a perfect example of your 6 weeks summer training ppt. Course-Ethical Hacking , its info and VAPT- Vulnerability Assessment n Penetration testing. about how vulnerability scanning , tools used , cracking password , etc.
2. What is hacking ?
• Computer hacking is when someone modifies
computer hardware or software in a way that
alters the creator's original intent.
What is Ethical Hacking ?
• Ethical hacking is when person breaches the
security with authorization for the purpose of
finding loopholes(security issues).
4. Types of hacker
• White Hat Hackers:
– who specializes in penetration testing and in other testing
methodologies to ensure the security of an organization's
information systems.
• Black Hat Hackers:
– A black hat is the villain or bad guy, especially in a western movie in
which such a character would stereotypically wear a black hat in
contrast to the hero's white hat.
• Gray Hat Hackers:
– A grey hat, in the hacking community, refers to a skilled hacker
whose activities fall somewhere between white and black hat
hackers on a variety of spectra
5. What is information security
Information security means protecting information and
information systems from unauthorized
access, use, disclosure, disruption, modification, perusal, inspect
ion, recording or destruction.
Term Information Security follows CIA
Confidentiality
Integrity
Availability
6. Confidentiality : Assurance that the information is
accessible only to those authorized to have access.
Confidentiality breaches may occur due to improper
data handling or a hacking attempt.
Integrity :
The data or resources in term of preventing
improper and unauthorized changes. Assurance that
Information can be relied upon to be sufficiently accurate
for its purpose.
Availability :
Assurance that the systems responsible
for delivering storing , and processing Information are
accessible when required by the authorized users.
7. Essential Terminology's
Threat – An action or event which is a potential challenge
to Security.
Vulnerability – It is the existence of a Flaw or Error in the
Design of the System which can cause undesired results
ranging from Compromise of System Security to Service
or System Unavailability.
Attack – An action which attempts to violate or challenge
the Integrity or Security of a System.
Exploit – A defined way to breach the security of a
System or Product using an identified vulnerability.
8. Identifying Vulnerabilities
• Identifying vulnerabilities through a
vulnerability appraisal
– Determines the current security weaknesses that
could expose assets to threats
• Two categories of software and hardware
tools
– Vulnerability scanning
– Penetration testing
9. Vulnerability Scanning
• Vulnerability scanning is typically used by an
organization to identify weaknesses in the
system
– That need to be addressed in order to increase the
level of security
• Tools include port scanners, network
scanner, protocol analyzers, vulnerability
scanners, the Open Vulnerability and
Assessment Language, and password crackers
10. IP Addresses and Ports
Internet protocol (IP) addresses
The primary form of address identification on a
TCP/IP network
Used to uniquely identify each network device
Port number
TCP/IP uses a numeric value as an identifier to
applications and services on the systems
Each datagram (packet) contains not only the
source and destination IP addresses
But also the source port and destination port
12. Port Scanners
Port scanner
Sends probes to interesting ports on a target
system
Determines the state of a port to know what
applications are running and could be exploited
Three port states:
Open, closed, and blocked
13.
14. Network Scanner
Software tools that can identify all the systems
connected to a network
Most network mappers utilize the TCP/IP
protocol ICMP
Internet Control Message Protocol (ICMP)
Used by PING to identify devices
Less useful for modern versions of Windows
16. Protocol Analyzers
• Also called a sniffer
– Captures each packet to decode and analyze its
contents
– Can fully decode application-layer network
protocols
• Common uses include:
– Network troubleshooting
– Network traffic characterization
– Security analysis
17.
18. Vulnerability Scanners
Products that look for vulnerabilities in
networks or systems
Help network administrators find security problems
Most vulnerability scanners maintain a database
that categorizes and describes the
vulnerabilities that it can detect
Other types of vulnerability scanners combine
the features of a port scanner and network
mapper
19.
20. Password Crackers
Password
A secret combination of letters and numbers that only the
user knows
Because passwords are common yet provide weak
security, they are a frequent focus of attacks
Password cracker programs
Use the file of hashed passwords and then attempts to
break the hashed passwords offline
The most common offline password cracker programs
are based on dictionary attacks or rainbow tables
21.
22. Shadow File
A defense against password cracker programs for
UNIX and Linux systems
On a system without a shadow fiile
The passwd file that contains the hashed
passwords and other user information is visible
to all users
The shadow file can only be accessed at the
highest level and contains only the hashed
passwords
23. Penetration Testing
• Method of evaluating the security of a
computer system or network
– By simulating a malicious attack instead of just
scanning for vulnerabilities
– Involves a more active analysis of a system for
vulnerabilities
• One of the first tools that was widely used for
penetration testing as well as by attackers was
SATAN
24. SATAN
SATAN could improve the security of a network by
performing penetration testing
To determine the strength of the security for the network
and what vulnerabilities may still have existed
SATAN would:
Recognize several common networking-related security
problems
Report the problems without actually exploiting them
Offer a tutorial that explained the problem, what its
impact could be, and how to resolve the problem
Notes de l'éditeur
This template can be used as a starter file for presenting training materials in a group setting.SectionsRight-click on a slide to add sections. Sections can help to organize your slides or facilitate collaboration between multiple authors.NotesUse the Notes section for delivery notes or to provide additional details for the audience. View these notes in Presentation View during your presentation. Keep in mind the font size (important for accessibility, visibility, videotaping, and online production)Coordinated colors Pay particular attention to the graphs, charts, and text boxes.Consider that attendees will print in black and white or grayscale. Run a test print to make sure your colors work when printed in pure black and white and grayscale.Graphics, tables, and graphsKeep it simple: If possible, use consistent, non-distracting styles and colors.Label all graphs and tables.