campus.murraystate.edu
Download
Report
Transcript campus.murraystate.edu
Ethical Hacking
By
Wesley Morefield
Kinds of Hackers
1. Black Hat / Destructive
2. White Hat / Ethical
3. Gray Hat
The Bad
Script Kiddies
Hacktivists
State Sponsored
Spy Hackers
Cyber Terrorists
Black Hat
Black Hat Hacker
Wants to get into your network or computer.
Uses any means available to gain access.
Don't care about damages caused from their
hacking.
Reasons
These people are after information
Credit card/Bank account numbers
Login information
Corporate secrets
Free Service
Steps
Information gathering
Scanning
Getting Access
Maintain Access
Cover Tracks
Information Gathering
Locating a target
Find information about the target
IP address
Social engineering
Scanning
Looking for open ports
Find out what operating system is on the target
Identifying services
Getting Access
Weak passwords
Spoof emails
Exploit Vulnerabilities
Maintain Access
Malware
Backdoor
Cover Tracks
Install Rootkit
Delete log files
Change system files
Notable Hackers
Randal Schwartz
Author of Learning Perl
Used password cracker on Intel's computers
He wanted to maintain access to his email
when he no longer had access to the network
Amassed a large number of passwords
Gary Mckinnon
Accused of hacking into 97 military and NASA
computers
Was searching for information about UFO
coverups.
Kevin Mitnick
Most notorious hacker
Started at 12 years old
Was charged in 1995 for wire fraud and for
breaking into the computers of several
corporations.
Malware Growth
Q1 of 2010 58,000 new
malware per day.
Q1 of 2011 73,000 new
malware per day.
Increase of over 25%.
Types of Malware
Antivirus Detection Rate
Ethical Hacker
Tests networks
Finds weaknesses
Notifies those in charge of the pitfalls of their
network.
Tools Used
Port scanners
Vulnerability scanners
Exploit lists
Reverse Engineering
Detection
Locate any current hacks
Search for any current password attacks
Ensure there isn't an outside IP performing port
scans on the network
Monitor network traffic
Scan for open ports
Conclusion
Lock down the network
Ensure all software is up to date
Identify unpatched vulnerabilities and exploits
Check for current virus definitions
Questions
Is it ethical for books and other material to be
released that goes into detail about the process
hackers use to gain entry into a computer?
References
http://hackingalert.blogspot.com/2011/03/how-to-hack-websiteweb-server-3-step.html
Gray Hat Hacking
http://billmullins.wordpress.com/2011/03/17/pandalabs-reports-73000-new-malware-threats-every-day/
http://www.sun.com/blueprints/0502/816-4816-10.pdf
http://en.wikipedia.org/wiki/Timeline_of_computer_security_hacker_history
http://www.computereconomics.com/article.cfm?id=1225
http://tjscott.net/policy/kevin1.htm
http://www.takedown.com/coverage/mitnick-timeline.html
http://www.wired.com/science/discoveries/news/2007/02/72647
http://www.knowthetrade.com/ethical-hacking.html