SlideShare a Scribd company logo

Ethical hacking a licence to hack

Download as PPT, PDF
A
amrutharam

This document discusses ethical hacking and penetration testing. It begins by defining ethical hacking and why companies hire ethical hackers to test their security systems. It then discusses how to properly plan and conduct penetration tests, including choosing testers, testing frequency, measuring results, and following security policies. Finally, it covers common hacking techniques like denial of service attacks, tools used in ethical hacking, and the goals of information security testing.

Technology
1 of 25
Downloaded 146 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
ETHICAL HACKING A LICENCE TO HACK Gadde Srikanth A. Ravali Rukmini Information technology Computer science B.TECH- II YR VELLORE INSTITUTE OF TECHNOLOGY School of Computer Sciences
INTRODUCTION Ethical hacking- also known as penetration testing or intrusion testing or red teaming has become a major concern for businesses and governments. Companies are worried about the possibility of being “hacked” and potential customers are worried about maintaining control of personal information. Necessity of computer security professionals to break into the systems of the organisation.
Ethical hackers employ the same tools and techniques as the intruders. They neither damage the target systems nor steal information. The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them. INTRODUCTION
PLANNING THE TEST Aspects that should be focused on: Who should perform penetration testing? How often the tests have to be conducted? What are the methods of measuring and communicating the results? What if something unexpected happens during the test and brings the whole system down? What are the organization's security policies?
The minimum security policies that an organization should posses Information policy Security policy Computer use User management System administration procedures Incident response procedures Configuration management Design methodology Disaster methodology Disaster recovery plans.
Ethical hacking- a dynamic process Running through the penetration test once gives the current set of security issues which subject to change. Penetration testing must be continuous to ensure that system movements and newly installed applications do not introduce new vulnerabilities into the system.
Who are ethical hackers The skills ethical hackers should posses They must be completely trustworthy. Should have very strong programming and computer networking skills and have been in networking field for several years.
Should have more patience. Continuous updating of the knowledge on computer and network security is required. They should know the techniques of the criminals, how their activities might be detected and how to stop them. Who are ethical hackers
Choice of an ethical hacker An independent external agency. black box testing . An expertise with in your own organization. white box testing .
AREAS TO BE TESTED Application servers Firewalls and security devices Network security Wireless security
Red Team-Multilayered Assessment Various areas of security are evaluated using a multilayered approach. Each area of security defines how the target will be assessed. An identified vulnerability at one layer may be protected at another layer minimizing the associated risk of the vulnerability.
Information security (INFOSEC)- A revolving process
 
Attacks on Websites:- Denial of service attack Some hackers hack your websites just because they can. They try to do something spectacular to exhibit their talents. Their comes the denial of service attack. During the attacks, customers were unable to reach the websites, resulting in loss of revenue and “mind share”. On January 17, 2000, a U.S. library of congress website was attacked.
 
 
The ethical hack itself Testing itself poses some risk to the client. Criminal hacker monitoring the transmissions of ethical hacker could trap the information. Best approach is to maintain several addresses around the internet from which ethical hackers originate. Additional intrusion monitoring software can be deployed at the target.
IBM’S Immune system for Cyber space Any of the following combination may be used Remote network. Remote dial-up network. Local network. Stolen laptop computer. Social engineering. Physical entry.
 
Competitive Intelligence A systematic and ethical program for maintaining external information that can affect your company’s plans. It is legal collection and analysis of information regarding the vulnerabilities of the business partners. The same information used to aid a company can be used to compete with the company. The way to protect the information is to be aware of how it may be used.
Information Security Goals Improve IS awareness. Assess risk. Mitigate risk immediately. Assist in the decision making process. Conduct drills on emergency response procedures.
Conclusions Never underestimate the attacker or overestimate our existing posture. A company may be target not just for its information but potentially for its various transactions. To protect against an attack, understanding where the systems are vulnerable is necessary. Ethical hacking helps companies first comprehend their risk and then, manage them.
Always security professionals are one step behind the hackers and crackers. Plan for the unplanned attacks. The role of ethical hacking in security is to provide customers with awareness of how they could be attacked and why they are targeted. “ Security though a pain”, is necessary. Conclusions
References 1.www.javvin.com 2.www.computerworld.com 3.www.research.ibm.com/journals 4.www.howstuffworks.com 5.”Information Technology” journal,september,august 2005,published by EFY. 6.IEEE journal on" security and privacy”
Queries?

More Related Content

PPT
Ethicalhackingalicencetohack 120223062548-phpapp01
rajkumar jonuboyena
 
PPTX
Threat Modelling And Threat Response
Vivek Jindaniya
 
PPTX
How to assess and manage cyber risk
Stephen Cobb
 
PDF
Security Automation and Machine Learning
Siemplify
 
PPTX
Red Team vs. Blue Team
EC-Council
 
PPTX
Vulnerability Assessment
primeteacher32
 
PPTX
Cyber Threat Management
Rishi Kant
 
PPTX
10 Critical Corporate Cyber Security Risks
Heimdal Security
 
Ethicalhackingalicencetohack 120223062548-phpapp01
rajkumar jonuboyena
 
Threat Modelling And Threat Response
Vivek Jindaniya
 
How to assess and manage cyber risk
Stephen Cobb
 
Security Automation and Machine Learning
Siemplify
 
Red Team vs. Blue Team
EC-Council
 
Vulnerability Assessment
primeteacher32
 
Cyber Threat Management
Rishi Kant
 
10 Critical Corporate Cyber Security Risks
Heimdal Security
 

What's hot (20)

PPTX
Integrated cyber defense
kajal kumari
 
PDF
Insider Threat Detection Recommendations
AlienVault
 
PPTX
Mitigating Risk from Cyber Security Attacks
Tripwire
 
PPTX
Your cyber security webinar
Intergen
 
PPTX
Enterprise IT Security Audit | Cyber Security Services
Akshay Kurhade
 
PPTX
Vulnerability in ai
SrajalTiwari1
 
PPTX
Information risk management
Akash Saraswat
 
PDF
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Lancope, Inc.
 
PDF
Cyber Security vs.pdf
Ming Man Chan
 
PPT
Employee Security Awareness Program
CommLab India – Rapid eLearning Solutions
 
PPTX
information security (Audit mechanism, intrusion detection, password manageme...
Zara Nawaz
 
PDF
The Hacking Team Hack: Lessons Learned for Enterprise Security
Stephen Cobb
 
PDF
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
PPTX
Skills that make network security training easy
EC-Council
 
PPT
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
PDF
Simplifying IT Security for GDPR Compliance: Sharique M Rizvi
Sharique Rizvi
 
PDF
Incident response methodology
Piyush Jain
 
PPTX
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
PDF
Webinar - Reducing Your Cybersecurity Risk
WPICPE
 
PPTX
Risk Management Approach to Cyber Security
Ernest Staats
 
Integrated cyber defense
kajal kumari
 
Insider Threat Detection Recommendations
AlienVault
 
Mitigating Risk from Cyber Security Attacks
Tripwire
 
Your cyber security webinar
Intergen
 
Enterprise IT Security Audit | Cyber Security Services
Akshay Kurhade
 
Vulnerability in ai
SrajalTiwari1
 
Information risk management
Akash Saraswat
 
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...
Lancope, Inc.
 
Cyber Security vs.pdf
Ming Man Chan
 
Employee Security Awareness Program
CommLab India – Rapid eLearning Solutions
 
information security (Audit mechanism, intrusion detection, password manageme...
Zara Nawaz
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
Stephen Cobb
 
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Skills that make network security training easy
EC-Council
 
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
Simplifying IT Security for GDPR Compliance: Sharique M Rizvi
Sharique Rizvi
 
Incident response methodology
Piyush Jain
 
Insider Threat Summit - The Future of Insider Threat Detection
ObserveIT
 
Webinar - Reducing Your Cybersecurity Risk
WPICPE
 
Risk Management Approach to Cyber Security
Ernest Staats
 

Viewers also liked (20)

PPT
Reflective Audio Journaling
Bernard Goldbach
 
PPTX
The Strategy of Journaling
jlorlando
 
PPTX
Lecture 15 fraud schemes - james a. hall book chapter 3
Habib Ullah Qamar
 
PPTX
Cyber crime journal by central detective training school
Bivas Chatterjee
 
PPT
Linux Vulnerabilities
SecurityTube.Net
 
PPTX
Journaling Across the Curriculum
ashchapman3
 
PPT
10135 a 09
Bố Su
 
PPTX
Chapter 3 security part i auditing operating systems and networks
Tommy Zul Hidayat
 
PDF
Do journaling filesystems guarantee against corruption after a power failure (1)
Rudhramoorthi Andiappan
 
PPT
Hacking A Web Site And Secure Web Server Techniques Used
Siddharth Bhattacharya
 
PPT
Ethical_Hacking_ppt
Narayanan
 
PPT
Journaling And Reflective Practice
Sarah Stewart
 
PDF
Top Ten Web Hacking Techniques (2008)
Jeremiah Grossman
 
PDF
Hacking in shadows By - Raghav Bisht
Raghav Bisht
 
PDF
Ethical Hacking Certification Path You Should Follow
Mercury Solutions Limited
 
PPT
Ethical Hacking
Binit Kumar
 
PPTX
Ethical hacking
Naveen Sihag
 
PPTX
Ethical Hacking
Nitheesh Adithyan
 
PDF
Linux device drivers
Emertxe Information Technologies Pvt Ltd
 
PDF
Hacking the Web
Mike Crabb
 
Reflective Audio Journaling
Bernard Goldbach
 
The Strategy of Journaling
jlorlando
 
Lecture 15 fraud schemes - james a. hall book chapter 3
Habib Ullah Qamar
 
Cyber crime journal by central detective training school
Bivas Chatterjee
 
Linux Vulnerabilities
SecurityTube.Net
 
Journaling Across the Curriculum
ashchapman3
 
10135 a 09
Bố Su
 
Chapter 3 security part i auditing operating systems and networks
Tommy Zul Hidayat
 
Do journaling filesystems guarantee against corruption after a power failure (1)
Rudhramoorthi Andiappan
 
Hacking A Web Site And Secure Web Server Techniques Used
Siddharth Bhattacharya
 
Ethical_Hacking_ppt
Narayanan
 
Journaling And Reflective Practice
Sarah Stewart
 
Top Ten Web Hacking Techniques (2008)
Jeremiah Grossman
 
Hacking in shadows By - Raghav Bisht
Raghav Bisht
 
Ethical Hacking Certification Path You Should Follow
Mercury Solutions Limited
 
Ethical Hacking
Binit Kumar
 
Ethical hacking
Naveen Sihag
 
Ethical Hacking
Nitheesh Adithyan
 
Linux device drivers
Emertxe Information Technologies Pvt Ltd
 
Hacking the Web
Mike Crabb
 

Similar to Ethical hacking a licence to hack (20)

PPT
Ethical hacking a licence to hack
Dharmesh Makwana
 
DOCX
61370436 main-case-study
homeworkping4
 
PPTX
Ethical Hacking and Network Defence 1.pptx
Janani S
 
PDF
Ethical Hacking A high-level information security study on protecting a comp...
Quinnipiac University
 
PPTX
Ethical Hacking
Tharindu Kalubowila
 
PDF
Module 1 (legality)
Wail Hassan
 
DOCX
Ethical Hacking (CEH) - Industrial Training Report
Raghav Bisht
 
PPTX
Ashar Shaikh A-84 SEMINAR.pptx
asharshaikh8
 
PDF
A Beginner’s Guide to Ethical Hacking.pdf
uzair
 
PPT
Ethical hacking presentation
Georgekutty Francis
 
DOCX
Final report ethical hacking
samprada123
 
PPTX
seminar ppt.pptx
AbhishekPadul1
 
PDF
BASICS OF ETHICAL HACKING
Drm Kapoor
 
PPTX
Cyber Security PPT
ashish kumar
 
PPTX
_Unveiling the Power of Ethical Hacking in Cybersecurity.pptx
offensoSEOwork
 
PPTX
ethical hacking
samprada123
 
PPTX
Skills-of-Ethical-Hacking.pptx
NarangYadav
 
PDF
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
PPT
Ethical hacking
Altacit Global
 
PPTX
Ethical Hacking
Kunal Gawade, CFE
 
Ethical hacking a licence to hack
Dharmesh Makwana
 
61370436 main-case-study
homeworkping4
 
Ethical Hacking and Network Defence 1.pptx
Janani S
 
Ethical Hacking A high-level information security study on protecting a comp...
Quinnipiac University
 
Ethical Hacking
Tharindu Kalubowila
 
Module 1 (legality)
Wail Hassan
 
Ethical Hacking (CEH) - Industrial Training Report
Raghav Bisht
 
Ashar Shaikh A-84 SEMINAR.pptx
asharshaikh8
 
A Beginner’s Guide to Ethical Hacking.pdf
uzair
 
Ethical hacking presentation
Georgekutty Francis
 
Final report ethical hacking
samprada123
 
seminar ppt.pptx
AbhishekPadul1
 
BASICS OF ETHICAL HACKING
Drm Kapoor
 
Cyber Security PPT
ashish kumar
 
_Unveiling the Power of Ethical Hacking in Cybersecurity.pptx
offensoSEOwork
 
ethical hacking
samprada123
 
Skills-of-Ethical-Hacking.pptx
NarangYadav
 
Ethical hacking and social engineering
Sweta Kumari Barnwal
 
Ethical hacking
Altacit Global
 
Ethical Hacking
Kunal Gawade, CFE
 

Recently uploaded (20)

PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Cloud computing and distributed systems.
kkkkkhan
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 

Ethical hacking a licence to hack

  • 1. ETHICAL HACKING A LICENCE TO HACK Gadde Srikanth A. Ravali Rukmini Information technology Computer science B.TECH- II YR VELLORE INSTITUTE OF TECHNOLOGY School of Computer Sciences
  • 2. INTRODUCTION Ethical hacking- also known as penetration testing or intrusion testing or red teaming has become a major concern for businesses and governments. Companies are worried about the possibility of being “hacked” and potential customers are worried about maintaining control of personal information. Necessity of computer security professionals to break into the systems of the organisation.
  • 3. Ethical hackers employ the same tools and techniques as the intruders. They neither damage the target systems nor steal information. The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them. INTRODUCTION
  • 4. PLANNING THE TEST Aspects that should be focused on: Who should perform penetration testing? How often the tests have to be conducted? What are the methods of measuring and communicating the results? What if something unexpected happens during the test and brings the whole system down? What are the organization's security policies?
  • 5. The minimum security policies that an organization should posses Information policy Security policy Computer use User management System administration procedures Incident response procedures Configuration management Design methodology Disaster methodology Disaster recovery plans.
  • 6. Ethical hacking- a dynamic process Running through the penetration test once gives the current set of security issues which subject to change. Penetration testing must be continuous to ensure that system movements and newly installed applications do not introduce new vulnerabilities into the system.
  • 7. Who are ethical hackers The skills ethical hackers should posses They must be completely trustworthy. Should have very strong programming and computer networking skills and have been in networking field for several years.
  • 8. Should have more patience. Continuous updating of the knowledge on computer and network security is required. They should know the techniques of the criminals, how their activities might be detected and how to stop them. Who are ethical hackers
  • 9. Choice of an ethical hacker An independent external agency. black box testing . An expertise with in your own organization. white box testing .
  • 10. AREAS TO BE TESTED Application servers Firewalls and security devices Network security Wireless security
  • 11. Red Team-Multilayered Assessment Various areas of security are evaluated using a multilayered approach. Each area of security defines how the target will be assessed. An identified vulnerability at one layer may be protected at another layer minimizing the associated risk of the vulnerability.
  • 12. Information security (INFOSEC)- A revolving process
  • 13.  
  • 14. Attacks on Websites:- Denial of service attack Some hackers hack your websites just because they can. They try to do something spectacular to exhibit their talents. Their comes the denial of service attack. During the attacks, customers were unable to reach the websites, resulting in loss of revenue and “mind share”. On January 17, 2000, a U.S. library of congress website was attacked.
  • 15.  
  • 16.  
  • 17. The ethical hack itself Testing itself poses some risk to the client. Criminal hacker monitoring the transmissions of ethical hacker could trap the information. Best approach is to maintain several addresses around the internet from which ethical hackers originate. Additional intrusion monitoring software can be deployed at the target.
  • 18. IBM’S Immune system for Cyber space Any of the following combination may be used Remote network. Remote dial-up network. Local network. Stolen laptop computer. Social engineering. Physical entry.
  • 19.  
  • 20. Competitive Intelligence A systematic and ethical program for maintaining external information that can affect your company’s plans. It is legal collection and analysis of information regarding the vulnerabilities of the business partners. The same information used to aid a company can be used to compete with the company. The way to protect the information is to be aware of how it may be used.
  • 21. Information Security Goals Improve IS awareness. Assess risk. Mitigate risk immediately. Assist in the decision making process. Conduct drills on emergency response procedures.
  • 22. Conclusions Never underestimate the attacker or overestimate our existing posture. A company may be target not just for its information but potentially for its various transactions. To protect against an attack, understanding where the systems are vulnerable is necessary. Ethical hacking helps companies first comprehend their risk and then, manage them.
  • 23. Always security professionals are one step behind the hackers and crackers. Plan for the unplanned attacks. The role of ethical hacking in security is to provide customers with awareness of how they could be attacked and why they are targeted. “ Security though a pain”, is necessary. Conclusions
  • 24. References 1.www.javvin.com 2.www.computerworld.com 3.www.research.ibm.com/journals 4.www.howstuffworks.com 5.”Information Technology” journal,september,august 2005,published by EFY. 6.IEEE journal on" security and privacy”