Ethical Hacking

Narendra Rajwar

By

What is Ethical Hacking?

Ethical hacking defined methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems operating environments. "Being ethical is doing what the law requires." With the growth of the Internet, computer security has become a major concern for businesses and governments. a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.

Hackers

The explosive growth of the Internet has brought many good thingsAs with most technological advances, there is also a dark side: criminal hackers. The term hacker has a dual usage in the computer industry today. Originally, the term was defined as: HACKER 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.

Who are Ethical Hackers?

Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy. Ethical hackers typically have very strong programming and computer networking skills. They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., Linux or Windows 2000) used on target systems. These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors.

What do Ethical Hackers do?

An ethical hackers evaluation of a systems security seeks answers to these basic questions: What can an intruder see on the target systems? What can an intruder do with that information? Does anyone at the target notice the intruders at tempts or successes? What are you trying to protect? What are you trying to protect against? How much time, effort, and money are you willing to expend to obtain adequate protection?

Routers: knowledge of routers, routing protocols, and access control lists Microsoft: skills in operation, configuration and management. Linux: knowledge of Linux/Unix; security setting, configuration, and services. Firewalls: configurations, and operation of intrusion detection systems. Mainframes Network Protocols: TCP/IP; how they function and can be manipulated. Project Management: knowledge of leading, planning, organizing, and controlling a penetration testing team.

Required Skills of an Ethical Hacker

Modes of Ethical Hacking

Insider attack Outsider attack Stolen equipment attack Physical entry Bypassed authentication attack (wireless access points) Social engineering attack

Anatomy of an attack:
Reconnaissance attacker gathers information, can include social engineering. Scanning searches for open ports (port scan) probes target for vulnerabilities. Gaining access attacker exploits vulnerabilities to get inside system. Maintaining access creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in. Covering tracks deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized.

Hacker Classes
Black hats highly skilled, malicious, destructive crackers White hats skills used for defensive security analysts Gray hats offensively and defensively; will hack for different reasons, depends on situation.

Ec-Council Topics

Scanning System Hacking Trojans Denial of Service Hacking Web Servers Web Application Vulnerabilities Web Based Password Cracking Techniques SQL Injection Hacking Wireless Networks Viruses Cryptography

Ethical Hacking Benefits

Penetration Tests are Designed to Identify Vulnerabilities Before They are Exploited. Provides a Solid Understanding of What is Visible and Possibly Vulnerable. Preventative Measure Can be Very Effective. Should Include a Remediation Phase -Correct Identified Vulnerabilities and Exposures

THANK YOU