ETHICAL HACKING A LICENCE TO HACK - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

ETHICAL HACKING A LICENCE TO HACK

Description:

ETHICAL HACKING A LICENCE TO HACK INTRODUCTION Ethical hacking- also known as penetration testing or intrusion testing or red teaming has become a major concern for ... – PowerPoint PPT presentation

Number of Views:2969
Avg rating:3.0/5.0
Slides: 26
Provided by: Rav49
Category:

less

Transcript and Presenter's Notes

Title: ETHICAL HACKING A LICENCE TO HACK


1
ETHICAL HACKINGA LICENCE TO HACK
2
INTRODUCTION
  • Ethical hacking- also known as penetration
    testing or intrusion testing or red teaming has
    become a major concern for businesses and
    governments.
  • Companies are worried about the possibility of
    being hacked and potential customers are
    worried about maintaining control of personal
    information.
  • Necessity of computer security professionals to
    break into the systems of the organisation.

3
INTRODUCTION
  • Ethical hackers employ the same tools and
    techniques as the intruders.
  • They neither damage the target systems nor steal
    information.
  • The tool is not an automated hacker program
    rather it is an audit that both identifies the
    vulnerabilities of a system and provide advice on
    how to eliminate them.

4
PLANNING THE TEST
  • Aspects that should be focused on
  • Who should perform penetration testing?
  • How often the tests have to be conducted?
  • What are the methods of measuring and
    communicating the results?
  • What if something unexpected happens during the
    test and brings the whole system down?
  • What are the organization's security policies?

5
The minimum security policies that an
organization should posses
  • Information policy
  • Security policy
  • Computer use
  • User management
  • System administration procedures
  • Incident response procedures
  • Configuration management
  • Design methodology
  • Disaster methodology
  • Disaster recovery plans.

6
Ethical hacking- a dynamic process
  • Running through the penetration test once gives
    the current set of security issues which subject
    to change.
  • Penetration testing must be continuous to ensure
    that system movements and newly installed
    applications do not introduce new vulnerabilities
    into the system.

7
Who are ethical hackers
  • The skills ethical hackers should posses
  • They must be completely trustworthy.
  • Should have very strong programming and computer
    networking skills and have been in networking
    field for several years.

8
Who are ethical hackers
  • Should have more patience.
  • Continuous updating of the knowledge on computer
    and network security is required.
  • They should know the techniques of the criminals,
    how their activities might be detected and how to
    stop them.

9
Choice of an ethical hacker
  • An independent external agency.
  • black box testing.
  • An expertise with in your own organization.
  • white box testing.

10
AREAS TO BE TESTED
  • Application servers
  • Firewalls and security devices
  • Network security
  • Wireless security

11
Red Team-Multilayered Assessment
  • Various areas of security
  • are evaluated using a
  • multilayered approach.
  • Each area of security defines how the target will
    be assessed.
  • An identified vulnerability at one layer may be
    protected at another layer minimizing the
    associated risk of the vulnerability.

12
Information security (INFOSEC)- A revolving
process
13
(No Transcript)
14
Attacks on Websites- Denial of
service attack
  • Some hackers hack your websites just because they
    can.
  • They try to do something spectacular to exhibit
    their talents.
  • Their comes the denial of service attack.
  • During the attacks, customers were unable to
    reach the websites, resulting in loss of revenue
    and mind share.
  • On January 17, 2000, a U.S. library of congress
    website was attacked.

15
(No Transcript)
16
(No Transcript)
17
The ethical hack itself
  • Testing itself poses some risk to the client.
  • Criminal hacker monitoring the transmissions of
    ethical hacker could trap the information.
  • Best approach is to maintain several addresses
    around the internet from which ethical hackers
    originate.
  • Additional intrusion monitoring software can be
    deployed at the target.

18
IBMS Immune system for Cyber space
  • Any of the following combination may be used
  • Remote network.
  • Remote dial-up network.
  • Local network.
  • Stolen laptop computer.
  • Social engineering.
  • Physical entry.

19
(No Transcript)
20
Competitive Intelligence
  • A systematic and ethical program for maintaining
    external information that can affect your
    companys plans.
  • It is legal collection and analysis of
    information regarding the vulnerabilities of the
    business partners.
  • The same information used to aid a company can be
    used to compete with the company.
  • The way to protect the information is to be aware
    of how it may be used.

21
Information Security Goals
  • Improve IS awareness.
  • Assess risk.
  • Mitigate risk immediately.
  • Assist in the decision making process.
  • Conduct drills on emergency response procedures.

22
Conclusions
  • Never underestimate the attacker or overestimate
    our existing posture.
  • A company may be target not just for its
    information but potentially for its various
    transactions.
  • To protect against an attack, understanding where
    the systems are vulnerable is necessary.
  • Ethical hacking helps companies first comprehend
    their risk and then, manage them.

23
Conclusions
  • Always security professionals are one step behind
    the hackers and crackers.
  • Plan for the unplanned attacks.
  • The role of ethical hacking in security is to
    provide customers with awareness of how they
    could be attacked and why they are targeted.
  • Security though a pain, is necessary.

24
References
  • 1.www.javvin.com
  • 2.www.computerworld.com
  • 3.www.research.ibm.com/journals
  • 4.www.howstuffworks.com
  • 5.Information Technology journal,september,augus
    t 2005,published by EFY.
  • 6.IEEE journal on" security and privacy

25
Queries?
Write a Comment
User Comments (0)
About PowerShow.com