Ethical Hacking

ABSTRACT:
The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers. Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with pornography, read their email, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization's secrets to the open Internet. With these concerns and others, the ethical hacker can help. This paper describes ethical hackers: their skills, their attitudes, and how they go about helping their customers find and plug up security holes. Today more and more softwares are developing and people are getting more and more options in their present softwares. But many are not aware that they are being hac by a black hat hacker apart from the methodology used by him. From the point of view of the user one should know at least some of these because some hackers make use of those who are not aware of the various hacking method s to hack into a system. Also when thinking from the point of view of the developer, he also should be aware of these since he identifying and patching known security vulnerabilities on systems owned by other parties. ked without their knowledge. One reaction to this state of affairs is a behavior termed Ethical Hacking" which attempts to proactively increase security protection by, host or target scanning, gaining access, maintaining access and clearing tracks. For ethical hacking we should know about the various tools and methods that can be used A good ethical hacker should know the methodology chosen by the hacker like reconnaissance should be able to close holes in his software even with the usage of the various tools. With the advent of new tools the hackers may make new tactics. But at least the software will be resistant to some of the tools.

V.P.I.M.S.R.

Page 1

Ethical Hacking

INTRODUCTION:
Ethical hackers employ the same tools and techniques as the intruders. They neither damage the target systems nor steal information. The tool is not an automated hacker program rather it is an audit that both identifies the vulnerabilities of a system and provide advice on how to eliminate them. Ethical hacking also known as penetration testing or white-hat hacking, involves the same tools, tricks, and techniques that hackers use, but with one major difference that Ethical hacking is legal. Ethical hacking is performed with the targets permission. The intent of ethical hacking is to discover vulnerabilities from a hackers viewpoint so systems can be better secured. Its part of an overall link formation risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors claims about the security of their products are legitimate.

HOW IT ALL BEGAN? (HISTORY):

1960s: The Dawn of Hacking Original meaning of the word "hack" started at MIT; meant elegant, witty or inspired way of doing almost anything; hacks were programming shortcuts. 1970s: Phone Phreaks and Cap'n Crunch One phreak, John Draper (aka "Cap'n Crunch"), discovers a toy whistle inside Cap'n Crunch cereal gives 2600-hertz signal, and can access AT&T's longdistance switching system. 1980: Hacker Message Boards and Groups Hacking groups form; such as Legion of Doom (US), Chaos Computer Club (Germany). 1983: Kids' Games Movie "War Games" introduces public to hacking. 1989: The Germans , the KGB and Kevin Mitnick. Kevin Mitnick was the first person convicted under law against gaining access to interstate network for criminal purposes. 1995: The Mitnick Takedown: The Mitnick arrested again; charged with stealing 20,000 credit card numbers

V.P.I.M.S.R.

Page 2

Ethical Hacking

SECURITY:
Security is the condition of being protected against danger or loss. In the general sense, security is a concept similar to safety. In the case of networks the security is also called the information security. Information security means protecting information and information systems from unauthorized access, use,

disclosure, disruption, modification, or destruction

NEED FOR SECURITY:

Computer security is required because most organizations can be damaged by hostile software or intruders. There may be several forms of damage which are obviously interrelated which are produced by the intruders. These include: Lose of confidential data Damage or destruction of data Damage or destruction of computer system Loss of reputation of a company

HACKING
Hacking is unauthorized use of computer and network resources. The term "Hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications. This complimentary description was often extended to the verb form "hacking" which was used to describe the rapid crafting of a new program or the making of changes to existing, usually complicated software.

TYPES OF HACKER:
1. Script Kiddies 2. White Hat Hackers 3. Black Hat Hackers 4. Gray Hat Hackers 5. Hacktivists 6. Spy Hackers 7. Cyber Terrorists

V.P.I.M.S.R.

Page 3

Ethical Hacking

Types of Hacker in Detail

1. Script Kiddies: The term script kiddie has come into vogue in recent years. The term refers to crackers who use scripts and programs written by others to perform their intrusions. If one is labeled a script kiddies, then he or she is assumed to be incapable of producing his or her own tools and exploits, and lacks proper understanding of exactly how the tools he or she uses work. As will be apparent by the end of this chapter, skill and knowledge (and secondarily, ethics) are the essential ingredients to achieving status in the minds of hackers. By definition, a script kiddie has no skills, no knowledge, and no ethics. 2. White Hat Hackers: The term white hat hacker is also often used to describe those who attempt to break into systems or networks in order to help the owners of the system by making them aware of security flaws, or to perform some other altruistic activity. Many such people are employed by computer security companies; these professionals are sometimes called sneakers. Groups of these people are often called tiger teams. The primary difference between white and black hat hackers is that a white hat hacker claims to observe ethical principles. Like black hats, white hats are often intimately familiar with the internal details of security systems, and can delve into obscure machine code when needed to find a solution to a tricky problem. Some use the term grey hat and fewer use brown hat to describe someone's activities that cross between black and white. 3. Black Hat Hackers : A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent. The term white hat is used for a person who is ethically opposed to the abuse of computer systems, but is frequently no less skilled. Usually, a black hat is a person who uses their knowledge of vulnerabilities and exploits for private gain, rather than revealing them either to the general public or the manufacturer for correction. Many black hats hack networks and web pages solely for financial gain.

V.P.I.M.S.R.

Page 4

Ethical Hacking 4. Gray Hat Hackers: A gray hat, in the hacking community, refers to a skilled hacker who sometimes acts legally, sometimes in good will, and sometimes not. They are a hybrid between white and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits. Grey hats are hackers who may work offensively or defensively, depending on the situation. This is the dividing line between hacker and cracker. Both are powerful forces on the Internet, and both will remain permanently. And some individuals qualify for both categories. 5. Hacktivism: Hacktivism is the act of hacking, or breaking into a computer system, for a politically or socially motivated purpose. The individual who performs an act of hacktivism is said to be a hacktivist. A hacktivist uses the same tools and techniques as a hacker, but does so in order to disrupt services and bring attention to a political or social cause. For example, one might launch a denial-of-service attack to disrupt traffic to a particular site. 6. Spy Hackers: Corporations hire hackers to infiltrate the competition and steal trade secrets. They may hack in from the outside or gain employment in order to act as a mole. Spy hackers may use similar tactics as hacktivists, but their only agenda is to serve their clients goals and get paid. 7. Cyber Terrorists: These hackers, generally motivated by religious or political beliefs, attempt to create fear and chaos by disrupting critical infrastructures. Cyber terrorists are by far the most dangerous, with a wide range of skills and goals. Cyber Terrorists ultimate motivation is to spread fear, terror and commit murder. 8. Nation state: Governments around the globe realize that it serves their military objectives to be well positioned online. The saying used to be, He who controls the seas controls the world, and then it was, He who controls the air controls the world. Now its all about controlling cyberspace. State sponsored hackers have limitless time and funding to target civilians, corporations, and governments.

V.P.I.M.S.R.

Page 5

Ethical Hacking

TYPES OF ATTACKS:
1. Snooping: This is when someone looks through your files in the hopes of finding something interesting whether it is electronic or on paper. In the case of physical snooping people might inspect your dumpster, recycling bins, or even your file cabinets; they can look under your keyboard for post-It-notes, or look for scraps of paper tracked to your bulletin board. 2. Spoofing Attacks (IP Address Spoofing) Most networks and operating systems use the IP address of a computer to identify a valid entity. In certain cases, it is possible for an IP address to be falsely assumed identity spoofing. An attacker might also use special programs to construct IP packets that appear to originate from valid addresses inside the corporate intranet. After gaining access to the network with a valid IP address, the attacker can modify, reroute, or delete your data. 3. Password Based Attacks: A common denominator of most operating system and network security plans is password-based access control. This means your access rights to a computer and network resources are determined by who you are, that is, your user name and your password. Older applications do not always protect identity information as it is passed through the network for validation. This might allow an eavesdropper to gain access to the network by posing as a valid user. When an attacker finds a valid user account, the attacker has the same rights as the real user. Therefore, if the user has administrator-level rights, the attacker also can create accounts for subsequent access at a later time. After gaining access to your network with a valid account, an attacker can do any of the following: Obtain lists of valid user and computer names and network information. Modify server and network configurations, including access controls and routing tables. Modify, reroute, or delete your data.

V.P.I.M.S.R.

Page 6

Ethical Hacking 4. Denial-of-service (DoS) Attacks: Unlike a password-based attack, the denial-of-service attack prevents normal use of your computer or network by valid users. After gaining access to your network, the attacker can do any of the following:

Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately, which allows the attacker to make more attacks during the diversion.

Send invalid data to applications or network services, which causes abnormal termination or behavior of the applications or services.

Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.

Block traffic, which results in a loss of access to network resources by authorized users.

5. Distributed denial-of-service (DDoS) Attacks: This is similar to a DoS attack. This type of attack amplifies the concepts of DoS attacks by using multiple computer systems to conduct the attack against a single organization. These attacks exploit the inherent weaknesses of dedicated networks such as DSL and Cable. These permanently attached systems have little, if any, protection. The attacker can load an attack program onto dozens or even hundreds of computer systems that use DSL or Cable modems. 6. Back door Attacks: This can have two different meanings, the original term back door referred to troubleshooting and developer hooks into systems. During the development of a complicated operating system or application, programmers add back doors or maintenance hooks. These back doors allow them to examine operations inside the code while the program is running. The second type of back door refers to gaining access to a network and inserting a program or utility that creates an entrance for an attacker. The program may allow a certain user to log in without a password or gain administrative privileges.

V.P.I.M.S.R.

Page 7

Ethical Hacking 7. Application-Layer Attack: An application-layer attack targets application servers by

deliberately causing a fault in a server's operating system or applications. This results in the attacker gaining the ability to bypass normal access controls. The attacker takes advantage of this situation, gaining control of your application, system, or network, and can do any of the following: Read, add, delete, or modify your data or operating system. Introduce a virus program that uses your computers and software applications to copy viruses throughout your network. Introduce a sniffer program to analyze your network and gain information that can eventually be used to crash or to corrupt your systems and network. Abnormally terminate your data applications or operating systems. Disable other security controls to enable future attacks.

8. Man-in-the-Middle Attacks: As the name indicates, a man-in-the-middle attack occurs when someone between you and the person with whom you are communicating is actively monitoring, capturing, and controlling your communication transparently. For example, the attacker can re-route a data exchange. When computers are communicating at low levels of the network layer, the computers might not be able to determine with whom they are exchanging data. 9. Eavesdropping In general, the majority of network communications occur in an unsecured or "cleartext" format, which allows an attacker who has gained access to data paths in your network to "listen in" or interpret (read) the traffic. When an attacker is eavesdropping on your communications, it is referred to as sniffing or snooping. The ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face in an enterprise. Without strong encryption services that are based on cryptography, your data can be read by others as it traverses the network.

V.P.I.M.S.R.

Page 8

Ethical Hacking 10. Virus A virus is maliciously written code that replicates itself. It may damage hardware, software, or information files. By definition, human interaction is necessary for a virus to spread to another user's files. New viruses are discovered daily. Most famous computer attacks are viruses, which have been around for the longest time. They install themselves onto the computers and spread to the other files on the system. They often spread through external hard drives, or through certain internet sites or through email attachments. Once the viruses are launched, they become independent of the creator and aim to infect a number of files and other systems. 11. Worm Worms can be called the cousins of viruses. The difference between viruses and worms is that worms infect the system without any kind of assistance from the user. The first step that worms take is to scan the computers and exploit vulnerabilities. Then it copies itself onto the system infecting the system, and the process is repeated. 12. Trojan In the list of computer attacks, Trojan horses rank right after the viruses. They often disguise themselves in a piece of software, in screen saver, or in a game, which appears to work normally. However, once they are copied onto the system, they will infect the system with a virus or root kit. In other words, they act as carriers of viruses or root kits, to infect the system. 13. Root Kit Hackers gain access into the system with the use of root kit drivers and take full charge of the computer. These are among the most dangerous computer attacks, as the hacker can gain more control over the system, than the owner of the system. In some cases, hackers have been able to also turn on the victim's webcam and watch the activities of the victim, without the victim knowing about it at all.

V.P.I.M.S.R.

Page 9

Ethical Hacking

HOW HACKING IS DONE?

Now days more and more organizations are moving their business processes online. With this transition, protecting the confidentiality and privacy of the information used during these processes has become very essential. Because many automated processes rely on electronic documents that contain mission-critical, personal, and sensitive information, organizations must make significant investments to properly protect these documents. In order to make your website less attractive to the hackers you should know how they attack your website and what are the things that make a website vulnerable to these. Therefore in order to create a secure website, a web developer must first understand how hacking is done so that proper care could be taken to prevent this. In todays article I am going to tell you some techniques that the hackers use to get access to any website inside. Cross-site scripting The most common and popular technique of hacking is the cross-site scripting. It is also known as XSS. It is very easy way of hacking therefore it is a big threat to the website security system. Cross-site scripting is a security loophole on a website that is hard to detect and stop, making the site vulnerable to attacks from malicious hackers. This type of hacking can be carried out in different ways, DOM-based, stored or reflected. In a typical XSS attack the hacker infects a legitimate web page with his malicious client-side script. When a user visits this web page the script is downloaded to his browser and executed. SQL Injection It is a trick to inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database. The most easiest way to enter your information inside anyone elses website is through SQL Injection. This process involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application. Whenever a you enter any text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data youve entered against the relevant table in the database. If your input data by chance matches table/row data, youre granted access. If not then you have to try again. Theft of FTP Passwords Page 10

V.P.I.M.S.R.

Ethical Hacking FTP password attacking is also another very common way through which websites get modified without their owners permission. This type of hacking take advantage of the fact that many of the poorly protected PCs in the world happen to belong to webmasters whose website login information is stored on their personal computers. The theif search the victims PC for FTP login passwords and relay them to a remote computer. The remote computer logs into the website and modifies the pages to install new copies.

REQUIRED SKILLS OF AN ETHICAL HACKER:

Routers: Knowledge of routers, routing protocols, and access control lists (ACLs). Microsoft: Skills in the operation, configuration, and management of Microsoftbased systems. Linux: A good understanding of the Linux/UNIX OS. This includes security setting, configuration, and services such as Apache. Firewalls: Knowledge of firewall configuration and the operation of intrusion detection systems (IDS) and intrusion prevention systems (IPS). Mainframes: Although mainframes do not hold the position of dominance they once had in business, they still are widely used. Network protocols: Most modern networks are (TCP/IP), although you might still find the occasional network that uses Novell or Apple routing information. Project management: Someone will have to lead the security test team, and if you are chosen to be that person, you will need a variety of the skills and knowledge types listed previously.

V.P.I.M.S.R.

Page 11

Ethical Hacking

ETHICAL HACKING
Ethical hacking defined methodology adopted by ethical hackers to discover the vulnerabilities existing in information systems operating environments. With the growth of the Internet, computer security has become a major concern for businesses and governments. In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems. Definition: Ethical hacking is a process in which an authenticated person, who is a computer and network expert, attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. In order to test the system an ethical hacker will use the same principles as the usual hacker uses, but reports those vulnerabilities instead of using them for their own advantage.

WHO ARE ETHICAL HACKERS?

These early efforts provide good examples of ethical hackers. Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy. While testing the security of a clients systems, the ethical hacker may discover information about the client that should remain secret. In many cases, this information, if publicized, could lead to real intruders breaking into the systems, possibly leading to financial losses. During an evaluation, the ethical hacker often holds the keys to the company, and therefore must be trusted to exercise tight control over any information about a target that could be misused. The sensitivity of the information gathered during an evaluation requires that strong measures be taken to ensure the security of the systems being employed by the ethical hackers themselves: limited-access labs with physical security protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to hold paper documentation from clients, strong cryptography to protect electronic results, and isolated networks for testing.

V.P.I.M.S.R.

Page 12

Ethical Hacking

WHAT DO ETHICAL HACKERS DO?

An ethical hackers evaluation of a systems security seeks answers to three basic questions: a) What can an intruder see on the target systems? b) What can an intruder do with that information? c) Does anyone at the target notice the intruders attempts or successes? While the first and second of these are clearly important, the third is even more important: If the owners or operators of the target systems do not notice when someone is trying to break in, the intruders can, and will, spend weeks or months trying and will usually eventually succeed. When the client requests an evaluation, there is quite a bit of discussion and paperwork that must be done up front. The discussion begins with the clients answers to questions similar to those posed by Garfinkel and Spafford. 1. What are you trying to protect? 2. What are you trying to protect against? 3. How much time, effort, and money are you willing to expend to obtain adequate protection? A surprising number of clients have difficulty precisely answering the first question: a medical center might say our patient information, an engineering firm might answer our new product designs, and a Web retailer might answer our customer database.

V.P.I.M.S.R.

Page 13

Ethical Hacking

THE ETHICAL HACKING PROCESS

Like practically any IT or security project, ethical hacking needs to be planned in advance. Strategic and tactical issues in the ethical hacking process should be determined and agreed upon. Planning is important for any amount of testing from a simple password-cracking test to an all-out penetration test on a Web application. 1. Formulating your plan: Approval for ethical hacking is essential. Make what we were doing known and visible at least to the decision makers. Obtaining sponsorship of the project is the first step. This could be your manager, an executive, a customer, or even yourself if youre the boss. You need someone to back you up and sign off on your plan. Otherwise, your testing may be called off unexpectedly if someone claims they never authorized you to perform the tests. A well defined scope includes the following information: Specific systems to be tested Risks that are involved When the tests are performed and your overall timeline How the tests are performed How much knowledge of the systems you have before you start testing What is done when a major vulnerability is discovered The specific deliverables -this includes security-assessment reports and a higher-level report outlining the general vulnerabilities to be addressed, along with countermeasures that should be implemented. When selecting systems to test, start with the most critical or vulnerable systems. For instance, you can test computer passwords or attempt social engineering attacks before drilling down into more detailed systems. 2. Selecting tools: As with any project, if you dont have the right tools for ethical hacking, accomplishing the task effectively is difficult. Having said that, just because you use the right tools doesnt mean that you will discover all vulnerabilities. Automatic tools has changed the world of penetration

testing/ethical hacking, IT security researcher has been developed and currently developing different tools to make the test fast, reliable and easy.

V.P.I.M.S.R.

Page 14

Ethical Hacking Just consider the world without automatic tools, you can easily say that the hacking process is slow and time consuming. We have discussed different tools before but in this article we summaries the best tools that are widely used in the world of hacking. Some favorite commercial, freeware, and open-source security tools are: a) NmapNo words for the Nmap, Nmap is a best tool ever that are used in the second phase of ethicalhacking means port scanning, Nmap was originally command line tool that has been developed for only Unix/Linux based operating system but now its windows version is also available and ease to use. It is use for Operating system fingerprinting too for more information click here to learn. b) NessusNessus is the world most famous vulnerability scanner, Nessus has been developed by Tenable network security, it is available for free of cost for non-enterprise environment means for home user. It is a network vulnerability scanner and use for finding the critical bugs on a system. Click here to learn more about Nessus. c) NiktoNikto is a free and open source tool, It checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers, It find out the default files and programs. It is a best tool for web server penetration testing. Click here to learn more about Nikto. d) KismetNow a days Wardriving or Wireless LAN(WLAN) hacking is in market and different companies hire penetration tester for doing test on wireless network, this test requires some tools, so Kismet is a best choice for do this. Kismet identifies networks by passively collecting packets and detecting networks, which allows it to detect (and given time, expose the names of) hidden networks and the presence of non-beaconing networks via data traffic.

V.P.I.M.S.R.

Page 15

Ethical Hacking e) MetaSploitThe best tool ever, Metasploit contain a database that has a list of available exploit and it is easy to use and best tool for doing penetration testing, Metasploit framework is a sub project and is use to execute exploit code against a machine and get the desire task done. Click here to learn more. f) NetStumblerOnce again for wardriving, well netstumbler are available

for windows based operating system, it works on windows based operating system.It can detect WiFi that is IEEE 802.11b, 802.11g and 802.11a networks. MiniStumbler is also available and works on Windows CE based system. g) WireShark: WireShark is a free and best Network Packet Analyzer tool for UNIX and Windows. It is used for networking troubleshooting, Malware analysis and education. 3. Executing the plan: Ethical hacking can take persistence. Time and patience are important. Be careful when we were performing our ethical hacking tests. A hacker in our network or a seemingly benign employee looking over our shoulder may watch whats going on. This person could use this information against us. Its not practical to make sure that no hackers are on our systems before we start. Just make sure we keep everything as quiet and private as possible. This is especially critical when transmitting and storing our test results. If possible, encrypt these e-mails and files using Pretty Good Privacy (PGP) or something similar. At a minimum, password-protect them. 4. Evaluating results: Assess your results to see what you uncovered, assuming that the vulnerabilities havent been made obvious before now. This is where knowledge counts. Evaluating the results and correlating the specific vulnerabilities discovered is a skill that gets better with experience. Youll end up knowing your systems as well as anyone else. This makes the evaluation process much simpler moving

V.P.I.M.S.R.

Page 16

Ethical Hacking forward. Submit a formal report to upper management or to your customer, outlining your results. Keep these other parties in the loop to show that your efforts and their money are well spent. Chapter 17 describes this process. 5. Moving on: When youve finished your ethical hacking tests, you still need to implement your analysis and recommendations to make sure your systems are secure. New security vulnerabilities continually appear. Information systems constantly change and become more complex. New hacker exploits and security vulnerabilities are regularly uncovered. You may discover new ones! Security tests are a snapshot of the security posture of your systems. At any time, everything can change, especially after software upgrades, adding computer systems, or applying patches. Plan to test regularly (for example, once a week or once a month). Chapter 19 covers managing security changes.

V.P.I.M.S.R.

Page 17

Ethical Hacking

GOALS OF ETHICAL HACKING

Before an ethical hacker can begin the process they must create a plan, such as: 1. Identify any and all networks they will test 2. Detail the testing interval 3. Detail the testing process 4. Create their plan and then share it with stakeholders 5. Get the plan approved

BENEFITS OF ETHICAL HACKING

Most of the benefits of ethical hacking are obvious, but many are overlooked. The benefits range from simply preventing malicious hacking to preventing national security breaches. The benefits include: 1. Fighting against terrorism and national security breaches. 2. Having a computer system that prevents malicious hackers from gaining access. 3. Having adequate preventative measures in place to prevent security breaches.

DRAWBACKS OF ETHICAL HACKING

As with all types of activities which have a darker side, there will be dishonest people presenting drawbacks. The possible drawbacks of ethical hacking include: 1. The ethical hacker using the knowledge they gain to do malicious hacking activities. 2. Allowing the company's financial and banking details to be seen. 3. The possibility that the ethical hacker will send and/or place malicious code, viruses, malware and other destructive and harmful things on a computer system. 4. Massive security breach.

V.P.I.M.S.R.

Page 18

Ethical Hacking

CONCLUSION
One of the main aims of the seminar is to make others understand that there are so many tools through which a hacker can get in to a system. Lets check its various needs from various perspectives. 1. Student A student should understand that no software is made with zero Vulnerabilities. So while they are studying they should study the various possibilities and should study how to prevent that because they are the professionals of tomorrow. 2. Professionals Professionals should understand that business is directly related to Security. So they should make new software with vulnerabilities as less as possible. If they are not aware of these then they wont be cautious enough in security matters. In the preceding sections we saw the methodology of hacking, why should we aware of hacking and some tools which a hacker may use. Now we can see what we can do against hacking or to protect ourselves from hacking. 3. The first thing we should do is to keep ourselves updated about those softwares we and using for official and reliable sources. 4. Educate the employees and the users against black hat hacking. 5. Use every possible security measures like Honey pots, Intrusion Detection Systems, Firewalls etc. 6. every time make our password strong by making it harder and longer to be cracked.

V.P.I.M.S.R.

Page 19

Ethical Hacking

REFERENCES
1. Unofficial guide to ethical hacking by ANKIT FADIA 2. http://en.wikipedia.org/wiki/Hacker 3. www.hackers.com 4. www.hackerethics.com

V.P.I.M.S.R.

Page 20

Ethical Hacking

BIBLIOGRAPHY

V.P.I.M.S.R.

Page 21