Ethical Hacking

A Technical Seminar by Vikas Bandaru (2220212132) GITAM University, Hyderabad Campus

Contents
What is Hacking and its Effects? Who is a Hacker and its types? What is Ethical Hacking? Phases of Hacking
Reconnaissance Scanning Gaining Access Maintaining Access Covering Tracks

What is Hacking and its Effects?

DDoS Attacks

Internet Traffic

Who is a Hacker?
Hacker is a word that has two meanings: Traditionally, a hacker is someone
who likes to tinker with software or electronic systems. enjoy exploiting and learning how computer systems operate. love discovering new ways to work electronically.

Recently, a new meaning: someone

who maliciously breaks into systems for personal gain. these criminals are crackers (criminal hackers) - with malicious intent. modify, delete or steal critical information.

Hacker Motivations
Black Hat Hackers to get paid White Hat Hackers good guys Script Kiddies fame seekers Hacktivists Spy Hackers steal trade secrets Cyber Terrorists to spread fear and terror State Sponsored Hackers He who controls the Web controls the world

Whats the solution?

Ethical Hacking

Introduction

Ethical Hacking also known as

Penetration Testing White Hat Hacking Intrusion Testing Red Teaming.

To catch a thief, think like a thief.

Introduction
Ethical Hackers employ the same tools and techniques as the intruders. They neither damage the target systems nor steal information. The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them.

How Hacking be Ethical?

Code of Ethics by EC-Council: 1. Privacy 2. Legal Limits
3. Extreme Care

Who are Ethical Hackers?

The skills the Ethical Hackers should possess: Must be completely trustworthy Should have very strong programming and computer networking skills and have been in networking field for several years.
Should have more patience

Who are Ethical Hackers?

Continuous updating of knowledge on computer and network security is required. They should know the techniques of the criminals, how their activities might be detected and how to stop them.

Planning the Test

Aspects that should be focused on: Who should perform penetration testing? How often the tests have to be conducted? What are the methods of measuring and communicating the results? What if something unexpected happens during the test and brings the whole system down? What are the organizations security policies?

Ethical Hacking a dynamic process

Penetration testing must be continuous to ensure that system movements and newly installed applications do not introduce new vulnerabilities into the system.

Areas To Be Tested
Application Servers
Firewalls and Security Devices Network Security Wireless Security

Phases of Hacking
1. Reconnaissance
2. Scanning 3. Gaining Access

4. Maintaining Access
5. Clearing Tracks

Reconnaissance
Information Gathering Sniffing the Network Social Engineering Types:
Active Reconnaissance probing the network
Risky, raises suspicion

Passive Reconnaissance without the targets knowledge

Social Engineering, Dumpster Diving

Scanning
Examining the Network - Enumeration Tools:
Dialers Port Scanners Network Mappers Vulnerability Scanners Search for:
Computer names, IP Addresses, user accounts

Gaining Access
Real hacking happens here Discovered vulnerabilities are exploited Examples:
Stack-based buffer overflows Denial of Service (DoS) Session Hijacking

Maintaining Access
For future exploitation Harden the System: backdoors, trojans, rootkits Owned system Zombie System

Covering Tracks
To avoid detection To continue using owned system To remove evidence of hacking To avoid legal action Examples:
Removing log files Removing IDS alarms Steganography

Ethical Hackers OS

Conclusion
Never underestimate the attacker or overestimate our existing policies. A company may be target not just for its information but for its various transactions. To protect against an attack, understanding where the systems are vulnerable is necessary. Ethical Hacking helps companies first comprehend their risk and then, manage them.

Conclusion
Always security professionals are one step behind the hackers and crackers. Plan for the unplanned attacks. The role of Ethical Hacking in security is to provide customers with awareness of how they could be attacked and why they are targeted.
Security, though a pain is necessary.

Bibliography
http://www.cert.org http://www.eccouncil.org http://www.ethicalhacker.net http://www.astalavista.com http://hack-o-crack.blogspot.in http://www.offensive-security.org

Any Queries??