8/7/2019 ETHICAL HACKING(original 2010)

1/34

ETHICAL

HACKINGG. Venkata Sukumar,

M.Saikiran Reddy,

Information Technology,

TKRCET , Hyderabad.

8/7/2019 ETHICAL HACKING(original 2010)

2/34

Who is a Hacker?

Hacker is a person who enjoys learningthe details of computer systems and how

to stretch their capabilitiesas opposedto most of the users of computers, whoprefer to learn only the minimumnecessary.

8/7/2019 ETHICAL HACKING(original 2010)

3/34

Types of hackers

o White hat hackers

o Black hat hackers

o Grey hat hackers

8/7/2019 ETHICAL HACKING(original 2010)

4/34

White Hat hacker A white hat hacker is also rendered as

ethical hacker

He is the person who is ethicallyopposed to the abuse of computersystems.

A white hat generally focuses onsecuring IT systems.

Professional white hat hackers aresneakers, group of sneakers Tigerteams.

8/7/2019 ETHICAL HACKING(original 2010)

5/34

8/7/2019 ETHICAL HACKING(original 2010)

6/34

Black hat hacker

Black hat is a person who compromises thesecurity of a computer system without

permission from an authorized party , Typicallywith malicious intent.

He is officially known as cracker.

The somewhat similar activity of defeating

copy prevention devices in software whichmay or may not be legal in a country's laws isactually software cracking .

8/7/2019 ETHICAL HACKING(original 2010)

7/34

Grey hat hacker A grey hat, in the computer security

community, refers to a skilled hacker who

sometimes acts legally, sometimes in goodwill, and sometimes not.

They are a hybrid between white and blackhat hackers.

They usually do not hack for personal gain or

have malicious intentions, but may or may notoccasionally commit crimes during the courseof their technological exploits.

8/7/2019 ETHICAL HACKING(original 2010)

8/34

What an Ethical Hack will do?

An ethical hacker is an expert hired by acompany to attempt to attack their

network and computer system the sameway a hacker would.

8/7/2019 ETHICAL HACKING(original 2010)

9/34

Ethical hacking- a dynamicprocess

Running through thepenetration test oncegives the current set of

security issues whichsubject to change.

Penetration testing must becontinuous to ensure thatsystem movements and

newly installed applicationsdo not introduce newvulnerabilities into the

system.

8/7/2019 ETHICAL HACKING(original 2010)

10/34

Basic structure for Ethical

Hacking

Information policy

Security policyComputer useUser management

System administration proceduresIncident response procedures

Configuration managementDesign methodologyDisaster methodology

Disaster recovery plans.

8/7/2019 ETHICAL HACKING(original 2010)

11/34

Attacks on Websites :Denial of service

attackSome hackers hack your websites just

because they can.

They try to do something spectacular to

exhibit their talents.

Their comes the denial of service attack.

During the attacks, customers were

unable to reach the websites, resulting inloss of revenue and mind share.

On January 17, 2000, a U.S. library ofcongress website was attacked.

8/7/2019 ETHICAL HACKING(original 2010)

12/34

8/7/2019 ETHICAL HACKING(original 2010)

13/34

8/7/2019 ETHICAL HACKING(original 2010)

14/34

Some of the tools used by

Ethical Hacker

SQL Injections

Packet sniffing

IP hijack

DNS re-morphing

E-mail bombing

Password sniffers

Backtrack

matriux

8/7/2019 ETHICAL HACKING(original 2010)

15/34

8/7/2019 ETHICAL HACKING(original 2010)

16/34

8/7/2019 ETHICAL HACKING(original 2010)

17/34

8/7/2019 ETHICAL HACKING(original 2010)

18/34

8/7/2019 ETHICAL HACKING(original 2010)

19/34

8/7/2019 ETHICAL HACKING(original 2010)

20/34

Email-Bombing

8/7/2019 ETHICAL HACKING(original 2010)

21/34

8/7/2019 ETHICAL HACKING(original 2010)

22/34

8/7/2019 ETHICAL HACKING(original 2010)

23/34

8/7/2019 ETHICAL HACKING(original 2010)

24/34

Mail which has been bombed

8/7/2019 ETHICAL HACKING(original 2010)

25/34

Packet sniffing

8/7/2019 ETHICAL HACKING(original 2010)

26/34

8/7/2019 ETHICAL HACKING(original 2010)

27/34

Password sniffing

8/7/2019 ETHICAL HACKING(original 2010)

28/34

8/7/2019 ETHICAL HACKING(original 2010)

29/34

Risk Management: Hackers inject viruses, worms, IP protocol hacking

due to the low secured software or system designs.

Who employee Ethical hackers??

Defense, corporate sectors for securing the serverswill hire hackers.

Average pay salary for CEH(certified EthicalHacker) is around 16 lakhs/year

Hackers uses antiviruses databases for uploading

viruses into the target computer

8/7/2019 ETHICAL HACKING(original 2010)

30/34

Conclusion : Never underestimate the attacker or overestimate

our existing posture.

A company may be target not just for itsinformation but potentially for its varioustransactions.

To protect against an attack, understandingwhere the systems are vulnerable is necessary.

Ethical hacking helps companies first comprehend

their risk and then, manage them. Plan for the unplanned attacks.

8/7/2019 ETHICAL HACKING(original 2010)

31/34

8/7/2019 ETHICAL HACKING(original 2010)

32/34

References:o www.javvin.com

o www.computerworld.com

o www.research.ibm.com/journalso www.howstuffworks.com

o http://www.backtrack-linux.org/

o IEEE journal on security and privacy

o www.ankitfadia.in

http://www.javvin.com/http://www.computerworld.com/http://www.research.ibm.com/journalshttp://www.howstuffworks.com/http://www.backtrack-linux.org/http://www.ankitfadia.in/http://www.ankitfadia.in/http://www.backtrack-linux.org/http://www.backtrack-linux.org/http://www.backtrack-linux.org/http://www.backtrack-linux.org/http://www.howstuffworks.com/http://www.research.ibm.com/journalshttp://www.computerworld.com/http://www.javvin.com/

8/7/2019 ETHICAL HACKING(original 2010)

33/34

8/7/2019 ETHICAL HACKING(original 2010)

34/34