download free Certified Ethical Hacker v10 - PowerPoint PPT Presentation

About This Presentation
Title:

download free Certified Ethical Hacker v10

Description:

Cyber Fox is EC-Council accredited training centers in Vijayawada and this institute provide best ethical hacking or CEHv10 training in Vijayawada – PowerPoint PPT presentation

Number of Views:178
Slides: 23
Provided by: cyberfoxsecurium
Category: Other
Tags: cehv10

less

Transcript and Presenter's Notes

Title: download free Certified Ethical Hacker v10


1
Ethical Hacking

2
AGENDA
  • What is Ethical Hacking?
  • Who are ethical hackers?
  • Every Website-A Target
  • Why- Ethical Hacking?
  • Ethical Hacking- Process
  • Being Prepared
  • Planning
  • Kinds of Testing
  • Foot printing
  • Enumeration fingerprinting
  • Identification of vulnerabilities
  • Attack-exploit the vulnerabilities
  • Final Report
  • Ethical Hacking - Commandments

3
Ethical Hacking
  • Ethical hacking also known as penetration
    testing or white-hat hacking
  • It involves the same tools, tricks, and
    techniques that hackers use, but with major
    differences
  • Ethical hacking is legal. Ethical hacking is
    performed with the targets permission. The
    intent of ethical hacking is to discover
    vulnerabilities from a hackers viewpoint so
    systems can be better secured.
  • Its part of an overall information risk
    management program that allows for ongoing
    security improvements.
  • Ethical hacking can also ensure that vendors
    claims about the security of their products are
    legitimate.

4
Ethical Hackers but not Criminal Hackers
  • Completely trustworthy.
  • Strong programming and computer networking
    skills.
  • Learn about the system and trying to find its
    weaknesses.
  • Techniques of ethical hackers-Detection-Prevention
    .

5
Why Ethical Hacking?
  • Protection from possible External Attacks

6
Why Ethical Hacking?
7
Ethical Hacking - Process
  • Preparation
  • Planning
  • Footprinting
  • Enumeration Fingerprinting
  • Identification of Vulnerabilities
  • Attack Exploit the Vulnerabilities

8
Preparation
  • What can an intruder see on the target systems?
  • What can an intruder do with that information?
  • Does anyone at the target notice the intruder's
    attempts or successes?
  • 1. What are you trying to protect?
  • Who are you trying to protect against?
  • How much time, effort, and money are you willing
    to expand to obtain adequate protection?

9
Planning
  • Security evaluation plan
  • How to test?
  • Identify system to be tested
  • Limitations on that testing
  • Evaluation done under a no-holds-barred
    approach.
  • Clients should be aware of risks.
  • Limit prior knowledge of test.

10
Footprinting
  • Collecting as much information about the target
  • DNS Servers
  • IP Ranges
  • Administrative Contacts
  • Problems revealed by administrators
  • Information Sources
  • Search engines
  • Forums
  • Databases who is, ripe,
  • Tools PING, who is, Trace route, DIG, ns
    lookup.

11
Enumeration Fingerprinting
  • Specific targets determined
  • Identification of Services / open ports
  • Operating System Enumeration
  • Methods
  • Banner grabbing
  • Responses to various protocol (ICMP TCP)
    commands
  • Port / Service Scans TCP Connect, TCP SYN, TCP
    FIN, etc.
  • Tools
  • N map, F Scan, Firewall, net cat, telnet, SNMP
    Scanner

12
Identification of Vulnerabilities
  • Vulnerabilities
  • Insecure Configuration
  • Weak passwords
  • Unpatched vulnerabilities in services, Operating
    systems, applications
  • Possible Vulnerabilities in Services, Operating
    Systems
  • Insecure programming
  • Weak Access Control

13
Identification of Vulnerabilities
  • METHODS
  • Unpatched / Possible Vulnerabilities Tools,
    Vulnerability information Websites
  • Weak Passwords Default Passwords, Brute force,
    Social Engineering, Listening to Traffic
  • Insecure Programming SQL Injection, Listening
    to Traffic
  • Weak Access Control Using the Application
    Logic.

14
Example of Ethical Hacking
  • One of the earliest examples of using ethical
    hackers occurred in the 1970's. At this time,
    the United States government utilized the
    knowledge and services of groups of experts,
    referred to as red teams. They enlisted these
    ethical hackers to hack into the United States
    government's computer system. The purpose was to
    evaluate how secure it was and to recognize any
    possible vulnerabilities. Ethical hacking is now
    a growing profession that is still used by the
    United States government, as well as technology
    companies and other corporations. Many large
    companies employ teams of ethical hackers to help
    keep their systems secure, such as IBM.

15
Attack Exploit the vulnerabilities
  • Obtain as much information from the Target Asset
  • Gaining Normal Access
  • Escalation of privileges
  • Obtaining access to other connected systems
  • Last Ditch Effort Denial of Service

16
Attack Exploit the vulnerabilities
  • Network Infrastructure Attacks
  • Connecting to the network through modem
  • Weaknesses in TCP / IP, NetBIOS
  • Flooding the network to cause DOS
  • Operating System Attacks
  • Attacking Authentication Systems
  • Exploiting Protocol Implementations
  • Exploiting Insecure configuration
  • Breaking File-System Security

17
Attack Exploit the vulnerabilities
  • Application Specific Attacks
  • Exploiting implementations of HTTP, SMTP
    protocols
  • Gaining access to application Databases
  • SQL Injection
  • Spamming

18
Attack Exploit the vulnerabilities
  • Exploits
  • Free exploits from Hacker Websites
  • Customised free exploits
  • Internally Developed
  • Tools Nessus, Metasploit Framework,

19
Final Report
  • Collection of all discoveries made during
    evaluation.
  • Specific advice on how to close the
    vulnerabilities.
  • Testers techniques never revealed.
  • Delivered directly to an officer of the client
    organization in hard-copy form.
  • Steps to be followed by clients in future.

20
Ethical Hacking - Commandments
  • Working Ethically
  • Trustworthiness
  • Misuse for personal gain
  • Respecting Privacy
  • Not Crashing the Systems

21
Contact us
  • Cyber Fox Technology
  • Address 3rd Floor, Lohia Towers, Nirmala Convent
    Road, Patmata
  • Distt. Krishna , Vijayawada (India)
  • Contact Email info_at_cyberfoxtechnology.org
  • Mobile91-9652038194
  • Website http//cyberfoxtechnology.org

22
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com