The document discusses the history and evolution of hacking from the 1960s to present day. It outlines key events such as the development of the "blue box" phone hack, formation of early hacker groups, and passage of anti-hacking laws. The document then defines ethical hacking as independent security professionals who evaluate systems for vulnerabilities without causing damage or stealing information. Ethical hackers require strong skills across various operating systems and protocols to thoroughly test systems from different attack perspectives.
3. PREHISTORY ► Draper builds a "blue box"
► 1960s: The Dawn of used with whistle allows
Hacking phreaks to make free calls.
Original meaning of the word ► Steve Wozniak and Steve
"hack" started at MIT; meant Jobs, future founders of
elegant, witty or inspired way Apple Computer, make and
of doing almost anything; sell blue boxes.
hacks were programming THE GOLDEN AGE
shortcuts (1980-1991)
ELDER DAYS (1970-1979) ► 1980: Hacker Message
► 1970s: Phone Phreaks and Boards and Groups
Cap'n Crunch: One phreak, Hacking groups form; such as
John Draper (aka "Cap'n Legion of Doom (US), Chaos
Crunch"), discovers a toy Computer Club (Germany).
whistle inside Cap'n Crunch ► 1983: Kids' Games
cereal gives 2600-hertz signal, Movie "War Games"
and can access AT&T's long- introduces public to hacking.
distance switching system.
4. THE GREAT HACKER WAR ► 1989: The Germans ,
► Legion of Doom vs Masters the KGB and Kevin
of Deception; online warfare; Mitnick.
jamming phone lines. ► German Hackers
► 1984: Hacker 'Zines arrested for breaking into
Hacker magazine 2600 U.S. computers; sold
publication; online 'zine information to Soviet KGB.
Phrack. ► Hacker "The Mentor“
CRACKDOWN (1986-1994) arrested; publishes
► 1986: Congress passes Hacker's Manifesto.
Computer Fraud and Abuse ► Kevin Mitnick convicted;
Act; crime to break into first person convicted
computer systems. under law against gaining
► 1988: The Morris Worm access to interstate
network for criminal
Robert T. Morris, Jr., launches purposes.
self-replicating worm on
ARPAnet.
5.
6.
7.
8. Ethical Hacking
► Independent computer security
Professionals breaking into the
computer systems.
► Neither damage the target systems
nor steal information.
► Evaluate target systems security and
report back to owners about the
vulnerabilities found.
9. Ethical Hackers but not Criminal
Hackers
► Completely trustworthy.
► Strong programming and computer
networking skills.
► Learn about the system and trying to
find its weaknesses.
► Techniques of Criminal hackers-
Detection-Prevention.
► Published research papers or released
security software.
► No Ex-hackers.
10. Being Prepared
► What can an intruder see on the target systems?
► What can an intruder do with that information?
► Does anyone at the target notice the intruder's attempts or
successes?
6. What are you trying to protect?
7. Who are you trying to protect against?
8. How much time, effort, and money are you willing to
expend to obtain adequate protection?
11. Ethical Hacker’s Prospective
► Ethical Hacker’s demand a lot of time and
persistence.
► Security evaluation plan
1. Identify system to be tested
2. How to test?
3. Limitations on that testing
► Evaluation done under a “no-holds-barred”
approach.
► Clients should be aware of risks.
► Limit prior knowledge of test.
12. Required Skills of an Ethical
Hacker
► Routers: knowledge of routers, routing protocols, and
access control lists
► Microsoft: skills in operation, configuration and
management.
► Linux: knowledge of Linux/Unix; security setting,
configuration, and services.
► Firewalls: configurations, and operation of intrusion
detection systems.
► Mainframes
► Network Protocols: TCP/IP; how they function and can
be manipulated.
► Project Management: knowledge of leading, planning,
organizing, and controlling a penetration testing team.
13. Kinds of Testing
► Remote Network
► Remote dial-up network
► Local network
► Stolen laptop computer
► Social engineering
► Physical entry
1.Total outsider
2.Semi-outsider
3.Valid user
14. REVIEW
Therefore Ethical Hackers and Network
Security experts are highly required as well
as demanded by many organization’s for the
security of their own data, if it fell in the
wrong hands a competitor might use it for
corporate espionage, a hacker might use it
to break into the client’s computers, or a
prankster might just post the report’s
contents on the Web as a joke.