Scribd Logo
Upload

Welcome to Scribd!

  • EH Introduction

    Uploaded by

    Sunny
    10 views20 pages
    About Ethical Hacking

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    About Ethical Hacking

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views20 pages

    EH Introduction

    Uploaded by

    Sunny
    About Ethical Hacking

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    Introduction to Ethical

    Hacking
    J.SAITEJA

    Overview of Unit
    This unit will focus on ethical hacking:
    attack strategies and techniques, and their
    countermeasures

    Delivery:
    1 lecture and 1 seminar or workshop per
    week

    Assessment:
    Coursework and examination

    Assumptions
    Completion of year 1 only
    Michael Jones

    Introduction to Ethical Hacking

    Hacking
    Originally hackers were seen as:
    Tinkering with software systems
    Amateurs

    Gradually hacking began to have


    more malevolent connotations

    Michael Jones

    Introduction to Ethical Hacking

    Hats
    Based on old-style western films
    White hats
    The good guys ethical hackers

    Black hats
    The bad guys

    Grey (gray) hats:


    Possibly good guys

    Michael Jones

    Introduction to Ethical Hacking

    The Complexity of Ethics in


    Hacking
    Example:
    Someone reports to a company that
    their website is vulnerable to (say) a
    SQL injection attack that could result in
    private data being accessed
    Company does nothing about it

    What is the ethical position?

    Michael Jones

    Introduction to Ethical Hacking

    Studying Ethical Hacking


    Strands:
    Technical and Social

    Technical:
    E.g., penetration testing

    Social
    E.g., why people do it?

    Sources
    Practical experience
    Research: academic articles, white papers,
    websites, blogs
    Michael Jones

    Introduction to Ethical Hacking

    Being an Ethical Hacker


    Thinking like a (black hat) hacker, but
    not acting like one
    Understanding the motivation,
    commitment, attitudes
    Not being influenced by sound bite
    psychology

    Required skills:
    Communication, technical, collaboration
    Michael Jones

    Introduction to Ethical Hacking

    Aspects of Ethical Hacking


    A hacker wants to gain access to:
    Systems
    Data

    A hacker MAY want to destroy or


    modify systems and data
    There are many subtypes of hacker

    Michael Jones

    Introduction to Ethical Hacking

    Hacker Subtypes
    Main subtypes: technical, social
    Access hackers
    Will focus on ways to gain access
    Subtypes: system, network, application

    Malicious hackers
    Will focus on ways to modify or destroy
    Subtypes: network DoS, virus writers

    Hackers may migrate between subtypes


    Michael Jones

    Introduction to Ethical Hacking

    The Hacking Business


    A network of hackers
    Access hackers
    Providing access mechanisms e.g., via
    trojans, botnets

    Malicious hackers
    Providing modification mechanisms e.g.,
    DDoS, viruses

    Factors
    Acting as go-betweens with potential
    clients
    Michael Jones

    Introduction to Ethical Hacking

    10

    A Case Study
    In the UK, the biggest betting event
    is the Grand National
    In the weeks before the event,
    betting websites receive threats to
    their sites:
    E.g., DDoS attack threatened blackmail

    What should the companies do?

    Michael Jones

    Introduction to Ethical Hacking

    11

    MMO

    Means
    Motive
    Opportunity
    In terms of the Internet, are means
    and opportunity relevant?

    Michael Jones

    Introduction to Ethical Hacking

    12

    Hacking and the ISO 7 Layer


    Model

    Hacking can operate at many levels:


    Hardware
    Network
    Systems software
    Application layer
    Social layer (not part of the ISO
    model)

    Michael Jones

    Introduction to Ethical Hacking

    13

    The Mindset of a Hacker


    Case study: PDF documents
    Problem: custom kerning required for
    some fonts
    Solution: allow PDFs to include code
    (e.g., JavaScript)
    Question: how complete is the
    JavaScript sandbox provided by Adobe
    Reader?
    Question: what about older versions?
    Michael Jones

    Introduction to Ethical Hacking

    14

    Ethical Hacking: A Science


    Theory

    Modify theory

    Hypothesis

    Data Gathering
    and Analysis

    Experiment
    The V Model of Scientific Method

    Michael Jones

    Introduction to Ethical Hacking

    15

    Why Hacking is a Science


    Classic scientific experiment:
    Controlling factors that influence a given
    result
    In a controlled environment
    Observation and measurement of cause and
    effect

    All these elements are inevitably part of a


    hack
    To allow the hack to be demonstrated and/or
    repeated
    Michael Jones

    Introduction to Ethical Hacking

    16

    The Hacking Scientific


    Method
    Theory:
    anything that includes code can be
    compromised

    Hypothesis creation:
    Identifying and exploring the potential
    approach

    Experiment:
    Creating doctored files that compromise the
    system

    Michael Jones

    Introduction to Ethical Hacking

    17

    Induction and Deduction


    Induction
    Projecting from hypothesis to potential
    events

    Deduction
    Inferring a hypothesis from observed events

    A hack contains many elements of both


    Much exploration and experimentation at
    each stage
    experiment stage is when the actual hack
    takes place
    Michael Jones

    Introduction to Ethical Hacking

    18

    Hacking and Business


    Intelligence
    Hacking is a specialisation of business
    intelligence
    Hacking: exploring someone elses data
    Business intelligence: exploring (mining)
    your own data
    Hacking and BI both need a scientific
    approach
    Compare with traditional software
    development
    Michael Jones

    Introduction to Ethical Hacking

    19

    Summary
    Hacking is concerned with accessing data
    and systems to which the individual
    would normally not have access
    Hacking requires a scientific approach,
    and is based on technical, social, and
    collaborative skills
    These skills can be employed in the
    domains of ethical hacking and business
    intelligence
    Michael Jones

    Introduction to Ethical Hacking

    20

    You might also like