8/8/2019 Ethical Hacking id
1/24
Eth ica l Hack ing
Terminology
What is Ethical Hacking?
Who are Ethical Hackers? What do Ethical Hackers do?
Common methods
Security tools Conclusion
8/8/2019 Ethical Hacking id
2/24
Terminology
Hacker: A person who enjoys learningthe details of computer systems and howto stretch their capabilitiesas opposed
to most users of computers, who prefer tolearn only the minimum amountnecessary.
8/8/2019 Ethical Hacking id
3/24
Terminology
White Hat Hacker: An ethical hackerwho breaks security but who does so foraltruistic or at least non-malicious
reasons. White hats generally have aclearly defined code of ethics, and willoften attempt to work with amanufacturer or owner to improve
discovered security weaknesses.
8/8/2019 Ethical Hacking id
4/24
Terminology
Black Hat Hacker: Someone whosubverts computer security withoutauthorization or who uses technology
(usually a computer or the Internet) forterrorism, vandalism, credit card fraud,identity theft, intellectual property theft,or many other types of crime. This can
mean taking control of a remotecomputer through a network, or softwarecracking.
8/8/2019 Ethical Hacking id
5/24
Terminology
Cracker: A software cracker. A personspecialized in working around copyprotection mechanisms in software. Note
that software crackers are not involved inexploiting networks, but copy protectedsoftware.
8/8/2019 Ethical Hacking id
6/24
Terminology
Script kiddie: A pejorative term for acomputer intruder with little or no skill; aperson who simply follows directions or
uses a cook-book approach without fullyunderstanding the meaning of the stepsthey are performing.
8/8/2019 Ethical Hacking id
7/24
Terminology
Hacktivist: is a hacker who utilizestechnology to announce a politicalmessage. Web vandalism is not
necessarily hacktivism.
8/8/2019 Ethical Hacking id
8/24
What i s E th ica l Hack ing?
Organizations came to realize that one ofthe best ways to evaluate the intruderthreat to their interests would be to have
independent computer securityprofessionals attempt to break into theircomputer systems.
8/8/2019 Ethical Hacking id
9/24
What i s E th ica l Hack ing?
Ethical hackers would employ the sametools and techniques as the intruders, butthey would neither damage the target
systems nor steal information. Insteadthey would evaluate the target systemssecurity and report back to the ownerswith the vulnerabilities they found and
instructions for how to remedy them.
8/8/2019 Ethical Hacking id
10/24
Who are Eth ica l Hackers?
Skilled: Ethical hackers typically havevery strong programming and computernetworking skills and have been in the
computer and networking business forseveral years.
Knowledgeable: Hardware andsoftware.
Trustworthy
8/8/2019 Ethical Hacking id
11/24
What do Eth ica l Hackers do?
An ethical hackers evaluation of asystems security seeks answers to thesebasic questions:
What can an intruder see on the targetsystems?
What can an intruder do with that
information? Does anyone at the target notice the
intruder's attempts or successes?
8/8/2019 Ethical Hacking id
12/24
What do Eth ica l Hackers do?
What are you trying to protect?
How much time, effort, and money areyou willing to expend to obtain adequate
protection?
8/8/2019 Ethical Hacking id
13/24
Common methods
There are several recurring tools of thetrade used by computer criminals andsecurity experts:
Security exploit: A prepared applicationthat takes advantage of a knownweakness.
Packet sniffer: An application thatcaptures TCP/IP data packets, which canmaliciously be used to capture passwordsand other data while it is in transit either
within the computer or over the network.
8/8/2019 Ethical Hacking id
14/24
Common methods
Rootkit: A toolkit for hiding the fact thata computer's security has beencompromised. Root kits may include
replacements for system binaries so thatit becomes impossible for the legitimateuser to detect the presence of theintruder on the system by looking at
process tables.
8/8/2019 Ethical Hacking id
15/24
Common methods
Social Engineering: Convincing otherpeople to provide some form ofinformation about a system, often under
false premises. A blatant example wouldbe asking someone for their password oraccount possibly over a beer or by posingas someone else. A more subtle example
would be asking for promotional materialor technical references about acompany's systems, possibly posing as a
journalist.
8/8/2019 Ethical Hacking id
16/24
Common methods
Trojan horse: These are programsdesigned so that they seem to do or beone thing, such as a legitimate software,
but actually are or do another. They arenot necessarily malicious programs. Atrojan horse can be used to set up a backdoor in a computer system so that the
intruder can return later and gain access.Viruses that fool a user into downloadingand/or executing them by pretending tobe useful applications are also sometimes
called trojan horses.
8/8/2019 Ethical Hacking id
17/24
Common methods
Vulnerability scanner: A tool used toquickly check computers on a network forknown weaknesses. Hackers also
commonly use port scanners. Thesecheck to see which ports on a specifiedcomputer are "open" or available toaccess the computer, and sometimes will
detect what program or service islistening on that port, and it's versionnumber.
8/8/2019 Ethical Hacking id
18/24
Common methods
Worm: Like a virus, a worm is also a self-replicating program. The differencebetween a virus and a worm is that a
worm does not create multiple copies ofitself on one system: it propagatesthrough computer networks.
8/8/2019 Ethical Hacking id
19/24
Secur i ty too ls
Firewall: a piece of hardware and/orsoftware which functions in a networkedenvironment to prevent some
communications forbidden by the securitypolicy.
Intrusion Detection System (IDS):generally detects unwanted
manipulations to systems. Themanipulations may take the form ofattacks by skilled malicious hackers, orScript kiddies using automated tools.
8/8/2019 Ethical Hacking id
20/24
Secur i ty too ls
Intrusion Prevention System (IPS): acomputer security device that exercisesaccess control to protect computers from
exploitation. Intrusion preventiontechnology is considered by some to bean extension of intrusion detection (IDS)technology but it is actually another form
of access control, like an application layerfirewall. The latest Next GenerationFirewalls leverage their existing deeppacket inspection engine by sharing this
functionality with an IPS.
8/8/2019 Ethical Hacking id
21/24
Secur i ty too ls
Anti-virus: software consists ofcomputer programs that attempt toidentify, thwart and eliminate computer
viruses and other malicious software(malware).
Encryption: used to protect yourmessage from the eyes of others.
Authorization: restricts access to acomputer to group of users through theuse of authentication systems.
8/8/2019 Ethical Hacking id
22/24
Secur i ty too ls
System Integrity Verifiers: Systemsthat monitor system integrity to detectwhen critical components have changed,
such as when backdoors have beenadded to system files.
8/8/2019 Ethical Hacking id
23/24
8/8/2019 Ethical Hacking id
24/24
Conc lus ion
If you want to stop hackers from invadingyour network, first you've got to invade
their minds.
Top Related