Ethical Hacking

Guided By :-

Miss Sangita Makhija

Created By :-

Name :- Raiyani Namrata Himmatbhai

Exam No :- 973

1

What is an ethical hacking?

Who is a hacker ?

Classes of hacker.

Process of ethical hacking.

Types of attacks on a system .

Why ethical hacking is needed?

Scope and limitations of ethical hacking.

What ethical hacker do?

Skills of an ethical hacker.

What is penetration testing?

Module summery.

Created By :- Raiyani Namrata H.2

Ethical hacking is an assessment to test and check an information

technology environment for possible weak links and vulnerabilities.

Ethical hacking describes the process of hacking a network in an

ethical way.

Ethical hacking is , what it can do , an ethical hacking methodology

as well as some tools which can be used for an ethical hack .

1. What is an ethical hacking ?


2. Who is a hacker?

Intelligent individuals with excellent computer skill with the

ability to create and explore into the computer software &

hardware.

For some hackers , hacking is a hobby to see howmany comp-

uters or networks they can compromise.

Their intension can either be to gain knowledge or to poke ar-

ound to do illegal things.

Hackers can hack business data , credit card information , etc.


3. Classes of hackers.

Class of

hackerr

Black

Hats

White

Hats

Gray

Hats

Suicide

Hackers


Black Hats

Individuals with extraordinary computing skills , resorting to malicious

or destructive activities and are also known as crackers or dark

-side hackers.

The term “black hat” comes from old westerns where the

bad guys usually wore black hats and the good guys wore

white ones.

hackers build things, crackers break things.

- Good technical skill

- Involved malicious and illegal activities.


White Hats

Individuals professing hacker skill and using them for defensive purpose

and are also known as security analyst .

who specializes in penetration testing and in other testing methodologies

to ensure the security of an organization's information systems.

- Use of knowledge and skills for defensive purpose , rather offensive


Gray Hats

Individuals who work both offensive and defensively at various times .

- Individuals who work both side :- ethical and malicious.

a grey hat hacker discovers a vulnerability, instead of telling the vendor

how the exploit works, he or she may offer to repair it for a small fee.

When one successfully gains illegal access to a system or network, he or

she may suggest to the system administrator that one of his or her friends

be hired to fix the problem; however, this practice has been declining due

to the increasing willingness of businesses to prosecute.


Created By :- Raiyani Namrata H. 9

Suicide Hacker

Individuals who aim to bring down critical infrastructure

for a“cause” and are not worried about facing 30 years in jail

for their actions.

- Suicide hacker can be good as well as bad .

4 . Process of Hacking

Reconnaissance

Scanning

Gaining Access

Maintaining Access

Clearing Tracks


Reconnaissance

Reconnaissance refer to the preparatory phase where an attacker

seeks to gather information about a target prior to launching an

attack.

There are two types reconnaissance :- 1) Passive Reconnaissance

and 2) Active Reconnaissance .


1) Passive Reconnaissance

Passive reconnaissance is an attempt to gain information

about targeted computers and networks without actively

engaging with the systems.


2) Active Reconnaissance

Active reconnaissance is a type of computer attack

in which an intruder engages with the targeted sy-

stem to gather information about vulnerabilities.


Scanning

Scanning refers to the pre-attack phase when the attacker scans

the network for specific information on the basis of information

gathered during reconnaissance .

Scanning can include use of dialers , port scanner , network mapping

vulnerability scanner , etc .

Attacker extract information such as computer names , IP address ,

and user account to launch attack .


Gaining Access

Gaining access refers to the points where the attacker obtains access

to the operating system or applications on the computer or networks .

The attacker can gain access at the operating system level , application

level , or network level .

for example , password cracking , buffer overflows , denial of service ,

session hijacking , etc .


Maintaining Access

Maintaining access refers to the phase when the attacker tries

to retain his or her ownership of the system .

Attacker may prevent the system from being owned by other

attacker by securing their exclusive access with backdoors ,

roolkits , or trozens .

Attacker use the compromised system to launch further attacks .


Covering Tracks

Covering tracks refers to the activities carried buy an attacker

to hide malicious acts .

The attacker overwrites the server , system and application logs

to avoid suspicion .

The attacker’s intension include continuing access to the victim’s

system , deleting evidence that might lead to his prosecution .


5 . Types of attacks on a system

There are several an attacker can access to a system . The attacker

must be able to exploit a weakness or vulnerability in a system .

There are four types attacks on a system :- 1) Operating system attack ,

2) Application level attack , 3) Mis-configuration attack and 4) Shrink

wrap code attack .


Operating System Attack

Attackers search for operating system vulnerabilities and exploit

them to gain access to a network system .

Some of the system vulnerabilities :- buffer overflow vulnerabilities ,

bugs in operating system , and unpatched operating system .


Application Level Attack

Software applications come with tons of functionalities and features .

There is a dearth of time to perform complete testing before releasing

products .


Mis-Configuration Attack

If a system is misconfigured , such as change in made in the file

permission , it can no longer be considered as secure .

The administrators are expected to change the configuration of

the device before they are deployed in the network .

In order to optimize the configuration to the machine remove any

redundant service or software .


6. Why an ethical hacking is needed ?

Ethical

hacking

Defense in depth

strategy

Counter the attacks

Ethical hacking is needed because it allows the

countering of attacks from malicious hacker by

anticipating method they can use to break into

a system .

Created By :- Raiyani Namrata H.

22

Defense in Depth Service

There are seven types of defense in depth layers .

Data , Application , Host , Internal Network , Perimeter , Physical ,

Policies , Procedures and awareness

Defense in depth is a security strategy in which several protection

layers are placed throughout an information system .


7. Scope and Limitation Of Ethical Hacking

Scope of ethical hacking

Ethical hacking is a crucial component of risk assessment ,

auditing , counter fraud , best practice , and good governa-

nce .

It is used to identify risks and highlight the remedial actions ,

and also reduce information and communication technology

(ICT) costs by resolving those vulnerabilities .


Limitations Of Ethical Hacking

However , unless the business first know what it is at that they

are looking for and why they are hiring an outside vendor to

hack the system in the first place , chances there would not

be much to gain from the experience.

An ethical hacker thus can only help the organization to better

understand their security system , but it is up to the organizati-

on to place the right guards on the network .


8. What an ethical hacker do ?

Ethical hackers are hired by an organization to attack their infor-

mation system and networks in order to discover vulnerabilities

and verify that security measures are functioning correctly .

Their duties may include testing systems and networks for vulne-

rabilities and attempting to access sensitive data by breaking se-

curity .


9. Skills of an ethical hacker

There are five skills of an ethical hacker :-

- Platform Knowledge

- Network Knowledge

- Computer Expert

- Security Knowledge

- Technical Knowledge


Platform Knowledge

Has-In-Depth knowledge of target platform , such as UNIX ,

LINUX , WINDOW .

Network Knowledge

Has exemplary knowledge of networking and related hardware

and software

Computer Experts

Should be a computer experts adept at technical domains .


Security Knowledge

Has knowledge of security areas and related issues .

Technical Knowledge

Has high technical knowledge to launch the sophisticated attacks .


10 . What is a penetration testing ?

Penetration testing is a method of actively evaluating the security

of an information system or network by simulating an attack from

a malicious source .

Security measures are actively analyzed for design weakness , tech-

nical flaws and vulnerabilities .

The results are delivered comprehensive in a report to executive ,

management and technical audience .


11 . Summery of an ethical hacking

An ethical hacking enables organization to counter attacks from

malicious hacker by anticipating certain attack by which they

can break into the system .

Ethical hacking is a crucial component of risk assessment ,audi-

ting , counter frauds , best practice and good governance .

An ethical hacker helps in evaluating the security of a computer

system or network by simulating an attack by a malicious user .



Internet

Ethical Hacking