04-04-2012, 02:54 PM
ETHICAL HACKING
ETHICAL HACKING.ppt (Size: 939.5 KB / Downloads: 56)
Ethical Hacking
It is Legal
Permission is obtained from the target
Part of an overall security program
Identify vulnerabilities visible from Internet at particular point of time
Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner
Ethical Hacking
Independent computer security Professionals breaking into the computer systems.
Neither damage the target systems nor steal information.
Evaluate target systems security and report back to owners about the vulnerabilities found.
Ethical Hackers but not Criminal Hackers
Completely trustworthy.
Strong programming and computer networking skills.
Learn about the system and trying to find its weaknesses.
Techniques of Criminal hackers-Detection-Prevention.
Published research papers or released security software.
No Ex-hackers.
Ethical Hacking - Process
Preparation
Footprinting
Enumeration & Fingerprinting
Identification of Vulnerabilities
Attack – Exploit the Vulnerabilities
Preparation
Identification of Targets – company websites, mail servers, extranets, etc.
Signing of Contract
Agreement on protection against any legal
issues.
Contracts to clearly specifies the limits and
dangers of the test.
Specifics on Denial of Service Tests, Social Engineering, etc.
Footprinting
Collecting as much information about the target
DNS Servers
IP Ranges
Administrative Contacts
Problems revealed by administrators
Information Sources
Search Engine
Forums
Database
Enumeration & Fingerprinting
Specific targets determined
Identification of Services / open ports
Operating System Enumeration
Methods
Banner grabbing
Responses to various protocol (ICMP &TCP) commands
Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc.
Tools
Nmap, FScan, Hping, Firewall, netcat, tcpdump, ssh, telnet, SNMP Scanner
Identification of Vulnerabilities
Vulnerabilities
Insecure Configuration
Weak passwords
Unpatched vulnerabilities in services, Operating systems, applications
Possible Vulnerabilities in Services, Operating Systems
Insecure programming
Weak Access Control
Identification of Vulnerabilities
Methods
Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites
Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic
Insecure Programming – SQL Injection, Listening to Traffic
Weak Access Control – Using the Application Logic, SQL Injection