Upload
praneeth-reddy
View
172
Download
0
Embed Size (px)
Citation preview
ETHICAL HACKING
byK.Praneeth Reddy160712733005
CONTENTS
• Introduction• History• What is Ethical hacking?• Phases of Ethical hacking• Certified Ethical hacker• Advantages and Disadvantages
Introduction• Hacking is an activity in which, a person exploits the
weakness in a system for self profit or gratification.
Types of Hacking : 1. White hat hacking (Ethical hacking)2. Black hat hacking3. Grey hat hacking
What is ethical hacking ?• Ethical hacking is an identical activity which aims to find
and rectify the weakness in a system. Today ethical hacking is a job in Networking.
• It is also known as white hat hacking or penetration testing.
• Ethical hacking is legal.• Ethical hackers possesses same skills, mindset and tools
of a hacker but the attacks are done in a non-destructive manner.
History of Ethical HackingIn 1939, the “bombe” becomes the world’s first ethical hacking machine.it was used by the British to help decipher encrypted German message during world war 2.
• In 1974, the US Air force conduct one of the first ethical hacks to test the security of multics operating system.
• The term “ethical hacking” was first used by IBM’s John Patrick in 1995.
Ethical Hacking-Phases
• Reconnaissance• Scanning • Enumeration• Attack and Gaining access• Maintaining access• Clearing tracks
Reconnaissance Enumeration is the ability of a hacker to convince some servers to give them information that is vital to them to make an attack. By doing this the hacker aims to find what resources and shares can be found in the system, what valid user account and user groups are there in the network, what applications will be there etc.
Scanning
Port scanning is a common technique used by a penetration tester to find out the open doors, In technical terminology port scanning is used to find out the vulnerabilities in the services listing on a port. During this process you have to find out the alive host, operating systems involved, firewalls, intrusion detection systems, servers/services, perimeter devices, routing and general network topology (physical layout of network), that are part of the target Organisation.
EnumerationEnumeration is the ability of a hacker to convince some servers to give them information that is vital to them to make an attack. By doing this the hacker aims to find what resources and shares can be found in the system, what valid user account and user groups are there in the network, what applications will be there etc.
Attack and Gaining AccessThis is the actual hacking phase in which the hacker gains access to the system. The hacker will make use of all the information he collected in the pre-attacking phases. Usually the main hindrance to gaining access to a system is the passwords. In the System hacking first the hacker will try to get in to the system.
Maintaining AccessNow the hacker is inside the system . This means that he is now in a position to upload some files and download some of them. The next aim will be to make an easier path to get in when he comes the next time. This is analogous to making a small hidden door in the building so that he can directly enter in to the building through the door easily
Clearing tracksWhenever a hacker downloads some file or installs some software, its log will be stored in the server logs. So in order to erase the hacker uses man tools. One such tool is windows resource kit’s auditpol.exe. Another tool which eliminates any physical evidence is the evidence eliminator.. The Evidence Eliminator deletes all such evidences.
Certified Ethical hacker• Certified Ethical Hacker (CEH) is a qualification obtained
in assessing the security of computer systems, using penetration testing techniques. The code for the CEH exam is 312-50, the certification is in Version 8 as of late 2013.
• The EC-Council offers another certification, known as Certified Network Defense Architect (CNDA). This certification is designed for United States Government agencies and is available only to members of selected agencies. Other than the name, the content of the course is exactly the same. The exam code for CNDA is 312-99.
• Advantages of Ethical hackingMost of the benefits of ethical hacking are obvious, but many are overlooked. The benefits range from simply preventing malicious hacking to preventing national security breaches. The benefits include:• Fighting against terrorism and national security breaches• Having a computer system that prevents malicious hackers from
gaining access• Having adequate preventative measures in place to prevent
security breaches
• Disadvantages of Ethical Hacking• All depend upon the trustworthiness of the ethical hacker• Allowing the company’s financial and banking details to be seen
• The possibility that the ethical hacker will send and/or place malicious code, viruses, malware and other destructive and harmful things on computer system