Ethical Hacking

HARIKESH YADAV
CLASS – X
SHISHU NIKETAN H.S.SCHOOL
Contents

 What is Hacking and its Effects?

 Who is a Hacker and its types?
 What is Ethical Hacking?
 Phases of Hacking
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Covering Tracks
What is Hacking and its Effects?
DDoS Attacks
Internet Traffic
Who is a Hacker?

Hacker is a word that has two meanings:

 Traditionally, a hacker is someone
who likes to tinker with software or electronic systems.
enjoy exploiting and learning how computer systems operate.
love discovering new ways to work electronically.
 Recently, a new meaning: someone
who maliciously breaks into systems for personal gain.
these criminals are crackers (criminal hackers) - with
malicious intent.
modify, delete or steal critical information.
Hacker Motivations

 Black Hat Hackers – to get paid

 White Hat Hackers – good guys
 Script Kiddies – fame seekers
 Hacktivists
 Spy Hackers – steal trade secrets
 Cyber Terrorists – to spread fear and terror
 State Sponsored Hackers – “He who controls the
Web controls the world”
What’s the solution?
Ethical Hacking
Introduction

 Ethical Hacking – also known as

Penetration Testing
White Hat Hacking
Intrusion Testing
Red Teaming.

“To catch a thief, think like a thief.”

Introduction

 Ethical Hackers employ the same tools and

techniques as the intruders.
 They neither damage the target systems nor steal
information.
 The tool is not an automated hacker program
rather it is an audit that both identifies the
vulnerabilities of a system and provide advice on
how to eliminate them.
How Hacking be Ethical?

Code of Ethics by EC-Council:

1. Privacy

2. Legal Limits

3. Extreme Care
Who are Ethical Hackers?

The skills the Ethical Hackers should possess:

 Must be completely trustworthy

 Should have very strong programming and

computer networking skills and have been in
networking field for several years.

 Should have more patience

Who are Ethical Hackers?

 Continuous updating of knowledge on computer

and network security is required.

 They should know the techniques of the

criminals, how their activities might be detected
and how to stop them.
Planning the Test

• Aspects that should be focused on:

 Who should perform penetration testing?
 How often the tests have to be conducted?
 What are the methods of measuring and
communicating the results?
 What if something unexpected happens during
the test and brings the whole system down?
 What are the organization’s security policies?
Ethical Hacking – a dynamic process

 Penetration testing must be continuous to ensure

that system movements and newly installed
applications do not introduce new vulnerabilities
into the system.
Areas To Be Tested

 Application Servers

 Firewalls and Security Devices

 Network Security

 Wireless Security
Phases of Hacking

1. Reconnaissance

2. Scanning

3. Gaining Access

4. Maintaining Access

5. Clearing Tracks
Reconnaissance

 Information Gathering
 Sniffing the Network
 Social Engineering
 Types:
Active Reconnaissance – probing the network
 Risky, raises suspicion
Passive Reconnaissance – without the target’s
knowledge
 Social Engineering, Dumpster Diving
Scanning

 Examining the Network - Enumeration

 Tools:
Dialers
Port Scanners
Network Mappers
Vulnerability Scanners
Search for:
Computer names, IP Addresses, user accounts
Gaining Access

 Real hacking happens here

 Discovered vulnerabilities are exploited
 Examples:
Stack-based buffer overflows
Denial of Service (DoS)
Session Hijacking
Maintaining Access

 For future exploitation

 Harden the System: backdoors, trojans, rootkits
 Owned system – Zombie System
Covering Tracks

 To avoid detection
 To continue using owned system
 To remove evidence of hacking
 To avoid legal action
 Examples:
Removing log files
Removing IDS alarms
Steganography
Ethical Hackers’ OS
Conclusion

 Never underestimate the attacker or

overestimate our existing policies.
 A company may be target not just for its
information but for its various transactions.
 To protect against an attack, understanding
where the systems are vulnerable is necessary.
 Ethical Hacking helps companies first
comprehend their risk and then, manage them.
Conclusion

 Always security professionals are one step

behind the hackers and crackers.
 Plan for the unplanned attacks.
 The role of Ethical Hacking in security is to
provide customers with awareness of how they
could be attacked and why they are targeted.

“Security, though a pain” is necessary.

Bibliography

• http://www.cert.org
• http://www.eccouncil.org
• http://www.ethicalhacker.net
• http://www.astalavista.com
• http://hack-o-crack.blogspot.in
• http://www.offensive-security.org
Any Queries??