Ethical hacking
- 1. SEMINAR ON ETHICAL HACKING PRESENTED BY: DEVENDRA KUMAR YADAV 1 ELECTRICAL AND ELECTRONICS DEPARTMENT G. L. BAJAJ INSTITUTE OF TECHNOLOGY AND MANAGEMENT
- 2. CONTENT What is Hacking? What is Ethical Hacking? Types of Hackers Phases of Hacking Countermeasures Recent cases of Hacking References
- 3. What is Hacking? Hacking refers to exploiting system vulnerabilities and compromising security controls to gain unauthorised or inappropriate access to the system resources. It involves modifying system or application features to achieve a goal outside of the creator’s original purpose. Hacking can be used to steal and redistribute intellectual property leading to business loss.
- 4. What is Ethical Hacking? Ethical Hacking involves the use of hacking tools, tricks and techniques to identify vulnerabilities so as to ensure system security. It focuses on stimulating techniques used by attackers to verify the existence of exploitable vulnerabilities in the system.
- 5. Types of Hackers White Hat Black Hat Grey Hat Individuals professing hackers skills and using them for the defensive purpose also known as Security Analysts. Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as Crackers. Individuals who work both offensive and defensive at various works.
- 7. Hacking Phases: Reconnaissance Reconnaissance Scanning Gaining Access Maintaining Access Clearing Tracks Reconnaissance refers to a preparatory phase where an attackers seeks to gather information about a target prior to launching an attack. Could be the future point of return, noted for ease of entry for an attack when more about the target is known on a board scale. Reconnaissance target range may include the target organization’s clients employee, operations, network and systems.
- 8. Reconna issance Scanning Gaining Access Hacking Phases: Scanning Clearing Tracks Maintaining Access Pre-Attack Phase: Scanning refers to the pre-attack phase when the attackers scans the networks for specific information gathered during reconnaissance. Port Scanner: Scanning can include use of diameter, port scanner’s, network mapper, ping tools, vulnerabilities scanner etc. Extract Information: Attackers extract information such as live machines, port, port status, OS details, device type, system uptime, etc to launch attack.
- 9. Hacking Phases: Gaining Access Reconnai ssance Maintaining Access Clearing Tracks Scanning Gaining Access Gaining access refers to the point where the attacker obtains access to the operating system or applications on the computer or network. The Attackers can escalate privileges to obtain complete control of the system. In the process, intermediate systems that are connected to it are also compromised. The attacker can gain access at the operating system level, application level, or network level. Example include password cracking, buffer overflows, denial of service, session hijacking etc.
- 10. Hacking Phase: Maintaining Access Reconnai ssance Maintaining Access Scanning Gaining Access Clearing Tracks Maintaining access refers to the phase when the attackers tries to retain his or her ownership of the system. Attackers may prevent the system from being owned by other attackers by securing their exclusive access with Blackdoor, Rootkits, or Trojans. Attackers can upload, download or manipulate data, applications and configurations on the owned system. Attackers use the compromised system to launch further attacks
- 11. Hacking Phase: Clearing Tracks Reconnais sance Scanning Gaining Access Maintaining Access Clearing Tracks Covering tracks refers to the activities carried out by an attacker to hide malicious acts. The attackers intentions includes: Continuing access to the victim’s system, remaining unnoticed and uncaught, deleting evidence that might lead to his prosecution. The attackers overwrites the serve, system and application logs to avoid suspicion.
- 12. Countermeasures Do not responds to the Phishing email and calls. Regularly change password of the accounts & try to use special characters in the password. To avoid atm fraud try not to swipe atm card at any random shop & change pin within months. Do not reveal any personal information on the social networking sites such as on Facebook and Twitter.
- 13. Recent Cases of Hacking In August 2013, 1 billion yahoo mail account passwords has been leaked and the information were compromised. This is one of biggest data breach in the history. 3.2 million SBI bank account was hacked by the hackers of China and unauthorised transection is done, this is the biggest breach in the history of the Indian bank.
- 14. References Kimberly Graves. “CEH: Certified Ethical Hacker Study Guide”, John Wiley & Sons, Inc. C. Palmer. “Ethical hacking”, IBM SYSTEMS JOURNAL, VOL 40, NO 3, 2001. Steven DeFino, Larry Greenblatt. “CEH: Certified Ethical Hacker Review Guide version7.1” Ethical Hacking – GIAC, URL: www.giac.org/paper/gsec/2468/ethical- hacking/104292