Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking? Huh?  It's silly to argue about the ``true'' meaning of a word. A word means whatever people use it to mean. One can't force Newsweek to use.

Similar presentations

Presentation on theme: "Hacking? Huh?  It's silly to argue about the ``true'' meaning of a word. A word means whatever people use it to mean. One can't force Newsweek to use."— Presentation transcript:

1 Hacking? Huh?  It's silly to argue about the ``true'' meaning of a word. A word means whatever people use it to mean. One can't force Newsweek to use the word ``hacker” according to an official definition. Copyright 2003 © Amir Elhadidy  A ``computer hacker,'' then, is someone who lives and breathes computers, who knows all about computers, who can get a computer to do anything. Equally important, though, is the hacker's attitude. Computer programming must be a hobby, something done for fun, not out of a sense of duty or for the money.

2 Clearer Definition: 1. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.

3 Clearer Definition continued…: 2. One who enjoys programming rather than just theorizing about programming.

4 Clearer Definition continued…: 3. A person who is able to adapt and learn quickly - Dynamic.

5 Clearer Definition continued…: 4. An expert at a particular program, or one who frequently does work using it or on it; as in `a Unix hacker'.

6 Clearer Definition continued…: 5. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.

7 Clearer Definition continued…: 6. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.

8 Ethical Hacker vs. Cracker Definition for: cracker A person who breaks into computer systems, using them without authorization, maliciously. In other words, a cracker IS a hacker, but does things for purposes other than good. The news/media commonly use the term "hacker" to describe someone who fits the above description.

9 Script Kiddies 1.The lowest form of a cracker; script kiddies do mischief with scripts and programs written by others, often without understanding the exploit. 2. People who cannot program. More generally, a script kiddie writes (or more likely cuts and pastes) code without either having or desiring to have a mental model of what the code does; someone who thinks of code as magical incantations and asks only "what do I need to type to make this happen?"

10 “So what?…” Before getting into the technicalities: A typical argument: "You'd better install a firewall“ "Why?" "To keep people out of your computer!“ "Why should I care? I've got nothing special on my computer."

11 That’s what… 1. You get hacked. The hacker installs a key logger and now he has all your passwords, your credit card numbers, emails of your friends, etc. He will cause you many problems. That’s what. 2. You get hacked. The bad guy installs a trojan on your computer. It is now a zombie, controlled remotely by the hacker. You get a visit from the FBI. That’s what.

12 Who might hack your system? Enemies specifically targeting your computer: unlikely unless you have enemies Script kiddies randomly scanning for insecure computers: Most likely, especially if you have high- speed connection. A cause for Internet traffic.

13 Attack Methodology: Pre-attack Intelligence Gathering IP addresses assigned Web Server IP Address Firewall IP Target Identification Operating System (Type, Patch version) Services Info Hardware Location (Physical, Logical) Data Content Log Locations

14 Attack Methodology (continued): Attack Planning Identify known vulnerabilities System entrance plan (hack) System exit plan (stealth) DoS plan against IDSs (Intrusion Detection System) Configure attack systems Evaluate ability for system hopping

15 Attack Methodology (continued): Attacking Look for detection indications, continue? If (continue = yes) { while ( repeatedly checking for intrusion detection) { - Get Root access - Verify log locations - Add user - Trojanize - Move to another system – repeat then continue to do what you want } If (You are detected) { - Alter system logs - Exit immediately or - Move to another system and repeat }

16 Post Attack  Evaluate Detection Was your location detected? If yes, RUN! If not, lay low for a while  Evaluate Data Acquired Attack Methodology (continued):

17 Other methods: Social Engineering –manipulation Dumpster-Diving

18 Misconceptions about hacking: Some systems are invulnerable to hacking - (False) -If you can make it, you can unmake it Anyone can be hacked easily – (False) - Some systems require great skill to penetrate. Hackers only attack corporate systems, not home users. – (False) - Home users are a great source for easy and fast sensitive info - Broadband users are used as zombies for remote attacks.

19 How to prevent an attack: Install powerful firewall(s) Periodically check for viruses in the entire network. Always install new patches Always be up to date with known vulnerabilities Create a security structure in your network Disable all the services that are not required (FTP, SSH, sendmail, Apache, Telnet, etc…) Implement a strong logging system Educate the users that will have access to any computer. Never assume

20 Tools to protect yourself (Firewall) (Firewall) (Anti-Virus) (Anti-Virus) (Knowledge) (Knowledge)

21 Resources Prevention:

Download ppt "Hacking? Huh?  It's silly to argue about the ``true'' meaning of a word. A word means whatever people use it to mean. One can't force Newsweek to use."

Similar presentations

Ads by Google