Abstract image of a woman sitting on books and studying on a laptop

324515851-Ethical-Hacking-Ppt-Download4575A.ppt

Download as PPT, PDF
S
ssuserde23af

The document outlines ethical hacking as a legal process involving permission to test systems for vulnerabilities, contrasting it with malicious hacking. It details the steps involved in ethical hacking, including preparation, footprinting, enumeration, vulnerability identification, and execution of attacks, while emphasizing the importance of ethical standards and reporting. Additionally, it highlights common threats and vulnerabilities that ethical hackers aim to address for enhancing information security.

Education
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# !@ Ethical Hacking
2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting
3 # !@ Ethical Hacking Conforming to accepted professional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good Guys Black-hat – Bad guys
4 # !@ What is Ethical Hacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
5 # !@ Why – Ethical Hacking Source: CERT-India January - 2005 June 01, 2004 to Dec.31, 2004 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites
6 # !@ Why – Ethical Hacking Source: CERT/CC Total Number of Incidents Incidents
7 # !@ Why – Ethical Hacking Source: US - CERT
8 # !@ Why – Ethical Hacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
9 # !@ Ethical Hacking - Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
10 # !@ Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
11 # !@ Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
12 # !@ Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
13 # !@ Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
14 # !@ Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
15 # !@ Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
16 # !@ Attack – Exploit the vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
17 # !@ Attack – Exploit the vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
18 # !@ Attack – Exploit the vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
19 # !@ Attack – Exploit the vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
20 # !@ Reporting  Methodology  Exploited Conditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions
21 # !@ Ethical Hacking - Commandments  Working Ethically  Trustworthiness  Misuse for personal gain  Respecting Privacy  Not Crashing the Systems

More Related Content

PPT
Ethical hacking by shivam
Shivam Ðreamchazer
 
PPT
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
champubhaiya8
 
PPT
Ethical hacking-ppt-download4575
Gopal Rathod
 
PPT
Ethical h
Dr. Salman Iqbal
 
PPT
Ethical hacking
sumanth1201
 
PPT
Ethical hacking
kawsarahmedchoudhuryzzz
 
PPT
Ethical h
kawsarahmedchoudhuryzzz
 
PPTX
ethical hacking
Neelima Bawa
 
Ethical hacking by shivam
Shivam Ðreamchazer
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
champubhaiya8
 
Ethical hacking-ppt-download4575
Gopal Rathod
 
Ethical h
Dr. Salman Iqbal
 
Ethical hacking
sumanth1201
 
Ethical hacking
kawsarahmedchoudhuryzzz
 
Ethical h
kawsarahmedchoudhuryzzz
 
ethical hacking
Neelima Bawa
 

Similar to 324515851-Ethical-Hacking-Ppt-Download4575A.ppt (20)

PPTX
Ethical Hacking basics ppt, all types hacking
devakiashi
 
PPTX
Presentation1
Abhishek Malhotra
 
PPT
Ethical Hacking
Rohan Raj
 
PPTX
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
PPTX
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
PPT
Ethical hacking
Sourabh Badve
 
PPT
Ethical Hacking
Keith Brooks
 
PDF
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
PPTX
Ethical hacking
Alapan Banerjee
 
PPT
Introduction to ceh
Hemant Mittal
 
PPTX
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
FerozaMirajkar1
 
PDF
ANS_Ch_05_Handouts.pdf
MeymunaMohammed1
 
PDF
ANS_Ch_05_Handouts.pdf
MeymunaMohammed1
 
PPTX
Hacking - penetration tools
JenishChauhan4
 
PPTX
Ethical hacking
Prabhat kumar Suman
 
PDF
Super1
neelakanteswarreddy
 
PPTX
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
Shivam Sahu
 
PDF
Lec_11_Introduction to Cyber Security.pdf
MohammedAdel426426
 
PPTX
Ethical hacking
Rishabha Garg
 
PPTX
Ethical Hacking
BugRaptors
 
Ethical Hacking basics ppt, all types hacking
devakiashi
 
Presentation1
Abhishek Malhotra
 
Ethical Hacking
Rohan Raj
 
Ethical hacking/ Penetration Testing
ANURAG CHAKRABORTY
 
Inetsecurity.in Ethical Hacking presentation
Joshua Prince
 
Ethical hacking
Sourabh Badve
 
Ethical Hacking
Keith Brooks
 
ISACA Ethical Hacking Presentation 10/2011
Xavier Mertens
 
Ethical hacking
Alapan Banerjee
 
Introduction to ceh
Hemant Mittal
 
Dr.J.Jegan - Ethical Hacking - 06.12.2024.pptx
FerozaMirajkar1
 
ANS_Ch_05_Handouts.pdf
MeymunaMohammed1
 
ANS_Ch_05_Handouts.pdf
MeymunaMohammed1
 
Hacking - penetration tools
JenishChauhan4
 
Ethical hacking
Prabhat kumar Suman
 
Super1
neelakanteswarreddy
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
Shivam Sahu
 
Lec_11_Introduction to Cyber Security.pdf
MohammedAdel426426
 
Ethical hacking
Rishabha Garg
 
Ethical Hacking
BugRaptors
 

More from ssuserde23af (8)

PPTX
Introduction-to-Pdfdsfddrogramming-with-C.pptx
ssuserde23af
 
PPTX
testmeehfhgfhghgfhgfhgfhghfhgfhgfharth.pptx
ssuserde23af
 
PPTX
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
ssuserde23af
 
PPT
Ch1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.ppt
ssuserde23af
 
PPT
Advanced_SQL_ISASasASasaASnjection (1).ppt
ssuserde23af
 
PPT
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
PPT
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
PPT
chsadsadasdasdasdasdsadsadsadsadsadasda10.ppt
ssuserde23af
 
Introduction-to-Pdfdsfddrogramming-with-C.pptx
ssuserde23af
 
testmeehfhgfhghgfhgfhgfhghfhgfhgfharth.pptx
ssuserde23af
 
538522937-Cisa-easdasdsadsadasdBook-New-1-188.pptx
ssuserde23af
 
Ch1-201ASasASAsaSAsasaSAsaSAsaaa0_CISA.ppt
ssuserde23af
 
Advanced_SQL_ISASasASasaASnjection (1).ppt
ssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
324515851-Ethical-Hacking-Ppt-Download4575.ppt
ssuserde23af
 
chsadsadasdasdasdasdsadsadsadsadsadasda10.ppt
ssuserde23af
 

Recently uploaded (20)

PDF
LDMMIA Reiki Yoga Finals Review Spring Summer
LDMMia Reiki Lectures
 
PDF
Complications of Minimal Access-Surgery.pdf
Laparoscopy Hospital
 
PPTX
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
PPTX
Computer Architecture Input Output Memory.pptx
Gunasundari Selvaraj
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PDF
1.3 FINAL REVISED K-10 PE and Health CG 2023 Grades 4-10 (1).pdf
JohnJerryDalawampu
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
PPTX
20th Century Theater, Methods, History.pptx
cpadilla9
 
PPTX
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
PDF
medical_surgical_nursing_10th_edition_ignatavicius_TEST_BANK_pdf.pdf
victor kamau
 
PDF
Τίμαιος είναι φιλοσοφικός διάλογος του Πλάτωνα
iliaskessaris
 
PDF
CISA (Certified Information Systems Auditor) Domain-Wise Summary.pdf
infosecTrain
 
PPTX
Share_Module_2_Power_conflict_and_negotiation.pptx
Lavanyaj33
 
PPTX
Virtual and Augmented Reality in Current Scenario
Shruti Dalela
 
PDF
FORM 1 BIOLOGY MIND MAPS and their schemes
arcade5
 
PDF
International_Financial_Reporting_Standa.pdf
VrindaTayade1
 
PPTX
History, Philosophy and sociology of education (1).pptx
tmdth1
 
PPTX
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
LDMMIA Reiki Yoga Finals Review Spring Summer
LDMMia Reiki Lectures
 
Complications of Minimal Access-Surgery.pdf
Laparoscopy Hospital
 
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
Computer Architecture Input Output Memory.pptx
Gunasundari Selvaraj
 
Trump Administration's workforce development strategy
Mebane Rash
 
1.3 FINAL REVISED K-10 PE and Health CG 2023 Grades 4-10 (1).pdf
JohnJerryDalawampu
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
ChatGPT for Dummies - Pam Baker Ccesa007.pdf
Demetrio Ccesa Rayme
 
20th Century Theater, Methods, History.pptx
cpadilla9
 
Unit 4 Computer Architecture Multicore Processor.pptx
Gunasundari Selvaraj
 
medical_surgical_nursing_10th_edition_ignatavicius_TEST_BANK_pdf.pdf
victor kamau
 
Τίμαιος είναι φιλοσοφικός διάλογος του Πλάτωνα
iliaskessaris
 
CISA (Certified Information Systems Auditor) Domain-Wise Summary.pdf
infosecTrain
 
Share_Module_2_Power_conflict_and_negotiation.pptx
Lavanyaj33
 
Virtual and Augmented Reality in Current Scenario
Shruti Dalela
 
FORM 1 BIOLOGY MIND MAPS and their schemes
arcade5
 
International_Financial_Reporting_Standa.pdf
VrindaTayade1
 
History, Philosophy and sociology of education (1).pptx
tmdth1
 
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 

324515851-Ethical-Hacking-Ppt-Download4575A.ppt

  • 2. 2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting
  • 3. 3 # !@ Ethical Hacking Conforming to accepted professional standards of conduct What is Ethical Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming White-hat - Good Guys Black-hat – Bad guys
  • 4. 4 # !@ What is Ethical Hacking  It is Legal  Permission is obtained from the target  Part of an overall security program  Identify vulnerabilities visible from Internet at particular point of time  Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
  • 5. 5 # !@ Why – Ethical Hacking Source: CERT-India January - 2005 June 01, 2004 to Dec.31, 2004 Domains No of Defacements .com 922 .gov.in 24 .org 53 .net 39 .biz 12 .co.in 48 .ac.in 13 .info 3 .nic.in 2 .edu 2 other 13 Total 1131 Defacement Statistics for Indian Websites
  • 6. 6 # !@ Why – Ethical Hacking Source: CERT/CC Total Number of Incidents Incidents
  • 7. 7 # !@ Why – Ethical Hacking Source: US - CERT
  • 8. 8 # !@ Why – Ethical Hacking Viruses, Trojan Horses, and Worms Social Engineering Automated Attacks Accidental Breaches in Security Denial of Service (DoS) Organizational Attacks Restricted Data Protection from possible External Attacks
  • 9. 9 # !@ Ethical Hacking - Process 1. Preparation 2. Footprinting 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack – Exploit the Vulnerabilities
  • 10. 10 # !@ Preparation  Identification of Targets – company websites, mail servers, extranets, etc.  Signing of Contract  Agreement on protection against any legal issues  Contracts to clearly specifies the limits and dangers of the test  Specifics on Denial of Service Tests, Social Engineering, etc.  Time window for Attacks  Total time for the testing  Prior Knowledge of the systems  Key people who are made aware of the testing
  • 11. 11 # !@ Footprinting Collecting as much information about the target  DNS Servers  IP Ranges  Administrative Contacts  Problems revealed by administrators Information Sources  Search engines  Forums  Databases – whois, ripe, arin, apnic  Tools – PING, whois, Traceroute, DIG, nslookup, sam spade
  • 12. 12 # !@ Enumeration & Fingerprinting  Specific targets determined  Identification of Services / open ports  Operating System Enumeration Methods  Banner grabbing  Responses to various protocol (ICMP &TCP) commands  Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools  Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
  • 13. 13 # !@ Identification of Vulnerabilities Vulnerabilities  Insecure Configuration  Weak passwords  Unpatched vulnerabilities in services, Operating systems, applications  Possible Vulnerabilities in Services, Operating Systems  Insecure programming  Weak Access Control
  • 14. 14 # !@ Identification of Vulnerabilities Methods  Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites  Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic  Insecure Programming – SQL Injection, Listening to Traffic  Weak Access Control – Using the Application Logic, SQL Injection
  • 15. 15 # !@ Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites  Common Vulnerabilities & Exposures – http://cve.mitre.org  Bugtraq – www.securityfocus.com  Other Vendor Websites
  • 16. 16 # !@ Attack – Exploit the vulnerabilities  Obtain as much information (trophies) from the Target Asset  Gaining Normal Access  Escalation of privileges  Obtaining access to other connected systems Last Ditch Effort – Denial of Service
  • 17. 17 # !@ Attack – Exploit the vulnerabilities Network Infrastructure Attacks  Connecting to the network through modem  Weaknesses in TCP / IP, NetBIOS  Flooding the network to cause DOS Operating System Attacks  Attacking Authentication Systems  Exploiting Protocol Implementations  Exploiting Insecure configuration  Breaking File-System Security
  • 18. 18 # !@ Attack – Exploit the vulnerabilities Application Specific Attacks  Exploiting implementations of HTTP, SMTP protocols  Gaining access to application Databases  SQL Injection  Spamming
  • 19. 19 # !@ Attack – Exploit the vulnerabilities Exploits  Free exploits from Hacker Websites  Customised free exploits  Internally Developed Tools – Nessus, Metasploit Framework,
  • 20. 20 # !@ Reporting  Methodology  Exploited Conditions & Vulnerabilities that could not be exploited  Proof for Exploits - Trophies  Practical Security solutions
  • 21. 21 # !@ Ethical Hacking - Commandments  Working Ethically  Trustworthiness  Misuse for personal gain  Respecting Privacy  Not Crashing the Systems