Ethical Hacking

Assignment

Submitted by-: Submitted to-:

Vikas Sharma Dr. Er. Akshay
Roll No. 15192610061 Bhardwaj

Class Roll No.: 19117

B.Tech. IT 5Th Semester
 Section A

1. The Business Perspective: Business Objectives:

Business Objectives of ethical hacking.
1.The main objective is software security and identify the weakness in the
company firewall.
2. The other objective is to secure important data from enemies.
3.Third objective is to learn new skills.
4. The next is to protect big companies and big system from attackers.

2. Security Policy:
A security policy describes information security objectives and strategies of
an organization. The basic purpose of a security policy is to protect people
and information, set the rules for expected behaviors by users, define, and
authorize the consequences of violation.

3. Previous Test Results:

A company may have identified specific vulnerabilities during the previous
test resulting in the acceptance of that risk. There are many organizations
that have tests performed regularly with their own set of results
recommendations, and implemented counter measures. Example: Business
model stress testing.

4. Planning for a Controlled Attack: Inherent Limitation:

Inherent limitation are such features that exists independently outside the
power of the constitution. The inherent limitations are as follows:
1.Human error
2. Missing Segregation of Duties
3. Collusion
 4. Management override.

5. Imposed limitation:
The limitation of something is the act of controlling or reducing it. Self-
Imposed limitation are shackles that hold us down and prevent us from
achieving our potential.

6. Timing is everything:
The right timing is a crucial aspect of business which allows us to achieve
more in a shorter period of time. A timing attack is a security exploit that
allows an attacker to discover vulnerabilities in the security of a computer
by studying how long it takes the system to respond to different inputs.

7. Attack Type:
An attack can be active or passive. An “active attack” attempts to alter
system resources or affect their operation. A ‘passive attack’ attempts to
learn or make use of information from the system but does not affect
system resources.

8. Source Point:
There are several types of attack that can be employed to help a company
determine its exposure. Typically, these are broken into three major areas,
each resulting in various conclusion about where the attack is launched.
1. Internet
2. Extranet
3. Intranet

9. Required knowledge:
Knowledge allows us to think about issues, topics and challenges from
many perspectives. One of the 1st steps in establishing the rules of
engagement is considering what information about the target should be
provided to the tester. Following are some definitions of information
provisioning:
 1. Zero knowledge
2. Limited knowledge
3. Total exposure

10. Multi Phased Attacks:

A multiphase attack involves first reconnaissance, scanning, gaining access,
maintaining access and clearing attack.

11. Teaming and Attack Structure:

A red team is a group that plays the role of an enemy or competitor and
provides security feedback from that perspective. Red team are used in
many fields, especially in cybersecurity, airport security. The blue team
defends against and responds to the red team attack.

12. Engagement Planner:

Every ethical hacking has rules of engagement which defines how a ethical
hack would be laid out, what methodology would be used, the start and end
dates, the milestones, the goal of the penetration test, the liabilities and
responsibilities.

13. The Right Consultant:

A security consultant also sometimes called a security analyst, pinpoints
vulnerabilities in computer system, networks, and software programs and
works toward solution to strengthen them against hackers. This consultant
role is a strong example of a highly specialized IT occupation.

14. The Tester:

A tester essentially does need to have a comprehensive knowledge of
everything rather required to have the knowledge of only the specific area
for which he conducts pen testing. An ethical hacker essentially needs to
have a comprehensive knowledge of software programming as well as
hardware.
15. Logistics:
The practical organization and detailed arrangements needed to make a
complicated plan, involving a lot of people and equipment successful.

16. Intermediate:
Intermediate ethical hacking hands on training provides an intermediate
level of white, grey and black hat skills every cyber security professional
needs to know.

17. Law Enforcement:

Law enforcement specifically the FBI is getting more and more involved
with internet attacks. Usually, the FBI only becomes involved after the
attack to help investigate the crime in support of the victim.

18. Preparing for a hack: Technical Preparation:

Technically preparing to execute a test is arguably one of the most
undocumented elements of a penetration test. Some aspects of getting
technically ready to run an attack.
1. Attacking System
2. OS
3. Tools.

19. Managing the Engagement:

Engagement management is a term that is mostly associated with project
management. It is a management process that brings together client
relations, project management, delivery management and quality
management.
 20. Reconnaissance: Social Engineering:
Social engineering reconnaissance involves collecting the necessary
information to plan and execute the engagement. The information collected
during this phase forms a foundation for success during the rest of the
exercise.

21. Physical Security:

Physical security is the protection of personnel, hardware, software,
networks and data from physical actions and events that could cause serious
loss or damage to an enterprise, agency or institution. This includes
protection form fire, flood, natural disasters, burglary, theft, vandalism and
terrorism.

22. Internet Reconnaissance:

In the context of cybersecurity reconnaissance is the practice of covertly
discovering and collecting information about a system. This method is
often used in ethical hacking or penetration testing.

Section C

1. Enumeration:
Enumeration Techniques:
Enumeration is basically counting. A hacker established an active
connection to the target host. The vulnerabilities are then counted and
assessed enumeration is used to collect usernames, hostnames, IP
addresses, passwords, configuration.

2. Soft Objective:
The ethical hacker’s goal is to test the safety of an organization’s
information system to improve their security. Given the value of ethical
hacking, especially considering the damage caused by a successful
 malicious hacking, there is increasing interest in deploying ethical hackers
to combat today’s cyber threats.

3. Looking Around or Attack:

The enumeration phase is pretty straightforward and there is not much need
to explain the concept in great detail. The most fundamental characteristic
to remember is enumeration is somewhere between collecting available
information and attacking a target.

4. Elements of Enumeration:
In computer programming an enumerated type (also called enumeration,
enumeration or factor in the programming language and a categorical
variable in statistics.) is a data type consisting of a set of named values
called elements, members, e-numeral or enumeration of the type.

5. Preparing for the next phase exploitation: Intuitive

Testing:
In this case the ethical hackers are getting into the minds of computer
criminals; think like them to find about innovative ways the hackers may
use to get into the system.

6. Evasion:
In network security, evasion is bypassing an information security defense in
order to deliver an exploit, attack or other form of malware to a target
network or system, without detection.

7. Threads and Groups:

A thread group represent a set of threads. A thread group can also include
the other thread group. The thread group creates a tree in which every
thread group except the initial thread group has a parent.

8. Operating System:
Kali Linux maintained and founded by offensive Security ltd. is one of the
well-known and favorite ethical hacking operating system used by hackers.
 Ethical hacking is identifying weakness in computer system or networks to
exploit its vulnerabilities so they can be fixed later. Hacker use various
techniques to identify threats and thereby increase the security of the
device.

9. Password cracker:
Password are in general the keys to get access into a system or an account.
In general people tend to set passwords, that are easy to remember, such as
their date of birth, names of family members, mobile networks etc. This is
what makes the password weak and prone to easy hacking.

10. Rootkits:
A rootkit is a collection of malicious computer software created to get
access to a target computer and often hides its existence or the existence of
other software.

11. Application:
Ethical hacking is a process of detecting vulnerabilities in an application,
system or organization infrastructure that an attacker can use to exploit an
individual or organization. They use this process to prevent cyberattack and
security breaches by lawfully hacking into the system and looking for weak
points.

12. War dialing:

War dialing is a technique to automatically scan a list of telephone
numbers, usually dialing every number in a local area code to search for
modems, computers, bulletin board system and fax.

13. Network:
A network is a group of two or more devices that are connected to each
other to share the data or share the resource. A network contains a number
of different computer system that is connected by a physical of wireless
connection like server or router. This router has direct access to the internet.
14. Services and Areas of Concern:
The goal of ethical hacking services is to find security vulnerabilities that
can give access to a hacker and result in security breaches then they will
bypass your security system and look for any weak points in the security
network that could be used by a malicious hacker.

Section D

1. Deliverable: The Deliverable

Deliverable communicate the results of test in several ways. The
deliverable phase is the only way for an ethical hacker to convey the results
of their tests. Recently ethical hacking has having economic value.

2. The Document
The document deliverables include the finalization of the statement of
work, requirements definition, work breakdown structure, bill of material, a
final acceptance test plan and all the documents required during
implementation such as site survey results, proposed schedule, testing
results.

3. Overall Structure
It includes
1. Design drawings
2. Proposals
3. Project Report
4. Building permit
5. Finished product – a building, a road section, a bridge.
6.
4. Aligning Finding
Project aligning is a process of aligning project activities and goals with the
strategic vision of the organization. In most cases, project managers have
extensive knowledge of the project alignment process and will usually
 assist top management in properly aligning their strategic goals with project
at hand.

5. Presentation Integration: Integrating the results

Integrating in hacking means to combine two or more things in order to
become more effective. You need to integrate exercise into our normal life.
Integration can dramatically increase productivity reduce wasted time.

6. Integration Summary
Integrations are connections between systems and application that work
together as a whole to share information and data. It increases productivity
reduce wasted time due to manual processes and IT resources and can help
our business scale for future growth.

7. Mitigation
IT threat mitigation is therefore defined as the corrective actions,
prevention or remedies put in place to combat or reduce IT threat on a
computer, server or network.

8. Defense Planning
Defense planning encompasses the planning of armaments, logistics,
command, control, communication, resource, civil military emergencies
and in some cases nuclear planning.

9. Incident management
An incident is an event that could lead to loss of or disruption to an
organization’s operations, services or functions. Incident Management is a
term describing the activities of an organization to identify analyze and
correct hazards to prevent a future re-occurrence.

10. Security Policy

The Policy provides the following protection: It blocks the unauthorized
users from accessing the systems and networks that connect to the internet.
It detects the attacks by cyber criminals.

11. Conclusion
Ethical hacking is not a criminal activity and should not be considered as
such while it is true that malicious hacking is a computer crime and
criminal activity, ethical hacking is never a crime. Ethical hacking is in line
with industry regulation and organizational IT policies.