Transcript
Cyber Ethics – Hacking IntroductionIntroduction
By
Sunny Vaghela
Session Flow
• Why Security?•Hacking – Introduction•Hacker Communities•Types of Hackers.•Malicious Hacker Strategies•Ethical Hacker Strategies•Ethical Hacker Strategies•Steps for conducting Ethical Hacking.•Importance of Vulnerability Research.•Vulnerability Research References.•Conclusion.
Why Security?
• Increasing use of Complex computer infrastructure.• Increasing use of Network elements & applications.• Decreasing level of skill set.
Why Security?
• Any Security breach in company will affect its asset &goodwill.
•Any Security breach in government can affect itsoperations & reputation.
Hacking - Definition
• The Art of exploring various security breaches is termed as Hacking.
•It’s an anti-society activity.
•It says, there always exists more than one way to solve the •It says, there always exists more than one way to solve the problem.
•The terms Hacker and Hacking are being misinterpreted and misunderstood with negative sidelines.
Communities of Hackers
• Hackers
• Crackers
• Phreaks
• Script Kiddies • Script Kiddies
Hackers – Who are they?
• Hackers are Intelligent Computer Professionals.
•Motive/Intent –
ØTo gain in-depth knowledge of a system, what’s happening at the backend, behind the screen.
ØTo find possible security vulnerabilities in a system.
ØThey create security awareness by sharing knowledge. It’s a team work.
Crackers/Attackers
•An Individuals who break into computers with malicious intent.
•Motive/Intent –
Ø To seek unauthorized access into a system and cause damage or destroy or reveal confidential information.
ØTo compromise the system to deny services to legitimate users for troubling, harassing them or for taking revenge.
•Effects- Can cause financial losses & image/reputation damages, defamation in the society for individuals or organizations
Crackers/Attackers
•An Individuals who break into computers with malicious intent.
•Motive/Intent –
Ø To seek unauthorized access into a system and cause damage or destroy or reveal confidential information.
ØTo compromise the system to deny services to legitimate users for troubling, harassing them or for taking revenge.
•Effects- Can cause financial losses & image/reputation damages, defamation in the society for individuals or organizations
Phreaks
•Phreaks – These are persons who use computer devices and software to break into phone networks.
•Motive/Intention- To find loopholes in security in phone network and to make phone calls at free of cost!!!
•Effects- You may have to big amount of phone bills, for doing •Effects- You may have to big amount of phone bills, for doing nothing!!!
Script Kiddies
•Script Kiddies – These are persons not having technical skills to hack computers.
•Motive/Intention- They use the available information about known vulnerabilities to break into remote systems.
•It’s an act performed for a fun or out of curiosity.•It’s an act performed for a fun or out of curiosity.
Hats Off?
• White Hat Hackers – They use their knowledge and skill set for good, constructive intents. They find out new security loopholes and their solutions.
E.g.- LIKE ME.. As I’m Doing It Right Now ( I Hope So!!!)
• Black Hat Hacker- They use their knowledge and skill set for illegal • Black Hat Hacker- They use their knowledge and skill set for illegal activities, destructive intents.
E.g.- to gain money (online robbery), to take revenge. Disgruntled Employees is the best example of Black Hats. Attackers (Black Hat Hackers) are not at all concerned with security professionals (White Hat hackers). Actually these hackers are Bad Guys!!!
Malicious Hacker Strategies
Ethical Hacker Strategies
“The one who can hack it, can only secure it”
“If you want to catch criminal then you’ll have to think like criminal”
• What to protect?• How to protect?• Against whom?• Against whom?• How much resources needed?
Ethical Hacker Strategies
“The one who can hack it, can only secure it”
“If you want to catch criminal then you’ll have to think like criminal”
• What to protect?• How to protect?• Against whom?• Against whom?• How much resources needed?
Ethical Hacker Strategies
•Understand Client Requirements for Security / Vulnerability Testing.
• In Preparation Phase, EH will sign an NDA with the client.
• Internal / External Testing.
• Conduct Network Security Audits/ VAPT.• Conduct Network Security Audits/ VAPT.
• Risk Assessment & Mitigation
•Documenting Auditing Reports as per Standards.
•Submitting Developer as well as remediation reports.
• Implement remediation for found vulnerabilities.
Vulnerability Research
• Vulnerability research is process of finding vulnerabilities, threats & loopholes in Server/ System /Network.
• Includes Vulnerability Assessment & Penetration Testing.
• Vulnerability notes can be search on internet via Number, CVE.
Vulnerability Research References
• Common Vulnerability database is available at
http://cve.mitre.org/
•National Vulnerability Database is available at
http://web.nvd.nist.gov/http://web.nvd.nist.gov/
• US – CERT also publishes CVD on http://www.us-cert.gov
1. Contains Alerts which can be helpful to administrator.2. It doesn’t contain solutions.
Vulnerability Research References
• Indian CERT also published advisory notes, incident notes & defacement statistics.
Vulnerability Research References
• Secunia also published Vulnerability Notes,Advisories.
Vulnerability Research References
•Zone –h published deface images of web attacks.
Vulnerability Research References
•Zone –h maintains archive of deface webpages which can be sorted out by attacker name & country.
Vulnerability Research References
•Milw0rm Maintains latest vulneability notes,white papers,videos.
Vulnerability Research References
• HackerWatch lets you report and share information that helpsidentify, combat, and prevent the spread of Internet threats andunwanted network traffic.
Conclusion
• Security is important because prevention is better than cure.
• Community of Hackers.
• Security Involves five phases.
• Ethical Hacking involves Conducting Security Audits, Vulnerability • Ethical Hacking involves Conducting Security Audits, Vulnerability Assessment & Penetration testing
• Vulnerability Research is process of discovering different vulnerabilities in technology & applications.
top related