Cyber Ethics Hacking

By
LOKAM.RAJASHEKAR


Session Flow
Why Security?
Hacking Introduction
Hacker Communities
Types of Hackers.
Malicious Hacker Strategies
Ethical Hacker Strategies
Steps for conducting Ethical Hacking.
Importance of Vulnerability Research.
Vulnerability Research References.
Conclusion.

Why Security?
Increasing use of Complex computer infrastructure.
Increasing use of Network elements & applications.
Decreasing level of skill set.

Why Security?
Any Security breach in company will affect its asset &
goodwill.

Any Security breach in government can affect its
operations & reputation.






Hacking - Definition
The Art of exploring various security breaches is termed as
Hacking.

Its an anti-society activity.

It says, there always exists more than one way to solve the
problem.

The terms Hacker and Hacking are being misinterpreted
and misunderstood with negative sidelines.
Communities of Hackers
Hackers

Crackers

Phreaks

Script Kiddies


Hackers Who are they?
Hackers are Intelligent Computer Professionals.

Motive/Intent

To gain in-depth knowledge of a system, whats happening at the
backend, behind the screen.

To find possible security vulnerabilities in a system.

They create security awareness by sharing knowledge. Its a team
work.

Crackers/Attackers
An Individuals who break into computers with malicious intent.

Motive/Intent

To seek unauthorized access into a system and cause damage or
destroy or reveal confidential information.

To compromise the system to deny services to legitimate users for
troubling, harassing them or for taking revenge.

Effects- Can cause financial losses & image/reputation damages,
defamation in the society for individuals or organizations
Crackers/Attackers
An Individuals who break into computers with malicious intent.

Motive/Intent

To seek unauthorized access into a system and cause damage or
destroy or reveal confidential information.

To compromise the system to deny services to legitimate users for
troubling, harassing them or for taking revenge.

Effects- Can cause financial losses & image/reputation damages,
defamation in the society for individuals or organizations
Phreaks
Phreaks These are persons who use computer devices and
software to break into phone networks.

Motive/Intention- To find loopholes in security in phone network
and to make phone calls at free of cost!!!

Effects- You may have to big amount of phone bills, for doing
nothing!!!
Script Kiddies
Script Kiddies These are persons not having technical skills to hack
computers.

Motive/Intention- They use the available information about known
vulnerabilities to break into remote systems.

Its an act performed for a fun or out of curiosity.
Hats Off?
White Hat Hackers They use their knowledge and skill set for
good, constructive intents. They find out new security loopholes and
their solutions.

E.g.- LIKE ME.. As Im Doing It Right Now ( I Hope So!!!)

Black Hat Hacker- They use their knowledge and skill set for illegal
activities, destructive intents.

E.g.- to gain money (online robbery), to take revenge. Disgruntled
Employees is the best example of Black Hats. Attackers (Black Hat
Hackers) are not at all concerned with security professionals (White
Hat hackers). Actually these hackers are Bad Guys!!!
Malicious Hacker Strategies
Ethical Hacker Strategies
The one who can hack it, can only secure it

If you want to catch criminal then youll have to think like criminal

What to protect?
How to protect?
Against whom?
How much resources needed?

Ethical Hacker Strategies
The one who can hack it, can only secure it

If you want to catch criminal then youll have to think like criminal

What to protect?
How to protect?
Against whom?
How much resources needed?

Ethical Hacker Strategies
Understand Client Requirements for Security / Vulnerability Testing.

In Preparation Phase, EH will sign an NDA with the client.

Internal / External Testing.

Conduct Network Security Audits/ VAPT.

Risk Assessment & Mitigation

Documenting Auditing Reports as per Standards.

Submitting Developer as well as remediation reports.

Implement remediation for found vulnerabilities.
Vulnerability Research
Vulnerability research is process of finding vulnerabilities, threats &
loopholes in Server/ System /Network.

Includes Vulnerability Assessment & Penetration Testing.

Vulnerability notes can be search on internet via Number, CVE.



Vulnerability Research References
Common Vulnerability database is available at

http://cve.mitre.org/

National Vulnerability Database is available at

http://web.nvd.nist.gov/

US CERT also publishes CVD on http://www.us-cert.gov

1. Contains Alerts which can be helpful to administrator.
2. It doesnt contain solutions.


Vulnerability Research References
Indian CERT also published advisory notes, incident notes &
defacement statistics.
Vulnerability Research References
Secunia also published Vulnerability Notes,Advisories.
Vulnerability Research References
Zone h published deface images of web attacks.
Vulnerability Research References
Zone h maintains archive of deface webpages which can be sorted
out by attacker name & country.
Vulnerability Research References
HackerWatch lets you report and share information that helps
identify, combat, and prevent the spread of Internet threats and
unwanted network traffic.
Conclusion
Security is important because prevention is better than cure.

Community of Hackers.

Security Involves five phases.

Ethical Hacking involves Conducting Security Audits, Vulnerability
Assessment & Penetration testing

Vulnerability Research is process of discovering different
vulnerabilities in technology & applications.