Ethical Hacking

10,486 views

Published on

A presentation on Ethical Hacking.

Published in: Technology, News & Politics
2 Comments
8 Likes
Statistics
Notes
No Downloads
Views
Total views
10,486
On SlideShare
0
From Embeds
0
Number of Embeds
121
Actions
Shares
0
Downloads
1,580
Comments
2
Likes
8
Embeds 0
No embeds

No notes for slide

Ethical Hacking

  1. 1. Presented by: Manisha, Shruti, Satish, Viraj. [3 rd semester I.T.]
  2. 2. Also Called – Attack & Penetration Testing, White-hat hacking…. Ethical Hacking How much do Ethical Hackers get Paid? In the United States, an ethical hacker can make upwards of $120,000 per annum.
  3. 3. Source: CERT-India January - 2005 Defacement Statistics for Indian Websites June 01, 2004 to Dec.31, 2004 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131
  4. 4. Source: CERT/CC Total Number of Hacking Incidents Graph upto fiscal year 2003
  5. 8. Hackers Black Hats White Hats Gray Hats
  6. 9. <ul><li>Preparation </li></ul><ul><li>Footprinting </li></ul><ul><li>Enumeration & Fingerprinting </li></ul><ul><li>Identification of Vulnerabilities </li></ul><ul><li>Attacking </li></ul>
  7. 10. <ul><li>Identification of Targets – company websites, mail servers, extranets, etc. </li></ul><ul><li>Signing of Contract </li></ul><ul><ul><li>Agreement on protection against any legal issues </li></ul></ul><ul><ul><li>Time window for Attacks </li></ul></ul><ul><ul><li>Total time for the testing </li></ul></ul><ul><ul><li>Prior Knowledge of the systems </li></ul></ul><ul><ul><li>Key people who are made aware of the testing </li></ul></ul>
  8. 11. <ul><li>Collecting as much information about the target </li></ul><ul><li>DNS Servers </li></ul><ul><li>IP Ranges </li></ul><ul><li>Administrative Contacts </li></ul><ul><li>Information Sources </li></ul><ul><li>Search engines </li></ul><ul><li>Forums </li></ul><ul><li>Databases – whois, ripe, etc... </li></ul><ul><li>Tools – PING, whois, Traceroute, etc... </li></ul>
  9. 15. <ul><li>Specific targets determined </li></ul><ul><li>Identification of Services / open ports </li></ul><ul><li>Operating System Enumeration </li></ul><ul><li>Methods </li></ul><ul><li>Banner grabbing </li></ul><ul><li>Responses to various protocol like TCP </li></ul><ul><li>Port / Service Scans – TCP Connect, TCP SYN, etc... </li></ul><ul><li>Tools </li></ul><ul><li>Telnet, Angry IP Scanner, Nmap… </li></ul>
  10. 16. <ul><li>Insecure Configuration </li></ul><ul><li>Weak passwords </li></ul><ul><li>Possible Vulnerabilities in Services, Operating Systems </li></ul><ul><li>Insecure programming </li></ul><ul><li>Weak Access Control </li></ul>
  11. 17. <ul><li>Obtain as much information (trophies) from the Target Asset </li></ul><ul><li>Gaining Normal Access </li></ul><ul><li>Obtaining access to other connected systems </li></ul><ul><li>Application Specific Attacks </li></ul><ul><li>Gaining access to application Databases </li></ul><ul><li>SQL Injection </li></ul><ul><li>Spamming </li></ul>
  12. 18. <ul><li>Methodology </li></ul><ul><li>Proof for Exploits - Trophies </li></ul><ul><li>Practical Security solutions </li></ul>
  13. 21. <ul><li>Course Material </li></ul>www.eccouncil.org ISBN 0-9729362-1-1
  14. 23. http://www.hackerhighschool.org/
  15. 26. <ul><li>Working Ethically </li></ul><ul><ul><li>Trustworthiness </li></ul></ul><ul><ul><li>No misuse for personal gain </li></ul></ul><ul><li>Hacking is not a crime when it is done under set of rules… </li></ul><ul><li>That’s why frnz its termed as ETHICAL HACKING!!! </li></ul>
  16. 27. Any Questions?

×