1. Made by : Anurag Chakraborty
Seminar
On
Ethical Hacking
At
Jre Group of Institutions
2. Introduction
Ethical Hacking
Hackers
Types of Hackers
Hacking Process
Why do We need Ethical Hacking
Required Skills of an Ethical Hacker
3. What do hackers do after Hacking?
Advantages
Disadvantages
Recent news of hacking
Some famous hacker
Conclusion
4. Ethical hacking also known as penetration testing or
white-hat hacking, involves the same tools, tricks, and
techniques that hackers use,but with one major difference that
Ethical hacking is legal.
5. Independent computer security Professionals breaking into the
computer systems.
Neither damage the target systems nor steal information.
Evaluate target systems security and report back to owners
about the vulnerabilities found.
6. A person who enjoys learning details of a programming
language or system
A person who enjoys actually doing the programming
rather than just theorizing about it
A person capable of appreciating someone else's hacking
A person who picks up programming quickly
A person who is an expert at a particular programming
language or system
7. White Hat Hacker
Black Hat Hacker
Grey Hat Hacker
9. "Footprinting" generally refers to one of the pre-
attack phases; tasks performed prior to doing the
actual attack. The technique used for gathering
information about computer systems. Tools are :-
Whois lookup - a web application used to get
information about the target website, such as the
administrator's e-mail address
NS lookup-"nslookup" means "name server lookup“.
a network administration command-line tool
available for many computer operating systems for
querying the Domain Name System (DNS) to
obtain domain name or IP address mapping.
10. “Scanning” means the target system is scanned to
look for open ports and vulnerabilities. One can
find reach ability of devices using the ping
command and then run port scans on the active
Ips.
In this phase that we get to know :-
Live systems on the network by pinging
Find out services that are run on target
Find the TCP and UDP ports and services
Find the Operating System running on the target
11. Port Scanning - port scanning is used to find out the
vulnerabilities in the services listing on a port. During
this process you have to find out the alive host,
operating systems, firewalls, intrusion detection
systems, servers/services etc.
Port scanning involve connecting with TCP and UDP
ports on a system, once you have found the IP
addresses of a target organisation by footprinting
technique you have to map the network of this
organisation.
12. Network Scanning - Network scanning is a procedure
for identifying active hosts on a network, either for
the purpose of attacking them or for network security
assessment.
Vulnerability Scanning - This is the mechanism
where the target is scanned or looked for any
vulnerability. In this scan the Operating system is
found out with installed patches and then based on
the information vulnerabilities are found in that
particular version of Operating System.
13. Steps or phases for scanning
Look for Live Systems -> Check for Open Ports
-> Identify running services -> Check running
Operating System ( OS Footprinting) -> Scan
Vulnerabilities -> Document details and draw
Network diagram -> Prepare Proxies to avoid being
caught -> Proceed with Attack
14. Password Attacks - classic way to gain access to a
computer system is to find out the password and log in.
Social Engineering - psychological manipulation of
people into performing actions or divulging confidential
information. Relies heavily on human interaction and often
involves tricking people into breaking normal security
procedures.
Viruses- Computer systems are infected if a virus is
installed and running on that system creating malicious code .
15. Os BackDoors- A backdoor is a method, often secret, of
bypassing normal authentication in a product, computer
system,etc. Backdoors are often used for securing
unauthorized remote access to a computer, or obtaining access
to plaintext in cryptographic systems
Trojans - Trojan, is any malicious computer program which is
used to hack into a computer by misleading users of its true
intent. Trojans can enable cyber-criminals to spy on you,
steal your sensitive data, and gain backdoor access to your
system by deleting/modifying/blocking data
Clears Tracks- how to leave not a mark/proof of your hacking
so as to save yourself from getting caught .
17. Microsoft: skills in operation, configuration and management.
Linux: knowledge of Linux/Unix; security setting,
configuration, and services.
Firewalls: configurations, and operation of intrusion detection
systems.
18. Routers: knowledge of routers, routing protocols, and access
control lists
Mainframes : large high-speed computer, especially one
supporting numerous workstations
Network Protocols: TCP/IP; how they function and can be
manipulated.
Project Management: leading, planning, organizing, and
controlling a penetration testing team.
19. Patch Security hole
The other hackers can’t intrude
Clear logs and hide themselves
Install rootkit ( backdoor )
The hacker who hacked the system can use the
system later
It contains trojan virus, and so on
Install irc related program
identd, irc, bitchx, eggdrop, bnc
20. Install scanner program
mscan, sscan, nmap(network mapping tool)
Install exploit program
Install denial of service program
Use all of installed programs silently
21. ‘’To catch a thief you have to think like a thief”
Helps in closing the open holes in the system network
Provides security to banking and financial establishments
Prevents website defacements
An evolving technique
22. All depends upon the trustworthiness of the ethical hacker
Hiring professionals is expensive.
23.
24.
25.
26.
27. In the preceding sections we saw the methodology of hacking,
why should we aware of hacking and some tools which a
hacker may use.
Now we can see what can we do against hacking or to protect
ourselves from hacking.
The first thing we should do is to keep ourselves updated
about those software’s we and using for official and reliable
sources.
Educate the employees and the users against black hat
hacking.