Ethical Hacking Brief

1. 1

2. WHAT IS ETHICAL HACKING
 Ethical hacking are the terms that describe hacking
performed to help a company or individual identify
potential threats on the computer or network.
 An ethical hacker attempts to hack their way past the
system security, finding any weak points in the security
that could be exploited by other hackers.
2

3. What does an Ethical Hacker do ?
An ethical hacker is a person
I. Who tries to penetrate into a network to find if
there is some vulnerability in the system and they
Have permission for that.
II. If he succeed in penetrating into the system he
goes to the next level and then he will report
about the vulnerability exploiting which he got
in to the system.
3

4. For Indian organizations, these statistics should serve as a wake up call.
I. As per the CSRT statistics, more than 16,000 Indian websites were
hacked every year.
II. A total of 294 websites belonging to various ministries and government
departments were hacked in 2012 .
III. The script kiddies of today becomes the real hackers of tomorrow, who
are well equipped to steal Indian government information discreetly.
Why – Ethical Hacking
4

5. Total Number of Hacking Incidents
5

6. Ethical Hacking
 It is Legal
 Permission is obtained from the target
 It is the Part of an overall security program
 Ethical hackers possesses same skills, mindset and tools of a
hacker but the attacks are done in a non-destructive
manner
6

7. Who are Hackers?
 Someone who bypasses the system’s access controls by taking advantage of
security weaknesses left in the system by developers .
 Person who likes to examine the code of programs to see how they work …
then uses his computer expertise for gaining access to computer systems
without permission and tampering with programs and data. At that point, this
individual would steal information and install backdoors and virus.
 Hacker means cracker nowadays.
7

8. Why do people hack??
To make security stronger ( Ethical Hacking )
Just for fun
Hack other systems secretly
Notify many people their thought
Steal important information
8

9. TYPEs OF HACKERS
 White-Hat Hackers
(Ethical Hackers)
 Black-Hat Hackers
 Grey-Hat Hackers
9

10. 10
Types of hackers cont..
White Hat Hackers:
A white hat is specializes in penetration testing and in other
testing methodologies to ensure the security of an organization's
information systems.
Black Hat Hackers:
A black hat is the villain or bad guy, especially in a western movie
in which such a character would stereotypically wear a black hat
in contrast to the hero's white hat and they always works as
anonymous.
 Gray Hat Hackers:
A grey hat, in the hacking community, refers to a skilled hacker
whose activities fall somewhere between white and black hat
hackers on a variety of spectra.
10

11.  Script Kiddies:
 Use scripts or programs developed by others to attack computer systems
and networks.
 Phreak
 A phreak is someone who breaks into the telephone network illegally, to
make free long-distance phone calls or to tap phone lines.
 Cyber Punk
 Recent mutation of … the hacker, cracker, and phreak
Types of hackers cont..
11

12. ETHICAL Hacking - Process
12
• Preparation1
• Foot printing2
• Enumeration & Fingerprinting3
• Identification of Vulnerabilities4
• Attack5
• Gaining Access6
• Escalating privilege7
• Covering tracks8
• Creating back doors9

13. 1. Preparation
Identification of Targets – company websites, mail servers, etc.
Signing of Contract
Agreement on protection against any legal issues
Contracts clearly specifies the limits and dangers of the test
Total time for the testing
Prior Knowledge of the systems
13

14. 2. Foot printing
Foot printing is the technique of gathering information about computer systems—
Collecting as much information about the target
DNS Servers
IP Ranges
Admin Contacts
Problems revealed by admin
Information Sources
Search engines
Forums
Tools – PING, whois, Traceroute,etc
14

15. 3. Enumeration & Fingerprinting
Enumeration is a process to gather the information about user names and network
resources .
Fingerprinting identifies specifics of your hardware and software configurations--
Specific targets determined
Identification of Services / open ports
Operating System Enumeration
Methods
Banner grabbing
Port / Service Scans
Tools
Hping, Firewalk, netcat, ssh, telnet, etc.
15

16. 4. Identification of Vulnerabilities
Vulnerability is a weakness which allows an attacker to reduce system's
information assurance.
Insecure Configuration
Weak passwords
Insecure programming
Weak Access Control
16

17. 5. Attack–Exploit the vulnerabilities
Network Infrastructure Attacks
Connecting to the network through modem
Weaknesses in TCP / IP
Flooding the network
Operating System Attacks
Attacking Authentication Systems
Exploiting Protocol Implementations
Exploiting Insecure configuration
Breaking File-System Security
17

18. 6. Gaining access:
Enough data has been gathered at this point to make an informed attempt to
access the target
Techniques
 Network sniffing – searching of sensitive information like password
 File share brute forcing
 Password file grab
 Buffer overflows
18

19. 7. Escalating Privileges
If only user-level access was obtained in the last step, the attacker will
now seek to gain complete control of the system
Techniques
 Password cracking
19

20. 8. Covering Tracks
Once total ownership of the target is secured, hiding this fact from system
administrators.
Techniques
 Clear logs-Eliminating logging evidence to become anonymous
 Hide tools
20

21. 9. Creating Back Doors
Trap doors will be laid in various parts of the system to ensure that privileged
access is easily regained at the whim of the intruder
Techniques
 Create fake user accounts
 Plant remote control services
 Install monitoring mechanisms
 Replace apps with Trojans and virus
21

22. Why can’t defend against hackers?
There are many unknown security hole
Hackers need to know only one security hole to hack the system
Admin need to know all security holes to defend the system
Ethical hackers find those security holes by testing
22

23. Ethical Hacker - Commandments
Working Ethically
Trustworthiness
No misuse for personal gain
Hacking is not a crime when it is done under set of rules…
That’s why it is termed as ETHICAL HACKING!!!
23

24.  Always security professionals are one step behind the hackers and crackers.
 Plan for the unplanned attacks.
 The role of ethical hacking in security is to provide customers with
awareness of how they could be attacked and why they are targeted.
 “This country needs more and better quality of Ethical Hackers
and for that more and more individual should consider it as a
profession.”
24

25. 25