Uploaded by sujitkhot044

INTRO

advertisement
CEH
TOPIC 1
Introduction To Ethical Hacking ,Ethics
And Legality
•
Information Security
•
Element of Information security and attacks
•
what is hacking
•
what is ethical hacking
•
phase of ethical hacking
•
hacking and cracking
•
how hacking is ethical
•
types of hacker
•
ethical hacking terminology
•
IT ACT (cyber law in india)
Information Security
Information: Data of organization
Information security :Information security covers the
tools and processes that organizations use to protect
information.
ELEMENT OF INFORMATION
SEC.
• CONFIDENTIALITY:
need to keep information secret from other third parties
that want to have access to it.
• INTEGRITY:
preventing unauthorized and improper changes
• AVALIBILITY:
Availability refers to the ability to access data of a
resource when it is needed.
SECURITY
• PHYSICAL:
CAMERA,SECURITY GUARD
• SYSTEM
Antivirus,firewall,other security
• PROCESS:
log entry in pc
Common cyber attack
•
1. Phishing
•
2. Malware
•
3. Ransomware
•
4. Denial of ServiceDOS& (DDoS) Attacks
•
5. Compromised Credentials
•
7. Mis-configuration
•
8. A Lack of Encryption
•
9. Web Application Attacks
What Is Hacking
• Any attempt to intrude into a computer or a network without
authorization is called hacking. This involves changing of system or
security features in a bid to accomplish a goal that differs from the
intended purpose of the system. It can also refer to non-malicious
activities, usually involving unusual or improvised alterations to
equipment or processes.
• An individual who involves themselves in hacking activities is
known as a hacker, and some companies employ hackers as part of
their support staff
CRACKING
• Whereas hacking is the process of intruding computer systems without
authorization in order to gain access to them, for good or bad purposes,
cracking is the same practice though with criminal intention. However,
cracking is generally less harmful than hacking.
• A cracker is someone who breaks into a network;
•
bypasses passwords or licenses in computer programs;
•
intentionally breaches computer security.
• by gaining access to the accounts of people maliciously and misusing this
information across networks.
• They can steal credit card information, they can destroy important files,
•
disclose crucial data and information or personal details and sell them for
personal gains.
How Hacking Is Ethical
• Ethical hacking is a process of detecting
vulnerabilities in an application, system, or
organization's infrastructure that an attacker can use
to exploit an individual or organization.
• They use this process to prevent cyber attacks and
security breaches by lawfully .
Types of Ethical Hacking?
• Web application hacking
• System hacking
• Social eng. hacking
• Network hacking
• Web server hacking
What Is Ethical Hacker Do
1 penetration testing & cyber security
2 Legally breaking into systems
3 Secure the organization
4 Defeating bad hacker
Types Of Hacker
• black hat hacker
• White hat hacker
• Gray hat hacker
FIVE PHASE OF ETHICAL
HACKING
• Phase 1: Reconnaissance and info. Gathering
PASSIVE
ACTIVE
• Phase 2: Scanning.
• Phase 3: Gaining Access.
• Phase 4: Maintaining Access.
• Phase 5: Clearing Tracks.
PENETRATION TESTING CONCEPT
• WHAT IS PENETRATION TESTING
• DIFFERENCE B/W PENETRATION TESTING, BUG
BOUNTY HUNTING AND HACKING
Prevention from Getting
Hacked
• Software Update
• Camera off
• Use Unique Passwords for Different Accounts
• Use HTTPS Encryption website
• Open extension in laptop
• Avoid Clicking on Ads or Strange Links
• Change the Default Username and Password on Your Router and Smart Devices
• Bluetooth off
• Download application from authentic Sources
• Install Antivirus Software
• Use a VPN
• Do Not Login as an Admin by Default
• Use Two-factor Authentication
• Must know Anti-phishing Techniques(vt)
Use mobile devices safely
Considering how much we rely on our mobile devices and how
susceptible they are to attack, you'll want to make sure you are
protected:
• Lock your device with a PIN or password - and never leave it unprotected in public.
• Only install apps from trusted sources (Apple AppStore, Google Play).
• Check given permission
• Keep the device's operating system up-to-date.
• Don't click on links or attachments from unsolicited emails or texts.
• Don’t use open wi-fi.
• Avoid transmitting or storing personal information on the device.
like card details.
• Use Apple's apple cloud or the Android google drive to help prevent loss or theft.
IT ACT (cyber law in india)
• Law
• It act 2000
• 65b of Indian evidence act
• Personal data protection bill 2019
Download