Presentation is loading. Please wait.

Presentation is loading. Please wait.

AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking.

Published byMercy Lewis Modified over 8 years ago

Similar presentations

Presentation on theme: "AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking."— Presentation transcript:

1 AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking a general overview IT Department

2  Ethical hacking stages.  Security fundamentals.  Objectives. All the rights reserved. Instructor: Francisco Bolaños, Ing. TABLE OF CONTENT  Conclusion.

3 All the rights reserved. Instructor: Francisco Bolaños, Ing. OBJECTIVESOBJECTIVES 1. To show a general overview of what ethical hacking implies:  Main concepts.  Common vulnerabilities.  Ethical hacking Stages/ Tools. 2. To create a baseline to apply professional methodologies for security audits such as:  Open Source Security Testing Methodology Manual (OSSTMM).  Information Systems Security Assessment Framework (ISSAT)  ISO27001:2005.

4 All the rights reserved. Instructor: Francisco Bolaños, Ing. SECURITY FUNADMANETALS : SECURITY FUNADMANETALS: MAIN CONCPETS Security Information: It protects the information from a wide spectrum of threats, in order to ensure business continuity, minimize damage to the organization and maximize the return on investment and business opportunities. Computer Security: It ensures the resources of the information systems (hardware or software) of an organization are used in the proper way. Ethical Hacking: It is a penetration test of which the goal is to discover trophies throughout the network within the predetermined project time limit.( OSSTMM )

5 All the rights reserved. Instructor: Francisco Bolaños, Ing. Security features: Confidentiality: It keeps the information private; only the owner can access it. Example: Doctor- Patient Integrity: the information will remain the same. Example: Message sent: Hello Message received: Hello Availability: the information is available all the time without any kind of disruption. Example: Website 24/7 Accountability: It is the capacity of keeping track based on the generation of files. Example: Log system /IDS SECURITY FUNADMANETALS : SECURITY FUNADMANETALS: MAIN CONCPETS

6 All the rights reserved. Instructor: Francisco Bolaños, Ing. SECURITY FUNADMANETALS : SECURITY FUNADMANETALS: COMMON VULNERABILITIES  Wrong router configurations.  Remote Access Service (RAS) not secured and either monitored.  Leakage of information.  Unnecessary services.  Weak passwords.  Accounts with too many privileges.  Internet services not well configured.  Firewalls not well configured.  Lack of patches or configurations by default.  No authenticated services.

7 All the rights reserved. Instructor: Francisco Bolaños, Ing. ETHICAL HACKING STAGES Footprinting Scanning and Enumeration Vulnerability Analysis Exploitation - -- - Stages - -- - - -- - - -- -- -- - - --

8 All the rights reserved. Instructor: Francisco Bolaños, Ing. CONCLUSIONSCONCLUSIONS 1. IT staff should be trained on this topic to prevent security issues: 2. Ethical hacking is a baseline for security audit methodologies. 3. Keep in mind that hacking is art and the security evaluation is science.

9 All the rights reserved. Instructor: Francisco Bolaños, Ing. THANK YOU

10 All the rights reserved. Instructor: Francisco Bolaños, Ing. InterAmerican Academy

11 All the rights reserved. Instructor: Francisco Bolaños, Ing. Scanning and Enumeration:  Scanning is based on Footprinting because with the information gathered from the Footprinting stage is possible to identify the resources of the target like: access points, open ports, active machines, uncovering services on ports and operating systems.  Enumeration lists all the resources found in the scanning with the purpose of having a general network schema and possible vulnerabilities of it.. Go Back ETHICAL HACKING STAGES

12 All the rights reserved. Instructor: Francisco Bolaños, Ing. Footprinti ng:  It is the technique of gathering information about the target or victim.  The more information you can get from this stage the more accurate your attack will be.  The purpose is to create a profile of the target and get familiar with it. Go Back ETHICAL HACKING STAGES

13 All the rights reserved. Instructor: Francisco Bolaños, Ing. Vulnerability Analysis:  It is an active process in which the possible security holes are confirmed or discarded based on the enumeration stage.. Go Back ETHICAL HACKING STAGES

14 All the rights reserved. Instructor: Francisco Bolaños, Ing. Exploitation:  In this stage the attacker is going to get access, escalate privileges and get or manipulate the data of his/her victim. In other words, the intruder will hack the company. Go Back ETHICAL HACKING STAGES

Download ppt "AASSA Conference 2012 Quito, Ecuador March 16 th 2012 All the rights reserved.Instructor: Francisco Bolaños, Ing. InterAmerican Academy Ethical Hacking."

Similar presentations

Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
ETHICAL HACKING.

ETHICAL HACKING.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.

Penetration Testing Anand Sudula, CISA,CISSP SSA Global Technologies, India Anand Sudula, CISA,CISSP SSA Global Technologies, India.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ethical Hacking by Shivam.

Ethical Hacking by Shivam.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.

Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.
Controls for Information Security

Controls for Information Security
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Penetration Testing Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802

Penetration Testing Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Similar presentations

Ads by Google