Ethical Hacking
-
Upload
elza-oktaviana -
Category
Documents
-
view
73 -
download
8
Transcript of Ethical Hacking
Ethical HackingNiken Dwi Wahyu Cahyani ST. Mkom., CCSO., CEH
Ian HarismanModerator: Gandeva Bayu ST., CCNA
CEHv7 Outline
Footprinting and Reconnaisance1
Scanning Networks2
Enumeration3
System Hacking4
Trojan and Backdoors5
Viruses and Worms6
Sniffers7
Social Enginineering8
Denial of Service9
Session Hijacking10
CEHv7 Outline
Hacking Webservers11
Hacking Web Applications12
SQL Injection13Hacking Wireless
Networks14
IDS, Firewalls and Honeypots15
Buffer Overflows16
Cryptography17
Penetration Testing18
EC-Council Certification Program
Security5
Certified E-Business Professional
EC-Council Certified Security Specialist (ECSS)
EC-Council Network Security Administration (ENSA)
Certified Ethical Hacker (CEH)
Computer Hacking Forensic Investigator (CHFI)
EC-Council Disaster Recovery Professional (EDRP)
EC-Council Certified Security Analyst (ECSA)
EC-Council Certified Secure Programmer (ECSP)
Certified Secure Application Developer (CSAD)
Licensed Penetration Tester (LPT)
Master of Security Science (MSS)
EC-Council Certification Program
Lets Start Hacking!
Website Deface Attack Statistic
• The top rank Attack Methods: file inclusion, sql injection, web dav attacks and shares misconfiguration gain first access into the server.
• Last year brought a very high number of the local linux kernel exploits.
Internet Crime Curent Report: IC3
Why Attack Are Increasing
Hacker Classes• Individual with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers
• Individual professing hacker skills and using them for defensive purpose and are also known as security analyst
• Individuals who work both offensively and defensively at various times
• Individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing 30 years in jail for their actions
Black Hats White Hats
Gray HatsSuicide Hacker
What Does a Hacker Do?
Footprinting & Reconnaissance
Footprinting & Reconnaissance
Footprinting &Reconnaissance
Footprinting Methodology
Internet Footprinting
DNS Footprinting
WHOISFootprinting
Competitive Intelligent
Network Footprinting
Website Footprinting
E-mail Footprinting
Google Hacking
Footprinting & Reconnaissance
• Example:– Ping– EmailTracerPro– SmartWhois
ScanningTypes of Scanning
Scanning• Example:– Nmap– Advanced IP Scanner– Amap– CurrPorts– Nessus
System Hacking: GoalsHacking-Stage Goal Technique/Exploit
Used
Gaining Access To collect enough information to gain access
Password eavesdropping, brute forcing
Escalating Priviliges To create a privileged user account if the user level is obtained
Password Cracking, known exploits
Executing Applications To create and maintain backdoor access
Trojans
Hiding Files To hide malicious files Rootkits
Covering Tracks To hide the presence of compromise
Clearing logs
CLOSING
Top 5 IT Security Certifications for 2011
• Based by scanning job boards and interviewing IT security recruiters and employers:
* Vendor Certifications* CISSP: Certified Information Systems Security Professional* CEH: Certified Ethical Hacker* CISM: Certified Information Security Manager* GIAC: Global Information Assurance
Certification
*Source: http://itcertificationsguide.com
Survey Result
• Salaries for IT security professionals are expected to increase by more than 4% in 2011, according to a survey by Robert Half International.• Data security analyst is expected to increase by 4.5% • Systems security administrator is expected to jump
4.0%• Network security administrator, 4.3%• Information systems security manager, 4.4%
* Source: http://www.infosecurity-magazine.com/view/14074/salaries-for-it-security-professionals-to-rise-by-more-than-4-next-year/
IT Security Related Position and Salary Ranges
* Source: http://www.securityweek.com/it-salary-guide-shows-increase-salaries-it-security-professionals
Average CEH Salary Ranges by Country
United States ranges from $56,930 to $82,424
Canada ranges from C$62,288 and C$74,000 (approximately $64,387 to $76,400).
U.K., the average salary range is £16,200 to £36,000 (approximately $26,200 to $58,200).
* Source: http://www.ittrainingblog.com/2011/05/average-salary-of-someone-with.html
Daftar Pustaka
• Modul CEH EC-Council