Ethical Hacking

Pratheeba Murugesan
HACKER
AENDA
♦ What is Ethical Hacking?
♦ Who are ethical hackers?
♦ Every Website-A Target
♦ Get out of jail free card
♦ Kinds of Testing
♦ Final Report
Ethical Hacking
♦ Independent computer security
Professionals breaking into the
computer systems.
♦ Neither damage the target
systems nor steal information.
♦ Evaluate target systems security
and report back to owners about
the vulnerabilities found.
Ethical Hackers but not Criminal
Hackers
♦ Completely trustworthy.
♦ Strong programming and computer
networking skills.
♦ Learn about the system and trying to
find its weaknesses.
♦ Techniques of Criminal hackers-
Detection-Prevention.
♦ Published research papers or released
security software.
♦ No Ex-hackers.
Being Prepared
♦ What can an intruder see on the target systems?
♦ What can an intruder do with that information?
♦ Does anyone at the target notice the intruder's attempts
or successes?

1. What are you trying to protect?

2. Who are you trying to protect against?
3. How much time, effort, and money are you willing to
expend to obtain adequate protection?
Get out of Jail free card
♦ Security evaluation plan
1. Identify system to be tested
2. How to test?
3. Limitations on that testing
♦ Evaluation done under a “no-holds-barred”
approach.
♦ Clients should be aware of risks.
♦ Limit prior knowledge of test.
Kinds of Testing
♦ Remote Network
♦ Remote dial-up network
♦ Local network
♦ Stolen laptop computer
♦ Social engineering
♦ Physical entry

1.Total outsider
2.Semi-outsider
3.Valid user
Final Report
♦ Collection of all discoveries made during
evaluation.
♦ Specific advice on how to close the
vulnerabilities.
♦ Testers techniques never revealed.
♦ Delivered directly to an officer of the client
organization in hard-copy form.
♦ Steps to be followed by clients in future.
Suggestions?