Ethical Hacking

A Technical Seminar by
Vikas Bandaru
(2220212132)
GITAM University,
Hyderabad Campus
Contents

What is Hacking and its Effects?

Who is a Hacker and its types?
What is Ethical Hacking?
Phases of Hacking
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Covering Tracks
What is Hacking and its Effects?
DDoS Attacks
Internet Traffic
Who is a Hacker?

Hacker is a word that has two meanings:

 Traditionally, a hacker is someone
who likes to tinker with software or electronic systems.
enjoy exploiting and learning how computer systems
operate.
love discovering new ways to work electronically.
 Recently, a new meaning: someone
who maliciously breaks into systems for personal gain.
these criminals are crackers (criminal hackers) - with
malicious intent.
modify, delete or steal critical information.
Hacker Motivations

Black Hat Hackers – to get paid

White Hat Hackers – good guys
Script Kiddies – fame seekers
Hacktivists
Spy Hackers – steal trade secrets
Cyber Terrorists – to spread fear and terror
State Sponsored Hackers – “He who controls the
Web controls the world”
What’s the solution?
Ethical Hacking
Introduction

Ethical Hacking – also known as

Penetration Testing
White Hat Hacking
Intrusion Testing
Red Teaming.

“To catch a thief, think like a thief.”

Introduction

Ethical Hackers employ the same tools and

techniques as the intruders.
They neither damage the target systems nor steal
information.
The tool is not an automated hacker program
rather it is an audit that both identifies the
vulnerabilities of a system and provide advice on
how to eliminate them.
How Hacking be Ethical?

Code of Ethics by EC-Council:

1. Privacy

2. Legal Limits

3. Extreme Care
Who are Ethical Hackers?

The skills the Ethical Hackers should possess:

Must be completely trustworthy

Should have very strong programming and

computer networking skills and have been in
networking field for several years.

Should have more patience

Who are Ethical Hackers?

Continuous updating of knowledge on computer

and network security is required.

They should know the techniques of the

criminals, how their activities might be detected
and how to stop them.
Planning the Test

• Aspects that should be focused on:

Who should perform penetration testing?
How often the tests have to be conducted?
What are the methods of measuring and
communicating the results?
What if something unexpected happens during
the test and brings the whole system down?
What are the organization’s security policies?
Ethical Hacking – a dynamic
process

Penetration testing must be continuous to

ensure that system movements and newly
installed applications do not introduce new
vulnerabilities into the system.
Areas To Be Tested

Application Servers

Firewalls and Security Devices

Network Security

Wireless Security
Phases of Hacking

1. Reconnaissance

2. Scanning

3. Gaining Access

4. Maintaining Access

5. Clearing Tracks
Reconnaissance

Information Gathering
Sniffing the Network
Social Engineering
Types:
Active Reconnaissance – probing the network
 Risky, raises suspicion
Passive Reconnaissance – without the target’s
knowledge
 Social Engineering, Dumpster Diving
Scanning

Examining the Network - Enumeration

Tools:
Dialers
Port Scanners
Network Mappers
Vulnerability Scanners
Search for:
Computer names, IP Addresses, user accounts
Gaining Access

Real hacking happens here

Discovered vulnerabilities are exploited
Examples:
Stack-based buffer overflows
Denial of Service (DoS)
Session Hijacking
Maintaining Access

For future exploitation

Harden the System: backdoors, trojans, rootkits
Owned system – Zombie System
Covering Tracks

To avoid detection

To continue using owned system
To remove evidence of hacking
To avoid legal action
Examples:
Removing log files
Removing IDS alarms
Steganography
Ethical Hackers’ OS
Conclusion

Never underestimate the attacker or

overestimate our existing policies.
A company may be target not just for its
information but for its various transactions.
To protect against an attack, understanding
where the systems are vulnerable is necessary.
Ethical Hacking helps companies first
comprehend their risk and then, manage them.
Conclusion

Always security professionals are one step

behind the hackers and crackers.
Plan for the unplanned attacks.
The role of Ethical Hacking in security is to
provide customers with awareness of how they
could be attacked and why they are targeted.

“Security, though a pain” is necessary.

Bibliography

• http://www.cert.org
• http://www.eccouncil.org
• http://www.ethicalhacker.net
• http://www.astalavista.com
• http://hack-o-crack.blogspot.in
• http://www.offensive-security.org
Any Queries??