A presentation on ethical hacking .

1. Made by : Anurag Chakraborty
Seminar
On
Ethical Hacking
At
Jre Group of Institutions

2.  Introduction
 Ethical Hacking
 Hackers
 Types of Hackers
 Hacking Process
 Why do We need Ethical Hacking
 Required Skills of an Ethical Hacker

3.  What do hackers do after Hacking?
 Advantages
 Disadvantages
 Recent news of hacking
 Some famous hacker
 Conclusion

4. Ethical hacking also known as penetration testing or
white-hat hacking, involves the same tools, tricks, and
techniques that hackers use,but with one major difference that
Ethical hacking is legal.

5.  Independent computer security Professionals breaking into the
computer systems.
 Neither damage the target systems nor steal information.
 Evaluate target systems security and report back to owners
about the vulnerabilities found.

6.  A person who enjoys learning details of a programming
language or system
 A person who enjoys actually doing the programming
rather than just theorizing about it
 A person capable of appreciating someone else's hacking
 A person who picks up programming quickly
 A person who is an expert at a particular programming
language or system

7.  White Hat Hacker
 Black Hat Hacker
 Grey Hat Hacker

8.  Foot Printing
 Scanning
 Gaining Access
 Maintaining Access

9. "Footprinting" generally refers to one of the pre-
attack phases; tasks performed prior to doing the
actual attack. The technique used for gathering
information about computer systems. Tools are :-
 Whois lookup - a web application used to get
information about the target website, such as the
administrator's e-mail address
 NS lookup-"nslookup" means "name server lookup“.
a network administration command-line tool
available for many computer operating systems for
querying the Domain Name System (DNS) to
obtain domain name or IP address mapping.

10.  “Scanning” means the target system is scanned to
look for open ports and vulnerabilities. One can
find reach ability of devices using the ping
command and then run port scans on the active
Ips.
In this phase that we get to know :-
 Live systems on the network by pinging
 Find out services that are run on target
 Find the TCP and UDP ports and services
 Find the Operating System running on the target

11.  Port Scanning - port scanning is used to find out the
vulnerabilities in the services listing on a port. During
this process you have to find out the alive host,
operating systems, firewalls, intrusion detection
systems, servers/services etc.
Port scanning involve connecting with TCP and UDP
ports on a system, once you have found the IP
addresses of a target organisation by footprinting
technique you have to map the network of this
organisation.

12.  Network Scanning - Network scanning is a procedure
for identifying active hosts on a network, either for
the purpose of attacking them or for network security
assessment.
 Vulnerability Scanning - This is the mechanism
where the target is scanned or looked for any
vulnerability. In this scan the Operating system is
found out with installed patches and then based on
the information vulnerabilities are found in that
particular version of Operating System.

13.  Steps or phases for scanning
 Look for Live Systems -> Check for Open Ports
-> Identify running services -> Check running
Operating System ( OS Footprinting) -> Scan
Vulnerabilities -> Document details and draw
Network diagram -> Prepare Proxies to avoid being
caught -> Proceed with Attack

14.  Password Attacks - classic way to gain access to a
computer system is to find out the password and log in.
 Social Engineering - psychological manipulation of
people into performing actions or divulging confidential
information. Relies heavily on human interaction and often
involves tricking people into breaking normal security
procedures.
 Viruses- Computer systems are infected if a virus is
installed and running on that system creating malicious code .

15.  Os BackDoors- A backdoor is a method, often secret, of
bypassing normal authentication in a product, computer
system,etc. Backdoors are often used for securing
unauthorized remote access to a computer, or obtaining access
to plaintext in cryptographic systems
 Trojans - Trojan, is any malicious computer program which is
used to hack into a computer by misleading users of its true
intent. Trojans can enable cyber-criminals to spy on you,
steal your sensitive data, and gain backdoor access to your
system by deleting/modifying/blocking data
 Clears Tracks- how to leave not a mark/proof of your hacking
so as to save yourself from getting caught .

16. Viruses, Trojan
Horses,
and Worms
Social
Engineering
Automated
Attacks
Accidental
Breaches in
Security Denial of
Service (DoS)
Organizational
Attacks
Restricted
Data
Protection from possible External Attacks

17.  Microsoft: skills in operation, configuration and management.
 Linux: knowledge of Linux/Unix; security setting,
configuration, and services.
 Firewalls: configurations, and operation of intrusion detection
systems.

18.  Routers: knowledge of routers, routing protocols, and access
control lists
 Mainframes : large high-speed computer, especially one
supporting numerous workstations
 Network Protocols: TCP/IP; how they function and can be
manipulated.
 Project Management: leading, planning, organizing, and
controlling a penetration testing team.

19.  Patch Security hole
 The other hackers can’t intrude
 Clear logs and hide themselves
 Install rootkit ( backdoor )
 The hacker who hacked the system can use the
system later
 It contains trojan virus, and so on
 Install irc related program
 identd, irc, bitchx, eggdrop, bnc

20.  Install scanner program
 mscan, sscan, nmap(network mapping tool)
 Install exploit program
 Install denial of service program
 Use all of installed programs silently

21.  ‘’To catch a thief you have to think like a thief”
 Helps in closing the open holes in the system network
 Provides security to banking and financial establishments
 Prevents website defacements
 An evolving technique

22.  All depends upon the trustworthiness of the ethical hacker
 Hiring professionals is expensive.

27.  In the preceding sections we saw the methodology of hacking,
why should we aware of hacking and some tools which a
hacker may use.
 Now we can see what can we do against hacking or to protect
ourselves from hacking.
 The first thing we should do is to keep ourselves updated
about those software’s we and using for official and reliable
sources.
 Educate the employees and the users against black hat
hacking.

28. Thank You Thank
YOU…