Table of Contents

Abstract 1
Introduction 2
Ethical Hacking 4
Methodology 8
o The Phases of Ethical Hacking 8
o Identifying Types of Hacking Technologies 11
o Identifying Types of Ethical Hacks 12
o Understanding Testing Types 14
Discussion 17
Conclusions and recommendations 19
References 21


Page 1

Abstract

Information security is the fastest growing area in the Information Technology
(IT) sector Security would be an easy process if all that had to be done were to
install a firewall and anti - virus software, but the reality is that securing
information requires a multi - layered approach. Obtaining this requires
adopting measures to prevent the unauthorised use, misuse, modification or
denial of use of knowledge, facts, data, or capabilities and it requires taking a
proactive approach to manage the risk. This is where ethical hackers come into
real play. Ethical hacking is an "art" in the sense that the "artist" must possess
the skills and knowledge of a potential attacker (to imitate an attack) and the
resources with which they mitigate the vulnerabilities used by attackers. Ethical
hacking is the process of analysing the imposed threat on a given system or
network by modelling the actions of an adversary.
This paper describes ethical hackers: their skills, their attitudes, and how they
go about helping their customers find and plug up security holes. The ethical
hacking process is explained in detail. Successful ethical hackers possess a
variety of skills. Primarily, they must be completely trustworthy. The ethical
hacker often holds the keys to the company," Modern security efforts have to
plan for the unplanned and anticipate attacks before they occur. Ethical Hacking
is in the boom and it is high time every company recognizes the need of a
potential professional ethical hacker. Ethical hacking is not just necessary; it is
inevitable.




Page 2

Introduction

The explosive growth of the Internet has brought many good things: electronic commerce,
easy access to vast stores of reference material, Collaborative computing, e-mail, and new
avenues for advertising and information distribution, to name a few. As with most
technological advances, there is also a dark side: criminal hackers. Governments, companies,
and private citizens around the world are anxious to be a part of this revolution, but they are
afraid that some hacker will break into their Web server and replace their logo with
pornography, read their e-mail, steal their credit card number from an on-line shopping site,
or implant software that will secretly transmit their organizations secrets to the open Internet.
With these concerns and others, the ethical hacker can help. This paper describes ethical
hackers: their skills, their attitudes, and how they go about helping their customers nd and
plug up security holes.

HACKING

Who are these Hackers?
The term "hacker" has a dual usage in the computer industry today. Originally, the term was
defined as an enthusiastic and skill full computer programmer or user. Recently, hacker has
taken on a new meaning and someone who maliciously breaks into systems for personal gain.
Technically, these criminals are crackers (criminal hackers). Crackers break
into (crack) systems with malicious intent.
Categories of Hacker
There are a number of categories of hackers such as Black Hats who are highly skilled, but
have malevolent and detrimental intent. White Hats, in contrast, are hackers who use their
talent to protect and defend networks. Grey Hats Hack for different reasons either ethically or
unethically depending on the situation and circumstances at hand. Script Kiddies uses
existing computer scripts or code to hack into computers, lacking the expertise to write their
own. Hacktivist are the computer hacker whose activity is aimed at promoting a social or
political cause. Corporations hire hackers to infiltrate the competition and steal trade secrets.
They may hack in from the outside or gain employment in order to act as a mole. Spy
Hackers may use similar tactics as hacktivists, but their only agenda is to serve their clients

Page 3

goals and be paid. Cyber Terrorists are those hackers, generally motivated by religious or
political beliefs, attempt to create fear and chaos by disrupting critical infrastructures.
HISTORY HIGHLIGHTS:
In one early ethical hack, the United States Air Force conducted a security evaluation of the
Multicast operating systems for potential use as a two-level (secret/top secret) system. With
the growth of computer networking, and of the Internet in particular, computer and network
vulnerability studies began to appear outside of the military establishment. Most notable of
these was the work by Farmer and Venema, which was originally posted to Usenet in
December of 1993.

Figure 1 History


Page 4

Ethical hacking
Ethical Hacking is the process of entering into a hackers mind set in order
to spot system vulnerabilities by performing typical hacks in a controlled
environment.
Ethical hacking also known as penetration testing or white-hat hacking
involves the same tools, tricks, and techniques that hackers use, but with one
major difference: Ethical hacking is legal. Ethical hacking is performed with the
targets permission. The intent of ethical hacking is to discover vulnerabilities
from a hackers viewpoint so systems can be better secured. Its part of an
overall information risk management program that allows for on-going security
improvements. Ethical hacking can also ensure that vendors claims about the
security of their products are legitimate.
What Do Ethical Hackers Do?
Ethical hacking is not a clandestine operation from the point of view of the
organization to which the ethical hacker belongs. It is done with appropriate
directions and it is meant to serve the desired objective and to test the working
of the system and the possible problems that it may encounter. White hats, the
skilled computer experts who are in a position to gauge the vulnerabilities in the
computer systems from every angle and will suggest procedures to plug the
loopholes. These loopholes, if not tackled well in time. May be exploited by
those working within the organization or by outside agencies-the competitors of
the company possibly, the black hats. White hats devise methods to counter
black hats to keep the secrets of the company secure and to protect its business
interest.
The technical difference between ethical hacking and hacking is zero but the
moral difference is substantive. The fact that the ethical hacker is able to protect
the system implies that he has the skills to penetrate or crash other systems and

Page 5

check moves by the prospective hacker to create mischief to the organization for
which the ethical hacker is working for. Therefore, the difference between a
white hat and a black hat is one of perspective. A black hat in an organization
can be the white hat for the other organizations if he switches employment.
Concerns about information theft:
Internet revolution and expertise in computer operations has created grave
problems relating to confidentiality of the data. Government organizations
dealing with defence of the country and security are at special risks. For
business establishments, details related to market strategy and other consumer
information are of supreme importance for chalking out future strategies. If the
enemy countries or business competitors are able to lay hands on the classified
information, serious troubles can be in store.so the establishments constantly
review the system and plug the loopholes to make it impenetrable. White hats
have a tremendous responsibility and the top management looks forward to
them with high hopes.
An ideal ethical hacker:
Apart from the formal knowledge about the working of computers, an ethical
hacker creates his own syllabus. For some computer-sawy individuals, this area
interests a lot and their creative genius finds an outlet. He is an original thinker,
who evaluates the issues outside the box and gives original solutions to prevent
encroachment by black hats. He is well versed in multiple computer codes and
strong in mathematics. They need to train the mind to experiment with the
destructive ideas, to enable to cause damage to the property of the intended
target by creating viruses etc.

Required Skills of an Ethical Hacker

Page 6

Routers Knowledge of routers, routing protocols, and access control
lists (ACLs). Certifications such a Cisco Certified Network Associate
(CCNA) or Cisco Certified Internetworking Expert (CCIE) can be
helpful.
Microsoft Skills in the operation, configuration, and management of
Microsoft-based systems. These can run the gamut from Windows NT to
Windows 2003. These individuals might be Microsoft Certified
Administrator (MCSA) or Microsoft Certified Security Engineer (MCSE)
certified.
Linux A good understanding of the Linux/UNIX OS. This includes
security setting, configuration, and services such as Apache. These
individuals may be Red Hat, or Linux+ certified.
Firewalls Knowledge of firewall configuration and the operation of
intrusion detection systems (IDS) and intrusion prevention systems (IPS)
can be helpful when performing a security test. Individuals with these
skills may be certified in Cisco Certified Security Professional (CCSP) or
Checkpoint Certified Security Administrator (CCSA).
Mainframes Although mainframes do not hold the position of
dominance they once had in business, they still are widely used. If the
organization being assessed has mainframes, the security teams would
benefit from having someone with that skill set on the team.
Network protocols Most modern networks are (TCP/IP), although you
might still find the occasional network that uses Novell or Apple routing
information. Someone with good knowledge of networking protocols, as
well as how these protocols function and can be manipulated, can play a
key role in the team. These individuals may possess certifications in other
OSes, hardware, or even possess a Network + or Security+ certification.

Page 7

Project management Someone will have to lead the security test team,
and if you are chosen to be that person, you will need a variety of the
skills and knowledge types listed previously. It can also be helpful to
have good project management skills. After all, you will be leading,
planning, organizing, and controlling the penetration test team.
Individuals in this role may benefit from having Project Management
Professional (PMP) certification.
On top of all this, ethical hackers need to have good report writing skills and
must always try to stay abreast of current exploits, vulnerabilities, and emerging
threats, as their goals are to stay a step ahead of malicious hackers.

Page 8

Methodology

The Phases of Ethical Hacking
The process of ethical hacking can be broken down into five distinct phases. An
ethical hacker follows processes similar to those of a malicious hacker. The
steps to gain and maintain entry into a computer system are similar no matter
what the hackers intentions are. Figure 1.1 illustrates the five phases that
hackers generally follow in hacking a computer system.

Figure 2 Phases of hacking
Phase 1: Passive and Active Reconnaissance
Passive reconnaissance involves gathering information about a potential target
without the targeted individual or companys knowledge. Passive
reconnaissance can be as simple as watching a building to identify what time
employees enter the building and when they leave. However, most

Page 9

reconnaissance is done sitting in front of a computer. When hackers are looking
for information on a potential target, they commonly run an Internet search on
an individual or company to gain information. Many of us have performed the
same search on our own name or a potential employer, or just to gather
information on a topic. This process when used to gather information regarding
a TOE is generally called information gathering. Social engineering and
dumpster diving are also considered passive information-gathering methods.
Sniffing the network is another means of passive reconnaissance and can yield
useful information such as IP address ranges, naming conventions, hidden
servers or networks, and other available services on the system or network.
Sniffing network traffic is similar to building monitoring: a hacker watches the
flow of data to see what time certain transactions take place and where the
traffic is going. Sniffing network traffic is a common hook for many ethical
hackers. Once they use some of the hacking tools and are able to see all the data
That is transmitted in the clear over the communication networks, they are eager
to learn and see more. Sniffing tools are simple and easy to use and yield a great
deal of valuable information. Many times this includes usernames, passwords,
and other sensitive data. This is usually quite an eye-opening experience for
many network administrators and security professionals and leads to serious
security concerns. Active reconnaissance involves probing the network to
discover individual hosts, IP addresses, and services on the network. This
process involves more risk of detection than passive reconnaissance and is
sometimes called rattling the doorknobs. Active reconnaissance can give a
hacker an indication of security measures in place (is the front door locked?),
but the process also increases the chance of being caught or at least raising
suspicion. Many software tools that perform active reconnaissance can be traced
back to the computer that is running the tools, thus increasing the chance of
detection for the hacker. Both passive and active reconnaissance can lead to the

Page 10

discovery of useful information to use in an attack. For example, it is usually
easy to find the type of web server and the operating system (OS) version
number that a company is using. This information may enable a hacker to find
vulnerability in that OS version and exploit the vulnerability to gain more
access.
Phase 2: Scanning
Scanning involves taking the information discovered during reconnaissance and
using it to examine the network. Tools that a hacker may employ during the
scanning phase include
o Diallers
o Port scanners
o Internet Control Message Protocol (ICMP) scanners
o Ping sweeps
o Network mappers
o Simple Network Management Protocol (SNMP) sweepers
o Vulnerability scanners
Hackers are seeking any information that can help them perpetrate an attack on
a target, such as the following:
Computer names
Operating system (OS)
Installed software
IP addresses
User accounts
Phase 3: Gaining Access
Phase 3 is when the real hacking takes place. Vulnerabilities exposed during the
reconnaissance and scanning phase are now exploited to gain access to the

Page 11

target system. The hacking attack can be delivered to the target system via a
local area network (LAN), either wired or wireless; local access to a PC; the
Internet; or offline. Examples include stack based buffer overflows, denial of
service, and session hijacking. Gaining access is known in the hacker world as
owning the system because once a system has been hacked, the hacker has
control and can use that system as they wish.
Phase 4: Maintaining Access
Once a hacker has gained access to a target system, they want to keep that
access for future exploitation and attacks. Sometimes, hackers harden the
system from other hackers or security personnel by securing their exclusive
access with backdoors, rootkits, and Trojans. Once the hacker owns the system,
they can use it as a base to launch additional attacks. In this case, the owned
system is sometimes referred to as a zombie system.
Phase 5: Covering Tracks
Once hackers have been able to gain and maintain access, they cover their
tracks to avoid detection by security personnel, to continue to use the owned
system, to remove evidence of hacking, or to avoid legal action. Hackers try to
remove all traces of the attack, such as log files or intrusion detection system
(IDS) alarms. Examples of activities during this phase of the attack include
o Steganography
o Using a tunnelling protocol
o Altering log files
Identifying Types of Hacking Technologies
Many methods and tools exist for locating vulnerabilities, running exploits, and
compromising systems. Once vulnerabilities are found in a system, a hacker can
exploit that vulnerability and install malicious software. Trojans, backdoors, and

Page 12

rootkits are all forms of malicious software, or malware. Malware is installed on
a hacked system after a vulnerability has been exploited. Buffer overflows and
SQL injection are two other methods used to gain access into computer
systems. Buffer overflows and SQL injection are used primarily against
application servers that contain databases of information.
Most hacking tools exploit weaknesses in one of the following four areas:
Operating Systems: Many system administrators install operating systems with
the default settings, resulting in potential vulnerabilities that remain unpatched.
Applications: Applications usually are not thoroughly tested for vulnerabilities
when developers are writing the code, which can leave many programming
flaws that a hacker can exploit. Most application development is feature-
driven, meaning programmers are under a deadline to turn out the most robust
application in the shortest amount of time.
Shrink-Wrap Code: Many off-the-shelf programs come with extra features the
common user is not aware of, and these features can be used to exploit the
system. The macros in Microsoft Word, for example, can allow a hacker to
execute programs from within the application.
Misconfigurations: Systems can also be misconfigured or left at the lowest
common security settings to increase ease of use for the user; this may result in
vulnerability and an attack.
Identifying Types of Ethical Hacks
Ethical hackers use many different methods to breach an organizations security
during a simulated attack or penetration test. Most ethical hackers have a
specialty in one or a few of the following attack methods. In the initial
discussion with the client, one of the questions that should be asked is whether
there are any specific areas of concern, such as wireless networks or social

Page 13

engineering. This enables the ethical hacker to customize the test to be
performed to the needs of the client. Otherwise, security audits should include
attempts to access data from all of the following methods.
Here are the most common entry points for an attack:
Remote Network- A remote network hack attempts to simulate an intruder
launching an attack over the Internet. The ethical hacker tries to break or find
vulnerability in the outside defences of the network, such as firewall, proxy, or
router vulnerabilities. The Internet is thought to be the most common hacking
vehicle, while in reality most organizations have strengthened their security
defences sufficient to prevent hacking from the public network.
Remote Dial-Up Network- A remote dial-up network hack tries to simulate an
intruder launching an attack against the clients modem pools. War dialling is
the process of repetitive dialling to find an open system and is an example of
such an attack. Many organizations have replaced dial-in connections with
dedicated Internet connections so this method is less relevant than it once was in
the past.
Local Network- A local area network (LAN) hack simulates someone with
physical access gaining additional unauthorized access using the local network.
The ethical hacker must gain direct access to the local network in order to
launch this type of attack. Wireless LANs (WLANs) fall in this category and
have added an entirely new avenue of attack as radio waves travel through
building structures. Because the WLAN signal can be identified and captured
outside the building, hackers no longer have to gain physical access to the
building and network to perform an attack on the LAN. Additionally, the huge
growth of WLANs has made this an increasing source of attack and potential
risk to many organizations.

Page 14

Stolen Equipment- A stolen-equipment hack simulates theft of a critical
information resource such as a laptop owned by an employee. Information such
as usernames, passwords, security settings, and encryption types can be gained
by stealing a laptop. This is usually a commonly overlooked area by many
organizations. Once a hacker has access to a laptop authorized in the security
domain, a lot of information, such as security configuration, can be gathered.
Many times laptops disappear and are not reported quickly enough to allow the
security administrator to lock that device out of the network.
Social Engineering- A social-engineering attack checks the security and
integrity of the organizations employees by using the telephone or face-to-face
communication to gather information for use in an attack. Social-engineering
attacks can be used to acquire usernames, passwords, or other organizational
security measures. Social-engineering scenarios usually consist of a hacker
calling the help desk and talking the help desk employee into giving out
confidential security information.
Physical Entry-A physical-entry attack attempts to compromise the
organizations physical premises. An ethical hacker who gains physical access
can plant viruses, Trojans, rootkits, or hardware key loggers (physical device
used to record keystrokes) directly on systems in the target network.
Additionally, confidential documents that are not stored in a secure location can
be gathered by the hacker. Lastly, physical access to the building would allow a
hacker to plant a rogue device such as a wireless access point on the network.
The hacker to access the LAN from a remote location could then use these
devices.
Understanding Testing Types
When performing a security test or penetration test, an ethical hacker utilizes
one or more types of testing on the system. Each type simulates an attacker with

Page 15

different levels of knowledge about the target organization. These types are as
follows:
Black Box-Black-box testing involves performing a security evaluation and
testing with no prior knowledge of the network infrastructure or system to be
tested. Testing simulates an attack by a malicious hacker outside the
organizations security perimeter. Black-box testing can take the longest amount
of time and most effort as no information is given to the testing team. Therefore,
the information-gathering, reconnaissance, and scanning phases will take a great
deal of time. The advantage of this type of testing is that it most closely
simulates a real malicious attackers methods and results. The disadvantages are
primarily the amount of time and consequently additional cost incurred by the testing
team.
White Box- White-box testing involves performing a security evaluation and testing
with complete knowledge of the network infrastructure such as a network
administrator would have. This testing is much faster than the other two methods as
the ethical hacker can jump right to the attack phase, thus bypassing all the
information-gathering, reconnaissance, and scanning phases. Many security audits
consist of white-box testing to avoid the additional time and expense of black box
testing.
Gray Box- Gray-box testing involves performing a security evaluation and testing
internally. Testing examines the extent of access by insiders within the network. The
purpose of this test is to simulate the most common form of attack, those that are
initiated from within the network. The idea is to test or audit the level of access given
to employees or contractors and see if those privileges can be escalated to a higher
level.
In addition to the various types of technologies a hacker can use, there are different
types of attacks. Attacks can be categorized as either passive or active. Passive and
active attacks are used on both network security infrastructures and on hosts. Active

Page 16

attacks alter the system or network they are attacking, whereas passive attacks attempt
to gain information from the system. Active attacks affect the availability, integrity,
and authenticity of data; passive attacks are breaches of confidentiality.
In addition to the active and passive categories, attacks are categorized as either inside
attacks or outside attacks. An attack originating from within the security perimeter of
an organization is an inside attack and usually is caused by an insider who gains
access to more resources than expected. An outside attack originates from a source
outside the security perimeter, such as the Internet or a remote access connection.


Page 17

Discussion

Understanding the true intentions of the public is quite a hard task these days,
and it is even harder so, to understand the intentions of every single ethical
hacker getting into vulnerable systems or networks. Technology is ever growing
and we are encountering tools that are beneficial to the public, but in the wrong
hands can create great controversy, breaching our basic right to privacy, respect
and freewill.
Ethical hacking nowadays is the backbone of network security. Each day its
relevance is increasing, the major pros & cons of ethical hacking are
given below:
Drawbacks of Ethical Hacking: As with all types of activities that have a darker
side, there will be dishonest people presenting drawbacks. The possible
drawbacks of ethical hacking include:
The ethical hacker using the knowledge they gain to do malicious hacking
activities.
Allowing the company is financial and banking details to be seen.
The possibility that the ethical hacker will send and/or place malicious
code, viruses, malware and other destructive and harmful things on a
computer system.
Massive security breach.
These are not common, however, they are something all company's should
consider when using the services of an ethical hacker.
Benefits of Ethical Hacking: Most of the benefits of ethical hacking are
obvious, but many are overlooked. The benefits range from simply preventing
malicious hacking to preventing national security breaches. The benefits

Page 18

include:
Fighting against terrorism and national security breaches.
Having a computer system that prevents malicious hackers from gaining
access.
Having adequate preventative measures in place to prevent security
breaches.
Future enhancements: As it is an evolving branch, the scope of enhancement in
technology is immense. No ethical hacker can ensure the system security by
using the same technique repeatedly. He would have to improve, develop and
explore new avenues repeatedly. More enhanced software should be used for
optimum protection. Tools used, need to be updated regularly and more
efficient ones need to be developed.


Page 19

Conclusions and Recommendations

To conclude the paper reports a lot of relevant information that will raise issues
in the future and whether the problem needs to be handled. Technology has
continued to grow at a high rate over the years and continues to do so; scholars
are putting themselves in vulnerable positions by helping individuals to hack.
The mind is a very powerful tool that has no control, the control will continue to
grow proportionally with the desire to get knowledge of something that is
impossible to achieve in its entity, but not forgotten in its entirety. Hackers will
always find ways of getting into systems, whether they are doing it for good or
bad.
One of the main aims of the seminar is to make others understand that there are
so many tools through which a hacker can get in to a system. Lets check its
various needs from various perspectives.
Student
A student should understand that no software is made with zero Vulnerability.
Therefore, while they are studying they should study the various possibilities
and should study how to prevent that because they are the professionals of
tomorrow.
Professionals
Professionals should understand that business is directly related to Security.
Therefore, they should make new software with vulnerabilities as less as
possible. If they are not aware of these then they wont be cautious enough in
security matters.
In the preceding sections, we saw the methodology of hacking, why should we
aware of hacking and some tools that a hacker may use. Now we can see what

Page 20

We can do against hacking or to protect ourselves from hacking.
The first thing we should do is to keep ourselves updated about those software
we and using for official and reliable sources.
Educate the employees and the users against black hat hacking.
Use every possible security measures like Honey pots, Intrusion Detection
Systems, Firewalls etc.
every time make our password strong by making it harder and longer to be
cracked.
Regular auditing, vigilant intrusion detection, good system administration
practice, and computer security awareness are all essential parts of an
organizations security efforts. A single failure in any of these areas could very
well expose an organization to cyber-vandalism, embarrassment, loss of
revenue or mind share, or worse. Any new technology has its benets and its
risks. While ethical hackers can help clients had better understand their security
needs, it is up to the clients to keep their guards in place.


Page 21

Reference

http://ishwer.zxq.net/hacking/ebook/Ethical%20hacking.pdf
http://media.techtarget.com/searchNetworking/downloads/hacking_for_d
ummies.pdf
http://www.ethicalhacker.net/content/view/21/2/
http://media.wiley.com/product_data/excerpt/07/04705252/0470525207.p
df
http://www.ijest.info/docs/IJEST11-03-05-186.pdf
http://www.koenig-solutions.com/training/EthicalHacker.pdf
http://www.thehackingarticles.com/2012/01/phases-of-ethical-
hacking.html#.UFzVIY0gdFX
http://www.gocertify.com/articles/ceh/Preparing-for-the-CEH-exam.html
http://www.go4expert.com/forums/showthread.php?t=11925