Ethical Hacking Ppt 4575 62511o
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report 3i3n4
Overview 26281t
& View Ethical Hacking Ppt 4575 as PDF for free.
More details 6y5l6z
- Words: 788
- Pages: 21
Ethical Hacking
!@
#
Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Reporting Ethical Hacking – Commandments
2
!@
#
What is Ethical Hacking Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Ethical Conforming to accepted professional standards of conduct Black-hat – Bad guys 3
White-hat - Good Guys
!@
#
What is Ethical Hacking
4
It is Legal Permission is obtained from the target Part of an overall security program Identify vulnerabilities visible from Internet at particular point of time Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
!@
#
Why – Ethical Hacking January - 2005 June 01, 2004 to Dec.31, 2004
Domains .com
No of Defacements 922
.gov.in
24
.org
53
.net
39
.biz
12
.co.in
48
.ac.in
13
.info
3
.nic.in
2
.edu
2
other
13
Total
1131
Defacement Statistics for Indian Websites Source: CERT-India
5
!@
#
Why – Ethical Hacking
Total Number of Incidents Incidents 6
Source: CERT/CC
!@
#
Why – Ethical Hacking
Source: US - CERT
7
!@
#
Why – Ethical Hacking Protection from possible External Attacks Social Engineering Automated Attacks
Organizational Attacks
Restricted Data Accidental Breaches in Security
8
Viruses, Trojan Horses, and Worms
Denial of Service (DoS)
!@
#
Ethical Hacking - Process 1. 2. 3. 4. 5.
9
Preparation Footprinting Enumeration & Fingerprinting Identification of Vulnerabilities Attack – Exploit the Vulnerabilities
!@
#
Preparation
Identification of Targets – company websites, mail servers, extranets, etc. g of Contract
10
Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing
!@
#
Footprinting Collecting as much information about the target DNS Servers IP Ranges istrative s Problems revealed by s Information Sources Search engines Forums Databases – whois, ripe, arin, apnic Tools – PING, whois, Traceroute, DIG, nslookup, sam spade 11
!@
#
Enumeration & Fingerprinting
Specific targets determined Identification of Services / open ports Operating System Enumeration
Methods Banner grabbing Responses to various protocol (ICMP &T) commands Port / Service Scans – T Connect, T SYN, T FIN, etc. Tools Nmap, FScan, Hping, Firewalk, netcat, tdump, ssh, telnet, SNMP Scanner 12
!@
#
Identification of Vulnerabilities Vulnerabilities
13
Insecure Configuration Weak s Unpatched vulnerabilities in services, Operating systems, applications Possible Vulnerabilities in Services, Operating Systems Insecure programming Weak Access Control
!@
#
Identification of Vulnerabilities Methods Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites Weak s – Default s, Brute force, Social Engineering, Listening to Traffic Insecure Programming – SQL Injection, Listening to Traffic Weak Access Control – Using the Application Logic, SQL Injection
14
!@
#
Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tdump Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites Common Vulnerabilities & Exposures – http://cve.mitre.org Bugtraq – www.securityfocus.com Other Vendor Websites
15
!@
#
Attack – Exploit the vulnerabilities
Obtain as much information (trophies) from the Target Asset Gaining Normal Access Escalation of privileges Obtaining access to other connected systems
Last Ditch Effort – Denial of Service
16
!@
#
Attack – Exploit the vulnerabilities Network Infrastructure Attacks Connecting to the network through modem Weaknesses in T / IP, NetBIOS Flooding the network to cause DOS Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security
17
!@
#
Attack – Exploit the vulnerabilities Application Specific Attacks
18
Exploiting implementations of HTTP, SMTP protocols Gaining access to application Databases SQL Injection Spamming
!@
#
Attack – Exploit the vulnerabilities Exploits Free exploits from Hacker Websites Customised free exploits Internally Developed Tools – Nessus, Metasploit Framework,
19
!@
#
Reporting Methodology Exploited Conditions & Vulnerabilities that could not be exploited Proof for Exploits - Trophies Practical Security solutions
20
!@
#
Ethical Hacking - Commandments
Working Ethically
21
Trustworthiness Misuse for personal gain
Respecting Privacy Not Crashing the Systems
!@
#
!@
#
Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Reporting Ethical Hacking – Commandments
2
!@
#
What is Ethical Hacking Also Called – Attack & Penetration Testing, White-hat hacking, Red teaming Hacking Process of breaking into systems for: Personal or Commercial Gains Malicious Intent – Causing sever damage to Information & Assets Ethical Conforming to accepted professional standards of conduct Black-hat – Bad guys 3
White-hat - Good Guys
!@
#
What is Ethical Hacking
4
It is Legal Permission is obtained from the target Part of an overall security program Identify vulnerabilities visible from Internet at particular point of time Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
!@
#
Why – Ethical Hacking January - 2005 June 01, 2004 to Dec.31, 2004
Domains .com
No of Defacements 922
.gov.in
24
.org
53
.net
39
.biz
12
.co.in
48
.ac.in
13
.info
3
.nic.in
2
.edu
2
other
13
Total
1131
Defacement Statistics for Indian Websites Source: CERT-India
5
!@
#
Why – Ethical Hacking
Total Number of Incidents Incidents 6
Source: CERT/CC
!@
#
Why – Ethical Hacking
Source: US - CERT
7
!@
#
Why – Ethical Hacking Protection from possible External Attacks Social Engineering Automated Attacks
Organizational Attacks
Restricted Data Accidental Breaches in Security
8
Viruses, Trojan Horses, and Worms
Denial of Service (DoS)
!@
#
Ethical Hacking - Process 1. 2. 3. 4. 5.
9
Preparation Footprinting Enumeration & Fingerprinting Identification of Vulnerabilities Attack – Exploit the Vulnerabilities
!@
#
Preparation
Identification of Targets – company websites, mail servers, extranets, etc. g of Contract
10
Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing
!@
#
Footprinting Collecting as much information about the target DNS Servers IP Ranges istrative s Problems revealed by s Information Sources Search engines Forums Databases – whois, ripe, arin, apnic Tools – PING, whois, Traceroute, DIG, nslookup, sam spade 11
!@
#
Enumeration & Fingerprinting
Specific targets determined Identification of Services / open ports Operating System Enumeration
Methods Banner grabbing Responses to various protocol (ICMP &T) commands Port / Service Scans – T Connect, T SYN, T FIN, etc. Tools Nmap, FScan, Hping, Firewalk, netcat, tdump, ssh, telnet, SNMP Scanner 12
!@
#
Identification of Vulnerabilities Vulnerabilities
13
Insecure Configuration Weak s Unpatched vulnerabilities in services, Operating systems, applications Possible Vulnerabilities in Services, Operating Systems Insecure programming Weak Access Control
!@
#
Identification of Vulnerabilities Methods Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites Weak s – Default s, Brute force, Social Engineering, Listening to Traffic Insecure Programming – SQL Injection, Listening to Traffic Weak Access Control – Using the Application Logic, SQL Injection
14
!@
#
Identification of Vulnerabilities Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tdump Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion Websites Common Vulnerabilities & Exposures – http://cve.mitre.org Bugtraq – www.securityfocus.com Other Vendor Websites
15
!@
#
Attack – Exploit the vulnerabilities
Obtain as much information (trophies) from the Target Asset Gaining Normal Access Escalation of privileges Obtaining access to other connected systems
Last Ditch Effort – Denial of Service
16
!@
#
Attack – Exploit the vulnerabilities Network Infrastructure Attacks Connecting to the network through modem Weaknesses in T / IP, NetBIOS Flooding the network to cause DOS Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security
17
!@
#
Attack – Exploit the vulnerabilities Application Specific Attacks
18
Exploiting implementations of HTTP, SMTP protocols Gaining access to application Databases SQL Injection Spamming
!@
#
Attack – Exploit the vulnerabilities Exploits Free exploits from Hacker Websites Customised free exploits Internally Developed Tools – Nessus, Metasploit Framework,
19
!@
#
Reporting Methodology Exploited Conditions & Vulnerabilities that could not be exploited Proof for Exploits - Trophies Practical Security solutions
20
!@
#
Ethical Hacking - Commandments
Working Ethically
21
Trustworthiness Misuse for personal gain
Respecting Privacy Not Crashing the Systems
!@
#
Related Documents 3h463d
Ethical Hacking Ppt 4575 62511o
November 2022 0
Ethical Hacking Ppt 6v5973
December 2019 67
Ethical Hacking Ppt Pdf 6c275k
November 2019 104
Ethical Hacking 3c5c5d
July 2020 0
Ethical Hacking 3c5c5d
May 2020 12
Ethical Hacking 3c5c5d
November 2019 162More Documents from "Gyan Prakash" 372365
What Is A Panchnama 67683x
December 2019 58
Ethical Hacking Ppt 4575 62511o
November 2022 0
Silence! The Court Is In Session 53522t
October 2019 69
4p345f
November 2019 1,962
Siddhar Korakkar's 7 Medical Writings 135v1x
November 2021 0