Kottam college of engineering

KURNOOL

ETHICAL HACKING
By

M.Neeraja Priyanka Tiwari

 Hardware Hands-on

is just as important as software

means you can break it.. Permanently fun would equipment be if it only had one purpose?

What

 Understanding

hacker objectives. Out lining the differences between ethical hackers and malicious hackers Examining how the ethical hacking process has come about. Understanding the dangers that your computer systems face

An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit.

Although ethical is an often over used and misunderstood word , the Merriam Webster dictionary defines ethical perfectly for the context of the professional security testing techniques

 Hacker i)

ii)

is a word that has two meanings: Traditionally, a hacker is someone who likes to tinker with software or electronic systems. Hackers enjoy exploring and learning how computer systems operate. They love discovering new ways to work electronically. Recently hacker has taken on a new meaning someone who maliciously Breaks into systems for personal gain. Technically

Specific systems to be tested Risks that are involved. when the tests are performed and your overall timeline. how the tests are performed. How much knowledge of the systems you have before you start testing what is done when a major vulnerability is discovered what is done when a major vulnerability is discovered The specific deliverables this includes securityassessment reports Covers hiring reformed hackers.

 Hacking

preys on weak security practices and undisclosed vulnerabilities. Vulnerabilities that affect everything as ethical hacking too far, though. It makes little sense to harden your systems from unlikely attacks.

Hacktivism

Fusion of hacking and activism. The act of hacking or breaking into a computer system, for a politically or socially motivated purpose. The individual who performs an act of hacktivism is said to be a hacktivist. Computer hacking always involves some degree of infringement on the privacy of others or damage to computer-based property such as files, web pages or software. The impact of computer hacking varies from simply being simply invasive and annoying to destructive.

Hacker: A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is cracker.

Cracker: One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker. An earlier attempt to establish `worm' in this sense around 1981--82 on Usenet was largely a failure. though crackers often like to describe themselves as hackers, most true hackers consider them a separate and lower form of life.

 Hackers

in Eastern Europe hacked about 1 million credit card numbers from 40 financial companies in the United States in 2003 alone. 64% of companies suffered losses from hackers activities. More serious offenders, able to cause damage to a system, are known as hackers.

 There are 3 groups of crackers: Vandals: hack computer systems

for

destruction (deleting files). Jokers: the most harmless; hacking systems and carrying in different sounds, noises, and visual effects. Breakers: professional criminals commit hacking of computer systems with the purpose of money theft, industrial or commercial espionage, and thefts of expensive software.

 First,

you need to scan for a victim & setup your card. For atheros, Kismet automatically detects, others you will need to edit Kismets config. Once you know the bssid & channel you need, set your network card to Monitor.

airodump to record all of the IVs youll need to crack Use aireplay to inject a mass quantity to get new IVs to use to crack the key. Youll need at least 100,000 keys to crack a 128-bit WEP key, generally 200-300k is good.
Use

 Any

of the following combination may be used.. Remote network. Remote dial-up network. Local network. Stolen laptop computer. Social engineering. Physical entry.

 Never

underestimate the attacker or overestimate our existing posture. A company may be target not just for its information but potentially for its various transactions. To protect against an attack, understanding where the systems are vulnerable is necessary. Ethical hacking helps companies first comprehend their risk and then, manage them.

 Always

security professionals are one step behind the hackers and crackers. Plan for the unplanned attacks. The role of ethical hacking in security is to provide customers with awareness of how they could be attacked and why they are targeted. Security though a pain, is necessary.

 1.www.javvin.com 2.www.computerworld.com 3.www.research.ibm.com/journals 4.www.howstuffworks.com 5.Information

Technology journal,september,august 2005,published by EFY. journal on" security and privacy

6.IEEE

 Collection

of all discoveries made during evaluation. Specific advice on how to close the vulnerabilities. Testers techniques never revealed. Delivered directly to an officer of the client organization in hard-copy form. Steps to be followed by clients in future.

Feel free to send me any comments / suggestions / requests for any slides presented by US.