Lab 3 Introduction To Ethical Hacking
Lab 3 Introduction To Ethical Hacking
Lab 03
Introduction to
Ethical Hacking
What You Can Do Legally
2
Laws of the Land
3
Is Port Scanning Legal?
Some states deem it legal
Not always the case
Federal Government does not see it as a violation
▪ Allows each state to address it separately
Read your ISP’s “Acceptable Use Policy”
IRC “bots” may be forbidden
▪ Program that sends automatic responses to users
▪ Gives the appearance of a person being present
4
What You Cannot Do Legally
6
Risk and Its Protection by Implementing CIA
CIA Risk Control
Confidentiality Loss of privacy. Encryption.
Unauthorized access to Authentication. Access
information. Control
Identity theft.
Integrity Information is no longer reliable Maker/Checker. Quality
or accurate. Fraud. Assurance.
Audit Logs
Availability Business disruption. Loss of Business continuity.
customer’s confidence. Loss of Plans and test. Backup
revenue. storage. Sufficient
capacity.
7
Information Security Threats and Attack Vectors
8
Information Security Threats and Attack Vectors
Reconnaissance
Scanning Gaining Access
and Footprinting
Maintaining
Clearing Tracks
Access
11
Reconnaissance
• Reconnaissance is an initial preparing phase for the attacker to get ready for
an attack by gathering the information about the target before launching an
attack using different tools and techniques.
• Gathering of information about the target makes it easier for an attacker, even
on a large scale. Similarly, in large scale, it helps to identify the target range.
12
Type of Reconnaissance
• In Passive Reconnaissance, the hacker is acquiring the information about
target without interacting the target directly.
• An example of passive reconnaissance is public or social media
searching for gaining information about the target.
13
Scanning
• Scanning phase is a pre-attack phase. In this phase, attacker scans the
network by information acquired during the initial phase of
reconnaissance.
• Scanning tools include Dialler, Scanners such as Port scanners,
Network mappers, client tools such as ping, as well as vulnerabilities
scanner.
14
Gaining Access
• Gaining access phase of hacking is the point where the hacker gets the
control over an operating system, application or computer network.
• Control gained by the attacker defines the access level such as operating
system level, application level or network level access.
• Techniques include password cracking, denial of service, session hijacking
or buffer overflow and others are used to gain unauthorized access. After
accessing the system; the attacker escalates the privileges to obtain
complete control over services and process and compromise the connected
intermediate systems.
15
Maintaining Access / Escalation of Privileges
16
Clearing Tracks
1. Learning ability
2. Problem-solving skills
3. Communication skills
4. Committed to security policies
5. Awareness of laws, standards, and regulations.
19
Mind Map
20
Network Vulnerability Assessment Methodology
21