Professional Documents
Culture Documents
2008 Batch-I
Module I
Introduction to Ethical
Hacking
Module Objectives
Computer Crimes
Modes of Ethical Hacking
and Implications
Problem Definition – Why Security?
Reconnaissance
• Active/passive
Scanning Reconnaissance
Clearing
Tracks
Gaining access
• Operating system level/
application level
• Network level
• Denial of service
Maintaining
Maintaining access Scanning
Access
• Uploading/altering/
downloading programs or
data
Gaining
Covering tracks Access
Phase 1 - Reconnaissance
INFORMATION ANALYSIS
AND PLANNING VULNERABILITY ANALYSIS
VULNERABILITY DETECTION
COUNTERMEASURES
RESULT, ANALYSIS
AND REPORTING UPDATE INFORMATION
CLEAN UP
“If you know the enemy and know yourself, you need
not fear the result of a hundred battles.”
– – Sun Tzu, Art of War
Ethical hackers try to answer:
• What can the intruder see on the target system?
(Reconnaissance and Scanning phase of hacking)
• What can an intruder do with that information? (Gaining Access
and Maintaining Access phases)
• Does anyone at the target notice the intruders attempts or
success? (Reconnaissance and Covering Tracks phases)
If hired by any organization, an ethical hacker asks the
organization what it is trying to protect, against whom
and what resources it is willing to expend in order to
gain protection.
Skill Profile of an Ethical Hacker
(8) knowingly, and with intent to defraud, uses, produces, traffics in,
has control or custody of, or possesses a scanning receiver;
(9) knowingly uses, produces, traffics in, has control or custody of, or
possesses hardware or software, knowing it has been configured to
insert or modify telecommunication identifying information
associated with, or contained in, a telecommunications instrument
so that such instrument may be used to obtain telecommunications
service without authorization; or
(10) without the authorization of the credit card system member or its
agent, knowingly, and with intent to defraud, causes or arranges
for another person to present to the member or its agent, for
payment, 1 or more evidences or records of transactions made by
an access device.
Penalties