Aswini.S III MCA

Ethical hacking- also known as penetration testing or intrusion testing or red teaming has become a major concern for businesses and governments. Companies are worried about the possibility of being ³hacked´ and potential customers are worried about maintaining control of personal information. Necessity of computer security professionals to break into the systems of the organisation.

The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them.INTRODUCTION Ethical hackers employ the same tools and techniques as the intruders. . They neither damage the target systems nor steal information.

PLANNING THE TEST Aspects that should be focused on:  Who should perform penetration testing?  How often the tests have to be conducted?  What are the methods of measuring and communicating the results?  What if something unexpected happens during the test and brings the whole system down?  What are the organization's security policies? .

The minimum security policies that an organization should posses           Information policy Security policy Computer use User management System administration procedures Incident response procedures Configuration management Design methodology Disaster methodology Disaster recovery plans. .

.Ethical hacking. Penetration testing must be continuous to ensure that system movements and newly installed applications do not introduce new vulnerabilities into the system.a dynamic process Running through the penetration test once gives the current set of security issues which subject to change.

. Should have very strong programming and computer networking skills and have been in networking field for several years.Who are ethical hackers The skills ethical hackers should posses They must be completely trustworthy.

They should know the techniques of the criminals. .Who are ethical hackers Should have more patience. Continuous updating of the knowledge on computer and network security is required. how their activities might be detected and how to stop them.

. white box testing.Choice of an ethical hacker  An independent external agency.  An expertise with in your own organization. black box testing.

AREAS TO BE TESTED Application servers Firewalls and security devices Network security Wireless security .

Red Team-Multilayered Assessment Various areas of security are evaluated using a multilayered approach. ‡ Each area of security defines how the target will be assessed. ‡ An identified vulnerability at one layer may be protected at another layer minimizing the associated risk of the vulnerability. .

A revolving process .Information security (INFOSEC).


library of congress website was attacked. On January 17. resulting in loss of revenue and ³mind share´. 2000. .  During the attacks.S. a U.  They try to do something spectacular to exhibit their talents.Attacks on Websites:Denial of service attack  Some hackers hack your websites just because they can. customers were unable to reach the websites.  Their comes the denial of service attack.



The ethical hack itself Testing itself poses some risk to the client. Additional intrusion monitoring software can be deployed at the target. . Best approach is to maintain several addresses around the internet from which ethical hackers originate. Criminal hacker monitoring the transmissions of ethical hacker could trap the information.

. Social engineering. Stolen laptop computer. Remote dial-up network.IBM¶S Immune system for Cyber space Any of the following combination may be used Remote network. Physical entry. Local network.


The way to protect the information is to be aware of how it may be used. The same information used to aid a company can be used to compete with the company. It is legal collection and analysis of information regarding the vulnerabilities of the business partners.Competitive Intelligence A systematic and ethical program for maintaining external information that can affect your company¶s plans. .

Conduct drills on emergency response procedures. Assess risk. . Assist in the decision making process. Mitigate risk immediately.Information Security Goals Improve IS awareness.

Conclusions Never underestimate the attacker or overestimate our existing posture. manage them. understanding where the systems are vulnerable is necessary. To protect against an attack. A company may be target not just for its information but potentially for its various transactions. . Ethical hacking helps companies first comprehend their risk and then.

. ³Security though a pain´.Conclusions Always security professionals are one step behind the hackers and crackers. Plan for the unplanned attacks. is necessary. The role of ethical hacking in security is to provide customers with awareness of how they could be attacked and why they are targeted.´Information Technology´ journal.References 3.august 2.www.september.IEEE journal on" security and privacy´ .com/journals 4.www.research.published by 5. 6.

Thank You .

Sign up to vote on this title
UsefulNot useful