Ethical Hacking Redefined

Click here to load reader

  • date post

    12-Nov-2014
  • Category

    Internet

  • view

    613
  • download

    1

Embed Size (px)

description

Ethical Hacking....Simple but Effective

Transcript of Ethical Hacking Redefined

  • 1. Presented By: Pawan Patil BCA Sem V Roll No :24 COMPUTER SECURITY AND ETHICAL HACKING
  • 2. CONTENTS Overview of Hacking History Types of hacking Hacker Types of Hacker Why do hackers hack? How can kid hack? What does a script kid know? Hackers language
  • 3. CONTENT CONTINUED How to translate the hackers language Ethical Hacking Ethical Hacking Process What hackers do after hacking? Why cant we defend against hackers? How can we protect the system? What we should do after hacked? Final words
  • 4. OVERVIEW OF HACKING Hack Examine something very minutely the rapid crafting of a new program or the making of changes to existing, usually complicated software Hacker The person who hacks Cracker System intruder/destroyer
  • 5. HISTORY OF HACKING 1903 - Magician and inventor Nevil Maskelyne disrupts John Ambrose Fleming's public demonstration on secure wireless telegraphy technology, sending insulting code messages through the auditorium's projector. 1943 - French computer expert Ren Carmille, hacked the punched card used by the Nazis to locate Jews. 1982 - The 414s break into 60 computer systems at institutions ranging from the Los Alamos Laboratories to Manhattan's Memorial Sloan-Kettering Cancer Centre. The incident appeared as the cover story of Newsweek with the title Beware: Hackers at play, possibly the first mass-media use of the term hacker in the context of computer security. As a result, the U.S. House of Representatives held hearings on computer security and passed several laws.
  • 6. TYPES OF HACKING Normal data transfer Interruption Interception Modification Fabrication
  • 7. HACKER : Someone who bypasses the systems access controls by taking advantage of security weaknesses left in the system by developers Person who is totally immersed in computer technology and programming, and who likes to examine the code of programs to see how they work then uses his or her computer expertise for illicit purposes such as gaining access to computer systems without permission and tampering with programs and data. At that point, this individual would steal information and install backdoors, virus and Trojans Hacker means cracker nowadays.
  • 8. WHAT IS HACKING
  • 9. TYPES OF HACKER White Hat Hackers: who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. Black Hat Hackers: A black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat. Gray Hat Hackers: A grey hat, in the hacking community, refers to a skilled hacker whose activities fall somewhere between white and black hat hackers on a variety of spectra
  • 10. TYPES OF HACKER CONTINUED Script Kiddies: who use scripts or programs developed by others to attack computer systems and networks and deface websites.[ Phreak Person who breaks into telecommunications systems to [commit] theft Cyber Punk Recent mutation of the hacker, cracker, and phreak
  • 11. WHY DO PEOPLE HACK?? To make security stronger ( Ethical Hacking ) Just for fun Show off Hack other systems secretly Notify many people their thought Steal important information Destroy enemys computer network during the war
  • 12. HACKERS LANGUAGE : 1 -> i or l 3 -> e 4 -> a 7 -> t 9 -> g 0 -> o $ -> s | -> i or l || -> n |/| -> m s -> z z -> s f -> ph ph -> f x -> ck ck -> x
  • 13. HACKERS LANGUAGE TRANSLATION Ex) 1 d1d n0t h4ck th1s p4g3, 1t w4s l1k3 th1s wh3n 1 h4ck3d 1n I did not hack this page, it was like this when I hacked in
  • 14. GOAL
  • 15. HACKING - PROCESS 1. Preparation 2. Foot printing 3. Enumeration & Fingerprinting 4. Identification of Vulnerabilities 5. Attack Exploit the Vulnerabilities 6. Gaining Access 7. Escalating privilege 8. Covering tracks 9. Creating back doors
  • 16. 1. PREPARATION Identification of Targets company websites, mail servers, extranets, etc. Signing of Contract Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing
  • 17. 2. FOOT PRINTING Collecting as much information about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators Information Sources Search engines Forums Databases whois, Tools PING, whois, Traceroute, nslookup
  • 18. 3. ENUMERATION & FINGERPRINTING Specific targets determined Identification of Services / open ports Operating System Enumeration Methods Banner grabbing Responses to various protocol (ICMP &TCP) commands Port / Service Scans TCP Connect, TCP SYN, TCP FIN, etc. Tools Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner
  • 19. 4. IDENTIFICATION OF VULNERABILITIES Vulnerabilities: It is a weakness which allows an attacker to reduce a system's information assurance. Insecure Configuration Weak passwords Unpatched vulnerabilities in services, Operating systems, applications Possible Vulnerabilities in Services, Operating Systems Insecure programming Weak Access Control
  • 20. IDENTIFICATION OF VULNERABILITIES CONT.. Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic Ethercap, tcpdump Password Crackers John the ripper, LC4, Pwdump Intercepting Web Traffic Achilles, Whisker, Legion
  • 21. 5. ATTACK EXPLOIT THE VULNERABILITIES Network Infrastructure Attacks Connecting to the network through modem Weaknesses in TCP / IP, NetBIOS Flooding the network to cause DOS Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security
  • 22. 6. GAINING ACCESS: Enough data has been gathered at this point to make an informed attempt to access the target Techniques Password eavesdropping File share brute forcing Password file grab Buffer overflows
  • 23. 7. ESCALATING PRIVILEGES If only user-level access was obtained in the last step, the attacker will now seek to gain complete control of the system Techniques Password cracking Known exploits
  • 24. 8. COVERING TRACKS Once total ownership of the target is secured, hiding this fact from system administrators becomes paramount, lest they quickly end the romp. Techniques Clear logs Hide tools
  • 25. 9. CREATING BACK DOORS Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim of the intruder Techniques Create rogue user accounts Schedule batch jobs Infect startup files Plant remote control services Install monitoring mechanisms Replace apps with trojans
  • 26. WHAT DO HACKERS DO AFTER HACKING? (1) Patch security hole The other hackers cant intrude Clear logs and hide themselves Install rootkit ( backdoor ) The hacker who hacked the system can use the system later It contains trojan virus, and so on Install irc related program identd, irc, bitchx, eggdrop, bnc
  • 27. WHAT DO HACKERS DO AFTER HACKING? (2) Install scanner program mscan, sscan, nmap Install exploit program Install denial of service program Use all of installed programs silently
  • 28. WHY CANT WE DEFEND AGAINST HACKERS? There are many unknown security hole Hackers need to know only one security hole to hack the syste