100% found this document useful (1 vote)
3K views98 pages

Ethical Hacking

This document provides an overview of a presentation on ethical hacking for educators. It discusses the history of hacking, the Certified Ethical Hacker certification, required skills for ethical hackers including networking and operating system knowledge, what ethical hackers do such as evaluating security vulnerabilities, their typical pay which can be upwards of $120,000 annually, and certified ethical hacker training programs.
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
100% found this document useful (1 vote)
3K views98 pages

Ethical Hacking

This document provides an overview of a presentation on ethical hacking for educators. It discusses the history of hacking, the Certified Ethical Hacker certification, required skills for ethical hackers including networking and operating system knowledge, what ethical hackers do such as evaluating security vulnerabilities, their typical pay which can be upwards of $120,000 annually, and certified ethical hacker training programs.
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 98

Ethical Hacking for

Educators

Presented By
Regina DeLisse Hartley, Ph.D.
Caldwell Community College &
Technical Institute
Overview

 Old School Hackers: History of Hacking


 Ec-Council: Certified Ethical Hacker
 Learning Competencies
 Teaching Resources: Ethical Hacking
Textbooks
 Hacking Tools
 Hacker Challenge Websites
 Additional Web Sites
 Questions and Answers
Old School Hackers:
History of Hacking
PREHISTORY  Draper builds a "blue box"
 1960s: The Dawn of Hacking used with whistle allows
Original meaning of the word phreaks to make free calls.
"hack" started at MIT; meant  Steve Wozniak and Steve
elegant, witty or inspired way Jobs, future founders of Apple
of doing almost anything; hacks Computer, make and sell blue
were programming shortcuts boxes.
ELDER DAYS (1970-1979) THE GOLDEN AGE (1980-
 1970s: Phone Phreaks and 1991)
Cap'n Crunch: One phreak,  1980: Hacker Message
John Draper (aka "Cap'n Boards and Groups
Crunch"), discovers a toy Hacking groups form; such as
whistle inside Cap'n Crunch Legion of Doom (US), Chaos
cereal gives 2600-hertz signal, Computer Club (Germany).
and can access AT&T's long-  1983: Kids' Games
distance switching system. Movie "War Games"
introduces public to hacking.
THE GREAT HACKER WAR  1989: The Germans ,
 Legion of Doom vs Masters of the KGB and Kevin
Deception; online warfare; Mitnick.
jamming phone lines.
 1984: Hacker 'Zines
 German Hackers
Hacker magazine 2600 publication; arrested for breaking into
online 'zine Phrack. U.S. computers; sold
CRACKDOWN (1986-1994) information to Soviet
 1986: Congress passes Computer KGB.
Fraud and Abuse Act; crime to  Hacker "The Mentor“
break into computer systems. arrested; publishes
 1988: The Morris Worm
Hacker's Manifesto.
Robert T. Morris, Jr., launches self-
replicating worm on ARPAnet. Kevin Mitnick convicted;
first person convicted
under law against gaining
access to interstate
network for criminal
purposes.
 1993: Why Buy a Car  1995: Russian Hackers
When You Can Hack Siphon $10 million from
One? Citibank; Vladimir Levin,
Radio station call-in leader.
contest; hacker-fugitive
Kevin Poulsen and friends
 Oct 1998 teenager hacks
crack phone; they allegedly into Bell Atlantic phone
get two Porsches, $20,000 system; disabled
cash, vacation trips; communication at airport
Poulsen now a freelance disables runway lights.
journalist covering  1999 hackers attack
computer crime. Pentagon, MIT, FBI web
 First Def Con hacking sites.
conference in Las Vegas  1999: E-commerce
ZERO TOLERANCE (1994- company attacked;
1998) blackmail threats followed
 1995: The Mitnick
by 8 million credit card
numbers stolen. (
Takedown: Arrested www.blackhat.info; www.h2k2.net;
again; charged with www.slais.ubc.ca/; www.sptimes.com;
www.tlc.discovery.com)
stealing 20,000 credit card
numbers.
Ec-Council: Certified Ethical
Hacker
EC-Council has certified IT
professionals from the following
organizations as CEH:
Novell, Canon, Hewlett Packard, US Air Force
Reserve, US Embassy, Verizon, PFIZER, HDFC Bank,
University of Memphis, Microsoft Corporation,
Worldcom, Trusecure, US Department of Defense,
Fedex, Dunlop, British Telecom, Cisco, Supreme
Court of the Philippines, United Nations, Ministry of
Defense, UK, Nortel Networks, MCI, Check Point
Software, KPMG, Fleet International, Cingular
Wireless, Columbia Daily Tribune, Johnson &
Johnson, Marriott Hotel, Tucson Electric Power
Company, Singapore Police Force
(Cont.)

PriceWaterhouseCoopers, SAP, Coca-Cola


Corporation, Quantum Research, US Military, IBM
Global Services, UPS, American Express, FBI,
Citibank Corporation, Boehringer Ingelheim, Wipro,
New York City Dept Of IT & Telecom – DoITT,
United States Marine Corps, Reserve Bank of India,
US Air Force, EDS, Bell Canada, SONY, Kodak,
Ontario Provincial Police, Harris Corporation, Xerox,
Philips Electronics, U.S. Army, Schering, Accenture,
Bank One, SAIC, Fujitsu, Deutsche Bank
Hackers are here. Where are
you?
 The explosive growth of the Internet has
brought many good things…As with most
technological advances, there is also a dark side:
criminal hackers.
 The term “hacker” has a dual usage in the
computer industry today. Originally, the term
was defined as:
 HACKER noun. 1. A person who enjoys learning
the details of computer systems and how to
stretch their capabilities…. 2. One who programs
enthusiastically or who enjoys programming
rather than just theorizing about programming.
What is a Hacker?
 Old School Hackers: 1960s style Stanford or MIT
hackers. Do not have malicious intent, but do have
lack of concern for privacy and proprietary
information. They believe the Internet was designed
to be an open system.
 Script Kiddies or Cyber-Punks: Between 12-30;
predominantly white and male; bored in school; get
caught due to bragging online; intent is to vandalize
or disrupt systems.
 Professional Criminals or Crackers: Make a living
by breaking into systems and selling the information.
 Coders and Virus Writers: See themselves as an
elite; programming background and write code but
won’t use it themselves; have their own networks
called “zoos”; leave it to others to release their code
into “The Wild” or Internet. (www.tlc.discovery.com)
What is Ethical Hacking?
 Ethical hacking – defined “methodology adopted by
ethical hackers to discover the vulnerabilities
existing in information systems’ operating
environments.”
 With the growth of the Internet, computer security
has become a major concern for businesses and
governments.
 In their search for a way to approach the problem,
organizations came to realize that one of the best
ways to evaluate the intruder threat to their
interests would be to have independent computer
security professionals attempt to break into their
computer systems.
Who are Ethical Hackers?
 “One of the best ways to evaluate the intruder
threat is to have an independent computer security
professionals attempt to break their computer
systems”
 Successful ethical hackers possess a variety of skills.
First and foremost, they must be completely trustworthy.
 Ethical hackers typically have very strong programming
and computer networking skills.
 They are also adept at installing and maintaining
systems that use the more popular operating systems
(e.g., Linux or Windows 2000) used on target systems.
 These base skills are augmented with detailed knowledge
of the hardware and software provided by the more
popular computer and networking hardware vendors.
What do Ethical Hackers do?
 An ethical hacker’s evaluation of a system’s security
seeks answers to these basic questions:
• What can an intruder see on the target systems?
• What can an intruder do with that information?
• Does anyone at the target notice the intruder’s at
tempts or successes?
• What are you trying to protect?
• What are you trying to protect against?
• How much time, effort, and money are you willing
to expend to obtain adequate protection?
How much do Ethical Hackers
get Paid?
 Globally, the hiring of ethical hackers is on
the rise with most of them working with
top consulting firms.
 In the United States, an ethical hacker can
make upwards of $120,000 per annum.
 Freelance ethical hackers can expect to
make $10,000 per assignment.
 Some ranges from $15,000 to
$45,000 for a standalone ethical
hack.
Certified Ethical Hacker (C|EH)
Training
 InfoSec Academy
 http://www.infosecacademy.com
• Five-day Certified Ethical Hacker (C|EH)
Training Camp Certification Training Program
• (C|EH) examination
• C|EH Certified Ethical
Hacker Training Camp
(5-Day Package)$3,595
($2,580 training only)

(Source: www.eccouncil.org)
Learning Competencies
Required Skills of an Ethical
Hacker
 Routers: knowledge of routers, routing protocols, and
access control lists
 Microsoft: skills in operation, configuration and
management.
 Linux: knowledge of Linux/Unix; security setting,
configuration, and services.
 Firewalls: configurations, and operation of intrusion
detection systems.
 Mainframes
 Network Protocols: TCP/IP; how they function and
can be manipulated.
 Project Management: knowledge of leading, planning,
organizing, and controlling a penetration testing team.

(Source: http://www.examcram.com)
Modes of Ethical Hacking

 Insider attack
 Outsider attack
 Stolen equipment attack
 Physical entry
 Bypassed authentication attack
(wireless access points)
 Social engineering attack
(Source: http://www.examcram.com)
Anatomy of an attack:
• Reconnaissance – attacker gathers
information; can include social engineering.
• Scanning – searches for open ports (port
scan) probes target for vulnerabilities.
• Gaining access – attacker exploits
vulnerabilities to get inside system; used for
spoofing IP.
• Maintaining access – creates backdoor
through use of Trojans; once attacker gains
access makes sure he/she can get back in.
• Covering tracks – deletes files, hides files,
and erases log files. So that attacker cannot be
detected or penalized.

(Source: www.eccouncil.org)
 Hacker classes
• Black hats – highly skilled,
malicious, destructive “crackers”
• White hats – skills used for
defensive security analysts
• Gray hats – offensively and
defensively; will hack for different
reasons, depends on situation.
 Hactivism – hacking for social and political cause.
 Ethical hackers – determine what attackers can
gain access to, what they will do with the
information, and can they be detected.

(Source: www.eccouncil.org)
Teaching Resources: Ethical
Hacking Textbooks
Ec-Council

Certified Ethical Hacker

www.eccouncil.org
ISBN 0-9729362-1-1
Ec-Council Topics Covered
 Introduction to Ethical Hacking
 Footprinting
 Scanning
 Enumeration
 System Hacking
 Trojans and Backdoors
 Sniffers
 Denial of Service
 Social Engineering
 Session Hijacking
 Hacking Web Servers
Ec-Council (Cont.)

 Web Application Vulnerabilities


 Web Based Password Cracking Techniques
 SQL Injection
 Hacking Wireless Networks
 Viruses
 Novell Hacking
 Linux Hacking
 Evading IDS, Firewalls and Honeypots
 Buffer Overflows
 Cryptography
Certified Ethical Hacker Exam
Prep

http://www.examcram.com
ISBN 0-7897-3531-8
Certified Ethical Hacker Exam
Prep
 The Business Aspects of Penetration Testing
 The Technical Foundations of Hacking
 Footprinting and Scanning
 Enumeration and System Hacking
 Linux and automated Security Assessment
Tools
 Trojans and Backdoors
 Sniffers, Session Hyjacking, and Denial of
Service
Certified Ethical Hacker Exam
Prep (Cont.)
 Web Server Hacking, Web Applications,
and Database Attacks
 Wireless Technologies, Security, and
Attacks
 IDS, Firewalls, and Honeypots
 Buffer Overflows, Viruses, and Worms
 Cryptographic Attacks and Defenses
 Physical Security and Social Engineering
Hands-On Information Security
Lab Manual, Second Edition
1. Footprinting
2. Scanning and Enumeration
3. Operating System Vulnerabilities
and Resolutions
4. Network Security Tools and
Technologies
5. Security Maintenance
6. Information Security
Management
7. File System Security and
Cryptography
8. Computer Forensics http://www.course.com/
ISBN 0-619-21631-X
Hacking Tools: Footprinting and
Reconnaissance
Whois
Whois (cont.)

http://www.allwhois.com/
Whois (cont.)
Sam Spade
Sam Spade (Cont.)
Nslookup
Nslookup Options
Traceroute
Ping
Ping Options
Hacking Tools: Scanning and
Enumeration
nmap
NMapWin
SuperScan
SuperScan (Cont.)
IP Scanner
Hyena
Retina
LANguard
Hacking Tools: System Hacking
telnet
Snadboy
Password Cracking with
LOphtcrack
Keylogger
Hacking Tools: Trojans and
Backdoors
NetBus
Game Creates Backdoor for
NetBus
SubSeven
Hacking Tools: Sniffers
Spoofing a MAC address
Original Configuration
Spoofed Mac
Ethereal
Iris
Snort
Hacking Tools: Web Based
Password Cracking
Cain and Abel
Cain and Abel (Cont.)
Cain and Abel (Cont.)
Legion
Brutus
Hacking Tools: Covering Tracks
ImageHide
ClearLogs
ClearLogs (Cont.)
Hacking Tools: Google Hacking
and SQL Injection
Google Hacking
Google Cheat Sheet
SQL Injection
 Allows a remote attacker to
execute arbitrary database
commands
 Relies on poorly formed database queries and
insufficient
input validation
 Often facilitated, but does not rely on
unhandled
exceptions and ODBC error messages
 Impact: MASSIVE. This is one of the most
dangerous
vulnerabilities on the web.
Common Database Query
Problem: Unvalidated Input
Piggybacking Queries with
UNION
Hacker Challenge Websites
http://www.hackr.org/mainpage.php
Hackthissite.org

http://www.hackthissite.org
Answers revealed in code
Hackits

http://www.hackits.de/challenge/
Additional Web Sites
Legion of Ethical Hacking
Legion of Ethical Hacking (Cont.)
Hacker Highschool

http://www.hackerhighschool.org/
Hacker Highschool
johnny.ihackstuff.com/
HappyHacker.org
Foundstone
Insecure.org
SANS Institute
Questions & Answers

You might also like