Week 1-1 CSc 196n Computer Attacks & Countermeasures 1.Aka Ethical Hacking 2.How to successfully defend against attacks Know your enemy How they think How they act Tools they use 3.What is an Exploit? Crackers break into a computer network by exploiting weaknesses in operating system services.

Week 1-2 Week 1: Introduction The Security Triangle Easy to make network secure but more difficult to make it secure and usable securityfunctionality performance

Week 1-3 Week 1: Introduction –Attackers process: 1.Footprinting the target 2.Scanning the target 3.Enumeration of target 4.Compromise & escalate –Passive reconnaissance –collecting information about an intended target of a malicious hack without the target knowing what is occurring. –Active reconnaissance –collecting information about an intended target of a malicious hack by probing the target system.

Week 1-4 Week 1: Introduction –Types of attacks –Local –Remote –Categories of exploits 0-day ( new unpublished) Account cracking Buffer overflow Denial of service Impersonation

Week 1-5 Week 1: Introduction –Categories cont Lack of operational control Lack of process and procedure Man in the middle Misconfiguration Network sniffing Race condition Session hijacking System/application design errors

Week 1-6 Week 1: Introduction –SANS/FBI top 20 security threats – –Goals attackers try to achieve Gain unauthorized access Obtain administrative or root level Destroy vital data Deny legitimate users service Individual selfish goals Criminal intent

Week 1-7 Week 1: Introduction –Ethical hackers vs. Crackers Hacker usually is a programmer constantly seeks further knowledge, freely share what they have discovered, and never intentionally damage data. Cracker breaks into or otherwise violates system integrity with malicious intent. They destroy vital data or cause problems for their targets.

Week 1-8 Week 1: Introduction –Self proclaimed ethical hacking Anyone who without authority performs system and network testing on their own or their companies hosts. –Hacktivism One who hacks for political purposes –Skills required for ethical hacking First and foremost, they must be completely trustworthy Typically have very strong programming and computer networking skills Adept at installing and maintaining systems that use the more popular operating systems

Week 1-9 Week 1: Introduction –Skills cont Detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors. Finally, good candidates for ethical hacking have more drive and patience than most people. Note both IBM and Fed Gov will not hire ex- hackers (crackers).

Week 1-10 Week 1: Introduction –Categories of Ethical Hackers The best ethical hacker candidates will have successfully published research papers or released popular open-source security software. The computer security community is strongly self-policing, given the importance of its work. Most ethical hackers, and many of the better computer and network security experts, did not set out to focus on these issues. Most computer users from various disciplines, such as astronomy and physics, mathematics, computer science, philosophy, or liberal arts, who took it personally when someone disrupted their work with a hack.

Week 1-11 Week 1: Introduction –What do Ethical Hackers do An ethical hacker's evaluation of a system's security seeks answers to three basic questions: 1.What can an intruder see on the target systems? 2.What can an intruder do with that information? 3.Does anyone at the target notice the intruder's attempts or successes?

Week 1-12 Week 1: Introduction –Security evaluation plan When the client requests an evaluation, there is quite a bit of discussion and paperwork that must be done up front. The discussion begins with the client's answers to these questions 1.What are you trying to protect? 2.What are you trying to protect against? 3.How much time, effort, and money are you willing to expend to obtain adequate protection?

Week 1-13 Week 1: Introduction –Types of Ethical Hacks “get out of jail free card,” this is the contractual agreement between the client and the ethical hackers, who typically write it together This agreement also protects the ethical hackers against prosecution, since much of what they do during the course of an evaluation would be illegal in most countries. best evaluation is done under a “no-holds- barred” approach

Week 1-14 Week 1: Introduction –Testing Types Remote network. Remote dial-up network. Local network. Stolen laptop computer. Social engineering. Physical entry –Each of these kinds of testing can be performed from three perspectives: as a total outsider, a “semi-outsider,” or a valid user.

Week 1-15 Week 1: Introduction –Testing Types Blue Teaming – tests performed with the knowledge and consent of the organization’s IT staff. –Least expensive and most frequently used Red Teaming – tests performed without the knowledge of the organization’s IT staff, but with the full knowledge and permission of upper management. –Requires more time - network scans must be slowed to operate below the IDS and firewall –More expensive –Provides a better indication of target system security controls

Week 1-16 Week 1: Introduction –Ethical Hacking Report The final report is a collection of all of the ethical hacker's discoveries made during the evaluation. Main point of the whole exercise: it does clients no good just to tell them that they have problems. The report must include specific advice on how to close the vulnerabilities and keep them closed.

Week 1-17 Week 1: Introduction –Hacking Report cont The actual delivery of the report is also a sensitive issue. If vulnerabilities were found, the report could be extremely dangerous if it fell into the wrong hands. The final report is typically delivered directly to an officer of the client organization in hard-copy form. The ethical hackers would have an ongoing responsibility to ensure the safety of any information they retain, so in most cases all information related to the work is destroyed at the end of the contract.

Week 1-18 Week 1: Ethics & Law –Cyber Security Enhancement Act of meland_CSEA.htmhttp:// meland_CSEA.htm

Week 1-19 Week 1: Ethics & Law –Overview of US Federal Laws UNITED STATES CODE TITLE 18 PART I CHAPTER 47 ure_notes/wk14/wk14_5.htmlhttp://gaia.ecs.csus.edu/~dsmith/csc250/lect ure_notes/wk14/wk14_5.html

Week 1-20 Week 1: Ethics & Law –US Code Section 1029 Fraud and False Statements pl?title=18&sec=1029

Week 1-21 Week 1: Ethics & Law –US Code Section ure_notes/wk14/18uscode.htmlhttp://gaia.ecs.csus.edu/~dsmith/csc250/lect ure_notes/wk14/18uscode.html

Week 1-22 Week 1: Ethics & Law –California Penal Code 502

Week 1-23 Week 1: Ethics & Law –Hacking Punishment –Federal Government says scanning is not a crime. ure_notes/wk14/portscans.htmlhttp://gaia.ecs.csus.edu/~dsmith/csc250/lect ure_notes/wk14/portscans.html

Week 1-24 Week 1: Ethics & Law –Ethics Laws and Ethics are not the same. Laws are written and interpreted by our court systems. Ethics are the moral behavior of a society. Laws apply to everyone, two individuals may have entirely different ethics. Ethics are not universal - vary from society to society. May also vary in the same individual over time.

Week 1-25 Week 1: Ethics & Law –Code of Ethics IEEE Code =corp_level1&path=about/whatis&file=code.xm l&xsl=generic.xslhttp:// =corp_level1&path=about/whatis&file=code.xm l&xsl=generic.xsl ACM Code Computer Ethics Institute 10 Commandments Commanments_of_Computer_Ethics.htmhttp:// Commanments_of_Computer_Ethics.htm

Week 1-26 Week 1: Ethics & Law –Colloquium for Information System Security Education thics/index.htmhttp:// thics/index.htm

Week 1-27 Week 1: Ethics & Law –Summary To catch a hacker you have to know their MO (motus operandi). Ethical hacking involves knowledge of the laws and strong ethics.