SlideShare a Scribd company logo
ETHICAL HACKING Jeni Varghese Patents Dept .
What is Ethical Hacking? Ethical hacking is broadly defined as the methodology that ethical hackers adopt to discover existing vulnerabilities (security issues) in an information system’s (computer or network or software application) operating environment
Can Hacking be Ethical? The term hacking has over the time earned  a negative reputation and has been associated with destructive and undesirable activities. The following terms come across commonly in context of hacking Hacker (noun) = A person who enjoys learning the details of computer systems and stretching its capabilities Hacking (verb) = Describes rapid development of new programs or reverse-engineering existing software to make code better and more efficient Cracker = A person who employs his/her hacking skills for offensive purposes Ethical Hacker = Computer security professionals who employ their hacking skills for defensive purposes
Essential terminologies Threat An action or event that might compromise security Vulnerability Existence of weakness, design/implementation error that can lead to an unexpected, undesirable event compromising the security of the system Exploit A defined way to breach the security of an IT system through vulnerability Target of evaluation An IT system, product or component that is identified as requiring security evaluation Attack An attack is any action that violates security
Why is Computer Security Important? More number of network based applications  Technology focused on ease of use Low skill level needed  for hacking A security breach directly impacts the corporate asset base and goodwill Computer infrastructure management is getting complex day by day
Security, Functionality and Ease of Use Triangle Functionality Security Ease of Use Moving the ball towards security means moving away from functionality and ease of use
Elements of Security Security A state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering and disruption of information and services is kept low and tolerable Essential Security Elements  Confidentiality:  concealment of information or resources Authenticity:  identification and assurance of origin of information Integrity:  trustworthiness of data and resources in terms of preventing improper and unauthorized changes Availability:  ability to use the information or resource desired by the authorized personnel. A hacking event will affect any one or more of the essential security elements
Malicious hacker steals, tampers or denies access to information. Various phases are: Reconnaissance This is the phase where the attacker gathers information about a target Scanning Attacker begins to actively probe the target for vulnerabilities Gaining Access If vulnerability is detected attacker exploit it to gain access to system Maintaining Access Once access is gained, attacker usually maintains access to fulfill his/her purpose Covering Tracks Attacker tries to destroy all evidence of the attack to evade legal punitive actions Malicious Hacking
Ethical Hacking Ethical hackers are also known as  White Hats Ethical hacking is done to test and evaluate the security of an information system, network, etc. Ethical hacking is done in a similar fashion as malicious hacking The major difference is the  intent  which is to identify security threats and provide a solution Whereas the intent in malicious hacking is to steal, destroy or restrict access of digital information
How to Conduct Ethical Hacking? Determine the need for testing Obtain written permission to test Prepare a team and draw up a testing schedule Conduct the test Analyze the results and prepare a report including corrective actions
Approaches to Ethical Hacking Ethical hacker may attempt to perform attack over various channels: Remote network  – attack launched against firewalls and filtering routers from outside the network(LAN)  Local Network  – simulate an employee or authorized person who has legal/authorized connection to organization’s network Stolen equipment  – Verify security of Laptops or other portable medium which can be stolen. This may contain confidential information, password, authentication data which can compromise an organization’s network Social Engineering  – The test evaluates the integrity  and awareness of a target organization’s personnel. Physical entry  – This  test is primarily targeted to check whether or not security policies are enforced.
Stages of Ethical Hacking Ethical hacking on a system is done in step-wise manner and the vulnerability is analyzed in each stage Foot printing  – determine the target system’s physical location, IP address, Operating system etc. Scanning  – actively scan for services or open ports  Enumeration  – extraction of user names, machine names, network resources, shares and services System Hacking Password Cracking  – guessing, cracking tools, packet sniffers, key loggers, etc. Escalating Privileges  – to administrator or full access Executing Applications  – execute desired applications Hiding Files  – leave Trojans, Viruses, Worms or Rootkits for further actions Covering Tracks  – remove all trace logs  *Denial of Service (DoS) attacks  – make the system unavailable by flooding the system with numerous unwanted requests
Malwares – Virus, Trojan, Worm, Rootkit, Adware, Spyware Virus  – self-replicating computer program which spreads through network or file system Trojan  – a hidden computer program which steals information from the target computer Worm  – self-replicating computer program which evolves by exploiting vulnerabilities and transmits to different systems in network Rootkit  – program enables continued privileged access and remains hidden Dishonest Adware  – automatically plays, displays advertisements Spyware  – collects information about users without their knowledge Malware  – general term for all of the above
How to Prevent a Malicious Attack? Do not disable anti-virus Update anti-virus regularly Do not disable firewall (windows firewall) Update operating system regularly (automatic updates in windows) Do not open emails, attachments from unknown senders Keep phishing filter on Do not install un-verified software Change password of system regularly Lock the computer when away from desk Verify digital certificates for secure authentication
Cyber Crime Laws – INDIA IT Act 2008 – Chapter IX. PENALTIES , COMPENSATION AND ADJUDICATION – Section 43 Penalty and Compensation for damage to computer, computer system, etc. If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network -  (a) accesses or secures access to such computer, computer system or computer network or computer resource (b) downloads, copies or extracts any data, computer data base or information  from such computer, computer system or computer network including information  or data held or stored in any removable storage medium (c) introduces or causes to be introduced any computer contaminant or computer  virus into any computer, computer system or computer network (d) damages or causes to be damaged any computer, computer system or computer  network, data, computer data base or any other programs residing in such  computer, computer system or computer network
(e) disrupts or causes disruption of any computer, computer system or computer  network (f) denies or causes the denial of access to any person authorized to access  any computer, computer system or computer network by any means (g) provides any assistance to any person to facilitate access to a computer,  computer system or computer network in contravention of the provisions of this  Act, rules or regulations made thereunder (h) charges the services availed of by a person to the account of another  person by tampering with or manipulating any computer, computer system, or  computer network (i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means (i) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage, He/she shall be liable to pay damages by way of compensation. Cyber Crime Laws – INDIA (contd.)
Section 66: Computer related offences.- If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.
How to become a Ethical Hacker? Proficient Networking skills Good knowledge on Operating system administration Programming knowledge Certification like CEH or CISSP covers the process
Ethical Hacking THANK YOU

More Related Content

PPTX
Types of cyber attacks
PPT
Software security
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
PPTX
Network security (vulnerabilities, threats, and attacks)
PPTX
Cyber crime ppt
PPT
Proxy Server
PPTX
Cyber Crime
PPTX
Types of attacks
Types of cyber attacks
Software security
Cybersecurity Attack Vectors: How to Protect Your Organization
Network security (vulnerabilities, threats, and attacks)
Cyber crime ppt
Proxy Server
Cyber Crime
Types of attacks

What's hot (20)

PPTX
Penetration testing reporting and methodology
PPT
Web Security
PDF
Network Security Fundamentals
PPTX
Security threats
PDF
Ethical Hacking Tools
PPT
Cyber Crime and Security
PDF
Cyber security awareness presentation nepal
PPTX
Cia security model
PPTX
CYBER SECURITY
PPTX
Computer misuse and criminal law
PPT
Cyber security for an organization
PPTX
Ethical hacking
PPTX
Cyber security
PDF
Ch 6: Enumeration
PPTX
Denial of service
PPTX
Cyber security
PPT
Network security
PPTX
Data security
PPTX
Wireless network security
Penetration testing reporting and methodology
Web Security
Network Security Fundamentals
Security threats
Ethical Hacking Tools
Cyber Crime and Security
Cyber security awareness presentation nepal
Cia security model
CYBER SECURITY
Computer misuse and criminal law
Cyber security for an organization
Ethical hacking
Cyber security
Ch 6: Enumeration
Denial of service
Cyber security
Network security
Data security
Wireless network security

Viewers also liked (19)

PPTX
Legal issues in p2 p sharing and bittorent
PPTX
PPT
Trademark amendment bill 2009
PPT
Hiltone case law analysis
PPT
Commercial division
PPT
Forum non conveniens
PPT
Groundless threat of infringement remedies under ip laws
PPT
Legal opinion
PPT
Customs duty on branded goods
PPT
Fair use of copyright
PPT
Elevators presentation (altacit template)
PPTX
Exhaustion of ip rights
PPT
Patent troll
PPT
Case law analysis
PPTX
Mergers & amalgamations
PPT
Minimum alternate tax
PPT
Standing orders act, 1946
Legal issues in p2 p sharing and bittorent
Trademark amendment bill 2009
Hiltone case law analysis
Commercial division
Forum non conveniens
Groundless threat of infringement remedies under ip laws
Legal opinion
Customs duty on branded goods
Fair use of copyright
Elevators presentation (altacit template)
Exhaustion of ip rights
Patent troll
Case law analysis
Mergers & amalgamations
Minimum alternate tax
Standing orders act, 1946

Similar to Ethical hacking (20)

DOCX
Final report ethical hacking
PPTX
Ethical Hacking and Network Defence 1.pptx
DOCX
61370436 main-case-study
PPTX
EthicalHacking.pptx
PDF
Ethical Hacking A high-level information security study on protecting a comp...
PPTX
Introduction of ethical hacking.........
PDF
What-is-Hacking and why is it important what are it’s benefits
PDF
cybersecurity-180303131014.pdf
PPT
Cyber security & Importance of Cyber Security
PDF
UNIT - I in Engineering Subjects Ethical Hacking Subject
PDF
Ethical hacking
PPTX
Ethical Hacking
DOCX
Ethical hacking
PPTX
Ethical hacking & cyber security
PDF
Module 3-cyber security
PPTX
ethical hacking
PPTX
Cyber Security PPT
PDF
IRJET- An Overview of Ethical Hacking
PDF
Hacking and Ethical Hacking
Final report ethical hacking
Ethical Hacking and Network Defence 1.pptx
61370436 main-case-study
EthicalHacking.pptx
Ethical Hacking A high-level information security study on protecting a comp...
Introduction of ethical hacking.........
What-is-Hacking and why is it important what are it’s benefits
cybersecurity-180303131014.pdf
Cyber security & Importance of Cyber Security
UNIT - I in Engineering Subjects Ethical Hacking Subject
Ethical hacking
Ethical Hacking
Ethical hacking
Ethical hacking & cyber security
Module 3-cyber security
ethical hacking
Cyber Security PPT
IRJET- An Overview of Ethical Hacking
Hacking and Ethical Hacking

More from Altacit Global (20)

PPT
Unmanned aircraft system rules, 2020
PPT
Sexual harassment during work from home
PPT
Information technology guidelines for intermediaries and digital media ethics...
PPTX
Returns and refunds consumer protection act
PPT
Rights of an unborn child
PPTX
Grounds for divorce in India
PPTX
Alimony laws in India
PPTX
Patent licensing
PPTX
Surrogacy laws-in-India
PPTX
I r s form w-9
PPTX
Tamilnadu regulation of rights and responsibilities of landlords and tenants ...
PPTX
Requirements for operation of civil remotely piloted aircraft system
PPTX
Rights of employees under insolvent companies
PPTX
Doctrine of originality copyright
PPTX
Restoration of lapsed patents in India
PPT
Celebrity rights in India
PPT
Technology Development Board
PPT
Motor accident mediation authority (MAMA)
PPTX
Sebi (prohibition of insider trading) regulations, 2015
PPTX
Legality of cryptocurrency in India
Unmanned aircraft system rules, 2020
Sexual harassment during work from home
Information technology guidelines for intermediaries and digital media ethics...
Returns and refunds consumer protection act
Rights of an unborn child
Grounds for divorce in India
Alimony laws in India
Patent licensing
Surrogacy laws-in-India
I r s form w-9
Tamilnadu regulation of rights and responsibilities of landlords and tenants ...
Requirements for operation of civil remotely piloted aircraft system
Rights of employees under insolvent companies
Doctrine of originality copyright
Restoration of lapsed patents in India
Celebrity rights in India
Technology Development Board
Motor accident mediation authority (MAMA)
Sebi (prohibition of insider trading) regulations, 2015
Legality of cryptocurrency in India

Recently uploaded (20)

PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
PDF
Review of recent advances in non-invasive hemoglobin estimation
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
PDF
Modernizing your data center with Dell and AMD
PDF
Empathic Computing: Creating Shared Understanding
PDF
GamePlan Trading System Review: Professional Trader's Honest Take
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
PPTX
Understanding_Digital_Forensics_Presentation.pptx
PDF
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
PDF
Machine learning based COVID-19 study performance prediction
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
PDF
Advanced Soft Computing BINUS July 2025.pdf
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
Diabetes mellitus diagnosis method based random forest with bat algorithm
Review of recent advances in non-invasive hemoglobin estimation
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
Modernizing your data center with Dell and AMD
Empathic Computing: Creating Shared Understanding
GamePlan Trading System Review: Professional Trader's Honest Take
The Rise and Fall of 3GPP – Time for a Sabbatical?
Reach Out and Touch Someone: Haptics and Empathic Computing
Per capita expenditure prediction using model stacking based on satellite ima...
20250228 LYD VKU AI Blended-Learning.pptx
Understanding_Digital_Forensics_Presentation.pptx
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
Machine learning based COVID-19 study performance prediction
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Dropbox Q2 2025 Financial Results & Investor Presentation
Advanced Soft Computing BINUS July 2025.pdf
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf

Ethical hacking

  • 1. ETHICAL HACKING Jeni Varghese Patents Dept .
  • 2. What is Ethical Hacking? Ethical hacking is broadly defined as the methodology that ethical hackers adopt to discover existing vulnerabilities (security issues) in an information system’s (computer or network or software application) operating environment
  • 3. Can Hacking be Ethical? The term hacking has over the time earned a negative reputation and has been associated with destructive and undesirable activities. The following terms come across commonly in context of hacking Hacker (noun) = A person who enjoys learning the details of computer systems and stretching its capabilities Hacking (verb) = Describes rapid development of new programs or reverse-engineering existing software to make code better and more efficient Cracker = A person who employs his/her hacking skills for offensive purposes Ethical Hacker = Computer security professionals who employ their hacking skills for defensive purposes
  • 4. Essential terminologies Threat An action or event that might compromise security Vulnerability Existence of weakness, design/implementation error that can lead to an unexpected, undesirable event compromising the security of the system Exploit A defined way to breach the security of an IT system through vulnerability Target of evaluation An IT system, product or component that is identified as requiring security evaluation Attack An attack is any action that violates security
  • 5. Why is Computer Security Important? More number of network based applications Technology focused on ease of use Low skill level needed for hacking A security breach directly impacts the corporate asset base and goodwill Computer infrastructure management is getting complex day by day
  • 6. Security, Functionality and Ease of Use Triangle Functionality Security Ease of Use Moving the ball towards security means moving away from functionality and ease of use
  • 7. Elements of Security Security A state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering and disruption of information and services is kept low and tolerable Essential Security Elements Confidentiality: concealment of information or resources Authenticity: identification and assurance of origin of information Integrity: trustworthiness of data and resources in terms of preventing improper and unauthorized changes Availability: ability to use the information or resource desired by the authorized personnel. A hacking event will affect any one or more of the essential security elements
  • 8. Malicious hacker steals, tampers or denies access to information. Various phases are: Reconnaissance This is the phase where the attacker gathers information about a target Scanning Attacker begins to actively probe the target for vulnerabilities Gaining Access If vulnerability is detected attacker exploit it to gain access to system Maintaining Access Once access is gained, attacker usually maintains access to fulfill his/her purpose Covering Tracks Attacker tries to destroy all evidence of the attack to evade legal punitive actions Malicious Hacking
  • 9. Ethical Hacking Ethical hackers are also known as White Hats Ethical hacking is done to test and evaluate the security of an information system, network, etc. Ethical hacking is done in a similar fashion as malicious hacking The major difference is the intent which is to identify security threats and provide a solution Whereas the intent in malicious hacking is to steal, destroy or restrict access of digital information
  • 10. How to Conduct Ethical Hacking? Determine the need for testing Obtain written permission to test Prepare a team and draw up a testing schedule Conduct the test Analyze the results and prepare a report including corrective actions
  • 11. Approaches to Ethical Hacking Ethical hacker may attempt to perform attack over various channels: Remote network – attack launched against firewalls and filtering routers from outside the network(LAN) Local Network – simulate an employee or authorized person who has legal/authorized connection to organization’s network Stolen equipment – Verify security of Laptops or other portable medium which can be stolen. This may contain confidential information, password, authentication data which can compromise an organization’s network Social Engineering – The test evaluates the integrity and awareness of a target organization’s personnel. Physical entry – This test is primarily targeted to check whether or not security policies are enforced.
  • 12. Stages of Ethical Hacking Ethical hacking on a system is done in step-wise manner and the vulnerability is analyzed in each stage Foot printing – determine the target system’s physical location, IP address, Operating system etc. Scanning – actively scan for services or open ports Enumeration – extraction of user names, machine names, network resources, shares and services System Hacking Password Cracking – guessing, cracking tools, packet sniffers, key loggers, etc. Escalating Privileges – to administrator or full access Executing Applications – execute desired applications Hiding Files – leave Trojans, Viruses, Worms or Rootkits for further actions Covering Tracks – remove all trace logs *Denial of Service (DoS) attacks – make the system unavailable by flooding the system with numerous unwanted requests
  • 13. Malwares – Virus, Trojan, Worm, Rootkit, Adware, Spyware Virus – self-replicating computer program which spreads through network or file system Trojan – a hidden computer program which steals information from the target computer Worm – self-replicating computer program which evolves by exploiting vulnerabilities and transmits to different systems in network Rootkit – program enables continued privileged access and remains hidden Dishonest Adware – automatically plays, displays advertisements Spyware – collects information about users without their knowledge Malware – general term for all of the above
  • 14. How to Prevent a Malicious Attack? Do not disable anti-virus Update anti-virus regularly Do not disable firewall (windows firewall) Update operating system regularly (automatic updates in windows) Do not open emails, attachments from unknown senders Keep phishing filter on Do not install un-verified software Change password of system regularly Lock the computer when away from desk Verify digital certificates for secure authentication
  • 15. Cyber Crime Laws – INDIA IT Act 2008 – Chapter IX. PENALTIES , COMPENSATION AND ADJUDICATION – Section 43 Penalty and Compensation for damage to computer, computer system, etc. If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network - (a) accesses or secures access to such computer, computer system or computer network or computer resource (b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium (c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network (d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programs residing in such computer, computer system or computer network
  • 16. (e) disrupts or causes disruption of any computer, computer system or computer network (f) denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder (h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network (i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means (i) Steals, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage, He/she shall be liable to pay damages by way of compensation. Cyber Crime Laws – INDIA (contd.)
  • 17. Section 66: Computer related offences.- If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.
  • 18. How to become a Ethical Hacker? Proficient Networking skills Good knowledge on Operating system administration Programming knowledge Certification like CEH or CISSP covers the process

Editor's Notes

  • #2: © Altacit Global 2009 Email: info@altacit.com