Download
1 / 22
230 likes | 291 Vues
Cyber Fox is EC-Council accredited training centers in Madhya bangalore and this institute provide best ethical hacking or CEHv10 training in bangalore.
E N D
AGENDA • What is Ethical Hacking? • Who are ethical hackers? • Every Website-A Target • Why- Ethical Hacking? • Ethical Hacking- Process • Being Prepared • Planning • Kinds of Testing • Foot printing • Enumeration & fingerprinting • Identification of vulnerabilities • Attack-exploit the vulnerabilities • Final Report • Ethical Hacking - Commandments
Ethical Hacking • Ethical hacking — also known as penetration testing or white-hat hacking — • It involves the same tools, tricks, and techniques that hackers use, but with major differences: • Ethical hacking is legal. Ethical hacking is performed with the target’s permission. The intent of ethical hacking is to discover vulnerabilities from a hacker’s viewpoint so systems can be better secured. • It’s part of an overall information risk management program that allows for ongoing security improvements. • Ethical hacking can also ensure that vendors’ claims about the security of their products are legitimate.
Ethical Hackers but not Criminal Hackers • Completely trustworthy. • Strong programming and computer networking skills. • Learn about the system and trying to find its weaknesses. • Techniques of ethical hackers-Detection-Prevention.
Social Engineering Automated Attacks Organizational Attacks Restricted Data Accidental Breaches in Security Denial of Service (DoS) Viruses, Trojan Horses, and Worms Why – Ethical Hacking? Protection from possible External Attacks
Ethical Hacking - Process • Preparation • Planning • Footprinting • Enumeration & Fingerprinting • Identification of Vulnerabilities • Attack – Exploit the Vulnerabilities
Preparation • What can an intruder see on the target systems? • What can an intruder do with that information? • Does anyone at the target notice the intruder's attempts or successes? 1. What are you trying to protect? • Who are you trying to protect against? • How much time, effort, and money are you willing to expand to obtain adequate protection?
Planning • Security evaluation plan • How to test? • Identify system to be tested • Limitations on that testing • Evaluation done under a “no-holds-barred” approach. • Clients should be aware of risks. • Limit prior knowledge of test.
Footprinting • Collecting as much information about the target • DNS Servers • IP Ranges • Administrative Contacts • Problems revealed by administrators • Information Sources • Search engines • Forums • Databases – who is, ripe, • Tools – PING, who is, Trace route, DIG, ns lookup.
Enumeration & Fingerprinting • Specific targets determined • Identification of Services / open ports • Operating System Enumeration Methods • Banner grabbing • Responses to various protocol (ICMP &TCP) commands • Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools • N map, F Scan, Firewall, net cat, telnet, SNMP Scanner
Identification of Vulnerabilities • Vulnerabilities • Insecure Configuration • Weak passwords • Unpatched vulnerabilities in services, Operating systems, applications • Possible Vulnerabilities in Services, Operating Systems • Insecure programming • Weak Access Control
Identification of Vulnerabilities METHODS • Unpatched / Possible Vulnerabilities – Tools, Vulnerability information Websites • Weak Passwords – Default Passwords, Brute force, Social Engineering, Listening to Traffic • Insecure Programming – SQL Injection, Listening to Traffic • Weak Access Control – Using the Application Logic.
Example of Ethical Hacking • One of the earliest examples of using ethical hackers occurred in the 1970's. At this time, the United States government utilized the knowledge and services of groups of experts, referred to as red teams. They enlisted these ethical hackers to hack into the United States government's computer system. The purpose was to evaluate how secure it was and to recognize any possible vulnerabilities. Ethical hacking is now a growing profession that is still used by the United States government, as well as technology companies and other corporations. Many large companies employ teams of ethical hackers to help keep their systems secure, such as IBM.
Attack – Exploit the vulnerabilities • Obtain as much information from the Target Asset • Gaining Normal Access • Escalation of privileges • Obtaining access to other connected systems • Last Ditch Effort – Denial of Service
Attack – Exploit the vulnerabilities • Network Infrastructure Attacks • Connecting to the network through modem • Weaknesses in TCP / IP, NetBIOS • Flooding the network to cause DOS • Operating System Attacks • Attacking Authentication Systems • Exploiting Protocol Implementations • Exploiting Insecure configuration • Breaking File-System Security
Attack – Exploit the vulnerabilities • Application Specific Attacks • Exploiting implementations of HTTP, SMTP protocols • Gaining access to application Databases • SQL Injection • Spamming
Attack – Exploit the vulnerabilities • Exploits • Free exploits from Hacker Websites • Customised free exploits • Internally Developed • Tools – Nessus, Metasploit Framework,
Final Report • Collection of all discoveries made during evaluation. • Specific advice on how to close the vulnerabilities. • Testers techniques never revealed. • Delivered directly to an officer of the client organization in hard-copy form. • Steps to be followed by clients in future.
Ethical Hacking - Commandments • Working Ethically • Trustworthiness • Misuse for personal gain • Respecting Privacy • Not Crashing the Systems
Contact us • Cyber Fox Technology • Address: 3rd Floor, Lohia Towers, Nirmala Convent Road, Patmata • Distt. Krishna , Vijayawada (India) • Contact Email: info@cyberfoxtechnology.org • Mobile:+91-9652038194 • Website: http://cyberfoxtechnology.org
