07-12-2012, 02:06 PM
Ethical Hacking
Ethical Hacking.ppt (Size: 812.5 KB / Downloads: 54)
What is Hacking ?
Hacking is unauthorized use of computer and network resources. (The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications.)
Type of Hackers
Script Kiddies or Cyber-Punks: Between age 12-30; bored in school; get caught due to bragging online .
Professional Criminals or Crackers: Make a living by breaking into systems and selling the information.
Coders and Virus Writers: These have strong programming background and write code but won’t use it themselves; have their own networks called “zoos”; leave it to others to release their code into “The Wild” or Internet.
What do Hackers do?
A few examples of Web application hacks
File Query
Browser caching
Cookie and URL hacks
SQL Injection
Cross-site Scripting (# 1 threat today!)
Web File Query
A hacker tests for HTTP (80) or HTTPS (443)
Does a “View Source” on HTML file to detect directory hierarchy
Can view sensitive information left by system administrators or programmers
Database passwords in /include files
Cookies and URLs
Sensitive data in cookies and URLs?
Issues that arise are:
Information is stored on a local computer (as files or in the browser’s history)
Unencrypted data can be intercepted on the network and/or logged into unprotected web log files
Who are Ethical Hackers?
“One of the best ways to evaluate the intruder threat is to have an independent computer security professionals attempt to break their computer systems”
Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy.
Ethical hackers typically have very strong programming and computer networking skills.
They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., Linux or Windows 2000) used on target systems.
These base skills are detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors.
What do Ethical Hackers do?
An ethical hacker’s evaluation of a system’s security seeks answers to these basic questions:
What can an intruder see on the target systems?
What can an intruder do with that information?
Does anyone at the target notice the intruder’s at tempts or successes?
What are you trying to protect?
What are you trying to protect against?
How much time, effort, and money are you willing to expend to obtain adequate protection?
Required Skills of an Ethical Hacker
Routers: knowledge of routers, routing protocols, and access control lists
Microsoft: skills in operation, configuration and management.
Linux: knowledge of Linux/Unix; security setting, configuration, and services.
Firewalls: configurations, and operation of intrusion detection systems.
Mainframes : knowledge of mainframes .
Network Protocols: TCP/IP; how they function and can be manipulated.
Project Management: knowledge of leading, planning, organizing, and controlling a penetration testing team.