ETHICAL HACKING A LICENCE TO HACK

advertisement
ETHICAL HACKING
A LICENCE TO HACK
Submitted By:
Usha Kalkal
M.Tech(1st Sem)
Information technology

Companies are worried about the possibility of being “hacked” and
potential customers are worried about maintaining control of
personal information.

Ethical Hacking is not an automated hacker program rather it is an
audit that both identifies the vulnerabilities of a system and provide
advice on how to eliminate them.

To catch a thief ,think like a thief.

A Person who enjoys learning the details of computer systems and
how to stretch their capabilities.

One who program enthusiastically.

Enjoys programming rather than just theorizing about it.

Old School Hackers: 1960s style Stanford or MIT hackers. Do not
have malicious intent, but do have lack of concern for privacy and
proprietary information. They believe the Internet was designed to be an
open system.

Script Kiddies or Cyber-criminals: Between 12-30; bored in school;
get caught due to bragging online; intent is to vandalize or disrupt systems.

Professional Criminals or Crackers: Make a living by breaking into
systems and selling the information.

Coders and Virus Writers: See themselves as an elite; programming
background and write code but won’t use it themselves; have their own
networks called “zoos”; leave it to others to release their code into “The
Wild” or Internet.
January - 2005
June 01, 2004 to Dec.31, 2004
Domains
.com
922
.gov.in
24
.org
53
.net
39
.biz
12
.co.in
48
.ac.in
13
.info
3
.nic.in
2
.edu
2
other
13
Total
1131
Defacement Statistics for Indian Websites
Source: CERT-India
No of Defacements
INCREMENT IN ATTACKS WITH TIME
Total Number of Incidents
Source: CERT/CC

Ethical hacking is a scheme of having independent
computer security professionals who attempt to break
into the system to find vulnerabilities in the system.

Dynamic process.

Also known as penetration testing.

Neither damage the target systems nor steal information.

Evaluate target systems security and report back to
owners about the vulnerabilities found.

Hackers
◦ Access computer system or network without
authorization
◦ Breaks the law; can go to prison

Crackers
◦ Break into systems to steal or destroy data
◦ U.S. Department of Justice calls both hackers

Ethical hacker
◦ Performs most of the same activities but with owner’s
permission
8
Someone who is

Skilled




Knowledgeable




Programming and networking skills
Installation and maintenance skills
System management skills
Hardware and software
Trustworthy
Patient and Persistent
Certified

When doing a penetration test, have a written
contract giving you permission to attack the
network

Using a contract is just good business

Contracts may be useful in court

Have an attorney read over your contract before
sending or signing it
10
Black Hat Hacker: Use knowledge for personal gain.
White Hat Hacker: Use skills for defensive purposes.
Grey Hat Hacker:
Work both offensively & defensively.
Five steps of hacking:
1.
2.
3.
4.
5.
Footprinting
Scanning and enumeration
Gaining access
Maintaining access
Clearing tracks
• Objective
Target Address range, namespace, acquisition and information
gathering are essential to a surgical attack.
• Techniques & Tools
1.
2.
3.
Open source search
Samspade
Email tracker & visual route
• Objective
Make blue print of target network.
• Techniques & Tools
1.
2.
3.
4.
5.
War dialing
Pinger
Port Scanning
Nmap(Network Mapper)
Enumeration
• Objective
Enough data has been gathered at this point to make an informed
attempt to access the target.
• Techniques & Tools
1.
2.
3.
4.
5.
Password eavesdropping
LoftCrack
Priviledge Escalation
Metaspoilt
Man in Middle Attack
• Objective
Now hacker is inside the system. Next aim is to make an easier path
to get in when he comes next time.
• Techniques & Tools
1.
2.
3.
4.
5.
6.
7.
Key Stroke Logger
Create rogue user accounts
Infect startup files
Install monitoring mechanisms
Wrappers
Replace applications with trojans
Elitewrap
• Objective
Once total ownership of the target is secured, hiding the fact that
hacker is here from system administrators becomes paramount.
• Techniques & Tools
1.
2.
3.
4.
Auditpol.exe
Eslave
Evidence Eliminator
Winzapper
Different kinds of system
attacks
Social
Engineering
Automated
Attacks
Organizational
Attacks
Restricted
Data
Accidental
Breaches in
Security
Viruses, Trojan
Horses,
and Worms
Denial of
Service (DoS)




Helps in closing the open holes in the system
network
Provides security to banking and financial
establishments
Prevents website defacements
An evolving technique


All depends upon the trustworthiness of the
ethical hacker.
Hiring professionals is expensive.
Main aim of seminar is to make you understand that
there are so many tools through which a hacker can get
in to a system.
Various needs from various perspectives:
 Student: A student should understand that no software is made
with zero Vulnerabilities.

Professionals: Professionals should understand that business is
directly related to Security. So they should make new software with
vulnerabilities as less as possible.

Users: If software is highly secure but user is unaware of security
then it would be like a secured building with all doors open by
insider.
1. http://netsecurity.about.com
2. http://researchweb.watson.ibm.com
3. http://www.eccouncil.org
4. http://www.ethicalhacker.net
5. http://www.infosecinstitute.com
6. http://searchsecurity.techtarget.com
Download