2. ETHICAL HACKING OUTLINE
Why we need Security
Security & Usability Triangle
Who is Hacker ?
Types of Hackers
Type of attack on a system
Phases of Hacker
Profile of Ethical Hacker
Why ethical hacking is Necessary ?
Specializations
Essential Terminology's.
3. WHY WE NEED SECURITY
• Important part of business is - Now lot of
people use computer to store and share
there valuable information's.
• Security – A state of well – being of
information and infrastructures in which the
possibility of successful yet undetected
theft.
4. WHAT IS INFORMATION SECURITY
Information security means protecting information and
information systems from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection,
recording or destruction.
Term Information Security follows CIA
Confidentiality
Integrity
Availability
5. Confidentiality : Assurance that the information is
accessible only to those authorized to have access.
Confidentiality breaches may occur due to improper
data handling or a hacking attempt.
Integrity : The data or resources in term of preventing
improper and unauthorized changes. Assurance that
Information can be relied upon to be sufficiently accurate
for its purpose.
Availability : Assurance that the systems responsible
for delivering storing , and processing Information are
accessible when required by the authorized users.
6. SECURITY , FUNCTIONALITY &
USABILITY TRIANGLE
Level of security in any system can be defined by the strength of three Components
This Triangle represents the Basic relationship between Security, Functionality and
usability.
You can move the Ball in either of the Direction, which will cause the Intensity of other
two sides to decrease.
For Example, you can remove all the
complicated Security Measures such as
Hybrid Passwords, Regular Password
Resets, Security Tokens, which will make
the System easy to use, however, the
Security and Functionality will be reduced.
7. WHO IS HACKER ?
Intelligent Individuals with excellent Computer Skills, with the
Ability to create And explore into the computer’s Software and
Hardware.
For some hackers, hacking is a hobby to see how many computers
or networks they can compromise.
Some do hacking with Malicious intent behind their escapades,
like stealing business data, credit card information, social security
numbers, email passwords etc.
Their intention can either be to gain knowledge or to poke
around to do illegal things.
8. TYPES OF HACKERS
Black Hats Technical Levels of Hackers
– Good Technical Skills Neophyte- A Newbie in the
– Involved in Malicious or field of Computer Security with
illegal Activities. almost no knowledge.
Script Kiddie- A non-expert
White Hats who uses Tools or Scripts made
– Use of Knowledge & skills for by others to Hack into System
Defensive purpose, rather with little knowledge about the
offensive. concept working behind the
tool.
Gray Hats Elite- Also knows as 1337, it is a
– Individuals who work on term used to describe the most
both the sides – Ethical and technically advanced hackers
Malicious. who use cutting edge
technology.
9. TYPE OF ATTACKS ON A SYSTEM
There are several ways an attacker can gain access to a
System.
The attacker must be able to exploit a weakness or
vulnerability in a system.
10. PHASES OF HACKER
Information Gathering
Scanning
Gaining access
– Operating System/Application
– Network level
– Denial of service
Maintaining access
– Uploading/altering/ downloading
programs or data
-- Covering Tracks
11. PROFILE OF ETHICAL HACKER
An Ethical Hacker will follow the same Techniques and Methodologies
as a Malicious Hacker, however, in the end, The found vulnerabilities
of Security Flaws are either Reported (Responsible Disclosure/Open
Disclosure) or Fixed. This is also called Penetration Testing.
The Complete Procedure depends upon the Type of Penetration
Testing being conducted, which are primarily of 3 Types:
Black Box Testing – No Previous Knowledge about the Target of
Evaluation.
White Box Testing – Full Knowledge about the Target. Purpose is to
protect the system or product from insider attacks.
Grey Box Testing – Partial Knowledge is available in this case.
12. WHY ETHICAL HACKING IS NECESSARY?
Computer Security Expert.
In-depth knowledge about Target Platforms
(such as Windows, Unix, Linux, Mac).
In-depth knowledge about networking and
related hardware/software.
Knowledge about Programming and Web
Applications.
Knowledgeable about computer or system
security.
13. SPECIALIZATIONS
Just like any other Technical Field, Information Security
and Hacking is very vast and Individuals generally
specialize in single or multiple Domains which primarily
are:
Network Security/Attack
Web Application Security/Attack
Exploit Development and Reverse Engineering
Malware Analysis/Development
Cyber Forensics
14. ESSENTIAL TERMINOLOGY'S
Threat – An action or event which is a potential
challenge to Security.
Vulnerability – It is the existence of a Flaw or Error in
the Design of the System which can cause undesired
results ranging from Compromise of System Security
to Service or System Unavailability.
Attack – An action which attempts to violate or
challenge the Integrity or Security of a System.
Exploit – A defined way to breach the security of a
System or Product using an identified vulnerability.
15. MODULES FOR WINDOWS HACKING
Introduction to Windows
Windows - Passwords
LM Hashes and NTLM Hashes
Syskey
Windows Hacking
Types of Attacks
Tools used for Windows Password Cracking
Securing passwords.
Privilege Escalation
Key loggers
Covering Tracks
Removing logs
19. Tools used for windows Password Cracking
Windows passwords can be cracked by using the following tools:
Ophcrack Live CD and windows installer.
Hiren Boot CD.
ERD commander.
Cain n Able.
Etc.
21. Keyloggers
Keystroke logging (often called key logging) is the action of tracking (or
logging) the keys struck on a keyboard, typically in a covert manner so that
the person using the keyboard is unaware that their actions are being
monitored. There are numerous key logging methods, ranging from hardware
and software-based approaches to electromagnetic and acoustic analysis.