2. Content
• What is Information Security
• CIA
• Ethics & Hacking
• Ethical Hacking
• Ethical Hacker Vs Hacker
• Type of Attackers
• Steps
• Benefits
3. What is Information Security?
Information security is all about protecting the
confidentiality, integrity and availability of
computer system data from those with malicious
intentions.
4. C I A
•Confidentiality - Ensures that data or an
information system is accessed by only an authorized
person.
•Integrity - Maintaining and assuring the accuracy
and completeness of data over its entire life-cycle.
•Availability - Data and information systems are
available when required.
5. Ethics
Moral principles that govern a person’s or group’s
behavior.
Hacking
Practice of modifying the features of a system, in order
to accomplish a goal outside of the creator’s original
purpose.
6. History of Hacking
Hacking in the past 40 years…
• 1960s – MIT’s artificial intelligence lab, became staging
grounds for hackers
• 1970s – John Draper makes a
long-distance call for free
7. History of Hacking
• 1980s – Kevin Mitnick, secretly monitors the email of MCI
(American Telecommunication company)
and Digital Equipment security officials.
• 1990s – Hackers break into and deface federal web sites, including
the U.S. Department of Justice, U.S. Air Force, CIA, NASA and
others.
8. Ethical Hacking
Ethical hacking refers to the act of locating weaknesses
and vulnerabilities of computer and information
systems by duplicating the intent and actions of
malicious hackers.
Also known as
Intrusion Testing, Penetration Testing or Red
Teaming
9. Ethical Hacker Vs. Hacker
Ethical Hacker Hacker
Done legally with permission of the
relevant organization
Done illegally without the consent of
the relevant organization
Done in an attempt to prevent
malicious attacks from being successful
Done in an attempt to make malicious
attacks possible
Disclose any vulnerabilities discovered Exploit discovered vulnerabilities
10. Type of Attackers
• Script Kiddies – Armatures, copy others codes to attack
• White Hat Hackers – Professional term for ethical hackers
• Black Hat Hackers – Professional term for malicious hackers
• Gray Hat Hackers – Combination of both white and black, hack to learn
and they are self-proclaimed ethical hackers
• State Sponsored Hackers – Limitless time and funding by government
• Spy Hackers – Hired hackers by corporations
• Cyber Terrorists – motivated by religious / political beliefs, they spread
fear, terror and commit murders
12. 1. Reconnaissance
Reconnaissance is probably the longest phase, sometimes lasting weeks or
months. The black hat uses a variety of sources to learn as much as
possible about the target business and how it operates, including
• Internet searches
• Social engineering
• Dumpster diving
• Domain name management/search services
• Non-intrusive network scanning
13. 2. Scanning
Once the attacker has enough information to understand how the business
works and what information of value might be available, he or she begins
the process of scanning perimeter and internal network devices looking for
weaknesses, including
• Open ports
• Open services
• Vulnerable applications, including operating systems
• Weak protection of data in transit
• Make and model of each piece of LAN/WAN equipment
14. 3. Gaining Access
Gaining access to resources is the whole point of a modern-day attack. The
usual goal is to either extract information of value to the attacker or use the
network as a launch site for attacks against other targets. In either
situation, the attacker must gain some level of access to one or more
network devices.
15. 4. Maintain Access
Having gained access, an attacker must maintain access long enough to
accomplish his or her objectives.
5. Covering Tracks
After achieving his or her objectives, the attacker typically takes steps to
hide the intrusion and possible controls left behind for future visits.
16. Benefits of Ethical Hacking
• Finding vulnerabilities before an attacker.
• Using hacker techniques to closely model a true attack.
• Documenting strong and weak security areas.
• Find the weak seams in a security fabric.
End result is the company’s ability
to prevent an intrusion, before it
occurs.
17. Disadvantages of Ethical
Hacking
• The ethical hacker using the knowledge they gain to do
malicious hacking activities.
• Allowing the company’s financial and banking details to
be seen.
• The possibility that the ethical hacker will send and/or
place malicious code, viruses, malware and other
destructive and harmful things on a computer system,
• Massive security breaches.
18. Google Dorks
The Windows Registry is a database that holds your operating
system's configurations and settings. By hacking registries, we can
make windows better.
http://www.howtogeek.com/howto/37920/the-50-best-registry-
hacks-that-make-windows-better/
Registry Hacking
Advanced Google searches used to find security loopholes on
websites and allow hackers to break in to or disrupt the site.
Notes de l'éditeur
Confidentiality - Ensures that data or an information system is accessed by only an authorized person. (User Id’s and passwords, access control lists (ACL) and policy based security are some of the methods through which confidentiality is achieved)
Integrity - maintaining and assuring the accuracy and completeness of data over its entire life-cycle. (This means that data cannot be modified in an unauthorized or
undetected manner.)
Availability - Data and information systems are available when required. (Hardware maintenance, software patching/upgrading and network optimization ensures availability)
Covering Tracks - An attacker needs to destroy evidence of his presence and activities for several reasons like being able to maintain access and evade detection (and the resulting punishment).