ethical hacking, its relevance and its prospects
Post on 21-Mar-2017
486 Views
Preview:
TRANSCRIPT
Ethical HackingGROUP MEMBERS: Rwik Kumar Dutta Sarthak Singh Sushmita Sil
By InFERNO
Shweta Mishra Soumya
Mallick Sristi
Evolution Of Hacking The first hacker appeared in 1960’s at the
Massachusetts Institute Of Technology(MIT).
During the 1970’s, a different breed of hacker’s appeared: Phone Phreakers or Phone Hackers.
In the 1980’s, phreaks started to migrate to computers, and the first Bulletin Board System (BBS) appeared
During the 1990’s, when the Internet came along, hacker multiplied.
Hacking The Process of attempting to gain or successfully
gaining, unauthorized access to computer resources is called Hacking.
Hacking and its types…
` Good guys Don’t use their skill for illegal purposes Computer security experts and help to
protect from black hats
Combination of white and black hat Goal is to provide national security
Bad guys Use their skill
meticulously for personal gain
Hack banks, steal credit cards and deface websites
Ethical Hacking
Ethical hacking and ethical hacker are terms used to describe hacking performed by a company or individual to help identify potential threats on a computer or network.
An ethical hacker attempts to bypass system security and search for any weak points.
This information is then used by the organization to improve the system security to minimize or eliminate any potential attacks.
And yeah, ‘ethical hacking’ is not an oxymoron. It truly is ethical.
What constitutes ethical hacking?For hacking to be deemed ethical, the hacker must obey the following rules: Expressed (often written) permission to probe the
network and attempt to identify potential security risks. You respect the individual's or company's privacy. You close out your work, not leaving anything open for
you or someone else to exploit at a later time. You let the software developer or hardware
manufacturer know of any security vulnerabilities you locate in their software or hardware, if not already known by the company.
Hack without being on the wrong side of the law…. Hack ethically: work professionally, have high morals
and principles. Respect privacy: Treat the information gathered with
utmost respect and take care to keep it private. Work within the guidelines and limitations specified
by your client. Unless and until you violate any of the above, you
will not find yourself on the wrong side of the law. Being a ‘white hat’ hacker may give
you lesser adrenaline rush than a ‘black hat’ hacker, but you will atleast lead a good and honest life and no fear of serving prison for hacking.
As an ethical hacker, you have to evaluate the system security to answer the following: What can an intruder see on the target systems? What can an intruder do with that information? Does anyone at the target the intruders attempts or
successes? What are you trying to protect? What are you trying to protect against? How much time, money and effort are you willing to
spend to obtain adequate protection?
Why should you consider selecting ethical hacking as a profession?
To make security in systems stronger Just for fun Show Off You might be one of those people who love to break
into other’s systems but are scared of the legal implications of doing it on the sly
.
Ethical hacking-a core part of IT security industry today The IT security industry is growing at the rate of
21% per annum. In 2012,ethical hacking was estimated to be a US$
3.8 billion industry in the US alone. According to Nasscom, India will require at least
77,000 ethical hackers every year whereas we are producing only 15,000 in a year, currently.
As an intern, you can get around 2.5lakhs per annum. With one year of experience, it can go upto 4.5lakhs per annum. With work experience of 5 years or more, It can go up and beyond 10-12 lakhs.
Hacking ProcessReconnaissance(Fo
ot printing): Whois Lookup, NS Lookup, IP Lookup
Scanning and Enumeration: Port Scanning, Network Scanning, Finger
printing, Fire walking
Atack and Gaining Access: Password
Attacks, Social Engineering, Viruses
Maintaining access: Os Backdoors,
Trojans
Clearing tracks: Removing all
traces
Guidelines for making your career at ethical hacking You should have specific domain specializations in various
areas including networking and related areas, RDBMS, programming languages and OS’s specially windows and linux.
Develop strong soft skills including good communication skills, good problem solving ability, good strong ethic, good adaptibility and the mindset to stay dedicated.
Try to be Street Smart-the methodologies that you might need to adopt to solve a problem can be very unorthodox or out of the box.
Try to follow hacking conventions like DefCon and try to connect with one of DefCon affiliated local groups.
Stay updated with the latest in the IT security industry.
Resources and Certifications
Boost your career, by getting certified. EC-Council offers a C|EH(certified ethical hacker)
certification which is internationally accepted. Earn other security certificates like Security+
offered by CompTIA , the CISSP certification, the TICSA certification and many more.
Check the resources section of the EC-Council site.
You can buy books like Hacking: The Art Of Exploitation and other great learning and reference books.
Latest trends in ethical hacking Network penetration testing is dead. Web and Mobile Application Security Testing jobs
are on the rise. Beware. Web and Mobile Testing is getting
automated and commoditized. Gaining skills in deeper Business Logic Testing, Code
Review, Architecture review is important. Running scripts/tools is not enough. Understanding
the design, code and logic is critical for career growth.
Knowing to break is not good enough. Learn Prevention.
Case study: The Heartbleed bug(CVE-2014-0160 )
Heartbleed bug: caused due to (unfortunate) memory leaks in systems protected by vulnerable versions of OpenSSL.
OpenSSL is a general purpose cryptography library that provides an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols.
SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according toNetcraft's April 2014 Web Server Survey.
Named ‘heartbleed’ because the bug is in the implementation of a feature called ‘heartbeat’.
Understanding‘heartbleed’… The actual bug in ‘heatbleed’ is surprisingly quite
simple. We can easily understand it by drawing an analogy from a simple C code.
int arr[]={5,6,7};cout<<arr[10]; //Will this be an error?
No, it wont. It will try to read contents from the memory beyond what is allocated for the array and hence may return anything, might even crash your computer…
If it so happened that your server had one of your passwords or encryption keys in the memory at that moment, the info might have got leaked and somebody could then very easily snoop in your personal and private data.
Neel Mehta of Google's security team first reported Heartbleed on April 1, 2014.
Got fixed pretty soon…but a lot of damage had already been done by then.
NSA managed to use HeartBleed bug to snoop on people for two years.
Hope now you have a clearer view on what type of role ethical hacking plays in this world.
Acknowledgement
We would like to thank all our teachers, friends, family members for supporting us throughout the making and preparation of this presentation.
We would also like to thank the staff and faculties of B P Poddar Institute of Management and Technology for offering us the platform to deliver our presentation.
Bibliography
En.wikipedia.org http://
www.pcworld.com/article/250045/how_to_become_an_ethical_hacker.html
http://www.computerhope.com/jargon/e/ethihack.htm
http://www.ivizsecurity.com/blog/web-application-security/trends-for-ethical-hacking/
Slideshare.net Edx.org(Introduction to Computer Science by
HarvardX) for the heartbleed case study).
top related