PROCESS INVOLVED • GAINING ACCESS • INTERNAL AND EXTERNAL ATTACKS • LEGAL AND ETHICAL QUESTIONS.
  3. 3. HACKING • A Process of illegaly corrupting or extracting some private informations from a computer system or network. • One who attempts crashing private datas, overloading thier system with traffic or stealing the data such as credit and debit card details are known as ‘hackers’. • Hackers are the one who programs enthusiastically or simply who enjoys the programming rather than simply theorizing about the programme. • They code on basis of thier own needs.
  4. 4. TYPES OF HACKERS • First know about ‘HACKERS vs CRACKERS’: HACKERS are the good guys who breaks into the system and tell the administrator how to prevent others from getting in. CRACKERS are bad guys who break in and do damage. TYPES OF HACKERS:  Black hat hackers- who involves in ‘cyber fraud’.  White hat hackers-who use thier skills for good purpose.  Adult hacker- who are underemployed and need some recognition in hacker community.  Gray hat hackers-who works in need of money
  5. 5. BEYOND HACKING • SOME OTHER ISSUES: • PHREAKING- Cracking the telecom networks. • SPOOFING- Facking the originating IP address in datagram(Entering into an org. WIFI illegaly). • DENIAL OF SERVICE(DOS)- Flooding a host with sufficient network traffic. • PORT SCANNING- Searching for vulnerabilities. WHY HACKING IS CONSIDERED AS ‘CYBER FRAUD’? (Old crimes,commited on or through the new medium of internet but, New crimes are created within the internet itself)
  6. 6. REPORT ON MONSTER CASE
  7. 7. AGES THROUGH HACKING • 1969 - Unix ‘hacked’ together • 1971 - Cap ‘n Crunch phone exploit discovered • 1988 - Morris Internet worm crashes 6,000 servers • 1994 - $10 million transferred from CitiBank accounts • 1995 - Kevin Mitnick sentenced to 5 years in jail • 2000 - Major websites succumb to DDoS • 2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked while web database was undergoing maintenance) • 2001 Code Red – exploited bug in MS IIS to penetrate & spread – probes random IPs for systems running IIS – had trigger time for denial-of-service attack – 2nd wave infected 360000 servers in 14 hours • Code Red 2 - had backdoor installed to allow remote control • Nimda -used multiple infection mechanisms email, shares, web client, IIS • 2002 – Slammer Worm brings web to its knees by attacking MS SQL Server • 2004-Monster case in India.
  8. 8. WHAT IS AN ‘ETHICAL HACKING’? • RE-CONFIGURATION of a system or software to function in ways not facilated by the Administrator or Designer. • It is Legal. • Permission is obtained from the target. • It is a part of an overall secutiy from the programme. • A well programming mind and skilled persons who using ‘Unix or Linux’ is more than enough • Eventhough it possess same skills and mindsets of hackers and crackers, Attacks are done by NON- DESTRUCTIVE MANNER(NDM)
  9. 9. PROCESS INVOLVED • PREPERATION: o Identification of targets(company websites, mail servers etc..) o Aware about total time for testing o Key people who are made Aware of testing the target • FOOTINGS: o Collection of as much informations about target(IP ranges, Adminstrator contact, problems evolved etc..) o Aware about information sources(forums etc..)
  10. 10. PROCESS INVOLVED • ENUMERATION OR FINGER PRINT: o An operating system enumeration. o Methods such as,  Banner Grabbing  Responces to various protocols (such as, ICMP & TCP Commands) TOOLS: Nmap,Fsacn,Hping , TELnet etc..
  11. 11. PROCESS INVOLVED • IDENTIFICATION OF VULNERABILITIES: o INSECURE configuration o INSECURE coding o Weak passwords o Weak Access controll o Listening to traffic etc… TOOLS: Password crackers- Pwddump,john the ripper & more Vulnerability scanners- ISS,SARA. Listening to traffic- Ethercad.
  12. 12. GAINING ACCESS • FRONT DOOR- i) Password guessing ii)Password / KEY stealing • BACK DOOR- i)Forgot to remove before release. ii)Often left by original developers or debuggers • TROJAN-HORSES-: They are usually hidden inside the software that we download and install from the net. • SOFTWARE EXPLOITATION- : • It is a Fertile ground for script kiddies looking for something to do. Eg:gray hat hackers
  13. 13. MY FEW SUGGESTIONS • To prevent this in future,  Implement a Firewall and develope the security.  Use hard to get Passwords  Disconnect your Internet when not in use.  Spam E-mail should not be opened.  Avoid giving your personal details on social networks such as(facebook,twiteer,linkedin,nowell etc..)  Secure your Wireless network and keep your system updated.
  14. 14. LEGAL AND ETHICAL QUESTIONS • What is ‘Ethical’ hacking? • How to react mischief on nuisances? • Is scanning for vulnerabilities is LEGAL? • Can private propety LAWS be applied on Network?
  15. 15. A PRESENTATION BY THANGARAJ.M

×