Introduction to Ethical Hacking Basics

Sep 22, 2024

Introduction to Ethical Hacking

Overview

  • First lecture of the course on ethical hacking.
  • Focus on defining ethical hacking, its scope, and course coverage.

What is Ethical Hacking?

  • Definition: Ethical hacking involves locating weaknesses and vulnerabilities in computer systems and networks.
  • Distinction from Malicious Hacking: Ethical hackers aim to identify vulnerabilities with good intent and legal permission from the network owners.
  • Related Terms:
    • Penetration Testing: The practice of testing a system's security by mimicking real hacking attempts.
    • Intrusion Testing / Red Teaming: Other terms for similar activities.

Roles of Ethical Hackers

  • Ethical hackers are typically employed by organizations to conduct penetration testing.
  • They provide a report of vulnerabilities found but generally do not offer solutions unless additional fees are paid.

Common Terminologies in Hacking

  • Hacking: A skilled process involving expertise in breaking into networks.
  • Cracking: Breaching security systems.
  • Spoofing: Falsifying identity to gain unauthorized access.
  • Denial of Service (DoS): Flooding a system with traffic to render it unusable.
  • Port Scanning: Identifying active ports on a system to find vulnerabilities.

Gaining Access to Systems

  • Front Door Access: Traditional method of logging in with valid credentials (e.g., passwords).
  • Back Door: Hidden entry points left by developers, often for recovery or maintenance purposes.
  • Trojan Horses: Malicious software hidden in legitimate programs.
  • Software Vulnerabilities: Exploiting known weaknesses in software.

Actions After Gaining Access

  • Modifying logs to erase traces of access.
  • Stealing or modifying files and data.
  • Installing backdoors for future access.
  • Launching attacks on other systems in a network.

Roles of Testers

  • Script Kiddies: Inexperienced hackers using scripts from the web.
  • Experienced Penetration Testers: Develop their own scripts and tools to conduct tests.
  • Tiger Box: A collection of operating systems and tools used for penetration testing.

Penetration Testing Methodologies

  • White Box Model: Complete information provided by the company about the network.
  • Black Box Model: Tester must gather necessary information independently.
  • Gray Box Model: A mix of both, with partial information provided.

Legal Considerations

  • Legal frameworks vary by country; understanding the laws regarding ethical hacking is crucial.
  • Actions that are illegal: unauthorized access, installing malware, denial of service attacks.

Skills Needed for Ethical Hacking

  • Sound knowledge of networking and computer technology.
  • Communication skills to collaborate with others.
  • Familiarity with relevant laws and regulations.
  • Access to necessary tools for testing.

Course Coverage

  • Basic networking concepts.
  • Cryptographic techniques and their applications in security.
  • Case studies of secure applications.
  • Unconventional attacks, particularly hardware-based attacks.
  • Demonstration of various penetration testing tools.

Conclusion

  • The course aims to provide knowledge that will be useful for aspiring ethical hackers.