Scribd
Upload
153 views10 pages

Ethical Hacking Essentials

The document discusses the differences between traditional hackers, new hackers known as crackers who break into systems maliciously, and ethical hackers who test systems with permission to find vulnerabilities. It explains that ethical hacking involves using the same tools as hackers but to improve security by discovering vulnerabilities, and outlines some common attack types like operating system and network attacks that ethical hackers may test for. It stresses the importance of ethical hackers working with trust, respecting privacy, and not crashing systems during security tests.

Uploaded by

pamit256643
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
153 views10 pages

Ethical Hacking Essentials

The document discusses the differences between traditional hackers, new hackers known as crackers who break into systems maliciously, and ethical hackers who test systems with permission to find vulnerabilities. It explains that ethical hacking involves using the same tools as hackers but to improve security by discovering vulnerabilities, and outlines some common attack types like operating system and network attacks that ethical hackers may test for. It stresses the importance of ethical hackers working with trust, respecting privacy, and not crashing systems during security tests.

Uploaded by

pamit256643
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

Presented by:-

Amit A. Pardeshi [2642]


 Traditionally:- A hacker is someone who likes to tinker
with software or electronic systems.

▪ Exploring and learning how computer systems operate.


▪ Discovering new ways to work electronically.

 New Meaning:- Someone who maliciously breaks into


systems with malicious intent for personal gain.

 Technically, these are “crackers” .


 Personal gain: - fame, profit, and even revenge.
 Ethical hacking is performed with the target’s
permission.
 To discover vulnerabilities from a hacker’s viewpoint.
 Overall information risk management program for ongoing security
improvements.
 Ethical hackers perform the hacks as security tests for their systems.

 Involves the same tools, tricks, and techniques that


hackers use, but with one major difference.

 Ethical hacking can ensure that vendors’ claims about the security of their
products are legitimate.
 Ethical hacker possesses the skills, mindset, and tools of a hacker but is also
“trustworthy “
 Attacking your own systems to discover vulnerabilities is a step to
making them more secure.
 This is the only proven method of greatly hardening your systems from attack.
 If you don’t identify weaknesses, it’s a matter of time before the vulnerabilities are exploited.

 Basis for ethical hacking


 To catch a thief, think like a thief.
 Ethical hacker must know the activities of hackers and how to stop their efforts.
 Ethical hacker knows what to look for and how to use that information to thwart hackers’
efforts.

 It’s important to protect your systems from known vulnerabilities


and common hacker attacks.
 The more combinations you try — the more you test whole systems instead of individual
units — the better your chances of discovering vulnerabilities that affect everything as a
whole.
 Hack your systems in a non-destructive fashion.

 Enumerate vulnerabilities and, if necessary, prove to


upper management that vulnerabilities exist.

 Apply results to remove vulnerabilities and better


secure your system.
 Non-technical attacks
 Humans are trusting by nature, which leads to social-engineering exploits.
 Social engineering is defined as the exploitation of the trusting nature of
human beings to gain information for malicious purposes.
 Physical Attacks: Hackers break into buildings, computer rooms, or other
areas containing critical information or property.

 Network-infrastructure attacks
 Easy Attacks, because many networks can be reached via Internet.
 Installing a network analyzer on a network and capturing every packet that
travels across it, revealing confidential information in clear text.
 Connecting into a network through a rogue modem attached to a computer
behind a firewall.
 Exploiting weaknesses in network transport mechanisms, such as TCP/IP.
 Operating-system attacks

 Hacking OS is a preferred method of the bad guys.


 Prefer attacking operating systems like Windows and Linux because they are
widely used and better known for their vulnerabilities.

 Examples:-
 Cracking passwords and encryption mechanisms
 Attacking built-in authentication systems
 Breaking file-system security
 Exploiting specific protocol implementations
 Working ethically

 Working with high professional morals and principles.


 Must support the company’s goals.
 No hidden agendas are allowed
 Trustworthiness is the ultimate tenet.
 The misuse of information is absolutely forbidden.

 Respecting privacy

 Treat the gathered information with the utmost respect.


 Information obtained during your testing — from Web-application log files
to clear-text passwords — must be kept private.
 Consider sharing of information with the appropriate manager.
 Not crashing your systems
 The main reason is poor planning.
 The hackers/testers misunderstanding the usage and power of the security
tools and techniques.
 Running too many tests too quickly on a system causes many system
lockups.

 Avoid Crashing
 By easily creating DoS conditions on systems when testing.
 Using security-assessment tools can control the number of tests that are
performed on a system at the same time.

You might also like