Ethical Hacking
Download as PPTX, PDF2 likes1,446 views
Hacking involves unauthorized access to systems, with 'hackers' often categorized into white hats (ethical hackers), black hats (malicious hackers), and grey hats (mixed intentions). Ethical hacking, performed legally with permission, aims to identify and fix security vulnerabilities using various techniques and tools. A well-defined ethical hacking process includes scoping tests, evaluating results, and continually reassessing security in response to evolving threats.
Ethical Hacking
- 2. Hacker is a computer user who attempts to gain unauthorized access to proprietary computer system mainly for personal gain or motivated by a challenge.
- 3. Someone who maliciously breaks into systems for personal gain. Technically, these criminals are crackers (criminal hackers). Crackers break into (crack) systems with malicious intent. They are out for personal gain: fame, profit, and even revenge. They modify, delete, and steal critical information, often making other people miserable. The Team hacker is reclaimed by computer programmer who argue that some one breaking into computers is better called a Cracker.
- 4. White hats • Ethical hacker who breaks security but who does so for altruistic or at least non-malicious reasons. • Ethical hackers who use their hacking skills for defensive purposes. Black hats • Black hats are the bad guys. • Uses technology for terrorism, vandalism, identity theft, intellectual proper theft. Grey hats • Grey hats are hackers who may work offensively or defensively, depending on the situation. • The dividing line between hacker and cracker.
- 5. Ethical hacking—also known as penetration testing or white-hat hacking—involves the same tools,tricks,and techniques that hackers use, but with one major difference: Ethical hacking is legal. Ethical hacking is performed with the target’s permission. To catch a thief, think like a thief-That’s the basis for ethical hacking.
- 6. Nontechnical attacks Network-infrastructure attacks Operating-system attacks Application and other specialized attacks
- 7. Working Ethically Respecting Privacy Not crashing your systems
- 8. Finding Security Holes Giving Advices Preventing A Real Attack
- 9. Formulating your plan Selecting tools Executing the plan Evaluating results Moving on
- 10. Approval for Ethical hacking is essential. Make what you’re doing known and visible — at least to the decision makers. A well-defined scope includes the following information:- Specific systems to be tested. Risks that are involved. When the tests are performed and your overall timeline. How the tests are performed. How much knowledge of the systems you have before you start testing. What is done when a major vulnerability is discovered.
- 11. Make sure you that you’re using the right tool for the task: To crack passwords, you need a cracking tool such as LC4, John the Ripper, or pwdump. For an in-depth analysis of a Web application, a Web- application assessment tool (such as Whisker or WebInspect) is more appropriate than a network analyzer (such as Ethereal).
- 12. Start with a broad view and narrow your focus:- Search the Internet for your organization’s name, your computer and network system names, and your IP addresses. Narrow your scope, targeting the specific systems you’re testing. Further narrow your focus with a more critical eye. Perform actual scans and other detailed tests on your systems. Perform the attacks, if that’s what you choose to do.
- 13. Assess your results to see what you uncovered, assuming that the vulnerabilities haven’t been made obvious before now. This is where knowledge counts. Evaluating the results and correlating the specific vulnerabilities discovered is a skill that gets better with experience. You’ll end up knowing your systems as well as anyone else. This makes the evaluation process much simpler moving forward. Submit a formal report to upper management or to your customer, outlining your results.
- 14. When you’ve finished your ethical hacking tests, you still need to implement your analysis and recommendations to make sure your systems are secure. New security vulnerabilities continually appear. Information systems constantly change and become more complex. New hacker exploits and security vulnerabilities are regularly uncovered. You may discover new ones! Security tests are a snapshot of the security posture of your systems. At any time, everything can change, especially after software upgrades, adding computer systems, or applying patches. Plan to test regularly.
- 15. Satan (Security Administrator’s Tool for Analyzing Networks) Microsoft Baseline Security Analyzer 2.0 F.B.I RAT (Full Backdoor Intergration) V0.1 CeWL- Custom Word List WarVOX- War Dialing Reloaded Kon- Boot—Hack Windows & Linux Passwords!