Embed Size (px)
DESCRIPTION
An ethical hacker breaks into the security system of a website or computer on the instructions of his employer only to strengthen its security and prevent from hackers
Citation preview
ETHICAL HACKING
WHAT IS HACKING? Hacking refers to an array of activities which are done
to intrude someone else’s personal information space so as to use it for malicious, unwanted purposes.
Hacking is the act of breaking in to a computer system and is a criminal offence under the computer misuse.
ETHICAL HACKER
"An ethical hacker breaks into the security system of a website or computer on the instructions of his employer only to strengthen its security and prevent from hackers"
TERMS USED BY HACKER
Adware- Adware is software designed to force pre-chosen ads to display on your system.
Back Door – A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system.
Bot - A bot is a software “robot” that performs an extensive set of automated tasks on its own.
TERMS USED BY HACKER
Keyloggers, malwares, Social Engineering Phishing – Phishing is a form of social
engineering carried out by black hats in electronic form, usually by email, with the purpose of gathering sensitive information.
Zombie / Zombie Drone – A zombie is a malware program that can be used by a black hat cracker to remotely take control of a system so it can be used as a zombie attack.
TERMS USED BY HACKER
Cookies – A cookie is a small packet of information from a visited webserver stored on your system by your computer’s browser.
Cracker - When you hear the word hacker today, in reality it is normally referring to a cracker, but the two have become synonymous.
Denial of Service Attack (DOS) – A Denial of Service attack is an attack designed to overwhelm a targeted website to the point of crashing it or making it inaccessible.
TYPES OF HACKERS Professional hackers
Black Hats – the Bad Guys White Hats – Professional Security Experts
Script kiddies Mostly kids/students
User tools created by black hats, To get free stuff Impress their peers Not get caught
Underemployed Adult Hackers Former Script Kiddies
Can’t get employment in the field Want recognition in hacker community Big in eastern european countries
GAINING ACCESS Front door
Password guessing Password/key stealing
Back doors Often left by original developers as debug and/or
diagnostic tools Forgot to remove before release
Trojan Horses Usually hidden inside of software that we download and
install from the net (remember nothing is free) Many install backdoors
Software vulnerability exploitation Often advertised on the OEMs web site along with security
patches Fertile ground for script kiddies looking for something to do
COMPUTER CRIMES Financial Fraud Credit Card Theft Identity Theft Computer specific crimes
Denial-of-service Denial of access to information Viruses Melissa virus cost New Jersey man 20 months in jail
Melissa caused in excess of $80 Million Intellectual Property Offenses
Information theft Trafficking in pirated information Storing pirated information Compromising information Destroying information
Content related Offenses Hate crimes Harrassment Cyber-stalking
CYBER LAW
Cyber Law is the law governing cyber space. Cyber space is a very wide term and includes computers, networks, software, data storage devices (such as hard disks, USB disks etc), the Internet, websites, emails and even electronic devices such as cell phones, ATM machines etc.
CYBER LAW ENCOMPASSES LAWS RELATING TO:
Cyber Crimes Electronic and Digital Signatures Intellectual Property Data Protection and Privacy
NEED FOR CYBER LAW
Cyberspace is an intangible dimension that is impossible to govern and regulate using conventional law.
Cyberspace has complete disrespect for jurisdictional boundaries.
Cyberspace handles gigantic traffic volumes every second.
Cyberspace is absolutely open to participation by all.
Cyberspace offers enormous potential for anonymity to its members.
CYBER CRIME
• Cyber crime is a crime committed over the Internet. • It could be against the government, property and against any person in various forms.
• The law enforcement agencies are facing difficulties in
dealing with cyber crime.
• In India, Information Technology Act, 2000 is the legislation that deals with issue related to cyber crime.
TYPES OF CYBER CRIMECyber Crime Brief Description Relevant
Section in IT Act
Punishments
Cyber Stalking Stealthily following a person, tracking his internet chats.
43, 65, 66 3 years, or withfine up to 2 lakh
Cyber Pornography including child pornography
Publishing Obscene in Electronic Form involving children
67, 67 (2) 10 years and with fine may extends to 10 lakh
Intellectual Property Crimes
Source Code Tampering, piracy, copyright infringement etc.
65 3 years, or with fine up to 2 lakh
Cyber Terrorism Protection against cyber terrorism
69 Imprisonment for a term, may extend to 7 years
Cyber Hacking Destruction, deletion, alteration, etc in a computer resources
66 3 years, or with fine up to 2 lakh
Phishing Bank Financial Frauds in Electronic Banking
43, 65, 66 3 years, or withfine up to 2 lakh
Privacy Unauthorised access to computer
43, 66, 67, 69, 72
FOOTPRINTING
Footprinting is a first and the important step because after this a penetration tester know how the hacker sees this network.
Footprinting is the technique of gathering maximum level of information about a target from the available sources.
SEVEN BASIC STEPS
Information gathering Determining the network range Identifying active machines Finding open ports and access points OS fingerprinting Fingerprinting services Mapping the network
PROCESS OF HACKING
SCANNING
What is port Scanning? You should understand what is port scanning . Port scanning is the process of checking which port is opened and which ports are locked. Just like a thief who searching for a gate opened house.
What is the Use? By finding which port is opened ,you can try to communicate with victim system remotely and access their data .
PORT SCANNING
If these ports are not secure a hacker can communicate with these ports.
EG:- * 21: FTP* 22: SSH* 23: Telnet* 53: Domain Name System* 80: World Wide Web HTTP* 119: Network News Transfer Protocol* 443: HTTP over Transport Layer Security/Secure Sockets Layer* 445: microsoft-ds, Server Message Block over TCP
PORTS
CRYPTOGRAPHY
The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text.
Only those who possess a secret keycan decipher (or decrypt) the message into plain text.
Encrypted messages can sometimes be broken by cryptanalysis, also called codebreaking.
STEGANOGRAPHY
Steganography is the technique of hiding confidential information within any media.
Eg: ‘multimedia’ file (text, static image, audio and video)
