Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Ethical Hacking - AASSA Educators' Conference Quito 2012 Wiki Site

InterAmerican Academy
AASSA Conference 2012
Ethical Hacking a general overview
IT Department
Quito, Ecuador
March 16th 2012
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
TABLE OF CONTENT

Objectives.

Security fundamentals.

Ethical hacking stages.

Conclusion.
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
OBJECTIVES
1. To show a general overview of what ethical hacking implies:
 Main concepts.
 Common vulnerabilities.
 Ethical hacking Stages/ Tools.
2. To create a baseline to apply professional methodologies for security audits such as:
 Open Source Security Testing Methodology Manual (OSSTMM).
 Information Systems Security Assessment Framework (ISSAT)
 ISO27001:2005.
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
SECURITY FUNADMANETALS: MAIN CONCPETS
Security Information:
It protects the information from a wide spectrum of threats, in order to
ensure business continuity, minimize damage to the organization and
maximize the return on investment and business opportunities.
Computer Security:
It ensures the resources of the information systems (hardware or
software) of an organization are used in the proper way.
Ethical Hacking:
It is a penetration test of which the goal is to discover trophies
throughout the network within the predetermined project time
limit.(OSSTMM )
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
SECURITY FUNADMANETALS: MAIN CONCPETS
Accountability:
Confidentiality:
It is the capacity of
keeping track based on the
generation of files.
Example: Log system /IDS
It keeps the information
private; only the owner
can access it.
Example: Doctor-Patient
Security features:
Integrity:
the information will remain
the same.
Example:
Message sent: Hello
Message received: Hello
Instructor: Francisco Bolaños, Ing.
Availability:
the information is
available all the time
without any kind of
disruption.
Example: Website 24/7
All the rights reserved.
SECURITY FUNADMANETALS: COMMON VULNERABILITIES
 Wrong router configurations.
 Remote Access Service (RAS) not secured and either monitored.
 Leakage of information.
 Unnecessary services.
 Weak passwords.
 Accounts with too many privileges.
 Internet services not well configured.
 Firewalls not well configured.
 Lack of patches or configurations by default.
 No authenticated services.
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
ETHICAL HACKING STAGES
- -- - Stages - -- -
Footprinting
Scanning and
Enumeration
Vulnerability
Analysis
Exploitation
- -- - - -- -- -- - - --
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
CONCLUSIONS
1. IT staff should be trained on this topic to prevent security issues:
2. Ethical hacking is a baseline for security audit methodologies.
3. Keep in mind that hacking is art and the security evaluation is science.
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
THANK YOU
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
InterAmerican Academy
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
ETHICAL HACKING STAGES
Scanning and Enumeration:
Scanning is based on Footprinting because with the information
gathered from the Footprinting stage is possible to identify the resources
of the target like: access points, open ports, active machines, uncovering
services on ports and operating systems.

Enumeration lists all the resources found in the scanning with the
purpose of having a general network schema and possible vulnerabilities of
it. .

Go Back
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
ETHICAL HACKING STAGES
Footprinting:

It is the technique of gathering information about the target or victim .
The more information you can get from this stage the more accurate
your attack will be.


The purpose is to create a profile of the target and get familiar with it.
Go Back
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
ETHICAL HACKING STAGES
Vulnerability Analysis:
It is an active process in which the possible security holes are
confirmed or discarded based on the enumeration stage. .

Go Back
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
ETHICAL HACKING STAGES
Exploitation:
In this stage the attacker is going to get access, escalate privileges and
get or manipulate the data of his/her victim. In other words, the intruder
will hack the company.

Go Back
Instructor: Francisco Bolaños, Ing.
All the rights reserved.
Related documents
Is Computer Based Training Right for You and Your Organization?
Is Computer Based Training Right for You and Your Organization?
Instructor report template 480-489
Instructor report template 480-489
Dear Employees: It has been brought to management's attention that
Dear Employees: It has been brought to management's attention that
Group-Reflection-Paper
Group-Reflection-Paper
Download