Upload
sunny-sundeep
View
109
Download
5
Embed Size (px)
DESCRIPTION
It is about Ethical Hacking
Citation preview
By sunny sundeep
JNTUK, university college of engineering
Abstract.
What is hacking and ethical hacking.
Why do we need ethical hacking.
Types of hackers.
Types of attacking.
Ethical hacking- commandments
The explosive growth of the Internet has brought many good things such as E-commerce-banking, E-mail, Cloud Computing, but there is also a Dark side such as Hacking, Backdoors etc. Hacking is the first big problem faced by Governments, companies, and private citizens around the world , Hacking includes reading others e-mail, steal their credit card number from an on-line shopping site, secretly transmitting secrets to the open Internet. An Ethical Hacker can help the people who are suffered by this Hackings. This Paper Describes about Ethical Hackers, Their Skills, Their Attitudes, and How They Go About Helping Their Customers Find and Plug up Security Holes.
The state of security on the Internet is bad and becoming worse. One reaction to this state of affairs is a behavior termed "Ethical Hacking" which attempts to proactively increase security protection by identifying and patching known security vulnerabilities on systems owned by other parties. Ethical hackers may beta test unreleased software, stress test released software, and scan networks of computers for vulnerabilities. Previous work has emphasized ethical hacking as an altruistic behavior but we find ethical hackers act rationally, in self-interest, to secure systems that are within their own community (sometimes for pay)-networked systems are only as secure as the weakest system within perimeter defenses.
What is Hacking ???
Hacking is unauthorized use of computer and network resources. (The term "hacker"
originally meant a very gifted programmer. In recent years though, with easier access
to multiple systems, it now has negative implications
What is Ethical Hacking ??
Ethical hacking – defined “methodology adopted by ethical hackers to discover the
harmed existing in information systems’ of operating environments.”
In their search for a way to approach the problem,organizations came to realize that one
of the best ways to evaluate the unwanted threat to their interests would be to have
independent computer security professionals attempt to break into their computer
systems
Why – Ethical Hacking
Source: CERT/CCTotal Number of Incidents Incidents
Protection from possible External Attacks
Viruses, Trojan Horses,
and Worms
SocialEngineering
AutomatedAttacks
Accidental Breaches in
Security Denial ofService (DoS)
OrganizationalAttacks
RestrictedData
There are two types of hackers
White hackers
Black hackers
Web File Query Browser Page Caching Cookies and URLs SQL injection
Cross Site Scripting attacks
Web File Query
A hacker tests for HTTP (80) or HTTPS (443)
Does a “View Source” on HTML file to detect directory hierarchy
Can view sensitive information left by system administrators or programmers
Database passwords in /include files6
Browser Page Caching
Be aware of differences between browsers!
Pages with sensitive data should not be cached: page content is easily accessed using browser’s history
Cookies and URLs
Sensitive data in cookies and URLs
Issues that arise are:
Information is stored on a local computer (as files or in the browser’s history) Unencrypted data can be intercepted on the network and/or logged into unprotected web log files
SQL Injection Attacks
SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements.
Cross-Site Scripting (XSS) Attacks
Malicious code can secretly gather sensitive data from user while using authentic website (login, password, cookie)
Working Ethically
Trustworthiness
Misuse for personal gain
Respecting Privacy
• Not Crashing the Systems