SlideShare una empresa de Scribd logo

Ethical Hacking

S
Syed Irshad Ali
1 de 7
Descargar para leer sin conexión
Ethical Hacking Introduction The explosive growth of the Internet has brought many good things such as E-commerce-banking, E- mail, Cloud Computing, but there is also a Dark side such as Hacking, Backdoors etc. Hacking is the first big problem faced by Governments, companies, and private citizens around the world. Hacking includes reading others e-mails, steal their credit card numbers from an on-line shopping site, secretly transmitting secrets to the open Internet. An Ethical Hacker can help the people who are suffered by this Hacking. Ethical Hacking can be defined as a legal access of an Internet geek or group in any organization’s online property after their official permission. History  1960’s The original mean of the word “HACK” started at MIT; meant ELEGANT.  1970’s John Draper discovers a toy whistle can access AT&T’s long distance switching system. Steve Wozniak the future of Apple Computer, make and sell blue boxes.  1983 Kids’ Games Movie “THE WAR GAMES” introduces public to hacking.  1989 German Hackers arrested for breaking into US Computer; sold information to Soviet.  1999 E-Commerce Company attacked; blackmail treats followed by 8 million Credit Card numbers stolen.  2009 In ICICI bank hackers done withdrawal of money. In London hackers hacked 1 Crore e-accounts of Hotmail. Ethical Hackers and Hacking Ethical Hackers An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat. Ethical Hacking
Ethical hacking is also known as penetration testing, intrusion testing and red teaming. It is also known as detecting, reporting, exploiting, security vulnerabilities. In order for hacking to be deemed ethical, the hacker must obey the below rules. 1. You have permission to probe the network and attempt to identify potential security risks. It is recommended that if you are the person performing the tests that you get written consent. 2. You respect the individual's or company's privacy and only go looking for security issues. 3. You report all security vulnerabilities you detect to the company, not leaving anything open for you or someone else to come in at a later time. 4. You let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software or hardware if not already known by the company Why do Hackers Attack? There are many reasons why a hacker might attack a system. Some possibilities may include:  Obtain a company’s secrets or insider information.  Use the system’s hard drive for storage, often for pornography or stolen software.  Steal credit card numbers.  Steal passwords to other systems.  Use the computer in an attack on another computer or system.  To steal programs or files.  Read others’ email.  Stalking.  A challenge, or "to see if I can".  To impress other hackers.  Just something to do (boredom) Clues and Signs of Hacking  Some signs that your computer or user account may have been hacked include:  Files disappear or are modified unexpectedly.  Strange files appear or grow in size unexpectedly.  Hard disk space shrinks without reason.  The computer slows considerably, or problems appear suddenly  Strange messages or dialog boxes appear on the screen.  The computer starts crashing frequently.  Programs stop working as expected.  Your internet connection slows dramatically for an extended period.  You notice your internet connection is in use, but you are not using it.  You get a phone call, letter, or email from your Internet service provider or administrator noting strange activity. Overview of Hacking Techniques The depth and variety of techniques employed by hackers to illegally enter a computer system are vast, for this reason I intend to provide a brief overview of some of the more common techniques
involved, without going into much detail on any particular technique. Hacking a system is a two-step process, Gathering Information and Launching an Attack. 1. Gathering Information A dedicated hacker may spend several months gathering information on the intended target before launching an attack armed with this new information, but there are also more remote methods available to the hacker.  Port Scanning: A port scanner is a program that automatically detects security weaknesses in a remote system. Scanners are TCP port scanners, that attack TCP/IP ports and services (Telnet or FTP, for example), and record the response from the target. In this way, they learn valuable information about the targeted system such as if whether or not the remote system will allow an anonymous user to log in, or indeed if the system is protected by a firewall. Many hackers simply type large amounts of IP addresses into a port-scanning program and launch random attacks on many users simultaneously, hoping to strike it lucky with that one system that shows a serious weakness.  Packet Sniffing: A sniffer is a piece of software that grabs information 'packets' that travel along a network. That network could be running a protocol, such as Ethernet, TCP/IP, IPX or others. The purpose of the sniffer is to place the network interface into 'promiscuous' mode and by doing so, capture all network traffic. Looking into packets can reveal valuable information like usernames, passwords, addresses or the contents of e-mails. 2. Launching Attacks There are many attacks employed by hackers. Here is an overview of just some of the more common:  Denial of Service (DOS): A denial of service attack is basically an act of sabotage against a service running on a port on a targeted system. The aim is to disable the service, for example a web server, in order to prevent people from being able to access that service remotely. A typical denial of service attack would involve sending hundreds or even thousands of connection requests to a single machine at any one time, causing the machine to crash under the strain. A more advanced approach is to send corrupt connection requests that exploit a flaw in the service software which fails to recognize the malformed data when it attempts to process it, resulting in a system crash.  Password Cracking: A password cracker is a program that attempts to decrypt or otherwise disable password protection. Often simulation tools are used to simulate the same algorithm as the original password program. Through a comparative analysis, these tools try to match encrypted versions of the password to the original. Many password crackers are simply brute-force engines that try word after word from a dictionary, often at very high speeds.  Packet Sequence Attacks: In packet sequence attacks, the hacker tries to guess the random sequence number of TCP packets so that he/she can insert their own
packets into a connection stream. In this way the hacker can supply new corrupt content between two hosts, while remaining largely anonymous.  Operating System Exploits: All operating systems (Windows NT, Unix, Red hat Linux etc.) have their own specific vulnerabilities and bugs that need to be resolved by 'patching' the OS in order to keep it up to date. Unfortunately, many system administrators neglect to do so frequently enough, leaving their systems open to attack. Hackers, however, are very thorough in keeping abreast of all the possible vulnerabilities in all operating systems.  FTP (File Transfer Protocol) Bounce Attacks: The main problem with FTP bounce attacks is that the hacker can use the PORT command in active FTP mode in order to establish connections with machines other the original FTP server, effectively allowing the hacker's connection to 'bounce' off the FTP server to another clients machine.  FTP Core Dumping: FTP core dumping enables the hacker to bring down the FTP service. A core dump may be stored on an FTP readable area, where it can then be retrieved in a following FTP session. The first few lines contain the password file that can be cracked offline. Once the hacker has the password, they can impersonate a legitimate user and remove, update or delete files at will. Safety Tips  Personal Information. Don’t give out personal information. This means you should not share your last name, home address, school name, or telephone number. Remember, just because someone asks for information about you does not mean you have to tell them anything about yourself!  Screen Name. When creating your screen name, do not include personal information like your last name or date of birth.  Passwords. Don’t share your password with anyone but your parents. When you use a public computer make sure you logout of the accounts you’ve accessed before leaving the terminal.  Photos. Don’t post photos or videos online/ if u post, make it sure it is visible only to friends.  Online Friends. Don’t agree to meet an online friend. Unfortunately, sometimes people pretend to be people they aren't. Remember that not everything you read online is true.  Online Ads. Don’t buy anything online without making sure about that is it genuine. Some ads may try to trick you by offering free things or telling you that you have won something as a way of collecting your personal information.  Downloading. Attachments sometimes contain viruses. Never open an attachment from someone you don’t know.
 Bullying. Don’t send or respond to mean or insulting messages.  Social Networking. Many social networking websites (e.g., Facebook, Twitter, Second Life and MySpace) and blog hosting websites have minimum age requirements to signup. These requirements are there to protect you!  Research. Talk to your librarian, teacher or parent about safe and accurate websites for research. The public library offers lots of resources. If you use online information in your projects make sure you explain where you got the information Statistics Actual Annual cost of Cyber Crime rose to $114 billion/year in 2012 from $67.2 billion/year in 2007. The above statistics is when only 9% Indian are using internet whereas in US, 70-85% Americans are using Internet, and sorry to say this but around 80% persons involved in this are aging between 18- 25 years. Crime rate is at 300% per year in India.
Terrorism 3% Chat Room Abuse 2% Copyright Voilations 4%Children Related 6% Hacking/ Viruses 9% Harrassments/ Threats 9%Email Abuse 9%Stalking 11% Child Pornography 17% Fraud Scams 26% Others 4% Cyber Jurisprudence
Tips – How to do Ethical Hacking So first you should be very patient with this and try not to do anything too stupid and get yourself in trouble.Keep in mind that this does not come instantly, it comes over years of practice Steps 1. Learn how to code: Learn how to code in C++ is a good start. Find a good C++ website. 2. Learn how to use command prompt: The command prompt is one of the most important things to become hacker. It will help a lot if you learn this early on. 3. Act like a hacker: Being a hacker doesn’t necessarily make you a computer nerd, so don’t act like one. Showing off to your friends is nice and all but real about it 24/7 makes you lame and socially awkward. So don’t make hackers look lame. Just be cool about it. 4. When you learn how to program, the best thing to hack is yourself: Doing so can help you keep your system safe and help you learn how to hack other systems. 5. Communicate with other hackers:. Doing so may help you get a good reputation amongst the hackers’ society and if you are lucky they might just teach you a few things while you are there. Disclaimer: Persons will be responsible for their act. Real life Cases – To be discussed in presentation. Conclusion: The research paper concludes on a note that good auditing and consideration of security measures from time to time and vigilance intrusion detecting and good systems administration can be very effective ways of securing and fortifying the company’s network.

Recomendados

Computer virus
Computer virusComputer virus
Computer virusvazhichal12
 
A to z of Cyber Crime
A to z of Cyber CrimeA to z of Cyber Crime
A to z of Cyber CrimeJessore University of Science & Technology, Jessore.
 
Hacking
HackingHacking
HackingNadeem Ahmad
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESShyam Kumar Singh
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
Computer Security
Computer SecurityComputer Security
Computer SecurityWilliam Mann
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Cyber crime introduction awareness program at st. xavier
Cyber crime introduction awareness program at st. xavierCyber crime introduction awareness program at st. xavier
Cyber crime introduction awareness program at st. xavierMo Han
 

Recomendados

Computer virus
Computer virusComputer virus
Computer virusvazhichal12
 
A to z of Cyber Crime
A to z of Cyber CrimeA to z of Cyber Crime
A to z of Cyber CrimeJessore University of Science & Technology, Jessore.
 
Hacking
HackingHacking
HackingNadeem Ahmad
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESShyam Kumar Singh
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 
Computer Security
Computer SecurityComputer Security
Computer SecurityWilliam Mann
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Cyber crime introduction awareness program at st. xavier
Cyber crime introduction awareness program at st. xavierCyber crime introduction awareness program at st. xavier
Cyber crime introduction awareness program at st. xavierMo Han
 
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATSJazzyNF
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hackingbaabtra.com - No. 1 supplier of quality freshers
 
C 7
C 7C 7
C 7Les Davy
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & SecuritySanjeev Kumar Jaiswal
 
Internet Threats
Internet ThreatsInternet Threats
Internet ThreatsRonalyn_Cao
 
Securitytips
SecuritytipsSecuritytips
SecuritytipsSantosh Khadsare
 
Security Pp Cis
Security Pp CisSecurity Pp Cis
Security Pp CisRobC76
 
Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer SecurityNicholas Davis
 
Hacking
HackingHacking
Hackingpranav patade
 
Internet Threats
Internet ThreatsInternet Threats
Internet ThreatsLeelet1121
 
Lock It Down, Keep It Safe
Lock It Down, Keep It SafeLock It Down, Keep It Safe
Lock It Down, Keep It Safeaaberra
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A DiscussionKaushik Patra
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
Internet Threats: Carlo Alvarez
Internet Threats: Carlo Alvarez Internet Threats: Carlo Alvarez
Internet Threats: Carlo Alvarez JohnnAlvarez
 
Phishing
PhishingPhishing
PhishingDeepak Kumar (D3)
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKINGNAWAZ KHAN
 
Security Threats
Security ThreatsSecurity Threats
Security ThreatsYasmeen Shaikh
 
Safety, Security and Ethics
Safety, Security and EthicsSafety, Security and Ethics
Safety, Security and Ethicsjnallnmnl
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hackingAnant Shrivastava
 

Más contenido relacionado

La actualidad más candente

[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATSJazzyNF
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Internet Threats
Internet ThreatsInternet Threats
Internet ThreatsRonalyn_Cao
 
Security Pp Cis
Security Pp CisSecurity Pp Cis
Security Pp CisRobC76
 
Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer SecurityNicholas Davis
 
Internet Threats
Internet ThreatsInternet Threats
Internet ThreatsLeelet1121
 
Lock It Down, Keep It Safe
Lock It Down, Keep It SafeLock It Down, Keep It Safe
Lock It Down, Keep It Safeaaberra
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A DiscussionKaushik Patra
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
Internet Threats: Carlo Alvarez
Internet Threats: Carlo Alvarez Internet Threats: Carlo Alvarez
Internet Threats: Carlo Alvarez JohnnAlvarez
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKINGNAWAZ KHAN
 
Safety, Security and Ethics
Safety, Security and EthicsSafety, Security and Ethics
Safety, Security and Ethicsjnallnmnl
 

La actualidad más candente (20)

[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
[EMPOWERMENT TECHNOLOGIES] - INTERNET THREATS
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hacking
 
C 7
C 7C 7
C 7
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security risks
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
 
Internet Threats
Internet ThreatsInternet Threats
Internet Threats
 
Securitytips
SecuritytipsSecuritytips
Securitytips
 
Security Pp Cis
Security Pp CisSecurity Pp Cis
Security Pp Cis
 
Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer Security
 
Hacking
HackingHacking
Hacking
 
Internet Threats
Internet ThreatsInternet Threats
Internet Threats
 
Lock It Down, Keep It Safe
Lock It Down, Keep It SafeLock It Down, Keep It Safe
Lock It Down, Keep It Safe
 
Information Security - A Discussion
Information Security - A DiscussionInformation Security - A Discussion
Information Security - A Discussion
 
Computer security risks
Computer security risksComputer security risks
Computer security risks
 
Internet Threats: Carlo Alvarez
Internet Threats: Carlo Alvarez Internet Threats: Carlo Alvarez
Internet Threats: Carlo Alvarez
 
Phishing
PhishingPhishing
Phishing
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Security Threats
Security ThreatsSecurity Threats
Security Threats
 
Safety, Security and Ethics
Safety, Security and EthicsSafety, Security and Ethics
Safety, Security and Ethics
 

Similar a Ethical Hacking

Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTDHRUV562167
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Shawon Raffi
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hackingparag101
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingsxkkjbzq2k
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)AFROZULLA KHAN Z
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security ritik shukla
 

Similar a Ethical Hacking (20)

Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
basic knowhow hacking
basic knowhow hackingbasic knowhow hacking
basic knowhow hacking
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 
31.ppt
31.ppt31.ppt
31.ppt
 
31.ppt
31.ppt31.ppt
31.ppt
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hacking
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
 
Hamza
HamzaHamza
Hamza
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Computer security
Computer securityComputer security
Computer security
 
Ethical hacking is a based on computer hacking
Ethical hacking is a based on computer hackingEthical hacking is a based on computer hacking
Ethical hacking is a based on computer hacking
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 

Más de Syed Irshad Ali

Derivatives in Capital Market
Derivatives in Capital MarketDerivatives in Capital Market
Derivatives in Capital MarketSyed Irshad Ali
 
Deemed Income under Income Tax Act
Deemed Income under Income Tax ActDeemed Income under Income Tax Act
Deemed Income under Income Tax ActSyed Irshad Ali
 
Survey, Search and seizure Under Income Tax Act
Survey, Search and seizure Under Income Tax ActSurvey, Search and seizure Under Income Tax Act
Survey, Search and seizure Under Income Tax ActSyed Irshad Ali
 
Service Tax Law Bird Eye Overview
Service Tax Law Bird Eye OverviewService Tax Law Bird Eye Overview
Service Tax Law Bird Eye OverviewSyed Irshad Ali
 
Point of Taxation Under Service Tax Laws
Point of Taxation Under Service Tax LawsPoint of Taxation Under Service Tax Laws
Point of Taxation Under Service Tax LawsSyed Irshad Ali
 
Technology In CA Education
Technology In CA Education Technology In CA Education
Technology In CA Education Syed Irshad Ali
 
Section 4A Valuation Under Excise Laws
Section 4A Valuation Under Excise LawsSection 4A Valuation Under Excise Laws
Section 4A Valuation Under Excise LawsSyed Irshad Ali
 
Reverse Charge Mechanism Under Service Tax Laws
Reverse Charge Mechanism Under Service Tax Laws Reverse Charge Mechanism Under Service Tax Laws
Reverse Charge Mechanism Under Service Tax Laws Syed Irshad Ali
 

Más de Syed Irshad Ali (8)

Derivatives in Capital Market
Derivatives in Capital MarketDerivatives in Capital Market
Derivatives in Capital Market
 
Deemed Income under Income Tax Act
Deemed Income under Income Tax ActDeemed Income under Income Tax Act
Deemed Income under Income Tax Act
 
Survey, Search and seizure Under Income Tax Act
Survey, Search and seizure Under Income Tax ActSurvey, Search and seizure Under Income Tax Act
Survey, Search and seizure Under Income Tax Act
 
Service Tax Law Bird Eye Overview
Service Tax Law Bird Eye OverviewService Tax Law Bird Eye Overview
Service Tax Law Bird Eye Overview
 
Point of Taxation Under Service Tax Laws
Point of Taxation Under Service Tax LawsPoint of Taxation Under Service Tax Laws
Point of Taxation Under Service Tax Laws
 
Technology In CA Education
Technology In CA Education Technology In CA Education
Technology In CA Education
 
Section 4A Valuation Under Excise Laws
Section 4A Valuation Under Excise LawsSection 4A Valuation Under Excise Laws
Section 4A Valuation Under Excise Laws
 
Reverse Charge Mechanism Under Service Tax Laws
Reverse Charge Mechanism Under Service Tax Laws Reverse Charge Mechanism Under Service Tax Laws
Reverse Charge Mechanism Under Service Tax Laws
 

Ethical Hacking

  • 1. Ethical Hacking Introduction The explosive growth of the Internet has brought many good things such as E-commerce-banking, E- mail, Cloud Computing, but there is also a Dark side such as Hacking, Backdoors etc. Hacking is the first big problem faced by Governments, companies, and private citizens around the world. Hacking includes reading others e-mails, steal their credit card numbers from an on-line shopping site, secretly transmitting secrets to the open Internet. An Ethical Hacker can help the people who are suffered by this Hacking. Ethical Hacking can be defined as a legal access of an Internet geek or group in any organization’s online property after their official permission. History  1960’s The original mean of the word “HACK” started at MIT; meant ELEGANT.  1970’s John Draper discovers a toy whistle can access AT&T’s long distance switching system. Steve Wozniak the future of Apple Computer, make and sell blue boxes.  1983 Kids’ Games Movie “THE WAR GAMES” introduces public to hacking.  1989 German Hackers arrested for breaking into US Computer; sold information to Soviet.  1999 E-Commerce Company attacked; blackmail treats followed by 8 million Credit Card numbers stolen.  2009 In ICICI bank hackers done withdrawal of money. In London hackers hacked 1 Crore e-accounts of Hotmail. Ethical Hackers and Hacking Ethical Hackers An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat. Ethical Hacking
  • 2. Ethical hacking is also known as penetration testing, intrusion testing and red teaming. It is also known as detecting, reporting, exploiting, security vulnerabilities. In order for hacking to be deemed ethical, the hacker must obey the below rules. 1. You have permission to probe the network and attempt to identify potential security risks. It is recommended that if you are the person performing the tests that you get written consent. 2. You respect the individual's or company's privacy and only go looking for security issues. 3. You report all security vulnerabilities you detect to the company, not leaving anything open for you or someone else to come in at a later time. 4. You let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their software or hardware if not already known by the company Why do Hackers Attack? There are many reasons why a hacker might attack a system. Some possibilities may include:  Obtain a company’s secrets or insider information.  Use the system’s hard drive for storage, often for pornography or stolen software.  Steal credit card numbers.  Steal passwords to other systems.  Use the computer in an attack on another computer or system.  To steal programs or files.  Read others’ email.  Stalking.  A challenge, or "to see if I can".  To impress other hackers.  Just something to do (boredom) Clues and Signs of Hacking  Some signs that your computer or user account may have been hacked include:  Files disappear or are modified unexpectedly.  Strange files appear or grow in size unexpectedly.  Hard disk space shrinks without reason.  The computer slows considerably, or problems appear suddenly  Strange messages or dialog boxes appear on the screen.  The computer starts crashing frequently.  Programs stop working as expected.  Your internet connection slows dramatically for an extended period.  You notice your internet connection is in use, but you are not using it.  You get a phone call, letter, or email from your Internet service provider or administrator noting strange activity. Overview of Hacking Techniques The depth and variety of techniques employed by hackers to illegally enter a computer system are vast, for this reason I intend to provide a brief overview of some of the more common techniques
  • 3. involved, without going into much detail on any particular technique. Hacking a system is a two-step process, Gathering Information and Launching an Attack. 1. Gathering Information A dedicated hacker may spend several months gathering information on the intended target before launching an attack armed with this new information, but there are also more remote methods available to the hacker.  Port Scanning: A port scanner is a program that automatically detects security weaknesses in a remote system. Scanners are TCP port scanners, that attack TCP/IP ports and services (Telnet or FTP, for example), and record the response from the target. In this way, they learn valuable information about the targeted system such as if whether or not the remote system will allow an anonymous user to log in, or indeed if the system is protected by a firewall. Many hackers simply type large amounts of IP addresses into a port-scanning program and launch random attacks on many users simultaneously, hoping to strike it lucky with that one system that shows a serious weakness.  Packet Sniffing: A sniffer is a piece of software that grabs information 'packets' that travel along a network. That network could be running a protocol, such as Ethernet, TCP/IP, IPX or others. The purpose of the sniffer is to place the network interface into 'promiscuous' mode and by doing so, capture all network traffic. Looking into packets can reveal valuable information like usernames, passwords, addresses or the contents of e-mails. 2. Launching Attacks There are many attacks employed by hackers. Here is an overview of just some of the more common:  Denial of Service (DOS): A denial of service attack is basically an act of sabotage against a service running on a port on a targeted system. The aim is to disable the service, for example a web server, in order to prevent people from being able to access that service remotely. A typical denial of service attack would involve sending hundreds or even thousands of connection requests to a single machine at any one time, causing the machine to crash under the strain. A more advanced approach is to send corrupt connection requests that exploit a flaw in the service software which fails to recognize the malformed data when it attempts to process it, resulting in a system crash.  Password Cracking: A password cracker is a program that attempts to decrypt or otherwise disable password protection. Often simulation tools are used to simulate the same algorithm as the original password program. Through a comparative analysis, these tools try to match encrypted versions of the password to the original. Many password crackers are simply brute-force engines that try word after word from a dictionary, often at very high speeds.  Packet Sequence Attacks: In packet sequence attacks, the hacker tries to guess the random sequence number of TCP packets so that he/she can insert their own
  • 4. packets into a connection stream. In this way the hacker can supply new corrupt content between two hosts, while remaining largely anonymous.  Operating System Exploits: All operating systems (Windows NT, Unix, Red hat Linux etc.) have their own specific vulnerabilities and bugs that need to be resolved by 'patching' the OS in order to keep it up to date. Unfortunately, many system administrators neglect to do so frequently enough, leaving their systems open to attack. Hackers, however, are very thorough in keeping abreast of all the possible vulnerabilities in all operating systems.  FTP (File Transfer Protocol) Bounce Attacks: The main problem with FTP bounce attacks is that the hacker can use the PORT command in active FTP mode in order to establish connections with machines other the original FTP server, effectively allowing the hacker's connection to 'bounce' off the FTP server to another clients machine.  FTP Core Dumping: FTP core dumping enables the hacker to bring down the FTP service. A core dump may be stored on an FTP readable area, where it can then be retrieved in a following FTP session. The first few lines contain the password file that can be cracked offline. Once the hacker has the password, they can impersonate a legitimate user and remove, update or delete files at will. Safety Tips  Personal Information. Don’t give out personal information. This means you should not share your last name, home address, school name, or telephone number. Remember, just because someone asks for information about you does not mean you have to tell them anything about yourself!  Screen Name. When creating your screen name, do not include personal information like your last name or date of birth.  Passwords. Don’t share your password with anyone but your parents. When you use a public computer make sure you logout of the accounts you’ve accessed before leaving the terminal.  Photos. Don’t post photos or videos online/ if u post, make it sure it is visible only to friends.  Online Friends. Don’t agree to meet an online friend. Unfortunately, sometimes people pretend to be people they aren't. Remember that not everything you read online is true.  Online Ads. Don’t buy anything online without making sure about that is it genuine. Some ads may try to trick you by offering free things or telling you that you have won something as a way of collecting your personal information.  Downloading. Attachments sometimes contain viruses. Never open an attachment from someone you don’t know.
  • 5.  Bullying. Don’t send or respond to mean or insulting messages.  Social Networking. Many social networking websites (e.g., Facebook, Twitter, Second Life and MySpace) and blog hosting websites have minimum age requirements to signup. These requirements are there to protect you!  Research. Talk to your librarian, teacher or parent about safe and accurate websites for research. The public library offers lots of resources. If you use online information in your projects make sure you explain where you got the information Statistics Actual Annual cost of Cyber Crime rose to $114 billion/year in 2012 from $67.2 billion/year in 2007. The above statistics is when only 9% Indian are using internet whereas in US, 70-85% Americans are using Internet, and sorry to say this but around 80% persons involved in this are aging between 18- 25 years. Crime rate is at 300% per year in India.
  • 6. Terrorism 3% Chat Room Abuse 2% Copyright Voilations 4%Children Related 6% Hacking/ Viruses 9% Harrassments/ Threats 9%Email Abuse 9%Stalking 11% Child Pornography 17% Fraud Scams 26% Others 4% Cyber Jurisprudence
  • 7. Tips – How to do Ethical Hacking So first you should be very patient with this and try not to do anything too stupid and get yourself in trouble.Keep in mind that this does not come instantly, it comes over years of practice Steps 1. Learn how to code: Learn how to code in C++ is a good start. Find a good C++ website. 2. Learn how to use command prompt: The command prompt is one of the most important things to become hacker. It will help a lot if you learn this early on. 3. Act like a hacker: Being a hacker doesn’t necessarily make you a computer nerd, so don’t act like one. Showing off to your friends is nice and all but real about it 24/7 makes you lame and socially awkward. So don’t make hackers look lame. Just be cool about it. 4. When you learn how to program, the best thing to hack is yourself: Doing so can help you keep your system safe and help you learn how to hack other systems. 5. Communicate with other hackers:. Doing so may help you get a good reputation amongst the hackers’ society and if you are lucky they might just teach you a few things while you are there. Disclaimer: Persons will be responsible for their act. Real life Cases – To be discussed in presentation. Conclusion: The research paper concludes on a note that good auditing and consideration of security measures from time to time and vigilance intrusion detecting and good systems administration can be very effective ways of securing and fortifying the company’s network.