introducation about ethical hacking

Cyber Ethics – Hacking

Introduction

By

Noah Franklin J

Session Flow

•Why Security?

•Hacking – Introduction

•Hacker Communities

•Types of Hackers.

•Malicious Hacker Strategies

•Ethical Hacker Strategies

•Steps for conducting Ethical Hacking.

•Importance of Vulnerability Research.

•Vulnerability Research References.

•Conclusion.

Copy Rights to Noah Franklin J

• Increasing use of Complex computer infrastructure.

• Increasing use of Network elements & applications.

• Decreasing level of skill set.

Why Security??


• The Art of exploring various security breaches is

termed as Hacking

• It’s an anti-society activity.

• It says, there always exists more than one way to

solve the

problem.

Hacking - Definition


• Hackers

• Crackers

• Phreaks

• Script Kiddies

Communities of Hackers


Hackers are Intelligent Computer Professionals.

Motive/Intent –

To gain in-depth knowledge of a system, what’s happening at the

backend, behind the screen.

To find possible security vulnerabilities in a system.

They create security awareness by sharing knowledge. It’s a team

work.

Hacker Who are they???


An - Individuals who break into computers with malicious intent.

Motive/Intent –

To seek unauthorized access into a system and cause damage or destroy or reveal confidential information.

To compromise the system to deny services to legitimate users for troubling, harassing them or for taking revenge.

Effects- Can cause financial losses & image/reputation

damages, defamation in the society for individuals or

organizations

Cracker/Attacker


Phreaks – These are persons who use computer

devices and software to break into phone networks.

Motive/Intention- To find loopholes in security in

phone network and to make phone calls at free of

cost!!!

Effects- You may have to big amount of phone bills,

for doing nothing!!!

Phreaks


•Script Kiddies – These are persons not having

technical skills to hack computers.

•Motive/Intention- They use the available

information about known

vulnerabilities to break into remote systems.

•It’s an act performed for a fun or out of curiosity.

Script Kiddie


• Black Hat

• White Hat

• Gray Hat

Hacker Classes


They use their knowledge and skill set for illegal

activities, destructive intents.

E.g.- to gain money (online robbery), to take revenge.

Disgruntled

Employees is the best example of Black Hats. Attackers

(Black Hat Hackers) are not at all concerned with security

professionals (WhiteHat hackers). Actually these hackers

Are Bad Guys!!!

Black Hat


They use their knowledge and skill set for

good, constructive intents. They find out new security

loopholes and their solutions.

E.g.- Cyber Security Peoples (FBI , NYPD, US-Homeland Security Breanch)

White Hat


Individuals who works both offensively and

defensively at various times

E.g.- Third Party Security Testing in IT sectors

Gray Hat


What Does the Malicious Hacker Do?


• There are several ways an attacker can gain access

to a system

• The attacker must be able to exploit a weakness or

vulnerability in a system

Attack Types :

Operating System Attacks

Application-level attacks

Shrink Wrap code Attacks

Misconfiguration Attacks

Types of Hacker Attacks


“The one who can hack it, can only secure it”

“If you want to catch criminal then you’ll have to think like criminal”

• What to protect?

• How to protect?

• Against whom?

• How much resources needed?

Ethical Hacker Strategies


•Understand Client Requirements for Security / Vulnerability Testing.

• In Preparation Phase, EH will sign an NDA with the client.

• Internal / External Testing.

• Conduct Network Security Audits/ VAPT.

• Risk Assessment & Mitigation

•Documenting Auditing Reports as per Standards.

•Submitting Developer as well as remediation reports.

• Implement remediation for found vulnerabilities.

Ethical Hacker Strategies


• Vulnerability research is process of finding

vulnerabilities, threats & loopholes in

Server/ System/Network.

• Includes Vulnerability Assessment & Penetration

Testing.

• Vulnerability notes can be search on internet via

Number, CVE.

Vulnerability Research


• Common Vulnerability database is available at

http://cve.mitre.org/

•National Vulnerability Database is available at

http://web.nvd.nist.gov/

• US – CERT also publishes CVD on

http://www.uscert.gov

1. Contains Alerts which can be helpful to administrator.

2. It doesn’t contain solutions.

Vulnerability Research References


• Indian CERT also published advisory notes, incident

notes & defacement statistics.

• Secunia also published Vulnerability

Notes,Advisories.

• Zone –h published deface images of web attacks.

• Milw0rm Maintains latest vulneability notes,white

papers,videos.

Vulnerability Research References


Security is important because prevention is better

than cure.

Conclusion


introducation about ethical hacking

Education

sectorscopy rights

security vulnerability

vulnerability notes

security awareness

party security testing

security inphone network

various security breaches

session flowwhy security