ETHICAL HACKING

ETHICAL HACKING

PRESENTED

BY

SWETA LEENA PANDA

HIGHLIGHTS

• Who is hacker• Different kinds of system attacks• Required Skills of an Ethical Hacker• Methodology of Hacking:• Virus Types• Security & Counter Measures• Advantages & Disadvantages

WHO IS HACKER

• A person who enjoys learning details of a programming language or

• system

• A person who enjoys actually doing the programming rather than

just theorizing about it

• A person capable of appreciating someone else's hacking

• A person who picks up programming quickly

• A person who is an expert at a particular programming language or system.

Different kinds of system attacks

Required Skills of an Ethical Hacker

• Microsoft: skills in operation, configuration and management.

• Linux: knowledge of Linux/Unix; security setting, configuration, and services.

• Firewalls: configurations, and operation of intrusion detection systems.

• Routers: knowledge of routers, routing protocols, and access control lists Mainframes

• Network Protocols: TCP/IP; how they function and can be manipulated.

• Project Management: leading, planning, organizing, and controlling a penetration testing team

Methodology of Hacking:

• Reconnaissance

• Scanning & Enumeration

• Gaining access

• Maintaining access

• clearing tracks

Reconnaissance:• The literal meaning of the word

reconnaissance means a preliminary survey to gain information. This is also known as foot-printing. This is the first stage in the methodology of hacking.

Scanning &Enumeration

• Scanning is the second phase in the hacking methodology in which

• the hacker tries to make a blue print of the target network.

Enumeration

• Enumeration is the ability of a hacker to convince some servers to give them information that is vital to them to make an attack.

Gaining access

• This is the actual hacking phase in which the hacker gains access to the system. The hacker will make use of all the information he collected in the pre-attacking phases.

Maintaining Access• Now the hacker is inside the system by

some means by password guessing or exploiting some of its vulnerabilities .In the network scenario the hacker will do it by uploading some software like Trojan horses, sniffers, key stroke loggers etc.

Clearing Tracks

• Now we come to the final step in the hacking. There is a saying that everybody knows a good hacker but nobody knows a great hacker .

Virus Types

VIRUS

A program that when run, has the ability to self-replicate by infecting other programs and files on your computer. The word virus has incorrectly become a general term that encompasses Trojans, worms, and viruses.

Boot Sector Virus

Boot sector viruses infect either the master boot record of the hard disk or the floppy drive.

Examples of boot- sector viruses are Michelangelo and Stoned.

File or Program Viruses

Some files/programs, when executed, load the virus in the memory and perform predefined functions to infect the system. They infect program files with extensions like .EXE, .COM, .BIN, .DRV and .SYS .

Some common file viruses are Sunday, Cascade.

Multipartite Viruses

• A multipartite virus is a computer virus that infects multiple different target platforms, and remains recursively infective in each target.

• Ghostball was the first multipartite virus, discovered by Fridrik Skulason in October 1989.Other examples are Invader, Flip, etc.

Stealth Viruses

These viruses are stealthy in nature means it uses various methods for hiding themselves to avoid detection. They sometimes remove themselves from the memory temporarily to avoid detection by antivirus.

Polymorphic Viruses

Polymorphic viruses have the ability to mutate implying that they change the viral code known as the signature each time they spread or infect. Thus an antivirus program which is scanning for specific virus codes unable to detect it's presence.

Macro Viruses

A macro virus is a computer virus that "infects" a Microsoft Word or similar application and causes a sequence of actions to be performed automatically. A macro virus is often spread as an e-mail virus. Well-known examples are Concept Virus and Melissa Worm.

Security & Counter Measures

Use of anti-viruses.Proper logout after use of mail id.Manual opening browser don't open spam.Password protected admin account.

Patch security hole often Encrypt important data

Ex) pgp, ssh Do not run unused daemon Remove unused setuid/setgid program Setup loghost

Backup the system often Setup firewall Setup IDS

Ex) snort

Hacking prone areas

Advantages

Provides security to banking and financial establishments

Prevents website defacementsAn evolving techniqueTo catch a thief you have to think like a

thief

Disadvantages

All depends upon the trustworthiness of the ethical hacker

Hiring professionals is expensive.

Please send suggestions and feedbacks I am waiting for your replay. THANK YOU