Computer Security and Ethical Hacking

Slides:



Advertisements
Similar presentations
ETHICAL HACKING.
Advertisements

HACKING. Contents (1)  VARIOUS DEFINITIONS OF HACKING.  Who is hacker? (various definitions).  What does he do?.  Why does he do?  Who is a cracker?
Introduction to Ethical Hacking, Ethics, and Legality.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
System Security Scanning and Discovery Chapter 14.
What is hacking? Taeho Oh
Forces that Have Brought the world to it’s knees over the centuries.
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
Ethical Hacking Adapted from Zephyr Gauray’s slides found here: And from Achyut Paudel’s.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Network Security Testing Techniques Presented By:- Sachin Vador.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Computer Security and Penetration Testing
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
ETHICAL HACKING ETHICAL HACKING A LICENCE TO HACK Submitted By: Usha Kalkal M.Tech(1 st Sem) Information technology.
Honeypot and Intrusion Detection System
CIS 450 – Network Security Chapter 3 – Information Gathering.
Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
Ethical Hacking Han Li  Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
TCOM Information Assurance Management System Hacking.
Ethical Hacking KaaShiv InfoTech For Inplant Training / Internship, please download the "Inplant training registration form" from our website
Ethical Hacking KaaShiv InfoTech For Inplant Training / Internship, please download the "Inplant training registration form" from our website
KaaShiv InfoTech Ethical Hacking For Inplant Training / I nternship, please download th e "Inplant training registration form" fr om our website
Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.
Footprinting and Scanning
Computer Security By Duncan Hall.
Ethical Hacking Keith Brooks CIO and Director of Services
Web Security Introduction to Ethical Hacking, Ethics, and Legality.
Security Operations Chapter 11 Part 3 Pages 1279 to 1309.
Filip Chytrý Everyone of you in here can help us improve online security....
 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
PRESENTED BY : Bhupendra Singh
HACKING Submitted By: Ch. Leela Sasi, I M.C.A, Y11MC29011, CJJC P.G College.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
ETHICAL HACKING
Network security Vlasov Illia
Hacking Windows.
Seminar On Ethical Hacking Submitted To: Submitted By:
Chapter 7: Identifying Advanced Attacks
Footprinting and Scanning
Ethical Hacking Prince Singh Varanasi
Instructor Materials Chapter 7 Network Security
Backdoor Attacks.
Secure Software Confidentiality Integrity Data Security Authentication
Onno W. Purbo Cracking Techniques Onno W. Purbo
HACKING.
Footprinting and Scanning
Teaching Computing to GCSE
Security in Networking
Lecture 3: Secure Network Architecture
Security.
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Network hardening Chapter 14.
How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.
Operating System Concepts
Test 3 review FTP & Cybersecurity
6. Application Software Security
EVAPI - Enumeration Auburn Hacking club
Presentation transcript:

Computer Security and Ethical Hacking WWW.KAASHIVINFOTECH.COM

Contents Overview of Hacking Types of hacking Hacker Types of Hacker Why do hackers hack? How can kid hack? What does a script kid know? Hackers language How to translate the hackers’ language WWW.KAASHIVINFOTECH.COM

Content continued… Ethical Hacking Ethical Hacking – Process What hackers do after hacking? Why can’t defend against hackers? How can protect the system? What should do after hacked? Final words WWW.KAASHIVINFOTECH.COM

overview of hacking Hack Examine something very minutely the rapid crafting of a new program or the making of changes to existing, usually complicated software Hacker The person who hacks Cracker System intruder/destroyer WWW.KAASHIVINFOTECH.COM

Types of hacking Normal data transfer Interruption Interception Modification Fabrication WWW.KAASHIVINFOTECH.COM

HACKER : Someone who bypasses the system’s access controls by taking advantage of security weaknesses left in the system by developers Person who is totally immersed in computer technology and programming, and who likes to examine the code of programs to see how they work … then uses his or her computer expertise for illicit purposes such as gaining access to computer systems without permission and tampering with programs and data. At that point, this individual would steal information and install backdoors, virus and Trojans Hacker means cracker nowadays. WWW.KAASHIVINFOTECH.COM

Types of hacker White Hat Hackers: who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems. Black Hat Hackers: A black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat. Gray Hat Hackers: A grey hat, in the hacking community, refers to a skilled hacker whose activities fall somewhere between white and black hat hackers on a variety of spectra WWW.KAASHIVINFOTECH.COM

Types of hacker continued… Script Kiddies: who use scripts or programs developed by others to attack computer systems and networks and deface websites.[ Phreak Person who breaks into telecommunications systems to [commit] theft Cyber Punk Recent mutation of … the hacker, cracker, and phreak WWW.KAASHIVINFOTECH.COM

Why do people hack?? To make security stronger ( Ethical Hacking ) Just for fun Show off Hack other systems secretly Notify many people their thought Steal important information Destroy enemy’s computer network during the war WWW.KAASHIVINFOTECH.COM

How can kid hack? Kid has much of time Kid can search for longer time than other people All hacking program is easy to use Kid doesn’t have to know how the hacking program works These kids are called script kiddies WWW.KAASHIVINFOTECH.COM

What do a Script Kiddies know??? Don’t know how to use vi Don’t know what unix is Don’t know what they do Know how to intrude the system Know how to crash the system Know where the hacking programs are WWW.KAASHIVINFOTECH.COM

Hackers language : 1 -> i or l 3 -> e 4 -> a 7 -> t 9 -> g 0 -> o $ -> s | -> i or l |\| -> n |\/| -> m s -> z z -> s f -> ph ph -> f x -> ck ck -> x WWW.KAASHIVINFOTECH.COM

Hackers langauge translation Ex) 1 d1d n0t h4ck th1s p4g3, 1t w4s l1k3 th1s wh3n 1 h4ck3d 1n I did not hack this page, it was like this when I hacked in WWW.KAASHIVINFOTECH.COM

What is Ethical Hacking It is Legal Permission is obtained from the target Part of an overall security program Identify vulnerabilities visible from Internet at particular point of time Ethical hackers possesses same skills, mindset and tools of a hacker but the attacks are done in a non-destructive manner Also Called – Attack & Penetration Testing, WWW.KAASHIVINFOTECH.COM

Hacking - Process Preparation Foot printing Enumeration & Fingerprinting Identification of Vulnerabilities Attack – Exploit the Vulnerabilities Gaining Access Escalating privilege Covering tracks Creating back doors WWW.KAASHIVINFOTECH.COM

1. Preparation Identification of Targets – company websites, mail servers, extranets, etc. Signing of Contract Agreement on protection against any legal issues Contracts to clearly specifies the limits and dangers of the test Specifics on Denial of Service Tests, Social Engineering, etc. Time window for Attacks Total time for the testing Prior Knowledge of the systems Key people who are made aware of the testing WWW.KAASHIVINFOTECH.COM

2. Foot printing Collecting as much information about the target DNS Servers IP Ranges Administrative Contacts Problems revealed by administrators Information Sources Search engines Forums Databases – whois, Tools – PING, whois, Traceroute, nslookup WWW.KAASHIVINFOTECH.COM

3. Enumeration & Fingerprinting Specific targets determined Identification of Services / open ports Operating System Enumeration Methods Banner grabbing Responses to various protocol (ICMP &TCP) commands Port / Service Scans – TCP Connect, TCP SYN, TCP FIN, etc. Tools Nmap, FScan, Hping, Firewalk, netcat, tcpdump, ssh, telnet, SNMP Scanner WWW.KAASHIVINFOTECH.COM

4. Identification of Vulnerabilities It is a weakness which allows an attacker to reduce a system's information assurance. Insecure Configuration Weak passwords Unpatched vulnerabilities in services, Operating systems, applications Possible Vulnerabilities in Services, Operating Systems Insecure programming Weak Access Control WWW.KAASHIVINFOTECH.COM

Identification of Vulnerabilities cont.. Tools Vulnerability Scanners - Nessus, ISS, SARA, SAINT Listening to Traffic – Ethercap, tcpdump Password Crackers – John the ripper, LC4, Pwdump Intercepting Web Traffic – Achilles, Whisker, Legion WWW.KAASHIVINFOTECH.COM

5. Attack – Exploit the vulnerabilities Network Infrastructure Attacks Connecting to the network through modem Weaknesses in TCP / IP, NetBIOS Flooding the network to cause DOS Operating System Attacks Attacking Authentication Systems Exploiting Protocol Implementations Exploiting Insecure configuration Breaking File-System Security WWW.KAASHIVINFOTECH.COM

6. Gaining access: Enough data has been gathered at this point to make an informed attempt to access the target Techniques Password eavesdropping File share brute forcing Password file grab Buffer overflows WWW.KAASHIVINFOTECH.COM

7. Escalating Privileges If only user-level access was obtained in the last step, the attacker will now seek to gain complete control of the system Techniques Password cracking Known exploits WWW.KAASHIVINFOTECH.COM

8. Covering Tracks Once total ownership of the target is secured, hiding this fact from system administrators becomes paramount, lest they quickly end the romp. Techniques Clear logs Hide tools WWW.KAASHIVINFOTECH.COM

9. Creating Back Doors Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim of the intruder Techniques Create rogue user accounts Schedule batch jobs Infect startup files Plant remote control services Install monitoring mechanisms Replace apps with trojans WWW.KAASHIVINFOTECH.COM

Denial of Service If an attacker is unsuccessful in gaining access, they may use readily available exploit code to disable a target as a last resort Techniques SYN flood ICMP techniques Identical SYN requests Overlapping fragment/offset bugs Out of bounds TCP options (OOB) DDoS WWW.KAASHIVINFOTECH.COM

What do hackers do after hacking? (1) Patch security hole The other hackers can’t intrude Clear logs and hide themselves Install rootkit ( backdoor ) The hacker who hacked the system can use the system later It contains trojan virus, and so on Install irc related program identd, irc, bitchx, eggdrop, bnc WWW.KAASHIVINFOTECH.COM

What do hackers do after hacking? (2) Install scanner program mscan, sscan, nmap Install exploit program Install denial of service program Use all of installed programs silently WWW.KAASHIVINFOTECH.COM

Why can’t defend against hackers? There are many unknown security hole Hackers need to know only one security hole to hack the system Admin need to know all security holes to defend the system WWW.KAASHIVINFOTECH.COM

How can protect the system? Patch security hole often Encrypt important data Ex) pgp, ssh Do not run unused daemon Remove unused setuid/setgid program Setup loghost Backup the system often Setup firewall Setup IDS Ex) snort WWW.KAASHIVINFOTECH.COM

What should do after hacked? Shutdown the system Or turn off the system Separate the system from network Restore the system with the backup Or reinstall all programs Connect the system to the network WWW.KAASHIVINFOTECH.COM

Thank You !!! WWW.KAASHIVINFOTECH.COM

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.