ETHICAL HACKING A LICENCE TO HACK

Slides:

Advertisements

Similar presentations

ETHICAL HACKING.

Advertisements

Auditing Concepts.

David A. Brown Chief Information Security Officer State of Ohio

Ethical Hacking Pratheeba Murugesan. HACKER AENDA  What is Ethical Hacking?  Who are ethical hackers?  Every Website-A Target  Get out of jail free.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Hands-On Ethical Hacking and Network Defense

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

1 An Overview of Computer Security computer security.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Controls for Information Security

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

Payment Card Industry (PCI) Data Security Standard

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

CYBER CRIME AND SECURITY TRENDS

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network security policy: best practices

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

ETHICAL HACKING ETHICAL HACKING A LICENCE TO HACK Submitted By: Usha Kalkal M.Tech(1 st Sem) Information technology.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Defining Security Issues

Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.

Cyber crime & Security Prepared by : Rughani Zarana.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 4 Finding Network Vulnerabilities By Whitman, Mattord, & Austin© 2008 Course Technology.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.

Prepared by: Dinesh Bajracharya Nepal Security and Control.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Web Site Content Protection Solution. Protecting Web Site Content with.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Chapter 1 Ethical Hacking Overview. Objectives After reading this chapter and completing the exercises, you will be able to: Describe the role of an ethical.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Note1 (Admi1) Overview of administering security.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Introduction to Information Security

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

E NGINEERING STUDIES IN T ELECOMMUNICATIONS S ECURITY School of Communication Engineering.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.

Web Security Introduction to Ethical Hacking, Ethics, and Legality.

Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.

Chapter 1 Ethical Hacking Overview. Hands-On Ethical Hacking and Network Defense2  Describe the role of an ethical hacker  Describe what you can do.

Role Of Network IDS in Network Perimeter Defense.

BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.

Regional Telecommunications Workshop on FMRANS 2015 Presentation.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

CITA 352 Chapter 1 Ethical Hacking Overview. Introduction to Ethical Hacking Ethical hackers –Hired by companies to perform penetration tests Penetration.

PRESENTED BY : Bhupendra Singh

Welcome to the ICT Department Unit 3_5 Security Policies.

HACKING Submitted By: Ch. Leela Sasi, I M.C.A, Y11MC29011, CJJC P.G College.

Performing Risk Analysis and Testing: Outsource or In-house

Seminar On Ethical Hacking Submitted To: Submitted By:

Critical Security Controls

Security Standard: “reasonable security”

Real-time protection for web sites and web apps against ATTACKS

Security Engineering.

Ethical Hacking.

Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.

Introduction to Computer Ethics

Cloud Computing for Wireless Networks

Presentation transcript:

ETHICAL HACKING A LICENCE TO HACK

INTRODUCTION Ethical hacking- also known as penetration testing or intrusion testing or red teaming has become a major concern for businesses and governments. Companies are worried about the possibility of being “hacked” and potential customers are worried about maintaining control of personal information. Necessity of computer security professionals to break into the systems of the organisation.

INTRODUCTION Ethical hackers employ the same tools and techniques as the intruders. They neither damage the target systems nor steal information. The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them.

PLANNING THE TEST Aspects that should be focused on: Who should perform penetration testing? How often the tests have to be conducted? What are the methods of measuring and communicating the results? What if something unexpected happens during the test and brings the whole system down? What are the organization's security policies?

The minimum security policies that an organization should posses Information policy Security policy Computer use User management System administration procedures Incident response procedures Configuration management Design methodology Disaster methodology Disaster recovery plans.

Ethical hacking- a dynamic process Running through the penetration test once gives the current set of security issues which subject to change. Penetration testing must be continuous to ensure that system movements and newly installed applications do not introduce new vulnerabilities into the system.

Who are ethical hackers The skills ethical hackers should posses They must be completely trustworthy. Should have very strong programming and computer networking skills and have been in networking field for several years.

Who are ethical hackers Should have more patience. Continuous updating of the knowledge on computer and network security is required. They should know the techniques of the criminals, how their activities might be detected and how to stop them.

Choice of an ethical hacker An independent external agency. black box testing. An expertise with in your own organization. white box testing.

AREAS TO BE TESTED Application servers Firewalls and security devices Network security Wireless security

Red Team-Multilayered Assessment Various areas of security are evaluated using a multilayered approach. Each area of security defines how the target will be assessed. An identified vulnerability at one layer may be protected at another layer minimizing the associated risk of the vulnerability.

Information security (INFOSEC)- A revolving process

Attacks on Websites:- Denial of service attack Some hackers hack your websites just because they can. They try to do something spectacular to exhibit their talents. Their comes the denial of service attack. During the attacks, customers were unable to reach the websites, resulting in loss of revenue and “mind share”. On January 17, 2000, a U.S. library of congress website was attacked.

The ethical hack itself Testing itself poses some risk to the client. Criminal hacker monitoring the transmissions of ethical hacker could trap the information. Best approach is to maintain several addresses around the internet from which ethical hackers originate. Additional intrusion monitoring software can be deployed at the target.

IBM’S Immune system for Cyber space Any of the following combination may be used Remote network. Remote dial-up network. Local network. Stolen laptop computer. Social engineering. Physical entry.

Competitive Intelligence A systematic and ethical program for maintaining external information that can affect your company’s plans. It is legal collection and analysis of information regarding the vulnerabilities of the business partners. The same information used to aid a company can be used to compete with the company. The way to protect the information is to be aware of how it may be used.

Information Security Goals Improve IS awareness. Assess risk. Mitigate risk immediately. Assist in the decision making process. Conduct drills on emergency response procedures.

Conclusions Never underestimate the attacker or overestimate our existing posture. A company may be target not just for its information but potentially for its various transactions. To protect against an attack, understanding where the systems are vulnerable is necessary. Ethical hacking helps companies first comprehend their risk and then, manage them.

Conclusions Always security professionals are one step behind the hackers and crackers. Plan for the unplanned attacks. The role of ethical hacking in security is to provide customers with awareness of how they could be attacked and why they are targeted. “Security though a pain”, is necessary.

References 1.www.javvin.com 2.www.computerworld.com 3.www.research.ibm.com/journals 4.www.howstuffworks.com 5.”Information Technology” journal,september,august 2005,published by EFY. 6.IEEE journal on" security and privacy”

Queries?