🌐 Lecture 1: Introduction to Ethical Hacking
1. What is Ethical Hacking?
-
Normal hacking → Usually seen as bad (stealing, damaging, misusing).
-
Ethical hacking → Done with permission, to find weaknesses in systems/networks before criminals can exploit them.
-
Ethical hackers behave like real hackers but with good intention.
-
Goal → Find vulnerabilities → Report → Fix them.
Key point (Exam):
Ethical hacking = locating vulnerabilities in computers/networks by imitating malicious hackers, but legally and with permission.
Example:
A bank hires an ethical hacker to test if its online banking system can be hacked. If the hacker finds a weak password entry point, the bank can fix it before criminals attack.
2. Other Names for Ethical Hacking
-
Penetration Testing → Testing if you can “penetrate” the system.
-
Intrusion Testing → Similar meaning.
-
Red Teaming → Team simulating attackers.
Key point: All mean testing a system for vulnerabilities in a legal way.
3. Role of Ethical Hackers
-
They are employed by companies.
-
Companies pay them to check systems and report weak points.
-
Difference from real hackers: Legal + Authorized.
Key point: Ethical hackers test systems legally and report problems (not exploit them).
4. Types of Testing
-
Penetration Testing → Just finds vulnerabilities, gives a report.
-
Security Testing → Includes penetration testing + suggests solutions.
5. Important Terminologies
-
Hacking → Using expertise to break into systems.
-
Cracking → Breaking software/hardware protections.
-
Spoofing → Faking identity (e.g., sending a packet pretending to be from another IP).
-
Denial of Service (DoS) → Flooding a server with junk traffic so real users cannot use it.
-
Port Scanning → Finding open ports (entry points) to exploit.
Example:
-
Spoofing: Attacker sends email pretending to be your bank.
-
DoS: Flooding a website with millions of fake requests until it crashes.
-
Port scanning: Like knocking on all doors of a house to see which door is open.
6. Gaining Access Methods
-
Front Door Access → Normal way (passwords). Hackers may guess/steal passwords.
-
Back Door Access → Hidden entry left by developers (for debugging). Hackers may use it.
-
Trojan Horse → Malicious code hidden in normal software.
-
Software Vulnerability Exploits → Using bugs in software not yet patched.
-
New learners (script kiddies) often use this.
-
7. After Gaining Access, Hackers May:
-
Erase logs (hide evidence).
-
Steal/modify/destroy files.
-
Deface websites (change appearance).
-
Install backdoors for future entry.
-
Use one computer to attack others.
8. Types of Hackers/Testers
-
Script Kiddies → Beginners, just copy-paste codes from internet.
-
Experienced Testers → Write their own scripts/tools in Python, C, JavaScript, etc.
9. Tools for Testing
-
Tiger Box → A laptop with multiple operating systems and hacking tools for testing.
-
Helps to perform vulnerability assessment.
10. Testing Approaches
-
White Box → Tester knows everything about the network (topology, details, can interview staff).
-
Black Box → Tester knows nothing, must discover details.
-
Grey Box → Tester has partial knowledge.
Key point:
White box = full info, Black box = no info, Grey box = partial info.
11. Legal Issues
-
Laws vary by country.
-
Some tools may be illegal in some countries.
-
Always follow laws of the land.
Illegal activities include:
-
Accessing computer without permission.
-
Installing malware/viruses.
-
DoS attacks.
-
Blocking legitimate users.
12. What Ethical Hackers Must Know
-
Strong networking knowledge (how data travels, protocols).
-
Basic cryptography (encryption to secure systems).
-
Good communication skills (talking with teams, reporting).
-
Knowledge of laws.
-
Correct tools.
13. Course Coverage
-
Networking basics.
-
Cryptography concepts.
-
Secure application case studies.
-
Unconventional attacks (like hardware-based).
-
Demonstrations of penetration testing tools.
✅ Final Exam-Oriented Key Points
-
Ethical hacking = legal hacking to find vulnerabilities.
-
Penetration Testing vs Security Testing → PenTest = find issues; Security Testing = find + suggest solutions.
-
Terminologies:
-
Hacking, Cracking, Spoofing, DoS, Port Scanning.
-
-
Access methods: Front door (passwords), Back door (developer’s entry), Trojan, Vulnerability exploits.
-
Types of Testers: Script kiddies vs Experienced testers.
-
Testing models: White box, Black box, Grey box.
-
Legal issues: Unauthorized access, installing malware, DoS are illegal.
-
Skills required: Networking, cryptography, tools, communication, knowledge of laws.
Lecture Summary: Basic Concepts of Networking (for Ethical Hacking course)
1. What is a Computer Network?
-
A computer network is a communication system that connects devices (computers, mobiles, IoT gadgets, etc.) so they can communicate and share resources.
-
Example: Home security cameras connected to the internet and reporting to a central server.
Why Networking?
-
Connectivity (devices can talk to each other).
-
Resource sharing (cloud storage, computing power).
-
Social interaction (social media apps).
Exam Keypoint: A network = communication system for connectivity + resource sharing.
2. Types of Networks
-
LAN (Local Area Network):
-
Covers small area (room, building, campus).
-
High speed, cheaper in long run.
-
Example: Wi-Fi in a college campus.
-
-
WAN (Wide Area Network):
-
Covers large area (cities, countries, continents).
-
Slower, expensive (since you pay service providers).
-
Example: The Internet.
-
Exam Keypoint: LAN = faster + cheaper, WAN = wider + costly.
3. Data Communication in a Network
-
Devices communicate through intermediate nodes (routers).
-
Two methods of transferring data:
-
Circuit Switching
-
Packet Switching
-
4. Circuit Switching
-
A dedicated path (circuit) is established between sender and receiver before communication.
-
Example: Old telephone systems (fixed copper wire path).
-
Steps:
-
Connection Establishment (like dialing a number).
-
Data Transfer (fast, continuous, dedicated bandwidth).
-
Connection Termination (resources released).
-
Advantages:
-
Guaranteed bandwidth.
-
Fast, continuous transmission.
Disadvantages:
-
Inefficient for computer data (bursty traffic).
-
Delay at the start (needs connection setup).
-
Channel may remain unused during silence.
Exam Keypoint: Circuit Switching = Dedicated path, good for voice, bad for bursty computer data.
5. Packet Switching
-
Modern method, used in the Internet.
-
Message is divided into small packets. Each packet has a header (destination address etc.).
-
Packets are sent independently through the network.
-
Uses store-and-forward concept: intermediate nodes store packets in buffers, then forward them.
Advantages:
-
Better link utilization (shared by many).
-
Good for bursty traffic.
-
Can handle different data rates.
-
Allows priority (urgent packets can be sent first).
Disadvantages:
-
Bandwidth not guaranteed (slower if network congested).
Exam Keypoint: Packet Switching = Shared links + packets travel independently + efficient for computer traffic.
6. Virtual Circuits (a type of Packet Switching)
-
Hybrid between circuit switching and packet switching.
-
First, a route is established (like circuit switching).
-
All packets follow the same path.
-
Each packet header only carries a virtual circuit number, not full destination address.
-
Routing tables in routers help forward packets based on circuit number.
Advantages:
-
Order of packets preserved (same path).
-
Less header information.
Disadvantages:
-
Not adaptive (if path becomes slow/congested, still same path is used).
-
Rarely used in modern Internet (instead, datagram method is used).
Exam Keypoint: Virtual Circuit = Pre-decided path, packets follow same route, less flexible.
Final Exam Revision Points
-
Network = communication system for connectivity + sharing.
-
LAN (small, fast, cheap) vs WAN (large, slow, costly).
-
Circuit Switching = dedicated path (good for voice, bad for data).
-
Packet Switching = shared links, store-and-forward, efficient for bursty data.
-
Virtual Circuit = fixed path in packet switching, not adaptive, rarely used today.