Seminar on:-

Ethical Hacking

PRESENTED BY:- ASHISH KUMAR

Ethical Hacking

CONTENT:- WHAT IS ETHICAL HACKING??Difference between Hacking and Ethical Hacking??NEED FOR SECURITY??What do an Ethical Hacker do??Types of ethical hackings??Applications and resourcesdifferent ways of doing An ethical hack of your system:Advantage:ETHICAL HACKING CONCEPTBenefits of ethical hacking:Conclusion with future work:

WHAT IS ETHICAL HACKING

It is legal Permission is obtained from the target Part of an overall security program Identify vulnerabilities visible from internet at

particular point of time Ethical hacker process same skill ,mindset

and tools of a hacker but the attacks are done in a non-destructive manner

The growth of the Internet, computer security has become a major concern for businesses and governments

DIFFERENCE BETWEEN HACKING AND ETHICAL HACKINGhacking Hacking is getting "unauthorized" access to a computer system or a

resource Ethical hacking involves  getting authorized access to resources in order to test if that resource is vulnerable against attacks. The main difference between both the terms lies in the intent of the hacker. A hacker(cracker) breaks into a system or network to use the gathered information in a illegal way whereas an ethical hacker finds the loopholes in the security system only to strengthen it.

Ethical Hacker An ethical hacker is a computer and network expert

who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Ethical hacking is also known as penetration testing, intrusion testing and red teaming. An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the "good guy" wore a white hat and the "bad guy" wore a black hat.

Ethical hackers attempt to assess the vulnerability of computer systems or networks at the request of the system or network owners. By using the same methodology and resources available to criminal hackers, ethical hackers help identify the weak spots which can be exploited and then programmers are roped in to build up defences to protect the hardware or software. The information security industry is growing at a rate of 21% globally. Frost and Sullivan has estimated that there are 2.28 million information security skilled personnel around the world, which is expected to grow up to 4.2 million by 2015. Ethical hacking is also known as penetration testing, intrusion testing and red teaming

   An ethical hacker’s work is  interesting in a way that s/he

develops, tests and implements ways in which a network and its data can be protected. An ethical hacker is sometimes called a white hat, a term that comes from old Western movies, where the good guy wears a white hat and the bad guy wears a black hat  

NEED FOR SECURITY

Computer security is required because most organizations can be damaged by hostile software or intruders. There may be several forms of damage which are obviously interrelated which are produced by the intruders. These include:● lose of confidential data● Damage or destruction of data● Damage or destruction of computer system● Loss of reputation of a company

WHAT DO AN ETHICAL HACKER DO

An ethical hacker is a person doing ethical hacking that is he is a security personal who tries to penetrate in to a network to find if there is some vulnerability in the system. An ethical hacker will always have the permission to enter into the target network. An ethical hacker will first think with a mindset of a hacker who tries to get in to the system . He will first find out what an intruder can see or what others can see. Finding these an ethical hacker will try to get into the system with that information in whatever method he can. If he succeeds in penetrating into the system then he will report to the company with a detailed report about the particular vulnerability exploiting which he got in to the system. He may also sometimes make patches for that particular vulnerability or he may suggest some methods to prevent the vulnerability.

TYPES OF ETHICAL HACKINGS Ethical hackers use various methods for breaking the security system

in the organizations in the period of cyber attack. Various types of ethical hacks are: Remote Network: This process in especially utilized to recognize

the attacks that are causing among the internet. Usually the ethical hacker always tries to identify the default and proxy information in the networks some of then are firewalls, proxy etc.

Remote dial up network: Remote dial up network hack identify and try to protest from the attack that is causing among the client modern pool. For finding the open system the organizations will make use of the method called war dialing for the representative dialing. Open system is one of the examples for this type of attacks.

Local Network: local network hack is the process which is used to access the illegal information by making use of someone with physical access gaining through the local network. To start on this procedure the ethical hacker should ready to access the local network directly.

Stolen Equipment: By making use of the stolen equipment hack it is easy to identify the information of the thefts such as the laptops etc. the information secured by the owner of the laptop can be identified (Kimberly graves, 2007). Information like username, password and the security settings that are in the equipment are encoded by stealing the laptop.

Social engineering: A social engineering attack is the process which is used to check the reliability of the organization; this can be done by making use of the telecommunication or face to face communication by collecting the data which can be used in the attacks (Bryan Foss and Merlin Stone, 2002). This method is especially utilized to know the security information that is used in the organizations.

Physical Entry: This Physical entry organization is used in the organizations to control the attacks that are obtained through the physical premises (Ronald l. Krutz and russel dean Vines, 2007). By using the physical entire the ethical hacker can increase and can produce virus and other Trojans directly onto the network.

Application network: the logic flaws present in the applications may result to the illegal access of the network and even in the application and the information that is provided in the applications.Network testing: In this process it mainly observes the unsafe data that is present in the internal and the external network, not only in the particular network also in the devices and including the virtual private network technologies

Wireless network testing: In this process the wireless network reduces the network liability to the attacker by using the radio access to the given wireless network space.Code review: This process will observe the source code which is in the part of the verification system and will recognize the strengths and the weakness of the modules that are in the software.War dialing: it simply identifies the default information that is observed in the modem which is very dangerous to the corporate organizations

APPLICATIONS AND RESOURCES Ethical hacking can be used in many applications in case of

web applications which are often beaten down. This generally includes Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) applications are most frequently attacked because most of the firewalls and other security are things has complete access to these programs from the Internet. Malicious software includes viruses and Trojan horses which take down the system. Spam is a junk e-mail which causes violent and needless disturbance on system and storage space and carry the virus, so ethical hacking helps to reveal such attacks against in computer systems and provides the security of the system. The main application of this is to provide the security on wireless infrastructure which is the main purpose of present business organization (BT, 2008). Ethical hacking has become main stream in organizations which are wishing to test their intellectual and technical courage against the underworld. Ethical hacking plays important role in providing security. Resources are the computer related services that performs the tasks on behalf of user.

The ethical hacking has advantages of gaining access to an organizations network and information systems. This provides the security in the area of Information technology called as Infosec. This provides security to the high level attacks such as viruses and traffic trough a firewall. This has been providing the security for various applications which are even bypassing the firewalls, Intrusion-detection systems and antivirus software. This includes hacking specific applications including coverage of e-mails systems, instant messaging The resources i.e. devices, systems, and applications that are generally used while performing the hacking process are Routers, Firewalls, Network infrastructure as a whole, wireless access points and bridges, web application and database servers, E-mail and file servers, workstations, laptops and tablet PCs, Mobile devices, client and server operating systems, client and server applications . Ethical hacking tests both the safety and the security issues of the programs . the ethical hacking is important in the present scenario as providing security is very important now a day. This is very important in web applications as the hacking can be easily done in this case.

THERE ARE BASICALLY 4 DIFFERENT WAYS OF DOING AN ETHICAL HACK OF YOUR SYSTEM: IP Hack The contractor is supposed to hack a specific IP address that you give

without any additional information. Ensure that the address is not the address of the wrong server. You wouldn’t want you contractors to be accidentally committing a crime.

Application Hack A much more advanced hack which can dig deep into databases and

production servers. Only disciplined and experienced hackers should be allowed to go through with such tests as it can easily be abused. For security reasons, NEVER hire a former illegal hacker for this kind of job.

Physical Infrastructure Hack This involves physical entry into the organization to find information

that is lying around such as passwords on post-it notes etc. It is to test the physical security of a corporation.

Wireless Hack This involves exploiting wireless access points from the back of a van.

Ethical hackers will hack and report the findings to you. They should also check your teleworkers to determine if there is a source of entry into your network from home officce.

ADVANTAGE:

Ethical hacking will reveal the flaws of what is being hacked (software, a website, a network, etc.) without actually causing any damage. An ethical hacker will find the flaw and report it to the owner so that it can be fixed as soon as possible.

Disadvantage: The ethical hacker using the knowledge they gain to

do malicious hacking activities Allowing the company's financial and banking details

to be seen The possibility that the ethical hacker will send and/or

place malicious code, viruses, malware and other destructive and harmful things on a computer system

Massive security breach

ETHICAL HACKING CONCEPT With the growth of the Internet, computer security has become a major

concern for businesses and governments. They want to be able to take advantage of the Internet for electronic commerce, advertising,

information distribution and access, and other pursuits, but they are worried about

the possibility of being "hacked." At the same time, the potential customers of these services are worried about maintaining control of personal

information that varies from credit card numbers to social security numbers and home addresses.

In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their

interests would be to have independent computer security professionals attempt to break into their computer systems. This scheme is similar to

having independent auditors come into an organization to verify its bookkeeping records. In the case of computer security, these "tiger teams" or

ethical hackers" would employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal

information. Instead, they would evaluate the target systems security and report back to the owners with the vulnerabilities they found and

instructions for how to remedy them. This method of evaluating the security of a system has been in use from

the early days of computers. In one early ethical hack, the United States Air Force conducted a "security evaluation" of the Multics operating

systems for "potential use as a two-level (secret/top secret) system.'Their evaluation found that while Multics was "significantly better than other

conventional systems," it also had "... vulnerabilities in hardware security, software security, and procedural security" that could be uncovered with

"a relatively low level of effort." The authors performed their tests under a guideline of realism, so that their results would accurately represent the

kinds of access that an intruder could potentially achieve. They performed tests that were simple information-gathering exercises, as well

as other tests that were outright attacks upon the system that might damage its integrity. Clearly, their audience wanted to know both results.

There are several other now unclassified reports that describe ethical hacking activities within the U.S. military. With the growth of computer networking, and of the Internet in particular,

computer and network vulnerability studies began to appear outside of the military establishment. Most notable of these was the work by Farmer

and Venema.which was originally posted to Usenet in December of 1993.

There are various benefits of ethical hacking. This article lists the benefits of this kind of hacking.

1. To fight against terrorism: There are many terrorists and terrorist organizations that are trying to create havoc in the world with the use of computer technology. They break into various government defense systems and then use this for their terrorist activities. This can be prevented by using the services of ethical hackers who counter the terrorists by misleading them.

2. To take preventive action against hackers:

Preventive action against the terrorists can be taken by the ethical hackers. This can be done because the ethical hackers use their expertise to create alternate information that is false, of the hackers to get while the real information that is necessary and important is hidden from the terrorists. Preventive action that is taken by the governments against the breaking of the networks saves money in billions of dollars as rectifying and building new systems will cost a lot and also is very time taking. So the use of ethical hackers in doing this work of preventing the real hackers from getting to the important information helps save a lot of money and also time.

3. To build a system that helps prevent penetration by hackers:

The ethical hackers are also used to try and test the existing defense systems. These people are also used to build a foolproof system that prevents the breakdown of the existing system. Using the powers of the hackers to get a proper system built helps to prevent penetration by the hackers and saves the information in the various government networks. 

Benefits of ethical hacking:

CONCLUSION WITH FUTURE WORK:

In this research we reported experimental results of network intrusion simulation using previously captured Firewall hacking data as the traffic sources. We demonstrated the use of pre-processing tools to facilitate intrusion simulation using the OPNET software. Our work demonstrated several applications of intrusion simulation using OPNET:

Detecting intrusions by displaying and identifying patterns of suspicious data packets, employing various intrusion detection techniques in a firewall;

Analyzing network performance and the overhead trade-offs of intrusion detection algorithms; and

Ethical hacking is the term which is used in many organizations to provide security. The main difference between ethical hacking and hacking is ethical hacking is performed legally to solve the problems in organization where hacking is performed illegally to gain access to other system. It follows some rules and regulati ons and so the companies follow it

a vendor is chosen, the outline and scope of the project should be made very clear. Somebody with authority should be delegated as the person to be contacted by the hackers in case any problem arises or any authority is required. He must be contacted at all times of the day. Ethical hacking is just a tool it does not solve all the problems. Always ensure that the company is not complacent with its own security

Due to the indifferences caused through the activities of unethical hacking, ethical hacking is established. Now-a-days it is becoming more and more popular as many institutions are providing course for ethical hacking. If this hacking process is still continued and if it is not eliminated, many problems take place in the future and it will cross the limitations by performing unlawful acts through enclosure of women, changing whole data in the organization. It spoils the reputation of the company through it. In some cases ethical hackers modify the actual content of the data; this is one of the major problems in ethical hacking. Measures should be taken to avoid this problem. As internet usage is increasing day by day, hacking of data is increased. Since users are very much concern about the security for the data, ethical hacking helps to provide security for them. Discussing with the people about the hacking and gaining knowledge about that with some ideas also helps to stop hacking. Time to time judgement, administrating system performance correctly, knowledge about computer hacking are some of the reasons which provide security to the system. Missing any one of the above reasons incurs loss to the system. The duty of ethical hacker is to provide awareness to the user for security of the system, but it is up to the user that how he will follow it and provide security. Not only the users working in organization but also students and the professionals should have enough knowledge about hacking and should perform necessary steps to solve it. Students should understand that no software is built with zero errors and study the various potentials in hacking and precautions to solve them since they are the future professionals. Professionals should be very conservative about security issues as any business is developed based on the security provided to it. They should build new software with fewer errors. Every software which is been created by the software professionals must possess the help of users or else the software built is not successful. Communication between the users and software professionals helps in providing higher security for the newly built software. The users who make use of the software should have updated information about that because it is used for authorized and consistent purposes. All the users, students and employees should have awareness about ethical hacking. Many security measures like firewalls; which help in receiving only authorized data in a system and intrusion systems; which monitors network systems for cruel activities. Almost all the employees in an organization possess unique ID and password to access the system. So the password created should be effective and strong with many letters in order to avoid hacking. Ethical hacking should be performed regularly in an organization at regular intervals in order to avoid illegal actions by having a view and grip over the network without the intervention of the user.

 

THANK YOU