SlideShare une entreprise Scribd logo

Ethical Hacking for Educators: Tools and Resources

Télécharger en tant que PPT, PDF
Umang Patel
Umang Patel
TechnologieActualités & Politique
1  sur  98
Ethical Hacking for Educators Presented By Regina DeLisse Hartley, Ph.D. Caldwell Community College & Technical Institute
Overview  Old School Hackers: History of Hacking  Ec-Council: Certified Ethical Hacker  Learning Competencies  Teaching Resources: Ethical Hacking Textbooks  Hacking Tools  Hacker Challenge Websites  Additional Web Sites  Questions and Answers
Old School Hackers: History of Hacking
PREHISTORY  Draper builds a "blue  1960s: The Dawn of box" used with whistle Hacking allows phreaks to make Original meaning of the free calls. word "hack" started at  Steve Wozniak and MIT; meant elegant, witty Steve Jobs, future or inspired way of doing founders of Apple almost anything; hacks Computer, make and sell were programming blue boxes. shortcuts THE GOLDEN AGE ELDER DAYS (1970-1979) (1980-1991)  1970s: Phone Phreaks  1980: Hacker Message and Cap'n Crunch: One Boards and Groups phreak, John Draper (aka Hacking groups form; "Cap'n Crunch"), discovers such as Legion of Doom a toy whistle inside Cap'n (US), Chaos Computer Crunch cereal gives 2600- Club (Germany). hertz signal, and can  1983: Kids' Games access AT&T's long- Movie "War Games" distance switching system. introduces public to hacking.
THE GREAT HACKER WAR  1989: The Germans ,  Legion of Doom vs the KGB and Kevin Mitnick. Masters of Deception; online warfare; jamming  German Hackers phone lines. arrested for breaking into U.S. computers; sold  1984: Hacker 'Zines information to Soviet Hacker magazine 2600 KGB. publication; online 'zine  Hacker "The Mentor“ Phrack. arrested; publishes CRACKDOWN (1986- Hacker's Manifesto. 1994)  Kevin Mitnick convicted;  1986: Congress passes first person convicted Computer Fraud and Abuse under law against gaining access to interstate Act; crime to break into network for criminal computer systems. purposes.  1988: The Morris Worm Robert T. Morris, Jr., launches self-replicating worm on ARPAnet.
 1993: Why Buy a Car  1995: Russian Hackers When You Can Hack Siphon $10 million from One? Citibank; Vladimir Levin, Radio station call-in leader. contest; hacker-fugitive  Oct 1998 teenager hacks Kevin Poulsen and friends crack phone; they into Bell Atlantic phone allegedly get two Porsches, system; disabled $20,000 cash, vacation communication at airport trips; Poulsen now a disables runway lights. freelance journalist  1999 hackers attack covering computer crime. Pentagon, MIT, FBI web  First Def Con hacking sites. conference in Las Vegas  1999: E-commerce company attacked; ZERO TOLERANCE (1994- blackmail threats followed 1998) by 8 million credit card  1995: The Mitnick numbers stolen. ( Takedown: Arrested www.blackhat.info; www.h2k2.net; www.slais.ubc.ca/; www.sptimes.com; again; charged with www.tlc.discovery.com) stealing 20,000 credit card numbers.
Ec-Council: Certified Ethical Hacker
EC-Council has certified IT professionals from the following organizations as CEH: Novell, Canon, Hewlett Packard, US Air Force Reserve, US Embassy, Verizon, PFIZER, HDFC Bank, University of Memphis, Microsoft Corporation, Worldcom, Trusecure, US Department of Defense, Fedex, Dunlop, British Telecom, Cisco, Supreme Court of the Philippines, United Nations, Ministry of Defense, UK, Nortel Networks, MCI, Check Point Software, KPMG, Fleet International, Cingular Wireless, Columbia Daily Tribune, Johnson & Johnson, Marriott Hotel, Tucson Electric Power Company, Singapore Police Force
(Cont.) PriceWaterhouseCoopers, SAP, Coca-Cola Corporation, Quantum Research, US Military, IBM Global Services, UPS, American Express, FBI, Citibank Corporation, Boehringer Ingelheim, Wipro, New York City Dept Of IT & Telecom – DoITT, United States Marine Corps, Reserve Bank of India, US Air Force, EDS, Bell Canada, SONY, Kodak, Ontario Provincial Police, Harris Corporation, Xerox, Philips Electronics, U.S. Army, Schering, Accenture, Bank One, SAIC, Fujitsu, Deutsche Bank
Hackers are here. Where are you?  The explosive growth of the Internet has brought many good things…As with most technological advances, there is also a dark side: criminal hackers.  The term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as:  HACKER noun. 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities…. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.
What is a Hacker?  Old School Hackers: 1960s style Stanford or MIT hackers. Do not have malicious intent, but do have lack of concern for privacy and proprietary information. They believe the Internet was designed to be an open system.  Script Kiddies or Cyber-Punks: Between 12-30; predominantly white and male; bored in school; get caught due to bragging online; intent is to vandalize or disrupt systems.  Professional Criminals or Crackers: Make a living by breaking into systems and selling the information.  Coders and Virus Writers: See themselves as an elite; programming background and write code but won’t use it themselves; have their own networks called “zoos”; leave it to others to release their code into “The Wild” or Internet. (www.tlc.discovery.com)
What is Ethical Hacking?  Ethical hacking – defined “methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems’ operating environments.”  With the growth of the Internet, computer security has become a major concern for businesses and governments.  In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.
Who are Ethical Hackers?  “One of the best ways to evaluate the intruder threat is to have an independent computer security professionals attempt to break their computer systems”  Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy.  Ethical hackers typically have very strong programming and computer networking skills.  They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., Linux or Windows 2000) used on target systems.  These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors.
What do Ethical Hackers do?  An ethical hacker’s evaluation of a system’s security seeks answers to these basic questions: • What can an intruder see on the target systems? • What can an intruder do with that information? • Does anyone at the target notice the intruder’s at tempts or successes? • What are you trying to protect? • What are you trying to protect against? • How much time, effort, and money are you willing to expend to obtain adequate protection?
How much do Ethical Hackers get Paid?  Globally, the hiring of ethical hackers is on the rise with most of them working with top consulting firms.  In the United States, an ethical hacker can make upwards of $120,000 per annum.  Freelance ethical hackers can expect to make $10,000 per assignment.  Some ranges from $15,000 to $45,000 for a standalone ethical hack.
Certified Ethical Hacker (C|EH) Training  InfoSec Academy  http://www.infosecacademy.com • Five-day Certified Ethical Hacker (C|EH) Training Camp Certification Training Program • (C|EH) examination • C|EH Certified Ethical Hacker Training Camp (5-Day Package)$3,595 ($2,580 training only) (Source: www.eccouncil.org)
Learning Competencies
Required Skills of an Ethical Hacker  Routers: knowledge of routers, routing protocols, and access control lists  Microsoft: skills in operation, configuration and management.  Linux: knowledge of Linux/Unix; security setting, configuration, and services.  Firewalls: configurations, and operation of intrusion detection systems.  Mainframes  Network Protocols: TCP/IP; how they function and can be manipulated.  Project Management: knowledge of leading, planning, organizing, and controlling a penetration testing team. (Source: http://www.examcram.com)
Modes of Ethical Hacking  Insider attack  Outsider attack  Stolen equipment attack  Physical entry  Bypassed authentication attack (wireless access points)  Social engineering attack (Source: http://www.examcram.com)
Anatomy of an attack: • Reconnaissance – attacker gathers information; can include social engineering. • Scanning – searches for open ports (port scan) probes target for vulnerabilities. • Gaining access – attacker exploits vulnerabilities to get inside system; used for spoofing IP. • Maintaining access – creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in. • Covering tracks – deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized. (Source: www.eccouncil.org)
 Hacker classes • Black hats – highly skilled, malicious, destructive “crackers” • White hats – skills used for defensive security analysts • Gray hats – offensively and defensively; will hack for different reasons, depends on situation.  Hactivism – hacking for social and political cause.  Ethical hackers – determine what attackers can gain access to, what they will do with the information, and can they be detected. (Source: www.eccouncil.org)
Teaching Resources: Ethical Hacking Textbooks
Ec-Council Certified Ethical Hacker www.eccouncil.org ISBN 0-9729362-1-1
Ec-Council Topics Covered  Introduction to Ethical Hacking  Footprinting  Scanning  Enumeration  System Hacking  Trojans and Backdoors  Sniffers  Denial of Service  Social Engineering  Session Hijacking  Hacking Web Servers
Ec-Council (Cont.)  Web Application Vulnerabilities  Web Based Password Cracking Techniques  SQL Injection  Hacking Wireless Networks  Viruses  Novell Hacking  Linux Hacking  Evading IDS, Firewalls and Honeypots  Buffer Overflows  Cryptography
Certified Ethical Hacker Exam Prep http://www.examcram.com ISBN 0-7897-3531-8
Certified Ethical Hacker Exam Prep  The Business Aspects of Penetration Testing  The Technical Foundations of Hacking  Footprinting and Scanning  Enumeration and System Hacking  Linux and automated Security Assessment Tools  Trojans and Backdoors  Sniffers, Session Hyjacking, and Denial of Service
Certified Ethical Hacker Exam Prep (Cont.)  Web Server Hacking, Web Applications, and Database Attacks  Wireless Technologies, Security, and Attacks  IDS, Firewalls, and Honeypots  Buffer Overflows, Viruses, and Worms  Cryptographic Attacks and Defenses  Physical Security and Social Engineering
Hands-On Information Security Lab Manual, Second Edition 1. Footprinting 2. Scanning and Enumeration 3. Operating System Vulnerabilities and Resolutions 4. Network Security Tools and Technologies 5. Security Maintenance 6. Information Security Management 7. File System Security and Cryptography 8. Computer Forensics http://www.course.com/ ISBN 0-619-21631-X
Hacking Tools: Footprinting and Reconnaissance
Whois
Whois (cont.) http://www.allwhois.com/
Whois (cont.)
Sam Spade
Sam Spade (Cont.)
Nslookup
Nslookup Options
Traceroute
Ping
Ping Options
Hacking Tools: Scanning and Enumeration
nmap
NMapWin
SuperScan
SuperScan (Cont.)
IP Scanner
Hyena
Retina
LANguard
Hacking Tools: System Hacking
telnet
Snadboy
Password Cracking with LOphtcrack
Keylogger
Hacking Tools: Trojans and Backdoors
NetBus
Game Creates Backdoor for NetBus
SubSeven
Hacking Tools: Sniffers
Spoofing a MAC address Original Configuration
Spoofed Mac
Ethereal
Iris
Snort
Hacking Tools: Web Based Password Cracking
Cain and Abel
Cain and Abel (Cont.)
Cain and Abel (Cont.)
Legion
Brutus
Hacking Tools: Covering Tracks
ImageHide
ClearLogs
ClearLogs (Cont.)
Hacking Tools: Google Hacking and SQL Injection
Google Hacking
Google Cheat Sheet
SQL Injection  Allows a remote attacker to execute arbitrary database commands  Relies on poorly formed database queries and insufficient input validation  Often facilitated, but does not rely on unhandled exceptions and ODBC error messages  Impact: MASSIVE. This is one of the most dangerous vulnerabilities on the web.
Common Database Query
Problem: Unvalidated Input
Piggybacking Queries with UNION
Hacker Challenge Websites
http://www.hackr.org/mainpage.php
Hackthissite.org http://www.hackthissite.org
Answers revealed in code
Hackits http://www.hackits.de/challenge/
Additional Web Sites
Legion of Ethical Hacking
Legion of Ethical Hacking (Cont.)
Hacker Highschool http://www.hackerhighschool.org/
Hacker Highschool
johnny.ihackstuff.com/
HappyHacker.org
Foundstone
Insecure.org
SANS Institute
Questions & Answers

Recommandé

ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hackingbaabtra.com - No. 1 supplier of quality freshers
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBinit Kumar
 
Ethical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyayEthical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyayChandra Prakash
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingSanu Subham
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKeith Brooks
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackDharmesh Makwana
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 

Recommandé

ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 
How to hack or what is ethical hacking
How to hack or what is ethical hackingHow to hack or what is ethical hacking
How to hack or what is ethical hackingbaabtra.com - No. 1 supplier of quality freshers
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingBinit Kumar
 
Ethical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyayEthical hacking by chandra prakash upadhyay
Ethical hacking by chandra prakash upadhyayChandra Prakash
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingSanu Subham
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingKeith Brooks
 
Ethical hacking a licence to hack
Ethical hacking a licence to hackEthical hacking a licence to hack
Ethical hacking a licence to hackDharmesh Makwana
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
National information security education & awareness program
National information security education & awareness programNational information security education & awareness program
National information security education & awareness programNeel Kamal
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hackingchakrekevin
 
Report on Hacking
Report on HackingReport on Hacking
Report on HackingSharique Masood
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingDEEPIKA WALIA
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionBharat Thakkar
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking Institute of Information Security (IIS)
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingHarshit Upadhyay
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentationGeorgekutty Francis
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingTharindu Kalubowila
 
Hacking
HackingHacking
HackingNadeem Ahmad
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingGanesh Vadulekar
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
presentation on ethical hacking
presentation on ethical hacking presentation on ethical hacking
presentation on ethical hacking Amol Deshmukh
 
Hacking Tutorial in Telugu
Hacking Tutorial in TeluguHacking Tutorial in Telugu
Hacking Tutorial in TeluguSravani Reddy
 
the best hacking ppt
the best hacking pptthe best hacking ppt
the best hacking pptfuckubitches
 
Secure Shell - a Presentation on Ethical Hacking
Secure Shell - a Presentation on Ethical HackingSecure Shell - a Presentation on Ethical Hacking
Secure Shell - a Presentation on Ethical HackingNitish Kasar
 
Cybercrime (Computer Hacking)
Cybercrime (Computer Hacking)Cybercrime (Computer Hacking)
Cybercrime (Computer Hacking)Esteban
 
Hacking
Hacking Hacking
Hacking Farkhanda Kiran
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hackingSunny Sundeep
 

Contenu connexe

Tendances

National information security education & awareness program
National information security education & awareness programNational information security education & awareness program
National information security education & awareness programNeel Kamal
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hackingchakrekevin
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hackingankit sarode
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionBharat Thakkar
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Securitysumit dimri
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
presentation on ethical hacking
presentation on ethical hacking presentation on ethical hacking
presentation on ethical hacking Amol Deshmukh
 
Hacking Tutorial in Telugu
Hacking Tutorial in TeluguHacking Tutorial in Telugu
Hacking Tutorial in TeluguSravani Reddy
 
the best hacking ppt
the best hacking pptthe best hacking ppt
the best hacking pptfuckubitches
 
Secure Shell - a Presentation on Ethical Hacking
Secure Shell - a Presentation on Ethical HackingSecure Shell - a Presentation on Ethical Hacking
Secure Shell - a Presentation on Ethical HackingNitish Kasar
 
Cybercrime (Computer Hacking)
Cybercrime (Computer Hacking)Cybercrime (Computer Hacking)
Cybercrime (Computer Hacking)Esteban
 

Tendances (20)

National information security education & awareness program
National information security education & awareness programNational information security education & awareness program
National information security education & awareness program
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Report on Hacking
Report on HackingReport on Hacking
Report on Hacking
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - Introduction
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
Ethical Hacking and Network Security
Ethical Hacking and Network SecurityEthical Hacking and Network Security
Ethical Hacking and Network Security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking presentation
Ethical hacking presentationEthical hacking presentation
Ethical hacking presentation
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Hacking
HackingHacking
Hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
presentation on ethical hacking
presentation on ethical hacking presentation on ethical hacking
presentation on ethical hacking
 
Hacking Tutorial in Telugu
Hacking Tutorial in TeluguHacking Tutorial in Telugu
Hacking Tutorial in Telugu
 
the best hacking ppt
the best hacking pptthe best hacking ppt
the best hacking ppt
 
Secure Shell - a Presentation on Ethical Hacking
Secure Shell - a Presentation on Ethical HackingSecure Shell - a Presentation on Ethical Hacking
Secure Shell - a Presentation on Ethical Hacking
 
Cybercrime (Computer Hacking)
Cybercrime (Computer Hacking)Cybercrime (Computer Hacking)
Cybercrime (Computer Hacking)
 
Hacking
Hacking Hacking
Hacking
 

En vedette

Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hackingSunny Sundeep
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingeiti panchkula
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingNeel Kamal
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityDipesh Waghela
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 

En vedette (8)

Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
Presentation on ethical hacking
Presentation on ethical hackingPresentation on ethical hacking
Presentation on ethical hacking
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Hacking ppt
Hacking pptHacking ppt
Hacking ppt
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Cyber security
Cyber securityCyber security
Cyber security
 

Similaire à Ethical Hacking for Educators: Tools and Resources

C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introductionsunnysmith
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its PreventionDinesh O Bareja
 
Hacking
HackingHacking
HackingVirus
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docxalinainglis
 
Sit presentation - Hacking
Sit presentation - HackingSit presentation - Hacking
Sit presentation - Hackingmsolis0710
 
5 biggest cyber attacks and most famous hackers
5 biggest cyber attacks and most famous hackers5 biggest cyber attacks and most famous hackers
5 biggest cyber attacks and most famous hackersRoman Antonov
 

Similaire à Ethical Hacking for Educators: Tools and Resources (20)

What is Ethical hacking
What is Ethical hackingWhat is Ethical hacking
What is Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hacking (cs192 report )
Hacking (cs192 report )Hacking (cs192 report )
Hacking (cs192 report )
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 
Hacking
HackingHacking
Hacking
 
Is hacking good or bad
Is hacking good or badIs hacking good or bad
Is hacking good or bad
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
hacking
hackinghacking
hacking
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
Sit presentation - Hacking
Sit presentation - HackingSit presentation - Hacking
Sit presentation - Hacking
 
5 biggest cyber attacks and most famous hackers
5 biggest cyber attacks and most famous hackers5 biggest cyber attacks and most famous hackers
5 biggest cyber attacks and most famous hackers
 
Unit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimesUnit ii-hackers and cyber crimes
Unit ii-hackers and cyber crimes
 
Hackers and cyber crimes
Hackers and cyber crimesHackers and cyber crimes
Hackers and cyber crimes
 
Ethicalhacking
Ethicalhacking Ethicalhacking
Ethicalhacking
 
Evolution of Hacking- Ronit Chakraborty .pptx
Evolution of Hacking- Ronit Chakraborty .pptxEvolution of Hacking- Ronit Chakraborty .pptx
Evolution of Hacking- Ronit Chakraborty .pptx
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 

Dernier

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 

Dernier (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Ethical Hacking for Educators: Tools and Resources

  • 1. Ethical Hacking for Educators Presented By Regina DeLisse Hartley, Ph.D. Caldwell Community College & Technical Institute
  • 2. Overview  Old School Hackers: History of Hacking  Ec-Council: Certified Ethical Hacker  Learning Competencies  Teaching Resources: Ethical Hacking Textbooks  Hacking Tools  Hacker Challenge Websites  Additional Web Sites  Questions and Answers
  • 3. Old School Hackers: History of Hacking
  • 4. PREHISTORY  Draper builds a "blue  1960s: The Dawn of box" used with whistle Hacking allows phreaks to make Original meaning of the free calls. word "hack" started at  Steve Wozniak and MIT; meant elegant, witty Steve Jobs, future or inspired way of doing founders of Apple almost anything; hacks Computer, make and sell were programming blue boxes. shortcuts THE GOLDEN AGE ELDER DAYS (1970-1979) (1980-1991)  1970s: Phone Phreaks  1980: Hacker Message and Cap'n Crunch: One Boards and Groups phreak, John Draper (aka Hacking groups form; "Cap'n Crunch"), discovers such as Legion of Doom a toy whistle inside Cap'n (US), Chaos Computer Crunch cereal gives 2600- Club (Germany). hertz signal, and can  1983: Kids' Games access AT&T's long- Movie "War Games" distance switching system. introduces public to hacking.
  • 5. THE GREAT HACKER WAR  1989: The Germans ,  Legion of Doom vs the KGB and Kevin Mitnick. Masters of Deception; online warfare; jamming  German Hackers phone lines. arrested for breaking into U.S. computers; sold  1984: Hacker 'Zines information to Soviet Hacker magazine 2600 KGB. publication; online 'zine  Hacker "The Mentor“ Phrack. arrested; publishes CRACKDOWN (1986- Hacker's Manifesto. 1994)  Kevin Mitnick convicted;  1986: Congress passes first person convicted Computer Fraud and Abuse under law against gaining access to interstate Act; crime to break into network for criminal computer systems. purposes.  1988: The Morris Worm Robert T. Morris, Jr., launches self-replicating worm on ARPAnet.
  • 6.  1993: Why Buy a Car  1995: Russian Hackers When You Can Hack Siphon $10 million from One? Citibank; Vladimir Levin, Radio station call-in leader. contest; hacker-fugitive  Oct 1998 teenager hacks Kevin Poulsen and friends crack phone; they into Bell Atlantic phone allegedly get two Porsches, system; disabled $20,000 cash, vacation communication at airport trips; Poulsen now a disables runway lights. freelance journalist  1999 hackers attack covering computer crime. Pentagon, MIT, FBI web  First Def Con hacking sites. conference in Las Vegas  1999: E-commerce company attacked; ZERO TOLERANCE (1994- blackmail threats followed 1998) by 8 million credit card  1995: The Mitnick numbers stolen. ( Takedown: Arrested www.blackhat.info; www.h2k2.net; www.slais.ubc.ca/; www.sptimes.com; again; charged with www.tlc.discovery.com) stealing 20,000 credit card numbers.
  • 8. EC-Council has certified IT professionals from the following organizations as CEH: Novell, Canon, Hewlett Packard, US Air Force Reserve, US Embassy, Verizon, PFIZER, HDFC Bank, University of Memphis, Microsoft Corporation, Worldcom, Trusecure, US Department of Defense, Fedex, Dunlop, British Telecom, Cisco, Supreme Court of the Philippines, United Nations, Ministry of Defense, UK, Nortel Networks, MCI, Check Point Software, KPMG, Fleet International, Cingular Wireless, Columbia Daily Tribune, Johnson & Johnson, Marriott Hotel, Tucson Electric Power Company, Singapore Police Force
  • 9. (Cont.) PriceWaterhouseCoopers, SAP, Coca-Cola Corporation, Quantum Research, US Military, IBM Global Services, UPS, American Express, FBI, Citibank Corporation, Boehringer Ingelheim, Wipro, New York City Dept Of IT & Telecom – DoITT, United States Marine Corps, Reserve Bank of India, US Air Force, EDS, Bell Canada, SONY, Kodak, Ontario Provincial Police, Harris Corporation, Xerox, Philips Electronics, U.S. Army, Schering, Accenture, Bank One, SAIC, Fujitsu, Deutsche Bank
  • 10. Hackers are here. Where are you?  The explosive growth of the Internet has brought many good things…As with most technological advances, there is also a dark side: criminal hackers.  The term “hacker” has a dual usage in the computer industry today. Originally, the term was defined as:  HACKER noun. 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities…. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.
  • 11. What is a Hacker?  Old School Hackers: 1960s style Stanford or MIT hackers. Do not have malicious intent, but do have lack of concern for privacy and proprietary information. They believe the Internet was designed to be an open system.  Script Kiddies or Cyber-Punks: Between 12-30; predominantly white and male; bored in school; get caught due to bragging online; intent is to vandalize or disrupt systems.  Professional Criminals or Crackers: Make a living by breaking into systems and selling the information.  Coders and Virus Writers: See themselves as an elite; programming background and write code but won’t use it themselves; have their own networks called “zoos”; leave it to others to release their code into “The Wild” or Internet. (www.tlc.discovery.com)
  • 12. What is Ethical Hacking?  Ethical hacking – defined “methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems’ operating environments.”  With the growth of the Internet, computer security has become a major concern for businesses and governments.  In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems.
  • 13. Who are Ethical Hackers?  “One of the best ways to evaluate the intruder threat is to have an independent computer security professionals attempt to break their computer systems”  Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy.  Ethical hackers typically have very strong programming and computer networking skills.  They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., Linux or Windows 2000) used on target systems.  These base skills are augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors.
  • 14. What do Ethical Hackers do?  An ethical hacker’s evaluation of a system’s security seeks answers to these basic questions: • What can an intruder see on the target systems? • What can an intruder do with that information? • Does anyone at the target notice the intruder’s at tempts or successes? • What are you trying to protect? • What are you trying to protect against? • How much time, effort, and money are you willing to expend to obtain adequate protection?
  • 15. How much do Ethical Hackers get Paid?  Globally, the hiring of ethical hackers is on the rise with most of them working with top consulting firms.  In the United States, an ethical hacker can make upwards of $120,000 per annum.  Freelance ethical hackers can expect to make $10,000 per assignment.  Some ranges from $15,000 to $45,000 for a standalone ethical hack.
  • 16. Certified Ethical Hacker (C|EH) Training  InfoSec Academy  http://www.infosecacademy.com • Five-day Certified Ethical Hacker (C|EH) Training Camp Certification Training Program • (C|EH) examination • C|EH Certified Ethical Hacker Training Camp (5-Day Package)$3,595 ($2,580 training only) (Source: www.eccouncil.org)
  • 18. Required Skills of an Ethical Hacker  Routers: knowledge of routers, routing protocols, and access control lists  Microsoft: skills in operation, configuration and management.  Linux: knowledge of Linux/Unix; security setting, configuration, and services.  Firewalls: configurations, and operation of intrusion detection systems.  Mainframes  Network Protocols: TCP/IP; how they function and can be manipulated.  Project Management: knowledge of leading, planning, organizing, and controlling a penetration testing team. (Source: http://www.examcram.com)
  • 19. Modes of Ethical Hacking  Insider attack  Outsider attack  Stolen equipment attack  Physical entry  Bypassed authentication attack (wireless access points)  Social engineering attack (Source: http://www.examcram.com)
  • 20. Anatomy of an attack: • Reconnaissance – attacker gathers information; can include social engineering. • Scanning – searches for open ports (port scan) probes target for vulnerabilities. • Gaining access – attacker exploits vulnerabilities to get inside system; used for spoofing IP. • Maintaining access – creates backdoor through use of Trojans; once attacker gains access makes sure he/she can get back in. • Covering tracks – deletes files, hides files, and erases log files. So that attacker cannot be detected or penalized. (Source: www.eccouncil.org)
  • 21. Hacker classes • Black hats – highly skilled, malicious, destructive “crackers” • White hats – skills used for defensive security analysts • Gray hats – offensively and defensively; will hack for different reasons, depends on situation.  Hactivism – hacking for social and political cause.  Ethical hackers – determine what attackers can gain access to, what they will do with the information, and can they be detected. (Source: www.eccouncil.org)
  • 22. Teaching Resources: Ethical Hacking Textbooks
  • 23. Ec-Council Certified Ethical Hacker www.eccouncil.org ISBN 0-9729362-1-1
  • 24. Ec-Council Topics Covered  Introduction to Ethical Hacking  Footprinting  Scanning  Enumeration  System Hacking  Trojans and Backdoors  Sniffers  Denial of Service  Social Engineering  Session Hijacking  Hacking Web Servers
  • 25. Ec-Council (Cont.)  Web Application Vulnerabilities  Web Based Password Cracking Techniques  SQL Injection  Hacking Wireless Networks  Viruses  Novell Hacking  Linux Hacking  Evading IDS, Firewalls and Honeypots  Buffer Overflows  Cryptography
  • 26. Certified Ethical Hacker Exam Prep http://www.examcram.com ISBN 0-7897-3531-8
  • 27. Certified Ethical Hacker Exam Prep  The Business Aspects of Penetration Testing  The Technical Foundations of Hacking  Footprinting and Scanning  Enumeration and System Hacking  Linux and automated Security Assessment Tools  Trojans and Backdoors  Sniffers, Session Hyjacking, and Denial of Service
  • 28. Certified Ethical Hacker Exam Prep (Cont.)  Web Server Hacking, Web Applications, and Database Attacks  Wireless Technologies, Security, and Attacks  IDS, Firewalls, and Honeypots  Buffer Overflows, Viruses, and Worms  Cryptographic Attacks and Defenses  Physical Security and Social Engineering
  • 29. Hands-On Information Security Lab Manual, Second Edition 1. Footprinting 2. Scanning and Enumeration 3. Operating System Vulnerabilities and Resolutions 4. Network Security Tools and Technologies 5. Security Maintenance 6. Information Security Management 7. File System Security and Cryptography 8. Computer Forensics http://www.course.com/ ISBN 0-619-21631-X
  • 30. Hacking Tools: Footprinting and Reconnaissance
  • 31. Whois
  • 32. Whois (cont.) http://www.allwhois.com/
  • 39. Ping
  • 41. Hacking Tools: Scanning and Enumeration
  • 42. nmap
  • 47. Hyena
  • 55. Hacking Tools: Trojans and Backdoors
  • 57. Game Creates Backdoor for NetBus
  • 60. Spoofing a MAC address Original Configuration
  • 63. Iris
  • 64. Snort
  • 65. Hacking Tools: Web Based Password Cracking
  • 67. Cain and Abel (Cont.)
  • 68. Cain and Abel (Cont.)
  • 75. Hacking Tools: Google Hacking and SQL Injection
  • 78. SQL Injection  Allows a remote attacker to execute arbitrary database commands  Relies on poorly formed database queries and insufficient input validation  Often facilitated, but does not rely on unhandled exceptions and ODBC error messages  Impact: MASSIVE. This is one of the most dangerous vulnerabilities on the web.
  • 84.
  • 85. Hackthissite.org http://www.hackthissite.org
  • 87. Hackits http://www.hackits.de/challenge/
  • 89. Legion of Ethical Hacking
  • 90. Legion of Ethical Hacking (Cont.)
  • 91. Hacker Highschool http://www.hackerhighschool.org/