This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Ethical hacking is an emerging tools used by most of the organizations for testing network security. The security risks and vulnerabilities in a network can be recognized with the help of ethical hacking. This research completely concentrates on ethical hacking, problems that may occur while hacking process is in progress and various ethical hacking tools available for organizations. Information is the important source for any organizations while executing business operations. Organizations and government agencies have to adopt ethical hacking tools in order secure important documents and sensitive information (Harold F. Tipton and Micki Krause, 2004). Ethical hacker professionals have to be hired in order to test the networks effectively. Ethical hackers perform security measure on behalf of the organization owners. In order to bring out the ethical hacking efforts perfectly a proper plan must be executed. Ethical hacking has the ability to suggest proper security tools that can avoid attacks on the networks. Hacking tools can be used for email systems, data bases and voice over internet protocol applications in order to make communications securely. Ethical hacking can also be known as penetration testing which can be used for networks, applications and operating systems (Jeff Forristal and Julie Traxler, 2001). Using hacking tools is a best method for identifying the attacks before it effect the entire organization. Ethical hackers are nothing but authorized users for the sensitive information or networks of an organization. Using hacking techniques for handling employees in organization and for solving critical judicial cases is not a crime. An ethical hacker use same tools and actions as performed by normal hacker. The main aspect in ethical hacking is that target permission is essential for performing hacking on the information. Ethical hacking can be used while performing security audits in the organization (Kevin Beaver, 2010). Thus, ethical hacking can help in testing the networks by finding out various vulnerabilities. In ethical hacking, a user will get permission to access the important data.
Aims and Objectives
To investigate the importance of ethical hacking and its implementation in organizations
- Finding the importance of ethical hacking tools
- Understanding the ethical hacking process
- Implementing ethical hacking tools in an organization
Purpose of Study
The main of this research is to recognize ethical hacking tools that can be used in organizations and government agencies. Testing the networks is essential in order to maintain security for the organizational information. The difficulties in networks have to be recognized by the security professional so that they can be solved before effecting the organization operations (James S. Tiller, 2005). This research also focuses on carrying out the ethical hacking tools in a particular organization. The advantages of using ethical hacking in business firms can be evaluated by this study. Ethical hacking tools can be implemented in various fields of applications. Various security professionals can be efficient in ethical hacking tools by undergoing a training process. Another major intension of this research is to identify the importance of ethical hacking professionals in providing security to the networks. (Nina Godbole, 2008). Thus, this research entirely focuses on ethical hacking tools which can be implemented for testing the networks.
This research on ethical hacking can be very useful to many organizations as it can provide clear idea about hacking tools. Security professionals and normal users have to be trained well in order to use hacking tools. The importance of ethical hacking while solving many judicial cases can be identified with the help of this research. Management of an organization can be benefited largely through implementing hacking tools. Hacking tools implementation process can be understood with the help of this research (Ronald L. Krutz and Russell Dean Vines, 2007). Network security or data security engineers in organization will come to know about new ethical hacking methods and techniques that are available in the present market by concentrating on this research. The concepts in this study provide knowledge related to security improvements. Business users can hack the data in order to use it for the purpose of evaluating a correct process. Management has to take precautionary measures while allowing the professional to hack ethically because data may be misused (Rajat Khare, 2006). Scholars who concerned with information security can take the help of this study for attaining the knowledge on hacking systems. Many organizations are encouraging ethical hacking professionals in order to control their business operations effectively. Email systems, data bases and communication applications can avoid or identify attacks by adopting the hacking tools. Malicious attacks on the information or software can be prevented by implementing this research while using ethical hacking tools. The organizations that concerned with security in networks have to use ethical hacking tools (Greg Meyer and Steven Casco, 2002). Hence from the above discussion it can be understood that, business firms, investigating agencies, government systems and web users can make use of this research to achieve the important information in authorized manner.
Chapter 2:Literature Review
Ethical Hacking and its importance
The word hacking is defined as an illegal use of the other's computer system or the network resources. Hacker is the term which is formerly meant for the skillful programmer. This is mostly found in the countries like United States and many other countries. The word hacker refers to the names of the persons who enjoys the work in learning the details of the computer systems and stretch the capabilities from the system (Rajat Khare, 2006). The system of hacking describes the fast improvement in the new programs that make the codes for the providing a better security to the system with more efficiency. The word cracker also belongs to the same field it make use of the hacking skills for the unlawful purposes like email id, intruding into other's system. Hacking is of different types such as back door hacking, viruses and worms, Trojan horses, Denial of Services, anarchists, crackers, kiddies and ethical hacking (Kevin Beaver, 2010). In the types of hacking system one of the most common hacking is ethical hacking. This is defined as the services that provides the securities for the customer's networks, information assets and identifies the vulnerabilities to maintain the reputation of the corporate sectors before it exploit the company. This type of the hacking system provides the high securities to the customer's methodologies and techniques to yield high qualities of infrastructures. The ethical hacking system includes some of the service like:
- Application Testing
- War Dialing
- Network Testing
- Wireless Security
- System Hardening
This is an uncover design or the logic flaws which result in the compromising with the unauthorized accessing of the systems, networks, applications or the information regarding the systems. This application testing is used for investigating and identifying the extent and the criticality of the problems exposure to the thick client (Java) and thin client (web browsers) applications. This application testing includes the services like client-side application testing and web application testing's (Joel Scambray, Mike Shema and Caleb Sima, 2006). The client-side application testing is the process of developing the software that is used for the measuring the integrated security into the client software constituents. In this system this testing application is based on the gathering of the information by observer using the reverse engineering system.
This is one of the services that are provided by ethical hacking. War dialing is a method of dialing a modem number to identify open modem connection that supplies access in a remote way to a network for targeting a particular system (Kimberly Graves, 2007). This word is originated from the day the when the internet has come into the existence in most of the companies. This follows the method of scanning to find the strength of the network connection. The tools of War dialing work on the concept that organizations do not pay attention to dial-in ports like they do towards the firewalls.
The networking testing services of the ethical hacking provides the information on the exposures of the network, services, and solutions on the convergence, protocols and system devices including the virtual private network technologies. This testing process includes a number of constitutes in external and internal devices. It also analyzes the applications of the voice over Internet protocol within the environment of the organization (Greg Meyer and Steven Casco, 2002). The main goal of the network testing application is to make obvious demonstration of the political effects on its development. By making use of this application into the organization, it provides a complete enlightenment to the work for determining the result in the organization.
Wireless security services measures the security in the available architecture to provide a guidelines to ensure the system integrity and accessibility of the resources. The working of wireless security is based on the three phases. In the first phase of the operation it identifies the activeness of the wireless networks (Cyrus Peikari and Seth Fogie, 2003). The team of the ethical hacking demonstrates the exposure to the attackers with the space in the wireless network. In the seconds phase of this system it implements a normal users to evaluate the measures of the security that secures the infrastructures of the organization to control the accessing of the devices. During the third phase the team will try to utilize the discovered threats to gain access on other networks. This provides the security in wireless local area network, virtual private network, intrusion detection system and wireless public key infrastructure.
The system hardening stresses on the network vicinity. Security is the prime factor that determines the level of integrity of the information and resources used in the computing. Effective deployment of the security controls unauthorized, accidental disruption if resources in information technology (Kevin Beaver and Peter T. Davis, 2005). The system hardening assessment is complemented in three phases. The ethical hacking team will analyze the network to identify the loop holes in security updates and other frequent security defects. Scanning of the remote access devices is done for finding out the vulnerabilities. The configuration vulnerabilities and missing security updates are determined in the initial phase. In the second step the host operating system is examined to determine the services available for remote users and their level of impact. All the TCP/IP services and also the Telnet, FTP, Send-mail, DNS and others are tested (James S. Tiller, 2005). The packet fragmenting and loose source routing are used in an attempt to bypass filtering routers and firewalls. The last phase is complicated as the team uses the information gathered from the first two steps to mine the weaknesses and threats that were identified to gain access to the host system. Before the start of the three steps the boundaries for actions and events are determined. Hence from the above context it can be stated that ethical hacking is a methodology that is used for gathering the information on the hacker. The ethical hacker is the expert who is hired by an organization to solve the problems related to hacking in their network and computer system.
Need for Ethical Hacking
The process of employing someone to hack ones company is ethical hacking. Ethical hacking is one of the tools that are used to judge the security programs of the organizations. It is also referred as penetrating testing, red teaming, intrusion testing, vulnerability and even security judgments. Each one these has different meanings in different countries. Hacking is also described as new development of the existing programs, software and code. It makes them better and more efficient (James S. Tiller, 2005). Ethical hacker can know the details of computer while hacking and become the security professional. It involves in foot-printing, scanning, tacking all the secured information. Ethical means a philosophy with morality. Hackers hack systems to detect dangerous, unauthorized access and misuse (Shon Harris, Allen Harper, Chris Eagle and Jonathan Ness, 2007). Threat and vulnerability are the two dangers the hacker has to face. The hacking report must be confidential as it should face the organizations security risks. If this goes wrong in any way the organization results in fatal, penalties and loss. For example: computer crime is done by misuse of their hacking skills. The need to hack is for catching the thief. Ethical hacking is the correct method to make your computers work properly (Kevin Beaver, 2010). Ethical hacker needs higher level skills compared to penetration testing. Penetration testing is same as ethical hacking but the hacker uses the penetrating tools and tests the security danger. Ethical hacking is known as "White Hat" in some of the literature. It tests both the security and protective issues whereas penetrating test mainly leads with the security issues (Asoke K. Talukder and Manish Chaitanya, 2008). Some of the websites and companies offer the training, but they cannot be created they are self-made. Various types of testing need different types of software's and tools. Game freaks use hacking technology in order to win the game. Hackers will discover many ways to hack like trial and error method, operating systems, online and determining the threats. Ethical hacking is done by hackers on behalf of the owners, and in normal hacking they use their skills for personal use (Debra Littlejohn Shinder and Micheal Cross, 2008). Cyber terrorism includes common hacking techniques such like viruses, email bombs and natural disasters. Thus ethical hacking is done by hackers on owner's request. Mainly this is seen in corporate companies and organizations. Ethical hacking techniques are used for game cheat codes, hacking accounts and other for good result. Majorly used for fight against cyber terrorism and to take preventive action on hackers
Types of ethical hackings
Ethical hackers use various methods for breaking the security system in the organizations in the period of cyber attack. Various types of ethical hacks are:
Remote Network: This process in especially utilized to recognize the attacks that are causing among the internet. Usually the ethical hacker always tries to identify the default and proxy information in the networks some of then are firewalls, proxy etc.
Remote dial up network: Remote dial up network hack identify and try to protest from the attack that is causing among the client modern pool. For finding the open system the organizations will make use of the method called war dialing for the representative dialing. Open system is one of the examples for this type of attacks.
Local Network: local network hack is the process which is used to access the illegal information by making use of someone with physical access gaining through the local network. To start on this procedure the ethical hacker should ready to access the local network directly.
Stolen Equipment: By making use of the stolen equipment hack it is easy to identify the information of the thefts such as the laptops etc. the information secured by the owner of the laptop can be identified (Kimberly graves, 2007). Information like username, password and the security settings that are in the equipment are encoded by stealing the laptop.
Social engineering: A social engineering attack is the process which is used to check the reliability of the organization; this can be done by making use of the telecommunication or face to face communication by collecting the data which can be used in the attacks (Bryan Foss and Merlin Stone, 2002). This method is especially utilized to know the security information that is used in the organizations.
Physical Entry: This Physical entry organization is used in the organizations to control the attacks that are obtained through the physical premises (Ronald l. Krutz and russel dean Vines, 2007). By using the physical entire the ethical hacker can increase and can produce virus and other Trojans directly onto the network.
Application network: the logic flaws present in the applications may result to the illegal access of the network and even in the application and the information that is provided in the applications.
Network testing: In this process it mainly observes the unsafe data that is present in the internal and the external network, not only in the particular network also in the devices and including the virtual private network technologies
Wireless network testing: In this process the wireless network reduces the network liability to the attacker by using the radio access to the given wireless network space.
Code review: This process will observe the source code which is in the part of the verification system and will recognize the strengths and the weakness of the modules that are in the software.
War dialing: it simply identifies the default information that is observed in the modem which is very dangerous to the corporate organizations.
Techniques and tools required for ethical hacking
Ethical hacker needs to understand how to find the network range and subnet mask of the target system. IP addresses are used to locate, scan and connect the target systems. Ethical hacker also should find out the geographical location of target system. This can be done by tracing the messages that are sent to destination and the tools used are traceroute, Visual route and NeoTrace to identify the route the target (Kimberly Graves, 2007). Ethical hacking should use right tools or else task accomplishment of task effectively is difficult. Many security assessment tools will produce false positive and negative or may they even miss susceptibility to attacks. In case of tests in case of physical security assessments they miss weakness. In order for ethical hacking specific tools have to be used for the task chosen. The easier the ethical hacking will become if many tools are used. The right tool must be used at right place. The characteristics in tools for ethical hacking is it should have sufficient document, detailed reports should be there on the discovered attacks regarding their fixing and explosion, Updates and support. The general tools used for ethical hacking in case to find passwords are cracking tools such as LC4, John the Ripper and pwdump (Bragg, Mark Phodes Ousley and Keith Strassberg, 2004). The general tools like port scanner like SuperScan cannot be used to crack passwords. The Web-assessment tools such as Whisker or WebInspect tools are used for analysis of Web applications in depth. Whereas network analyzer tools such as ethereal cannot give good results. While using the tools for any particular task it is better to get feedback from the simple Google searches such as SecurityFocus.com, SearchSecurity.com and Itsecurity.com will give nice feedback from the other security experts which makes ethical hacking easy and to select the right tool. Some of the commercial, freeware and open source security tools are Nmap (Network Mapper), Etherpeek, SuperScan, QualysGuard, WebInspect and LC4, LANguard Network Security Scanner, Network Stumbler and ToneLoc. The capabilities of many security and hacking tools are often misunderstood, such as SATAN (Security Administrator Tool for Analyzing Networks) and Nmap. The other popular tools used in ethical hacking are Internet scanner, Ethreal, Nessus, Nikto, Kismet and THC-Scan (Kevin Beaver, 2007). Cain and able is a ethical tool used for recovery of windows UNIX problems. This is only password recovery tool handles an enormous variety of tasks. It can recover the password by sniffing the network, cracking the encrypted passwords using Dictionary and Cryptanalysis, recording VoIP conversations, decoding scrambled passwords, revealing the password boxes, uncovering cached passwords and analyzing routing protocols. Ethereal is a fantastic open source tool used as network protocol for UNIX and Windows. It allows examining the data which is present in disk or file and can capture the data. This is also known as Wire shark. It has many powerful features which have very rich display filter language and ability to view the TCP session. Another cracking tool Aircrack is the fastest available cracking tool (John Hyuk Park, Hsiao-Hwa Chen and Mohammed Atiquzzaman, 2009). Thus proper tools and techniques has to be used for better hacking and it will be easier by using more and more tools required.
Hacking operating system
Linux is the operating system which is most useful software that supports and will be helpful to identify the passwords and uses in detecting interruption there are many software tools are utilized for the hacking and security tools are used for the Linux. The tools which are using in this are not harmful tools this is especially used to protect.
John the ripper: John the ripper is nothing but password hacking software technique which is usually used to develop for the UNIX operating system. This the most significant process which is used for password testing as it joins all password crackers into single package and the auto detects password hash types which involves the customizable cracker (Ryan, David R. Mirza Ahmad, 2002). It can be run among the different encrypted password methods which involves various crypt password hash forms where usually found on the different UNIX operating systems that is based on the DES, MD5 etc, Kerberos AFS and windows like XP, 200etc.Generally passwords are placed in the LDAP and other tools. Various types of components are used to expand the capability and for involving the MD4 related password hashes. The other one is the NMAP; Nmap is the used to protect the network. It is especially used to identify the network related services on the computer network by generating the map of the network. Nmap is having the ability to identify the services on the computer network instead of this it never advertises its service detection protocol (James turnbull, 2005). However the Nmap can collect many details regarding the remote computers. This will involve the operating system, and uptimes etc are the software products that are used to execute the service, and are used to involve on the local area networks and also on the dealer of the remote network card. Nmap can be run on the linux. Linux is the most important operating system and the windows are the second most important operating system. The other operating system used is Nessus, this software is used to scan the virus. The main aim of this software is used to identify the virus on the tested system such as; the virus will permit the data on to the network (Mark Carey, Russ Rogers, Paul Criscuolo and mike Petruzzi, 2008). Default passwords are utilized on the network accounts. This software is also called as the external tool which is used to launch the attack. By making use of the mangled packets rejection of the service among the TCP/IP can be done. Nessus the best software used to scan the virus. Many organizations through out the world are using this software. The check Rootkit is the normal program which helps the administrator to check their system for the known rootkits ( James Turnbull, 2005). This program is the shell script by using the LINUX tools similar to the strings and the grep commands to seek out to carry out the core programs for the signatures with the executed process status command to look for inconsistency. This program alternatively use own commands to run. This tool will permit check rootkit to get confident the commands upon which it depend a bit more.
Applications and resources
Ethical hacking is nothing but the one which performs the hacks as security tests for their systems. Ethical hacking can be used in many applications in case of web applications which are often beaten down. This generally includes Hypertext Transfer Protocol (HTTP) and Simple Mail Transfer Protocol (SMTP) applications are most frequently attacked because most of the firewalls and other security are things has complete access to these programs from the Internet. Malicious software includes viruses and Trojan horses which take down the system. Spam is a junk e-mail which causes violent and needless disturbance on system and storage space and carry the virus, so ethical hacking helps to reveal such attacks against in computer systems and provides the security of the system. The main application of this is to provide the security on wireless infrastructure which is the main purpose of present business organization (BT, 2008). Ethical hacking has become main stream in organizations which are wishing to test their intellectual and technical courage against the underworld. Ethical hacking plays important role in providing security. Resources are the computer related services that performs the tasks on behalf of user. In Ethical hacking the resources are the core services, objects code etc (James Tiller S, 2005). The ethical hacking has advantages of gaining access to an organizations network and information systems. This provides the security in the area of Information technology called as Infosec. This provides security to the high level attacks such as viruses and traffic trough a firewall. This has been providing the security for various applications which are even bypassing the firewalls, Intrusion-detection systems and antivirus software. This includes hacking specific applications including coverage of e-mails systems, instant messaging and VOIP (voice over IP). The resources i.e. devices, systems, and applications that are generally used while performing the hacking process are Routers, Firewalls, Network infrastructure as a whole, wireless access points and bridges, web application and database servers, E-mail and file servers, workstations, laptops and tablet PCs, Mobile devices, client and server operating systems, client and server applications (Kevin Beaver, 2007). Ethical hacking tests both the safety and the security issues of the programs (Ashoke Talukder K and Manish Chaitanya, 2008). Hence from the above context it can be stated as the ethical hacking is important in the present scenario as providing security is very important now a day. This is very important in web applications as the hacking can be easily done in this case.
Ethical hacking is the backbone of network security. The basic problems with this is trustworthiness of the Ethical hacker because let's take an example if a person has been appointed to do Ethical hacking, to provide security for the bank financial issues if the person is not trust to believe this is not safe as the person only considered as thief. Sometimes the big organizations face any problem like there passwords has been hack, this case hiring professionals is very expensive and the organization need to spend a lot on this (Ethical Hacking, 2009). Ethical hacking is just the security to the problem it is not the ultimate solution to it. Ethical hacking report must be kept confidential because they highlight the organizations security risks and attacks. If this document has been falls into the wrong hand the result would be very disastrous for the organization, the main drawback here is the entire information of the organization will be in hands of wrong person and which leads to the loss of the company (Kimberly Graves, 2007). Ethical hacking generally involves breaking down the computer applications and by collecting specific information from the target the ethical hacker can successful to access the information and can reveal it. This results in that highly sensitive information about the targets security capabilities is collected and maintained far away from the owner's control. If this information fall into wrong hands results in real attack on the company and another problem is if the information is leaked to the public or stockholders, the business will be in risk, which results in all types of disasters, including negative character by media, loss of customers and legal consequences (James Tiller S, 2005). Ethical hacking use tools while it performing the activity, if the methods and tools are used incorrectly they cause damage (Dr. Bruce Hartly V, 2003). Hence from the above context it can be stated as Ethical hacking provides security but behind that it provides the disadvantages like the Ethical hacker should be trusted by the organization or business and in case sometimes highly professionals may cost the organization very much so that company has to provide from the unplanned budget and if it goes into the wrong persons hand the business will be in danger and loss of the organization will takes place.
Chapter 3: Research Methodology of Hacking
Data type is defined as the format of a data storage which is used to store different set of values. It tells about which type of data to be stored and where to be stored. Data is stored in computer memory. There are two types of data. They are primary data and secondary data. Both primary and secondary data illustrates the gathering of information and to satisfy the goals of business. Primary data is nothing but it is the data which is collected newly and for the first time. The primary data is original. It is the fresh data and is never gathered before. Secondary data is the data which is collected by others (Norman Blaikie, 2009). The data is collected from newspapers, magazines and journals. Secondary data is gathered before primary data since it is time consuming. Data is gathered newly in case of primary data so it takes much time. Secondary data consumes less time. Primary data is used in ethical hacking since the data gathered in this type of data is very efficient. Ethical hacking is used legally for the official purposes. Since primary data is unique and is not compared with any one, it is used in the process of ethical hacking (Rajat Khare, 2006) Hence from the above context it can be said that data types are useful in the ethical hacking.
According to media and people the word hacking denotes misuse and collapse of computers. They describe it as unfair method of solving the problem. In the view of ethical hackers the word hacking refers to creative. One of the organization namely Amazon, it is not proposed to point out the lesser features but deals with tricks for working the company efficiently. Hackers and developers will create new characteristics for Amazon. They bring out the creative thinking and innovative ideas by their work in company (Paul Bausch, 2003). Mainly the ethical hacking is the good way to improve the existing methods and qualities. Many organizations follow these because one can know the administrative password of employees, can reach the behaviour of them and working performance. Employee performance and his project carryout can be studied through ethical hacking. These hackings look easy for them since they are engaged with the security firms to protect the Amazon fields. Not only in Amazon in each and every organization is this steps followed by the administration. Many security consultants are available in the market but only few of them do actual hacking with their own skills. Hackings are widely seen I online business. The website can track the views of each product and displays the details of listed products. Templates and publishing are more manageable to hack the views and information about the company. This directs to development of the company with new technology. There are many universities offering the courses on ethical hacking. Security issues and designing procedures are instructed to prevent the hacking attempts by students, organizations and others. Some of the universities and corporate companies allow individuals with hacking skills not to go in pressure or loss in their fields (Zack Whittaker, 2009). The way of hacking will be changed by students, companies and governments by the knowledge of ethical hacking. Thus organizations should provide the ethical hacking skills to the individuals for their improvement. Now a day's students are following the hacking techniques in websites for misuse, game cheat codes and account hacking and many. Study of ethical hacking must impact on students, companies and business. By this we can decrease the cyber terrorism, misuse, and vulnerability of computers.
Chapter 3: Simulation
OPNET is widely used network simulator targeting the wide range of networks and protocols. It is much easy than the other network simulate like NS-2 which is an open source network simulator and provides in the form of graphical user interface in more suitable way and easy to learn. OPNET is used to model the entire network including its routers, switches, protocols, servers and individual applications they support. It supports large range of communication systems from single LAN to global networks. Its software is available and can be downloaded in free and can be used in the academic research and teaching purpose. The discrete engine of OPNET is best and more commercially available one and completes its process only few minutes to complete the simulation process in many of the lab experiments. OPNET software is the very big area and used in many of the private and government, service providers etc. The students with the OPNET simulator experiences have better opportunities in industry and have better future (Jinhua Guo, Weidong Xiang and Shengquan Wang, 2007). Hence from above context it can be stated as OPNET is quite used network simulator as it is user understandable format and easily available tool used in many organizations.
Proposed Simulation Scenario:
Simulation can be explained in real time scenario the knowledge of network devices and its configuration is necessary. The Cisco systems SAFE proposal has been taken and the detail has been taken as reference. The network testing scenario arrangement is shown in the Figure 3.1. The network has been divided into many modules each has its own role and part of the security provider for the system. The first module consists of computers, server farm and other interconnecting devices such as switches and routers. This also consists of Virtual Local Area Networks (VLAN) used for internal purpose and this is performed by the switches and useful to separate the data flow in the network. This separation result in achievement of security by less people will access the available resources and for this reason it is always best to have internal security. The next module from left is Distribution module. This does high speed network interconnection and its people cannot operate its internal operations. It's basically consists of switches and even can have routers. Switches perform high speed inter connection and routers maintain the connections to and fro. In this security is based on control lists because to keep fast connections. The next module is based on on-line business and provides access to corporate services. The main module that is targeted by the hacker is this only and it is important that the network should perform consistent configuration of all the devices used in the modules because the damage of a device in this module leads to damage in business and loss of client's confidence. The devices that available in this module are routers, switches, firewalls and intrusion detection systems depends upon access control list and proxy firewalls and intrusion detection systems logs and alerts. In order protect business resources and save money. The other module is the Internet service provider. The security cannot be managed by other corporate modules and contract with the internet service provider must provide the policy going to be applied and responsible person for the attack. After the contract the corporate policies should be made and responsibilities must be assumed. At last they are other three modules which are Internet, Hacker and remote branching office. The Internet module is represented in cloud format containing four wide area network routers and handles data flow through routing protocol that handles each connection and the connections can be started by Hacker or remote branch office. The next on is Hacker which is connected to the Internet cloud directly and also connects to the dial-up technology and generally used for the remote login to the server in case of corporate server. Finally remote server has access to all internal resources and has right to access all available services. After the network security arrangement the testing scenario is done by packet filtering penetration technique which is done by measuring the security of OPNET causing the attack. First the testing scenario is done for this the testing and transport protocols are considered and how these are related to application level protocols. The Scenario is basically related to ports and services, protocols and packets. Ports are nothing but the memory address spaces used to hold the TCP and UDP services and these should follow specific procedure of interaction which is called by name protocol and request to the ports or services are delivered in the form of packets and security test has to be performed.
The network security is performed by the Packet filtering using penetration technique using the OPNET. The devices used for this test include routers, firewalls and switches. Routers are used for performance of access control lists and also to support the virtual private network. The firewalls are also used for to control lists and proxy services and finally the switches are used to test the VLAN performance. The first scenario is designed to test the packet filtering using the access control lists (ACL). These will discard the non authorized packets and mostly used in the networking to manage data flow properly. To use this network policy is defined that filter the un authorized data from the authorized one. this works as when the Hacker attempts to start remote login to the server the ACL with its functions that it perform will drop the firewall and stops the data that is coming from the Hacker IP address. Apart from this it also configure that the firewall such that it will refuse all the packets from the source that remote logged to the destination by using the ACL by using the port numbers.
Penetration Testing Scenario
This penetration technique is used in firewalls and allows filtering data flow. The file transfer protocol (FTP) can be filtered by proxy in a firewall causing all the connections to the FTP service to be reused. The penetration technique is use VLAN and consists of switch to perform logical data division. The port is used to divide the data internally. In above setup the two VLAN are used one is consists of HTTP and FTP local clients and servers and the second one built of remote login and custom application client and server. In this set up the internal data is separated so that few people will have access to the resources and as only limited will access the better will be the system and can be avoided from the . Hence from the above technique it can be stated as the different devices and techniques available in OPNET Modeler is described which are related to the security. The Cisco Safe, which is an secure network implementation used in approach to offer the security in more realistic way and different test like penetration tests are performed for the devices available that are present in OPNET. The security tests are performed by network security devices and techniques. The data flow is divided and the resources are made to access only by the limited people. The packet filtering is done after that by penetration test in which the packets sent by the Hacker are dropped by the firewall to test for the security of the systems which is shown in graphical chart.
Packet Filtering through Penetration technique.
The packet filtering technique used at the upper branch firewall of the network topology as part of penetration technique for filtering the Hacker remote login connections. It can be seen that the firewall drops every single packet the Hacker send.As a future work, we plan to enhance our pre-processing tools so that they can be applied to the source data files to improve the simulation efficiency. We also plan to include the payload of the data packets into the simulation, and study the effects on the simulation efficiency and on the intrusion detection capability.
OPNET Simulation result Analysis with discussion
Simulation is an important process for the network performance analysis. It has many tools for the processing to understand the working and performance of network. The effectiveness of topologies, protocols and algorithms are decided by simulation. The OPNET is an important simulation tool available. The purpose of simulation the OPNET provides various models of different type network devices like hubs, bridges, switches, routers and servers (Juliet Bates, 2002). The simulation result generally consists of three stages like Testing scenario, Penetration Testing scenario and Packet Filtering through Penetration technique. The performance of result can be analyzed by creating a WAN with centralized server and analyze its performance based on CPU utilization, Link utilization. The testing scenario is test cases and sequence in which it is executed the process in this step. It consists of several switches, servers and clients and OC3 link to connect the network and for supporting maximum traffic. The flow between these has to be tested from end to end in this step. The test series are independent in case of OPNET where each of them dependent upon the output of previous one. In testing process it checks the proper working of hardware and software in the OPNET process and the objectives required for the process. The process here is the design and simulation of OPNET is tested by the product designer. The testing involves the OPNET library for the technology using. The empty scenario is selected and organization is selected. The penetration testing scenario is method of measuring the security of the OPNET network by the simulating an attack. Here the security of the OPNET library or network is tested (Pulei Xiong, Bernard Stepien and Liam Peyton, 2009). So in this case the vendors and technologies are displayed and all the products related to technology and vendor available in OPNETs library for given organization. The products are dragged and dropped into the workspace and network is designed. This way the penetration testing scenario in OPNET is completed and the results are analyzed by the performance analysis of the data. This is done by the plot through the data table (Klevinsky T J, Scott Laliberte and Ajay Gupta, 2002). This is analyzed by the Packet filtering through Penetration technique. In Packet filtering is the process a piece of software or device which controls the selected data to and from a network. This allows or blocks the packets depending upon the requirement and usually used for security purpose for firewalls. The packet filtering in penetration technique is used in this case.The result from the penetration test is analyzed by this technique in graphical way and the firewall is protected and the data is dropped depending upon whether it is secured or not and the Hacker remote login is filtered. The firewall will check each and every packet that is sent by the hacker and with the packet filtering it will check for the efficient data and allow to access. Likewise the as the hacker will sent and the firewalls will check the packet simultaneously and can be shown in the graphical format. As the hacker tries illegal access the system the firewall with the filtering technique will finds the illegal packets and drops. If the filtering is perfect the packets sent and dropped will be exact (Evon Abu-Taieh M O and Asim Abdel Rahman El Sheikh, 2009). Hence from the above context it can be stated as by testing scenario, penetration test and the packet filtering using penetration technique the Evaluation of the Simulation result used in Ethical hacking of the OPNET can be analyzed and discussed.
Effectiveness of research
The Ethical hacking is the legal activity that is performed to provide security for the computer system in many organizations. So the intrusion can be prevented before occurring is the effect use of ethical hacking. The main advantage of this is the Ethical hacker will enter into the legal contract with the organization which makes the illegal act as legal and prevents the ethical hacker from prosecution. It is very important and helps to save money and reputation of the companies for long run. The other important aspect of this research is it is conducted later because it can stimulate an actual attacker in terms of knowledge of the organization. The Ethical hacking specialists will be more expertise and tools then it is effective when compare to in- house resources. The test can be done without the knowledge of other IT employees (Rick Blum, 2009). It is the fast catching up one and is expected will become a part of technology consulting with in few days. Unlike the penetration test the vulnerabilities are not only found but also prevented. This uses tools, techniques which are used by the hacker and hacking will be performed in effective way and performed with the owner's permission and discover the vulnerabilities from original attacker to provide better security. Ethical hacking is significant planning and alignment while it performing the access when compared to the risk analysis the more information has to be required for the security purpose. This is also popular because it is controlled and finite when compared to other methods. This is performed at the end product development when product is developed and ready to use. So that the security levels of the product can be tested at last and the product will be more secured and the final product should be less question in terms of security point of view (Kevin Beaver and Stuart McClure, 2010). It should be part of every product development for maintaining security. The students and professional must be trained more about the ethical hacking to save themselves from the hackers. Apart from protecting from the hackers it will develop and increase interest among the people on computer technology. The person performing the ethical hacking will also be trusted many times because the legal issues will be come into picture and the person will be very careful in that case. The ethical hacker will perform basic tests like testing on local network, testing on remote network, social engineering test and physical entry test is done and the final report is produced during the evaluation in order to find the hole used for attack because the it has to be done carefully and clearly so as to clear all the holes for organizations benefit (Shon Harris, Allen Harper, Chris Eagle and Jonathan Ness, 2008). Hence from the above context it can be stated as ethical hacking benefits many organizations computer and individual system by providing security with effective manner by providing the security before the attack takes place.
Future work with recommendations:
The future of the ethical hacking is huge and informative. The websites and internet networks are being secured now days in many e-businesses. As the customers are suspicious in trusting the organizations on behalf of their personal credit cards and information the organization professional are considering the future works. Recommendations also included for the future analysis of the ethical hacking. The information of the trusted customers and other users should be secured from the hackers and other attacks (Gilbert Babin, Peter Kropf and Michael Weiss, 2009). The detection and prevention of the attacks of ethical hacking and its trend makes the future work efficient. The internet services and ethical hacking became an efficient problem in the security. It is very complex and risk in internet security where as ethical hacking needs the software professionals, developers, customers and administrators. Both of them need security for personal information. Ethical hacker is known as technical professional who employs the work to prevent present and future malicious from damaging and stealing the useful data and networks in computer. They make the computer network and the important information safe and secured. So they recommended with new techniques to prevent the upcoming harms for the computer network. Ethical hacking training and recommendations for the future work helps the hackers to implement the password cracking, firewalls, hacking tools, security tools and windows platform viruses with their spreading. This ethical hacking provides the business firms in achieving successful IT and developed corporate firm (Kevin Beaver and Stuart McClure, 2010). It takes follows the future steps and guidelines to guarantee the security for the internet and data networks. It can benefit the firm market and protection from the ethical hackers. The launch of the denial of service dangers the internet results in fall down of the attackers and botnet experts. For dealing the future work in ethical hacking it has to register the findings and recommendations that carried out by the developer (Rajat Khare, 2006). Preparations, contract terms of the projects in the organization without any damaging is given to the ethical hackers for the future development. A recommendation on stealing and hacking attacks will be applied by the organization only after the report is generated. This report consists of the vulnerabilities, identifications and activities conducted by ethical hacker after interacting with the sponsoring organizations. Future work and recommendations that are implemented make sure the computer and its networks secured.
Hacking is defined as the inappropriate use of others system by performing illegal actions such as cracking the password, hiding files and many others. Hackers try to impose harm to computers. Ethical hackers protect computers from illegitimate actions. Ethical hacking is defined as the service which provides security for the different organizations and also to the customer's networks. It analyzes the exposures in the different companies to maintain the fame of it. The process of ethical hacking is legal. It also involves the same techniques as in hacking but it utilizes all these techniques legally. Although different tests are conducted to perform ethical hacking, implementing recommendations is important to keep the system secure. Time is the important factor that should be considered in ethical hacking. Tester must execute test in given time and should prepare a detailed report (James S.Tiller, 2005). Ethical hacker should protect information of an organization in such way that inappropriate users are not supposed to access the information. All the business organizations should follow different rules and regulations. This is the main reason that ethical hackers are recruited in organizations. Ethical hackers should develop a testing plan which includes testing plans, types and build up the strategy for an organization to be hired. One of the duties of ethical hackers is to provide security for the files in the company and not to modify the information of the files. But sometimes ethical hackers are trained to access the information when any errors are being occurred. So, ethical hackers should be recommended not to modify the actual content of the organizations (Ronald L.Krutz and Russell Dean Vines, 2007). Hence from the above context it can be said that promoting recommendations in ethical hacking makes system to be secure and accessed efficiently. They are planned to test regularly since systems change frequently and become more complex.
Conclusion with future work:
In this research we reported experimental results of network intrusion simulation using previously captured Firelwall hacking data as the traffic sources. We demonstrated the use of pre-processing tools to facilitate intrusion simulation using the OPNET software. Our work demonstrated several applications of intrusion simulation using OPNET:
- Detecting intrusions by displaying and identifying patterns of suspicious data packets, employing various intrusion detection techniques in a firewall;
- Analyzing network performance and the overhead trade-offs of intrusion detection algorithms; and
- Evaluating the effectiveness of the IDS algorithms. Our work also pointed out the is sue and challenge of improving simulation efficiency, especially for large data files which are common in today's work place. Possible solutions include reducing the data sets by extracting only pertinent information; slicing the data sets based on certain criteria without degrading the effectiveness of the IDS, etc.
Ethical hacking is the term which is used in many organizations to provide security. The main difference between ethical hacking and hacking is ethical hacking is performed legally to solve the problems in organization where hacking is performed illegally to gain access to other system. It follows some rules and regulations and so the companies follow it. Due to the indifferences caused through the activities of unethical hacking, ethical hacking is established. Now-a-days it is becoming more and more popular as many institutions are providing course for ethical hacking. If this hacking process is still continued and if it is not eliminated, many problems take place in the future and it will cross the limitations by performing unlawful acts through enclosure of women, changing whole data in the organization. It spoils the reputation of the company through it. In some cases ethical hackers modify the actual content of the data; this is one of the major problems in ethical hacking. Measures should be taken to avoid this problem. As internet usage is increasing day by day, hacking of data is increased. Since users are very much concern about the security for the data, ethical hacking helps to provide security for them. Discussing with the people about the hacking and gaining knowledge about that with some ideas also helps to stop hacking. Time to time judgement, administrating system performance correctly, knowledge about computer hacking are some of the reasons which provide security to the system. Missing any one of the above reasons incurs loss to the system. The duty of ethical hacker is to provide awareness to the user for security of the system, but it is up to the user that how he will follow it and provide security. Not only the users working in organization but also students and the professionals should have enough knowledge about hacking and should perform necessary steps to solve it. Students should understand that no software is built with zero errors and study the various potentials in hacking and precautions to solve them since they are the future professionals. Professionals should be very conservative about security issues as any business is developed based on the security provided to it. They should build new software with fewer errors. Every software which is been created by the software professionals must possess the help of users or else the software built is not successful. Communication between the users and software professionals helps in providing higher security for the newly built software. The users who make use of the software should have updated information about that because it is used for authorized and consistent purposes. All the users, students and employees should have awareness about ethical hacking. Many security measures like firewalls; which help in receiving only authorized data in a system and intrusion systems; which monitors network systems for cruel activities. Almost all the employees in an organization possess unique ID and password to access the system. So the password created should be effective and strong with many letters in order to avoid hacking. Ethical hacking should be performed regularly in an organization at regular intervals in order to avoid illegal actions by having a view and grip over the network without the intervention of the user.
- Ashoke Talukder K and Manish Chaitanya (2008), Architecting Secure Software Systems, CRC Press Publications, pp.446.
- Asoke K. Talukder and Manish Chaitanya (2008) Architecting Secure software systems, CRC publications, pp.446
- Bragg, Mark Phodes Ousley and Keith Strassberg (2004), Network Security: The Complete Reference, Tata McGraw-Hill Publications, pp.864.
- Bryan Foss and Merlin Stone (2002) CRM in financial services, pp.700
- BT (2008), "Ethical Hacking Services Wireless Security", [Internet] available at URL: <http://bt.counterpane.com/ethical-hacking-wireless-security.pdf>, [accessed on 1stFebruary 2010].
- Cyrus Peikari and Seth Fogie (2003) Maximum wireless security, Sams Publishers, pp.390.
- Debra Littlejohn Shinder and Micheal Cross (2008) Scene of the Cybercrime 2ndedition, Syngress publications, pp.732
- Dr. Bruce Hartly V (2003), "Ethical hacking: the value of Controlled penetration Tests", [Internet] available at URL: <http://www.certconf.org/presentations/2003/Wed/WM4.pdf>, [accessed on 1stFebruary 2010].
- Ethical Hacking (2009), "Advantages and disadvantages", available at URL: <http://www.cea.ac.in/stdcenter/seminars/2006adminssion/CS/ETHICAL%20HACKING.pdf>, [accessed on 1stFebruary 11, 2010].
- Greg Meyer and Steven Casco (2002) Hack proofing ColdFusion, Syngress Publishers, pp.515.
- Greg Meyer and Steven Casco (2002) Hack proofing ColdFusion, Syngress Publications, pp. 515.
- Harold F. Tipton and Micki Krause (2004) Information security management handbook, 5thedition, CRC Press Publications, pp. 2036.
- James S. Tiller (2005) The ethical hack: a framework for business value penetration testing, CRC press publications, pp.322
- James S. Tiller (2005) The ethical hack: a framework for business value penetration testing, CRC Press Publishers, pp.322.
- James S. Tiller (2005) The ethical hack: a framework for business value penetration testing, CRC Press Publications, pp. 322.
- James S.Tiller (2005) The ethical hack: a framework for business value penetration testing, CRC Press publishers, pp.322.
- James Tiller S (2005), the ethical hack: a framework for business value penetration testing, CRC Press Publications, pp.322.
- James Tiller S (2005), the ethical hack: a framework for business value penetration testing, CRC Press, pp.322.
- James turnbull (2005) Hardening Linux, Apress publishers, pp.552
- James Turnbull (2005) Hardening linux, Apress Publishers, pp.552
- Jeff Forristal and Julie Traxler (2001) Hack proofing your Web applications: the only way to stop a hacker is to think like one, Elsevier Publications, pp. 586.
- Joel Scambray, Mike Shema and Caleb Sima (2006) Hacking exposed: Web applications, McGraw-Hill Professional Publishers, pp.520.
- John Hyuk Park, Hsiao-Hwa Chen and Mohammed Atiquzzaman (2009), Advances in Information security and Assurance, Springer Publications, pp.841.
- Kevin Beaver (2007), Hacking for Dummies, 2nd Edition, Wiley-India Publications, pp.412.
- Kevin Beaver (2007), Hacking for Dummies, Wiley-India Publications, pp.412.
- Kevin Beaver (2010) Hacking for dummies 3rdedition, For dummies publications, pp.408
- Kevin Beaver (2010) Hacking For Dummies, 3rdedition, For Dummies Publications, pp. 408.
- Kevin Beaver (2010) Hacking for Dummies, For Dummies Publishers, pp.408.
- Kevin Beaver and Peter T. Davis (2005) Hacking wireless networks for dummies, For Dummies Publishers, pp.362.
- Kimberly graves (2007) Ceh, Wiley India Publishers, pp.264
- Kimberly Graves (2007) Ceh:Official Certified Ethical Hacker Review Guide, Wiley-India Publishers, pp.264.
- Kimberly Graves (2007), Ceh: Official Certified Ethical Hacker Review Guide, Wiley-India Publications, pp.264.
- Kimberly Graves (2007), Ceh: Official Certified Ethical Hacker Review Guide, Wiley-India Publications, pp.264.
- Mark Carey, Russ Rogers, Paul Criscuolo and mike Petruzzi (2008) Nessus Network auditing, Syngress Publishers, pp.433
- Nina Godbole (2008) Information Systems Security: Security Management, Metrics, Frameworks And Best Practices, Wiley-India Publications, pp. 1020.
- Paul Bausch (2003) Amazon hacks, O'Reilly Media, Inc publications, pp.280
- Rajat Khare (2006) Network Security and Ethical Hacking, Luniver Press Publishers, pp.344.
- Rajat Khare (2006) Network Security and Ethical Hacking, Luniver Press Publications, pp. 344.
- Ronald l. Krutz and russel dean Vines (2007) the Ceh Prep guide, pp.768
- Ronald L. Krutz and Russell Dean Vines (2007) The Ceh Prep Guide, The Comprehensive Guide To Certified Ethical Hacking, Wiley Publications, pp. 768.
- Ronald L.Krutz and Russell Dean Vines (2007) The Ceh Prep Guide, The Comprehensive Guide to Certified Ethical Hacking, Wiley-India publishers, pp.768.
- Ryan, David R. Mirza Ahmad (2002) Hack proofing your network, Syngress publishers, pp.787
- Shon Harris, Allen Harper, Chris Eagle and Jonathan Ness (2007) Gray hat hacking :the ethical hackers handbook, pp.550
- Zack Whittaker (2009) "Ethical hacking: the next generation security specialists" [internet] available at URL: <http://blogs.zdnet.com/igeneration/?p=826>, [accessed on February 2nd2010].
- Pulei Xiong, Bernard Stepien and Liam Peyton (2009) "Model Based Penetration Test Framework for Web Applications Using TTCN-3", [Internet] available at URL: <http://www.springerlink.com/content/l1q852gn3373x210/fulltext.pdf?page=1>, [accessed on 10th March 2010].
- Klevinsky T J, Scott Laliberte and Ajay Gupta (2002) Hack I.T: security through penetration technique, Addison-Wesley Publications, pp.512.
- Juliet Bates (2002) Optimizing voice in ATM/IP mobile networks, McGraw-Hill Professional Publications, pp.234.
- Evon Abu-Taieh M O and Asim Abdel Rahman El Sheikh (2009) Handbook of Research on Discrete Event Simulation Environments: technologies and Applications, Idea Group Inc (IGI), pp.585.
- Rick Blum (2009) "Ethical hacking", [Internet] available at URL: <lobalservices.bt.com/static/.../Ethical_hacking_survey_2009.pdf>, [accessed on 10th March 2010].
- Kevin Beaver and Stuart McClure (2010) Hacking for Dummies, for Dummies Publications, pp.408.
- Shon Harris, Allen Harper, Chris Eagle and Jonathan Ness (2008) Gray hat hacking, McGraw-Hill Publications, pp.550.
- Rajat Khare (2006) Network Security and Ethical Hacking, Luniver Press publications, pp.344.
- Gilbert Babin, Peter Kropf and Michael Weiss (2009) E-Technologies: Innovation in Open World: 4th International Conference, MCETECH 2009, Ottawa, Canada, May 4-6, 2009, Proceedings, Springer publications, pp.335.
- Kevin Beaver and Stuart McClure (2010) Hacking for Dummies, For Dummies publications, pp.408.
- Jinhua Guo, Weidong Xiang and Shengquan Wang (2007) "Reinforce Networking Theory with OPNET Simulation", [Internet] available at URL: <http://informingscience.org/jite/documents/Vol6/JITEv6p215-226Gu