AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking.

Slides:



Advertisements
Similar presentations
Incident Response Managing Security at Microsoft Published: April 2004.
Advertisements

ETHICAL HACKING.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Access Control Chapter 3 Part 5 Pages 248 to 252.
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking by Shivam.
Security+ Guide to Network Security Fundamentals
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.
Controls for Information Security
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Penetration Testing Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
SEC835 Database and Web application security Information Security Architecture.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Enterprise Network Security Accessing the WAN – Chapter 4.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Information Systems Security Computer System Life Cycle Security.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Vulnerability Management Let’s Get It Right This Time! Shon Harris CEO Logical Security.
Module 14: Configuring Server Security Compliance
Chapter 6 of the Executive Guide manual Technology.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Appendix C: Designing an Operations Framework to Manage Security.
IS Network and Telecommunications Risks Chapter Six.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
Scott Teeters, Jr. MicroSolved, Inc. in partnership with Sogeti USA How to Fail A Penetration Test Concepts in Securing a Network.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Enterprise Network Security Accessing the WAN – Chapter 4.
HO © 2012 Fluor. All rights reserved. Quick Wins in Vulnerability Management Classification: Confidential Owner: Michael Holcomb Approver: Phil.
Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Risk (Vulnerability) Assessment & Penetration Test Approach 1VA PT Approach Confidential.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
Introduction to Security Dr. John P. Abraham Professor UTPA.
Web Security Introduction to Ethical Hacking, Ethics, and Legality.
How to Mitigate Stay Safe. Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure.
Filip Chytrý Everyone of you in here can help us improve online security....
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Risk Assessments in Many Flavors George J. Dolicker, CISA, CISSP.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
Defining your requirements for a successful security (and compliance
CS457 Introduction to Information Security Systems
Enhancing Network Security
Seminar On Ethical Hacking Submitted To: Submitted By:
Penetration Testing: Concepts,Attacks and Defence Stratagies
Ethical Hacking By: Erin Noonan.
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
Enterprise Network Security
Secure Software Confidentiality Integrity Data Security Authentication
CAN A DATABASE REALLY BE SECURE?
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
John Butters Running Tiger Teams
I have many checklists: how do I get started with cyber security?
ISMS Information Security Management System
IS4680 Security Auditing for Compliance
Enterprise Network Security
Cybersecurity Threat Assessment
Enterprise Network Security
Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.
Protection Mechanisms in Security Management
Presentation transcript:

AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking a general overview IT Department

 Ethical hacking stages.  Security fundamentals.  Objectives. All the rights reserved. Instructor: Francisco Bolaños, Ing. TABLE OF CONTENT  Conclusion.

All the rights reserved. Instructor: Francisco Bolaños, Ing. OBJECTIVESOBJECTIVES 1. To show a general overview of what ethical hacking implies:  Main concepts.  Common vulnerabilities.  Ethical hacking Stages/ Tools. 2. To create a baseline to apply professional methodologies for security audits such as:  Open Source Security Testing Methodology Manual (OSSTMM).  Information Systems Security Assessment Framework (ISSAT)  ISO27001:2005.

All the rights reserved. Instructor: Francisco Bolaños, Ing. SECURITY FUNADMANETALS : SECURITY FUNADMANETALS: MAIN CONCPETS Security Information: It protects the information from a wide spectrum of threats, in order to ensure business continuity, minimize damage to the organization and maximize the return on investment and business opportunities. Computer Security: It ensures the resources of the information systems (hardware or software) of an organization are used in the proper way. Ethical Hacking: It is a penetration test of which the goal is to discover trophies throughout the network within the predetermined project time limit.( OSSTMM )

All the rights reserved. Instructor: Francisco Bolaños, Ing. Security features: Confidentiality: It keeps the information private; only the owner can access it. Example: Doctor- Patient Integrity: the information will remain the same. Example: Message sent: Hello Message received: Hello Availability: the information is available all the time without any kind of disruption. Example: Website 24/7 Accountability: It is the capacity of keeping track based on the generation of files. Example: Log system /IDS SECURITY FUNADMANETALS : SECURITY FUNADMANETALS: MAIN CONCPETS

All the rights reserved. Instructor: Francisco Bolaños, Ing. SECURITY FUNADMANETALS : SECURITY FUNADMANETALS: COMMON VULNERABILITIES  Wrong router configurations.  Remote Access Service (RAS) not secured and either monitored.  Leakage of information.  Unnecessary services.  Weak passwords.  Accounts with too many privileges.  Internet services not well configured.  Firewalls not well configured.  Lack of patches or configurations by default.  No authenticated services.

All the rights reserved. Instructor: Francisco Bolaños, Ing. ETHICAL HACKING STAGES Footprinting Scanning and Enumeration Vulnerability Analysis Exploitation Stages

All the rights reserved. Instructor: Francisco Bolaños, Ing. CONCLUSIONSCONCLUSIONS 1. IT staff should be trained on this topic to prevent security issues: 2. Ethical hacking is a baseline for security audit methodologies. 3. Keep in mind that hacking is art and the security evaluation is science.

All the rights reserved. Instructor: Francisco Bolaños, Ing. THANK YOU

All the rights reserved. Instructor: Francisco Bolaños, Ing. InterAmerican Academy

All the rights reserved. Instructor: Francisco Bolaños, Ing. Scanning and Enumeration:  Scanning is based on Footprinting because with the information gathered from the Footprinting stage is possible to identify the resources of the target like: access points, open ports, active machines, uncovering services on ports and operating systems.  Enumeration lists all the resources found in the scanning with the purpose of having a general network schema and possible vulnerabilities of it.. Go Back ETHICAL HACKING STAGES

All the rights reserved. Instructor: Francisco Bolaños, Ing. Footprinti ng:  It is the technique of gathering information about the target or victim.  The more information you can get from this stage the more accurate your attack will be.  The purpose is to create a profile of the target and get familiar with it. Go Back ETHICAL HACKING STAGES

All the rights reserved. Instructor: Francisco Bolaños, Ing. Vulnerability Analysis:  It is an active process in which the possible security holes are confirmed or discarded based on the enumeration stage.. Go Back ETHICAL HACKING STAGES

All the rights reserved. Instructor: Francisco Bolaños, Ing. Exploitation:  In this stage the attacker is going to get access, escalate privileges and get or manipulate the data of his/her victim. In other words, the intruder will hack the company. Go Back ETHICAL HACKING STAGES

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.