Ethical Hacking

Presented by:Amit A.

Pardeshi [2642]

Traditionally:. .  Technically. Discovering new ways to work electronically.A hacker is someone who likes to tinker with software or electronic systems. profit. New Meaning:. and even revenge. Exploring and learning how computer systems operate.fame. these are ´crackersµ .  Personal gain: .Someone who maliciously breaks into systems with malicious intent for personal gain.

and tools of a hacker but is also ´trustworthy ´ .  Ethical hacker possesses the skills. tricks.  Ethical hackers perform the hacks as security tests for their systems. but with one major difference. mindset. and techniques that hackers use.  Overall information risk management program for ongoing security improvements.  Ethical hacking can ensure that vendors· claims about the security of their products are legitimate.  To discover vulnerabilities from a hacker·s viewpoint. Involves the same tools.Ethical hacking is performed with the target·s permission.

 The more combinations you try ³ the more you test whole systems instead of individual units ³ the better your chances of discovering vulnerabilities that affect everything as a whole.  Basis for ethical hacking To catch a thief. it·s a matter of time before the vulnerabilities are exploited. think like a thief.Attacking your own systems to discover vulnerabilities is a step to making them more secure.  Ethical hacker knows what to look for and how to use that information to thwart hackers· efforts.  If you don·t identify weaknesses. .  Ethical hacker must know the activities of hackers and how to stop their efforts. This is the only proven method of greatly hardening your systems from attack.  It·s important to protect your systems from known vulnerabilities and common hacker attacks.

Enumerate vulnerabilities and. if necessary. Apply results to remove vulnerabilities and better secure your system. . prove to upper management that vulnerabilities exist.Hack your systems in a non-destructive fashion.

 Exploiting weaknesses in network transport mechanisms. . revealing confidential information in clear text. such as TCP/IP. or other areas containing critical information or property. which leads to social-engineering exploits.  Physical Attacks: Hackers break into buildings. because many networks can be reached via Internet.Non-technical attacks  Humans are trusting by nature. Network-infrastructure attacks  Easy Attacks.  Installing a network analyzer on a network and capturing every packet that travels across it.  Connecting into a network through a rogue modem attached to a computer behind a firewall.  Social engineering is defined as the exploitation of the trusting nature of human beings to gain information for malicious purposes. computer rooms.

 Prefer attacking operating systems like Windows and Linux because they are widely used and better known for their vulnerabilities.Operating-system attacks  Hacking OS is a preferred method of the bad guys.  Examples: Cracking passwords and encryption mechanisms  Attacking built-in authentication systems  Breaking file-system security  Exploiting specific protocol implementations .

. The misuse of information is absolutely forbidden. No hidden agendas are allowed Trustworthiness is the ultimate tenet. Respecting privacy  Treat the gathered information with the utmost respect.Working ethically      Working with high professional morals and principles.  Information obtained during your testing ³ from Web-application log files to clear-text passwords ³ must be kept private.  Consider sharing of information with the appropriate manager. Must support the company·s goals.

Not crashing your systems  The main reason is poor planning.  Running too many tests too quickly on a system causes many system lockups.  The hackers/testers misunderstanding the usage and power of the security tools and techniques.  Using security-assessment tools can control the number of tests that are performed on a system at the same time.  Avoid Crashing  By easily creating DoS conditions on systems when testing. .

Sign up to vote on this title
UsefulNot useful