Vous êtes sur la page 1sur 24

Under the guidance of Miss.

ANJU VIJAYAN

Presented By ROHINI V
1

INTRODUCTION
With the growth of the Internet, computer security has become a major concern for businesses and governments. Worried about the possibility of being hacked Solution :Ethical hacking ,also known as penetration testing or white-hat hacking This paper describes ethical hackers: their skill their attitude 2 how they go about helping their customers

Security
Security is the condition of being protected against danger or loss

In networks, security is also called the information security


Described in terms of CIA triads.

C:- Confidentiality I:- Integrity A:-Availability


1. Confidentiality : passive person should not see those data 2.Integrity :data cannot be modified without authorization 3. Availability : information must be available when it is needed
3

Need for security


Systems are damaged by intruders

Several forms of damage will occur


lose of confidential data damage or destruction of data damage or destruction of computer system loss of reputation of a company

Hacking
two definitions: 1st refers to the hobby/profession of working with computers. 2nd refers to breaking into computer systems. HACKER A person who enjoys learning details of a programming language or system A person who enjoys actually doing the programming rather than just theorizing about it A person who picks up programming quickly A person who is an expert at a particular programming language or system
5

Types of Hackers
3 types of hackers: Black-Hat Hacker
hackers use their knowledge and skill for their own personal gains probably by hurting others. White-Hat Hacker hacker skills and using them for defensive purposes

Grey-Hat Hackers
Individuals who work both offensively and defensively

Can Hacking Be Done Ethically?


Answer is yes. because to catch a thief, think like a thief Above is the basis for ethical hacking

Skills needed for ethical hackers


Ethical hackers possess a variety of skills: Completely trustworthy Strong programming and computer networking skills Patience

What do an Ethical Hacker do?


1) Tries to get in to the system 2) Find vulnerability.

3) Report to the company about vulnerability.


4) Make patches for that particular vulnerability

Methodology of Hacking
Include five steps.. 1. Reconnaissance 2. Scanning & Enumeration 3. Gaining access 4. Maintaining access 5. Clearing tracks

10

1) Reconnaissance

First stage Preliminary survey to gain information

Many tools are there:


1.Google: search engines used in the Internet specialized keywords for searching

2. Samspade: provides us information about a particular host


11

Reconnaissance cont

12

Fig:Samspade GUI

Reconnaissance cont 3.Email Tracker and Visual Route software which helps us to find from which server does the mail actually came from.

Visual route gives actual location of the server with the help of IP addresses
13

2)Scanning & Enumeration


Make a blue print of the target network Includes the ip addresses of the target network which are live. Different tools used for scanning are: 1. War Dialing: Computer program used to identify the phone numbers that can successfully make a connection with a computer modem
14

Scanning & Enumeration cont

2.Pingers Use Internet Control Message Protocol(ICMP) packets Principle: Automated software which sends the ICMP packets to different machines and checking their responses 3.Port Scanning

Determine what ports are open or in use on a system or network


15

Scanning & Enumeration cont

Enumeration Ability of a hacker to convince some servers to give them information that is vital to them to make an attack Done by using 1) Null sessions

Created by keeping the user name and password as null After this ,NBTscan is used 2) SNMP (Simple Network Management Protocol )
16

3)Gaining access
Make use of all the information collected in the pre attacking phases Hindrance to gain access :Password 1. Password Cracking
Dictionary cracking

Brute force cracking


Hybrid cracking
Social Engineering
17

Gaining access cont..


2. Man in the Middle Attack hacker, the man in the middle

All the traffic between a host and a client to go through the hacker system

18

4) Maintaining Access
Make an easier path to get in when he comes the next time 1:Key Stroke Loggers record every movement of the keys in the keyboard

middle man between the keyboard driver and the CPU

19

Maintaining Access cont..


2:Trojan Horses & Backdoors

destructive program
do not replicate

3:Wrappers
malicious data hidden from the administrator and other usual user wrap their contents to some pictures, greeting cards Software:Elitewrap
20

5)Clearing Tracks

Everybody knows a good hacker but nobody knows a great hacker Tool used: 1:Winzapper

21

CONCLUSION
Ethical Hacking is a legal hacking performed with the targets permission
Increase

security protection by identifying and patching known security vulnerabilities on systems

22

23

24