Ethical Hacking Powerpoint
- 1. Ethical Hacking By: Renelyn Tuazon 4CpE-1
- 2. What is Hacking? • act of finding the possible entry points that exist in a computer system or a computer network and finally entering into them. • usually done to gain unauthorized access to a computer system or a computer network, either to harm the systems or to steal sensitive information available on the computer.
- 3. • A computer expert who does the act of hacking is called a “Hacker". • Hackers are those who seek knowledge, to understand how systems operate, how they are designed, and then attempt to play with these systems.
- 4. Ethical Hacking • Hacking is usually legal as long as it is being done to find weaknesses and help identify potential threats in a computer or network system for testing purpose. This sort of hacking is what we call Ethical Hacking.
- 5. • An ethical hacker attempts to bypass system security and search for any weak points that could be exploited by malicious hackers.
- 6. Ethical Hacker Commandments: • Work Ethically • Respect Privacy • Avoid Crashes of your Systems
- 7. Ethical Hacking - Process
- 8. Reconnaissance • Reconnaissance is a set of processes and techniques used to covertly discover and collect information about a target system. • refers to preparatory phase where an attacker learns about all of the possible attack vectors that can be used in their plan.
- 9. Scanning and Enumeration • Scanning is the process where the attacker begins to actively probe a target machine or network for vulnerabilities that can be exploited. • Enumeration is the ability of the hacker to convince some servers to give them information that is vital to them to make an attack.
- 10. Gaining Access • In this process, the vulnerability is located and you attempt to exploit it in order to enter into the system. • This is the actual hacking phase in which the hacker gains access to the system.
- 11. Maintaining Access • After gaining access, the hacker installs some backdoors in order to enter into the system when he needs access in this owned system in future.
- 12. Clearing Tracks • “Everybody knows a good hacker but nobody knows a great hacker.” • This process is actually an unethical activity. It has to do with the deletion of logs of all the activities that take place during the hacking process.
- 13. Reporting • Reporting is the last step of finishing the ethical hacking process. Here the Ethical Hacker compiles a report with his findings and the job that was done such as the tools used, the success rate, vulnerabilities found, and the exploit processes .
- 14. Ethical Hacking Tools • Nmap (Network Mapper) • Metasploit • Burp Suite • Angry IP Scanner • Cain and Abel
- 15. Advantages: • Helps in closing the open holes in the system network • Provides security to banking and financial establishments • Prevents website defacements
- 16. Disadvantages: • All depends upon the trustworthiness of the ethical hacker. • Hiring professionals is expensive.
Editor's Notes
- #4: You might want to explain or define different types of hacking (e.g Black-hat hacking, White-hat Hacking, Gray-Hat hacking, etc)
- #5: Ethical hacking involves finding weaknesses in a computer or network system for testing purpose and finally getting them fixed. Ethical hacking is an example of white-hat hacking. Explain why.
- #6: This information is then used by the organization to improve the system security, in an effort to minimize or eliminate any potential attacks. You might want to identify the skills an ethical hacker should have.
- #7: The word ethical in this context means working with high professional morals and principles. Whether you’re performing ethical hacking tests against your own systems or for someone who has hired you, everything you do as an ethical hacker must be aboveboard and must support the company’s goals. No hidden agendas allowed! Treat the information you gather with the utmost respect. All information you obtain during your testing — from web application flaws to clear text e-mail passwords to personally identifiable information and beyond — must be kept private. One of the biggest mistakes people make when trying to hack their own systems is inadvertently crashing the systems they’re trying to keep running. Poor planning is the main cause of this mistake. These testers often misunderstand the use and power of the security tools and techniques at their disposal.
- #15: Nmap - It is an open source tool that is used widely for network discovery and security auditing. Nmap was originally designed to scan large networks, but it can work equally well for single hosts. Network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Metasploit - one of the most powerful exploit tools. With Metasploit, you can perform the following operations: Conduct basic penetration tests on small networks, Run spot checks on the exploitability of vulnerabilities, Discover the network or import scan data and Browse exploit modules and run individual exploits on hosts. Burp Suite - a popular platform that is widely used for performing security testing of web applications. It has various tools that work in collaboration to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Angry IP Scanner - a lightweight, cross-platform IP address and port scanner. It can scan IP addresses in any range. It can be freely copied and used anywhere. In order to increase the scanning speed, it uses multithreaded approach, wherein a separate scanning thread is created for each scanned IP address. Cain and Abel - Cain & Abel is a password recovery tool for Microsoft Operating Systems. It helps in easy recovery of various kinds of passwords by employing any of the following methods: sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysisattacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Cain & Abel is a useful tool for security consultants, professional penetration testers and everyone else who plans to use it for ethical reasons.