Hacking is a very common word now a day. Every other day we have attacks on cyberspace. According to studies, there is one cybercrime in India every 10 minutes. Ethical hacking is a concept where the Ethical Hacker (Security professional) performs penetration testing to find out the vulnerabilities and patch them before any black hat hacker exploits them. CEH Training of EC Council Certified Courses is the best certification to learn CEH – Ethical Hacking.
Terms of Ethical Hacking
These is Specific terms that are used in Ethical Hacking in CEH Training :
- Hack Value
- Zero Day Attack
- Daisy Chaining
Elements of Information Security
Confidentiality, Integrity, Availability, Authenticity, Non-Repudiation
The level of security in any system can be defined by the strength of three components
Security(Restriction), Functionality(Features), Usability(GUI)
How does an Information Security attack happen?
Different Category of Information Security Threats
- NETWORK THREATS: Information Gathering, Sniffing and Eavesdropping, Spoofing, DOS, Password-Based Attack, ARP Poisoning, etc.
- HOST THREATS: Footprinting, Malware Attack, Unauthorized Access, DOS Attack, Privilege Escalation.
- APPLICATION THREAT: Input Validation, Security Misconfiguration, Buffer Overflow, Cryptography Attack.
What is Hacking?
It is the process of finding out the system vulnerabilities and then exploiting them by getting unauthorized access to the system resources.
- White Hat
- Black Hat
- Grey Hat
- Suicide Hackers
- Script Kiddies
- Cyber terrorists
- State-sponsored Hackers
1. RECONNAISSANCE: It’s the preparatory phase also known as Information gathering about the target network before launching an attack.
Active and Passive
2. SCANNING: The attacker scans the networks of the target on the basis of information gathered in the Reconnaissance phase using the port scanner, and ping tools and tries to get information about the live system details etc.
3. GAINING ACCESS: The attacker can gain access at the operating system, network, or application level using open ports, session hijacking, password cracking, etc.
4. MAINTAINING ACCESS: In this phase, the attacker tries to retain his ownership of the system by using back doors, rootkits, and Trojans.
5. CLEARING TRACKS: In this phase cover the tracks to hide his identity.
Types of Security Policy
- Promiscuous Policy
- Permissive Policy
- Prudent Policy
- Paranoid Policy
Penetration Testing Training is the method of evaluating the security of an information system or any network by simulating an attack to find out vulnerabilities that an attacker could exploit.
White Box, Black Box, Grey Box
Phases of Penetration Testing
- PRE-ATTACK PHASE: Planning and Preparation, Methodology Designing, Network Information Gathering
- ATTACK PHASE: PenetratingPerimeter, acquiring the target, escalating privilege, execution, implantation, retracting
- POST-ATTACK PHASE: Reporting, CleanUp, Artefact destruction
Security Testing Methodology
- EC Council LPT Methodology
Information Security Standards
- PCI DSS
- ISO 27001:2013