Information Security & Ethical Hacking
This document discusses information security and ethical hacking. It covers various security measures like defense in depth, password security, antivirus software, and data backups. It then explains that ethical hacking, or penetration testing, involves thinking like a hacker to test a system's security vulnerabilities but with permission and without malicious intent. Various ethical hacking techniques are outlined, like footprinting, scanning, enumeration, and intrusive probing. The goal of ethical hacking is to strengthen security by identifying weaknesses before criminals can exploit them. Finally, it discusses cross-site scripting attacks, which inject malicious scripts into legitimate trusted sites and how they are a significant web security risk.
Information Security & Ethical Hacking
- 1. INFORMATION SECURITY & ETHICAL HACKING
- 5. Defense in DepthWireless SecurityAnti-VirusAnti-spywareWired/wireless networkComputerPassword SecuritySoftwareSoftware updatesDataOnline SecurityAccount SecurityPhysical SecurityAnti-SpamBackup
- 6. Update Software Use Antivirus Software Use Anti-Spyware Use Strong Passwords Secure Your Accounts Secure Your Physical Environment Keep Wireless Devices Secure Practice Online Safety Send and Receive Secure Messages Back Up Your Data Layered Defense
- 10. SECURITY AND HACKING TOGETHER“To catch a thief , think like a thief.”The idea is that if as a security professional you don’t know what threats you are facing from crackers/hackers, you will never be able to build an efficient security system.
- 12. What is Ethical HackingAlso Called –Penetration Testing, White-hat hackingHackingProcess of breaking into systems for:Personal or Commercial Gains
- 13. Malicious Intent – Causing sever damage to Information & AssetsEthicalConforming to accepted professional standards of conductBlack-hat – Bad guysWhite-hat - Good Guys
- 14. Ethical Hacking
- 15. SocialEngineeringAutomatedAttacksOrganizationalAttacksRestrictedDataAccidental Breaches in SecurityDenial ofService (DoS)Viruses, Trojan Horses, and WormsWhy – Ethical HackingProtection from possible External Attacks
- 24. Information Gathering about system and network
- 25. WhoIs Queries, Locate network range
- 26. Scanning
- 27. Identifying active hosts and its vulnerabilities on a network
- 28. Identifying services "well-known" port
- 29. Enumeration
- 31. User names, passwords, vulnerabilities, etc
- 32. Gaining Access (system hacking)
- 33. Viruses, Worms, Trojans and Spyware
- 34. No Password
- 38. Network Sniffing
- 78. IntroductionMost web sites today contain dynamic content which makes a website more enjoyable
- 79. By creating a dynamic web site you are making yourself susceptible to a popular and very powerful security vulnerability
- 80. This threat is called Cross-Site Scripting
- 81. Also known as XSS, it is defined as the number one and utmost prevalent web site vulnerability on the internet
- 83. XSS Attacks Used For:
- 84. THE END!Beware of the Cross - Eyed Scripting Bug!