Ethical hacking
3 likes759 views
Ethical hacking involves testing a system's security vulnerabilities without malicious intent. Some techniques include password guessing, using tools to automate password cracking, and social engineering. Social engineering tricks users into providing sensitive information by exploiting human weaknesses. To defend against hacking attempts, organizations should implement strong security policies, educate employees, and test their systems through ethical hacking practices. Regular testing is essential for understanding exposure and addressing security risks.
Ethical hacking
- 2. Introduction
- 4. What do ethical hackers do?
- 5. What damage is caused?
- 6. Original web pageHacked web page
- 8. Original web pageHacked web page
- 9. System Hacking: Administrator password guessing
- 10. Performing automated password guessing
- 11. Tool: LegionLegion automates the password guessing in NetBIOS sessions. Legion will scan multiple Class C IP address ranges for Windows shares and also offers a manual dictionary attack tool.
- 12. Password Guessing Counter Measures
- 13. Manual Password Cracking Algorithm
- 14. Automatic Password Cracking Algorithm
- 15. Password Cracking Counter Measures
- 18. Tool: Donald DickDonald Dick is a tool that enables a user to control another computer over a network.It uses a client server architecture with the server residing on the victim's computer.
- 19. It’s Real
- 21. People are usually theweakest link in thesecurity chain.A successful defensedepends on having goodpolicies in place andeducating employees tofollow the policies. Social Engineering is thehardest form of attack todefend against because itcannot be defended withhardware or softwareHuman Weakness
- 22. Types of Social Engineering
- 23. ExampleA man calls to a company help desk and says he’s forgotten his passwordIn a panic, he adds that if he misses a deadline on an big advertising project his boss might even fire him offThe help desk worker feels sorry for it and resets the password-- unwittingly giving the clean entrance in theCorporate network
- 24. Security Policies - ChecklistAccount Setup
- 28. Violations
- 30. Privacy Policy
- 31. Paper documents
- 32. Modems
- 34. Virus controlConclusionTesting is an essential part of any data security program
- 35. It is important to understand factors such as what data is exposed, what techniques will be employed
- 36. With a sufficient amount of analysis and preparation, risks can be addressed without compromising the efficacy of the testing, while preserving the mission of the information security program THANK YOUFor Documentation and Downloads Visit