Web Security Introduction to Ethical Hacking, Ethics, and Legality.

Slides:



Advertisements
Similar presentations
ETHICAL HACKING A LICENCE TO HACK
Advertisements

Security Presented by: Mark Davis & Shahein Moussavi.
UNIT 20 The ex-hacker.
ETHICAL HACKING.
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?
Introduction to Ethical Hacking, Ethics, and Legality.
Ethical Hacking Pratheeba Murugesan. HACKER AENDA  What is Ethical Hacking?  Who are ethical hackers?  Every Website-A Target  Get out of jail free.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Computer Threats I can understand computer threats and how to protect myself from these threats.
System Security Scanning and Discovery Chapter 14.
Prepared by: Nahed Al-Salah
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Hands-On Ethical Hacking and Network Defense
Security+ Guide to Network Security Fundamentals
Network Security Testing Techniques Presented By:- Sachin Vador.
Week 1-1 CSc 196n Computer Attacks & Countermeasures 1.Aka Ethical Hacking 2.How to successfully defend against attacks Know your enemy How they think.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Controls for Information Security
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Comp 8130 Presentation Security Testing Group Members: U Hui Chen U Ming Chen U Xiaobin Wang.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.
Performing a Penetration Test.  Penetration Tester  Attempts to reveal potential consequences of a real attack  Security Audit / Vulnerability Assessment.
Computer Security Fundamentals Chuck Easttom Chapter 1 Introduction to to Computer Security.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Software Security Testing Vinay Srinivasan cell:
Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Chapter 1 Ethical Hacking Overview. Objectives After reading this chapter and completing the exercises, you will be able to: Describe the role of an ethical.
Ethical Hacking and Network Defense NCTT Winter Workshop January 11, 2006.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
IS Network and Telecommunications Risks Chapter Six.
Information Security What is Information Security?
Topic 5: Basic Security.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.
Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.
Computer Security By Duncan Hall.
Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.
PREPARED BY : Harsh patel dhruv patel sreejit sundaram.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.
DEPARTMENT OF COMPUTER SCIENCE INTRODUCTION TO CYBER AND SECURITY.
CITA 352 Chapter 1 Ethical Hacking Overview. Introduction to Ethical Hacking Ethical hackers –Hired by companies to perform penetration tests Penetration.
Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.
Cyber Security Foundations Part 1. Cyber Security defined:  Protects computer base information and equipment  Deals with confidentiality of data  Protects.
HACKING Submitted By: Ch. Leela Sasi, I M.C.A, Y11MC29011, CJJC P.G College.
Defining your requirements for a successful security (and compliance
Network security Vlasov Illia
Topic 5 Penetration Testing 滲透測試
Seminar On Ethical Hacking Submitted To: Submitted By:
Secure Software Confidentiality Integrity Data Security Authentication
Year 10 ICT ECDL/ICDL IT Security.
Penetration Testing Computer Science and Software Engineering
Security Essentials for Small Businesses
Ethical Hacking.
Chapter # 3 COMPUTER AND INTERNET CRIME
Test 3 review FTP & Cybersecurity
Ethical Hacker Pro IT Fundamentals Pro
Presentation transcript:

Web Security Introduction to Ethical Hacking, Ethics, and Legality

Hacker The term hacker conjures up images of a young computer whiz who types a few commands at a computer screen—and poof! The computer spits out passwords, account numbers, or other confidential data. Hacking The Process by which hacker spits out passwords, account numbers, or other confidential data is called hacking.

Types of Hacker Hacker can be divided into three groups 1. Black Hats 2. White Hats 3. Gray Hats

White Hats White hats are the good guys. The ethical hackers who use their hacking skills for defensive purposes. White-hat hackers are usually security professionals with knowledge of hacking and the hacker toolset and who use this knowledge to locate weaknesses and implement countermeasures.

White hats are those who hack with permission from the data owner. White hats hacker do hacking on a contract only.

Black hats Black hats are the bad guys The hackers or crackers who use their skills for illegal purposes. Having gained unauthorized access, black-hat hackers destroy vital data, deny legitimate users service, and just cause problems for their targets

Gray Hacker Gray hats are hackers who may work offensively or defensively. They may want to highlight security problems in a system The difference between white hats and gray hats is that permission word.

Goals Attackers Try to Achieve Confidentiality ◦ Information (Keep information safe) Authenticity ◦ being authentic, trustworthy, or genuine. Integrity ◦ Accuracy Its opposite is data corruption Availability

Some Useful Terminology Threat ◦ An environment or situation that could lead to a potential breach of security. Exploit ◦ A piece of software or technology that takes advantage of a bug, leading to unauthorized access

Vulnerability ◦ software flaw, or logic design that can lead to damaging instructions to the system Target of Evaluation (TOE) ◦ A system, program, or network that is the subject of a security analysis or attack. Attack

The Phases of Ethical Hacking The process of ethical hacking can be broken down into five distinct phases.

Phase-I: Reconnaissance Passive reconnaissance ◦ Passive reconnaissance involves gathering information about a potential target without the targeted individual’s or company’s knowledge. ◦ Such as using “whois.com” or google.com etc Active reconnaissance ◦ involves probing the network to discover individual hosts, IP addresses, and services on the network. This process involves more risk of detection than passive reconnaissance

Phase 2: Scanning Scanning involves taking the information discovered during reconnaissance and using it to examine the network. Hackers are seeking any information that can help them perpetrate an attack on a target, such as the following: ◦ Computer names ◦ Operating system (OS) ◦ Installed software ◦ IP addresses ◦ User accounts

Phase 3: Gaining Access Phase 3 is when the real hacking takes place. Gaining access is known in the hacker world as owning the system because once a system has been hacked, the hacker has control and can use that system as they wish.

Phase 4: Maintaining Access Once a hacker has gained access to a target system, they want to keep that access for future exploitation and attacks. Once the hacker owns the system, they can use it as a base to launch additional attacks. In this case, the owned system is sometimes referred to as a “zombie system”.

Phase 5: Covering Tracks Once hackers have been able to gain and maintain access, they cover their tracks to avoid detection by security personnel, to continue to use the owned system, to remove evidence of hacking, or to avoid legal action.

Common Entry Points for an attack: Here are the most common entry points for an attack: 1. Remote Network ◦ Attack through Internet, ◦ Hacker Tried to break, or find vulnerabilities in a network such as firewall, proxy etc. 2. Remote Dial-Up Network ◦ A remote dial-up network hack tries to simulate an intruder launching an attack against the client’s modem pools.

3. Local Network Through Local Area Network (LAN) or Wireless Local Area Network(WLAN) More secure then Dail-up 4. Stolen Equipment ◦ Some time hacker find useful information from stolen equipment, such as usernames, password, security setting, and encryption types etc. from stolen Equipment

5. Social Engineering ◦ Take information from organization employees, or from help desk or using to common sense.

Testing Types Testing types can categorize on basis of knowledge of hacker about target. 1. Black-Box Testing ◦ Black-box testing involves performing a security evaluation and testing with no prior knowledge of the network infrastructure or system to be tested. ◦ Information gathering will take a long time.

2. White-box testing ◦ White-box testing involves performing a security evaluation and testing with complete knowledge of the network infrastructure ◦ Hack will not spend time on information gathering

3. Gray Box Testing ◦ Gray Box Gray-box testing involves performing a security evaluation and testing internally. ◦ Test the system against the employee of the organization.

Security, Functionality, and Ease of Use Triangle Functionality Security Ease of Use

Ethical Hacking Report The result of a network penetration test or security audit is an ethical hacking, or pen test report. This report details the results of the hacking activity, the types of tests performed, and the hacking methods used This document is usually delivered to the organization in hard-copy format, for security reasons.

Keeping It Legal The following steps (shown in Figure) are a framework for performing a security audit of an organization and will help to ensure that the test is conducted in an organized, efficient, and ethical manner

Initial Client Meeting Sign the Agreement Security Evaluation Plan Conduct the Test Report and Documentation Present the report

Cyber Laws Cyber Security Enhancement Act and SPY ACT Freedom of Information Act (FOIA) Federal Information Security Management Act (FISMA) Privacy Act of 1974 PATRIOT Act

Assignment Write down Constitutional Acts of Islamic Republic of Afghanistan

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.