Scribd
Upload
225 views21 pages

Ethical Hacking

The document discusses ethical hacking which involves using hacking techniques to test an organization's security systems with authorization. It defines hacking and different types of hackers such as white hat and black hat hackers. The steps of ethical hacking are described including footprinting, scanning, enumeration, attacking, and reporting. Specific techniques used at each step like port scanning and SQL injection are also explained. The document stresses the importance of security best practices like strong encryption and firewalls to protect against hacking attacks.

Uploaded by

Sarabjit Bagga
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
225 views21 pages

Ethical Hacking

The document discusses ethical hacking which involves using hacking techniques to test an organization's security systems with authorization. It defines hacking and different types of hackers such as white hat and black hat hackers. The steps of ethical hacking are described including footprinting, scanning, enumeration, attacking, and reporting. Specific techniques used at each step like port scanning and SQL injection are also explained. The document stresses the importance of security best practices like strong encryption and firewalls to protect against hacking attacks.

Uploaded by

Sarabjit Bagga
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 21

Ethical Hacking

Hacking
Hacking is an act of penetrating computer systems to gain knowledge about the system and how it works.
Hacking is the act of gaining access without legal authorization to a computer or computer network or network resources.

Hacking means making something work regardless of the circumstances

Hacking is not very complex

Ethical Hacking
Ethical hacking is the use of hacking knowledge to attempt to enter a network to find its loopholes and back doors.

It is often referred to as legalized hacking and yes it is indeed legal and can even reap a lot of profits for highly skilled individuals.

Hacker
Hackers are actually computer enthusiasts who know a lot about computers and computer networks and use this knowledge with a criminal intent. He is a person who uses his hacking skills and tool sets for destructive or offensive purposes such as disseminating viruses or performing DoS attacks to compromise or bring down systems and networks. Hackers are sometimes paid to damage corporate reputations or steal or reveal credit-card information

Types of Hackers
White hat Good guys Dont use their skills for illegal purposes Computer security experts Black hat Bad guys Use their skills for illegal purposes Criminals

Types of Hackers
Script kiddies Wannabe hackers No technical skills Have no clue about whats happening in Elite hackers Usually professionals Develop new attacks/tools

Why perform an ethical hack?


To determine flaws and vulnerabilities To provide a quantitative metric for evaluating systems and networks To measure against pre-established baselines To determine risk to the organization To design mitigating controls

Skills Required Becoming an Ethical Hacker


Criminal mindset

Thorough knowledge about Computer


programming, Networking and operating systems. highly targeted platforms (such as Windows, Unix, and Linux), etc.

Patience, persistence, and immense perseverance

Levels in Ethical Hacking

Ethical Hacking Steps

Footprinting

Gathering information of target information


Internet Domain name, network blocks, IP addresses open to Net, TCP and UDP services running, ACLs, IDSes Protocols (IP,NETBIOS), internal domain names, etc Phone numbers, remote control, telnet, authentication Connection origination, destination, type, access control

Intranet

Remote access

Extranet

Scanning

After obtaining a list of network and IP addresses scanning starts:

ping sweeps (active machines): user pinger in Windows and nmap in Linux/UNIX. This is an example of pinger.

TCP port scanning (open ports in active machines): SYN and connect scans work with most hosts. SYN is stealthier and may not be logged. In Windows NT use SuperScan and in Linux/UNIX use nmap. See an example of SuperScan. BUT, hackers use scripts with binary files, not graphical tools.
14

Types of Scanning
Scanning Type
Port scanning

Purpose
Determines open ports and services IP addresses

Network scanning

Vulnerability scanning

Presence of known weaknesses

Scanning Tools

Nmap

Nessus
SNMP Scanner

THC-Scan
Netscan

IPSecScan

Enumeration
After scanning process and is the process of gathering and compiling usernames, machine names, network resources, shares, and services. It also refers to actively querying or connecting to a target system to acquire this information.

Attack
SQL injection SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.

The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

SQL injection
During a SQL injection attack, malicious code is inserted into a web form field or the websites code to make a system execute a command shell or other arbitrary commands. Just as a legitimate user enters queries and additions to the SQL database via a web form, the hacker can insert commands to the SQL server through the same web form field.

Wireless Hacking Techniques


Cracking encryption and authentication mechanism Eavesdropping or sniffing Denial of Service AP masquerading or spoofing MAC spoofing

Wi-Fi network security


Use Strong Encryption Protocol Dont Announce Yourself-Disable SSID Change Default Administrator Passwords and Usernames Limit Access To Your Access Point Do Not Auto-Connect to Open Wi-Fi Networks Assign Static IP Addresses to Devices Enable Firewalls On Each Computer and the Router Position the Router or Access Point Safe

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy