AASSA Conference 2012 Quito, Ecuador March 16th 2012 All the rights reserved. Instructor: Francisco Bolaños, Ing. InterAmerican InterAmerican Academy Academy Ethical Hacking a general overvi IT Department
Jan 02, 2016
AASSA Conference 2012
Quito, EcuadorMarch 16th 2012
All the rights reserved.Instructor: Francisco Bolaños, Ing.
InterAmerican AcademyInterAmerican AcademyInterAmerican AcademyInterAmerican Academy
Ethical Hacking a general overview
IT Department
Ethical hacking stages.
Security fundamentals.
Objectives.
All the rights reserved.Instructor: Francisco Bolaños, Ing.
TABLE OF CONTENTTABLE OF CONTENTTABLE OF CONTENTTABLE OF CONTENT
Conclusion.
All the rights reserved.Instructor: Francisco Bolaños, Ing.
OBJECTIVESOBJECTIVESOBJECTIVESOBJECTIVES
1. To show a general overview of what ethical hacking implies: Main concepts. Common vulnerabilities. Ethical hacking Stages/ Tools.
2. To create a baseline to apply professional methodologies for security audits such as: Open Source Security Testing Methodology Manual (OSSTMM). Information Systems Security Assessment Framework (ISSAT) ISO27001:2005.
All the rights reserved.Instructor: Francisco Bolaños, Ing.
SECURITY FUNADMANETALS: SECURITY FUNADMANETALS: MAIN CONCPETSSECURITY FUNADMANETALS: SECURITY FUNADMANETALS: MAIN CONCPETS
Security Information: It protects the information from a wide spectrum of threats, in order to ensure business continuity, minimize damage to the organization and maximize the return on investment and business opportunities.
Computer Security: It ensures the resources of the information systems (hardware or software) of an organization are used in the proper way.
Ethical Hacking: It is a penetration test of which the goal is to discover trophies throughout the network within the predetermined project time limit.(OSSTMM )
All the rights reserved.Instructor: Francisco Bolaños, Ing.
Security features:
Confidentiality: It keeps the information private; only the owner can access it. Example: Doctor-
Patient
Integrity:the information will remain the same.Example: Message sent: HelloMessage received: Hello
Availability:the information is available all the time without any kind of disruption.Example: Website 24/7
Accountability:It is the capacity of keeping track based on the generation of files.Example: Log system /IDS
SECURITY FUNADMANETALS: SECURITY FUNADMANETALS: MAIN CONCPETSSECURITY FUNADMANETALS: SECURITY FUNADMANETALS: MAIN CONCPETS
All the rights reserved.Instructor: Francisco Bolaños, Ing.
SECURITY FUNADMANETALS: SECURITY FUNADMANETALS: COMMON VULNERABILITIESSECURITY FUNADMANETALS: SECURITY FUNADMANETALS: COMMON VULNERABILITIES
Wrong router configurations. Remote Access Service (RAS) not secured and either monitored. Leakage of information. Unnecessary services. Weak passwords. Accounts with too many privileges. Internet services not well configured. Firewalls not well configured. Lack of patches or configurations by default. No authenticated services.
All the rights reserved.Instructor: Francisco Bolaños, Ing.
ETHICAL HACKING STAGESETHICAL HACKING STAGESETHICAL HACKING STAGESETHICAL HACKING STAGES
Footprinting Scanning and Enumeration
Vulnerability
AnalysisExploitation
- -- - Stages - -- -
- -- - - -- -- -- - - --
All the rights reserved.Instructor: Francisco Bolaños, Ing.
CONCLUSIONSCONCLUSIONSCONCLUSIONSCONCLUSIONS
1. IT staff should be trained on this topic to prevent security issues:2. Ethical hacking is a baseline for security audit methodologies.
3. Keep in mind that hacking is art and the security evaluation is science.
All the rights reserved.Instructor: Francisco Bolaños, Ing.
InterAmerican AcademyInterAmerican AcademyInterAmerican AcademyInterAmerican Academy
All the rights reserved.Instructor: Francisco Bolaños, Ing.
Scanning and Enumeration:
Scanning is based on Footprinting because with the information gathered from the Footprinting stage is possible to identify the resources of the target like: access points, open ports, active machines, uncovering services on ports and operating systems. Enumeration lists all the resources found in the scanning with the purpose of having a general network schema and possible vulnerabilities of it. .
Go Back
ETHICAL HACKING STAGESETHICAL HACKING STAGESETHICAL HACKING STAGESETHICAL HACKING STAGES
All the rights reserved.Instructor: Francisco Bolaños, Ing.
Footprinting: It is the technique of gathering information about the
target or victim . The more information you can get from this stage the more accurate your attack will be.
The purpose is to create a profile of the target and get familiar with it.
Go Back
ETHICAL HACKING STAGESETHICAL HACKING STAGESETHICAL HACKING STAGESETHICAL HACKING STAGES
All the rights reserved.Instructor: Francisco Bolaños, Ing.
Vulnerability Analysis: It is an active process in which the possible security holes
are confirmed or discarded based on the enumeration stage. .
Go Back
ETHICAL HACKING STAGESETHICAL HACKING STAGESETHICAL HACKING STAGESETHICAL HACKING STAGES
All the rights reserved.Instructor: Francisco Bolaños, Ing.
Exploitation:
In this stage the attacker is going to get access, escalate privileges and get or manipulate the data of his/her victim. In other words, the intruder will hack the company.
Go Back
ETHICAL HACKING STAGESETHICAL HACKING STAGESETHICAL HACKING STAGESETHICAL HACKING STAGES