Ethical Hacking

H N Harsh

1
HACKER

2
 What is Ethical Hacking?
Who are ethical hackers?
Get out of jail free card
Kinds of Testing
Final Report

3
 Ethical Hacking
Independent computer security
Professionals breaking into the
computer systems.
Neither damage the target
systems nor steal information.
Evaluate target systems security
and report back to owners about
the weakness found.

4
Ethical Hackers but not Criminal Hackers

Completely truthful.
Strong programming and computer
networking skills.
Learn about the system and trying to
find its weaknesses.
Techniques of Criminal hackers-
Detection-Prevention.
Published research papers or released
security software.
No Ex-hackers.

5
 Being Prepared
What can an intruder see on the target systems?
What can an intruder do with that information?
Does anyone at the target notice the intruder's
attempts or successes?

1. What are you trying to protect?

2. Who are you trying to protect against?
3. How much time, effort, and money are you willing to
expend to obtain adequate protection?

6
 Get out of Jail free card
Security evaluation plan
1. Identify system to be tested
2. How to test?
3. Limitations on that testing

Evaluation done under a no-holds-

barred approach.
Clients should be aware of risks.
Limit prior knowledge of test.

7
 Kinds of Testing
Remote Network
Remote dial-up network
Local network
Stolen laptop computer
Social engineering
Physical entry

1.Total outsider
2.Semi-outsider
3.Valid user

8
 Final Report
Collection of all discoveries made during
evaluation.
Specific advice on how to close the
weakness.
Testers techniques never revealed.
Delivered directly to an officer of the client
organization in hard-copy form.
Steps to be followed by clients in future.

9
Types of Hacking

10
 1) Inside Jobs
Most security breeches originate inside the
network that is under attack. Inside jobs include
stealing passwords (which hackers then use or
sell), performing industrial espionage, causing
harm (as disgruntled employees), or committing
simple misuse. Sound policy enforcement and
observant employees who guard their passwords
and PCs can thwart many of these security
breeches.

11
 2) Weak Access Points
Access points (APs) are unsecured wireless
access points that outsiders can easily
breech. (Local hackers often advertise
rogue APs to each other.) Rogue APs are
most often connected by well-meaning but
ignorant employees.

12
 3) Back Doors
Hackers can gain access to a network by
exploiting back doors 'administrative shortcuts,
configuration errors, easily deciphered passwords,
and unsecured dial-ups. With the aid of
computerized searchers (bots), hackers can
probably find any weakness in your network.

13
 4) Viruses and Worms
Viruses and worms are self-replicating programs
or code fragments that attach themselves to other
programs (viruses) or machines (worms). Both
viruses and worms attempt to shut down networks
by flooding them with massive amounts of bogus
traffic, usually through e-mail.

14
 5) Trojan Horses
Trojan horses, which are attached to other
programs, are the leading cause of all
break-ins. When a user downloads and
activates a Trojan horse, the hacked
software (SW) kicks off a virus, password
gobbler, or remote-control SW that gives
the hacker control of the PC.

15
 6) Denial of Service
DoS attacks give hackers a way to bring down a
network without gaining internal access. DoS
attacks work by flooding the access routers with
bogus traffic (which can be e-mail or
Transmission Control Protocol, TCP, packets).
Distributed DoSs (DDoS5) are coordinated DoS
attacks from multiple sources. A DDoS is more
difficult to block because it uses multiple,
changing, source IP addresses.

16
 7) Sniffing and Spoofing
As the cost of hacking attacks continues to rise, businesses
have been forced to increase spending on network security.
However, hackers have also developed new skills that
allow them to break into more complex systems. Hacking
typically involves compromising the security of networks,
breaking the security of application software, or creating
malicious programs such as viruses.

17
 Footprinting
Footprinting is the technique of gathering
information about computer systems and
the entities they belong to. This is done by
employing various computer security
techniques, as:
Suggestions?

19