Beruflich Dokumente
Kultur Dokumente
Narendra Rajwar
By
Ethical hacking defined methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems operating environments. "Being ethical is doing what the law requires." With the growth of the Internet, computer security has become a major concern for businesses and governments. a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.
Hackers
The explosive growth of the Internet has brought many good thingsAs with most technological advances, there is also a dark side: criminal hackers. The term hacker has a dual usage in the computer industry today. Originally, the term was defined as: HACKER 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.
Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy. Ethical hackers typically have very strong programming and computer networking skills. They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., Linux or Windows 2000) used on target systems. These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors.
Routers: knowledge of routers, routing protocols, and access control lists Microsoft: skills in operation, configuration and management. Linux: knowledge of Linux/Unix; security setting, configuration, and services. Firewalls: configurations, and operation of intrusion detection systems. Mainframes Network Protocols: TCP/IP; how they function and can be manipulated. Project Management: knowledge of leading, planning, organizing, and controlling a penetration testing team.
Insider attack Outsider attack Stolen equipment attack Physical entry Bypassed authentication attack (wireless access points) Social engineering attack
Anatomy of an attack:
Reconnaissance attacker gathers information, can include social engineering. Scanning searches for open ports (port scan) probes target for vulnerabilities. Gaining access attacker exploits vulnerabilities to get inside system. Maintaining access creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in. Covering tracks deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized.
Hacker Classes
Black hats highly skilled, malicious, destructive crackers White hats skills used for defensive security analysts Gray hats offensively and defensively; will hack for different reasons, depends on situation.
Ec-Council Topics
Scanning System Hacking Trojans Denial of Service Hacking Web Servers Web Application Vulnerabilities Web Based Password Cracking Techniques SQL Injection Hacking Wireless Networks Viruses Cryptography
THANK YOU