Hackers and their vocabulary Threats and risks Types of hackers Gaining access Intrusion detection and prevention Legal and ethical issues HACKING CLICKTECHSOLUTION.COM.

Slides:



Advertisements
Similar presentations
UNIT 20 The ex-hacker.
Advertisements

Introduction and Overview of Digital Crime and Digital Terrorism
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Security and Systems. Three tenets of security Confidentiality Integrity Availability.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.
Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Computer Threats I can understand computer threats and how to protect myself from these threats.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Security, Privacy, and Ethics Online Computer Crimes.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Hackers, Crackers, and Network Intruders
Security+ Guide to Network Security Fundamentals
Handling Security Incidents
Chapter 1 Introduction to Security
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Web server security Dr Jim Briggs WEBP security1.
Threats and Attacks Principles of Information Security, 2nd Edition
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
DIYTP What is Cybercrime?  Using the Internet to commit a crime.  Identity Theft  Hacking  Viruses  Facilitation of traditional criminal activity.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
APA of Isfahan University of Technology In the name of God.
Securing Information Systems
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Defining Security Issues
Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
ED 505 Educational Technology By James Moore.  What is the definition of Netiquette and how does it apply to social media sites? ◦ Netiquette is the.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
We are here to help you… Fight something like this Brownies !
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Computer security By Isabelle Cooper.
Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.
Chap1: Is there a Security Problem in Computing?.
Cybercrime What is it, what does it cost, & how is it regulated?
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave.
Security Discussion IST Retreat June IT Security Statement definition In the context of computer science, security is the prevention of, or protection.
Introduction to Security Dr. John P. Abraham Professor UTPA.
Computer Security By Duncan Hall.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Web Security Introduction to Ethical Hacking, Ethics, and Legality.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
DEPARTMENT OF COMPUTER SCIENCE INTRODUCTION TO CYBER AND SECURITY.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Seminar On Ethical Hacking Submitted To: Submitted By:
Add video notes to lecture
Threats to computers Andrew Cormack UKERNA.
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Cyber Crimes Chunlian QU 9/18/2018.
G061 - Network Security.
Presentation transcript:

Hackers and their vocabulary Threats and risks Types of hackers Gaining access Intrusion detection and prevention Legal and ethical issues HACKING CLICKTECHSOLUTION.COM

Hacker Terms Hacking - showing computer expertise Cracking - breaching security on software or systems Phreaking - cracking telecom networks Spoofing - faking the originating IP address in a datagram Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore Port Scanning - searching for vulnerabilities CLICKTECHSOLUTION.COM

The threats Denial of Service (Yahoo, eBay, CNN, MS) Defacing, Graffiti, Slander, Reputation Loss of data (destruction, theft) Divulging private information (AirMiles, corporate espionage, personal financial) Loss of financial assets (CitiBank) CLICKTECHSOLUTION.COM

Types of hackers Professional hackers –Black Hats – the Bad Guys –White Hats – Professional Security Experts Script kiddies –Mostly kids/students User tools created by black hats, –To get free stuff –Impress their peers –Not get caught Underemployed Adult Hackers –Former Script Kiddies Can’t get employment in the field Want recognition in hacker community Big in eastern european countries Ideological Hackers –hack as a mechanism to promote some political or ideological purpose –Usually coincide with political events CLICKTECHSOLUTION.COM

Types of Hackers Criminal Hackers –Real criminals, are in it for whatever they can get no matter who it hurts Corporate Spies –Are relatively rare Disgruntled Employees –Most dangerous to an enterprise as they are “insiders” –Since many companies subcontract their network services a disgruntled vendor could be very dangerous to the host enterprise CLICKTECHSOLUTION.COM

Top intrusion justifications I’m doing you a favor pointing out your vulnerabilities I’m making a political statement Because I can Because I’m paid to do it CLICKTECHSOLUTION.COM

Gaining access Front door –Password guessing –Password/key stealing Back doors –Often left by original developers as debug and/or diagnostic tools –Forgot to remove before release Trojan Horses –Usually hidden inside of software that we download and install from the net (remember nothing is free) –Many install backdoors Software vulnerability exploitation –Often advertised on the OEMs web site along with security patches –Fertile ground for script kiddies looking for something to do CLICKTECHSOLUTION.COM

Back doors & Trojans e.g. Whack-a-mole / NetBus Cable modems / DSL very vulnerable Protect with Virus Scanners, Port Scanners, Personal Firewalls CLICKTECHSOLUTION.COM

Software vulnerability exploitation Buffer overruns HTML / CGI scripts Poor design of web applications –Javascript hacks –PHP/ASP/ColdFusion URL hacks Other holes / bugs in software and services Tools and scripts used to scan ports for vulnerabilities CLICKTECHSOLUTION.COM

Password guessing Default or null passwords Password same as user name (use finger) Password files, trusted servers Brute force – make sure login attempts audited! CLICKTECHSOLUTION.COM

Password/key theft Dumpster diving –Its amazing what people throw in the trash Personal information Passwords Good doughnuts –Many enterprises now shred all white paper trash Inside jobs –Disgruntled employees –Terminated employees (about 50% of intrusions resulting in significant loss) CLICKTECHSOLUTION.COM

Once inside, the hacker can... Modify logs –To cover their tracks –To mess with you Steal files –Sometimes destroy after stealing –A pro would steal and cover their tracks so to be undetected Modify files –To let you know they were there –To cause mischief Install back doors –So they can get in again Attack other systems CLICKTECHSOLUTION.COM

Intrusion detection systems (IDS) A lot of research going on at universities –Doug Somerville- EE Dept, Viktor Skorman – EE Dept Big money available due to 9/11 and Dept of Homeland Security Vulnerability scanners –pro-actively identifies risks –User use pattern matching When pattern deviates from norm should be investigated Network-based IDS –examine packets for suspicious activity –can integrate with firewall –require one dedicated IDS server per segment CLICKTECHSOLUTION.COM

Intrusion detection systems (IDS) Host-based IDS –monitors logs, events, files, and packets sent to the host –installed on each host on network Honeypot –decoy server –collects evidence and alerts admin CLICKTECHSOLUTION.COM

Intrusion prevention Patches and upgrades (hardening) Disabling unnecessary software Firewalls and Intrusion Detection Systems ‘Honeypots’ Recognizing and reacting to port scanning CLICKTECHSOLUTION.COM

Risk management Probability Impact Ignore (e.g. delude yourself) Prevent (e.g. firewalls, IDS, patches) Backup Plan (e.g. redundancies) Contain & Control (e.g. port scan) CLICKTECHSOLUTION.COM

Legal and ethical questions ‘Ethical’ hacking? How to react to mischief or nuisances? Is scanning for vulnerabilities legal? –Some hackers are trying to use this as a business model Here are your vulnerabilities, let us help you Can private property laws be applied on the Internet? CLICKTECHSOLUTION.COM

Port scanner example CLICKTECHSOLUTION.COM

Computer Crimes Financial Fraud Credit Card Theft Identity Theft Computer specific crimes –Denial-of-service –Denial of access to information –Viruses Melissa virus cost New Jersey man 20 months in jail Melissa caused in excess of $80 Million Intellectual Property Offenses –Information theft –Trafficking in pirated information –Storing pirated information –Compromising information –Destroying information Content related Offenses –Hate crimes –Harrassment –Cyber-stalking Child privacy CLICKTECHSOLUTION.COM

Federal Statutes Computer Fraud and Abuse Act of 1984 –Makes it a crime to knowingly access a federal computer Electronic Communications Privacy Act of 1986 –Updated the Federal Wiretap Act act to include electronically stored data U.S. Communications Assistance for Law Enforcement Act of 1996 –Ammended the Electronic Communications Act to require all communications carriers to make wiretaps possible Economic and Protection of Proprietary Information Act of 1996 –Extends definition of privacy to include proprietary economic information, theft would constitute corporate or industrial espionage Health Insurance Portability and Accountability Act of 1996 –Standards for the electronic transmission of healthcare information National Information Infrastructure Protection Act of 1996 –Amends Computer Fraud and Abuse Act to provide more protection to computerized information and systems used in foreign and interstate commerce or communications The Graham-Lynch-Bliley Act of 1999 –Limits instances of when financial institution can disclose nonpublic information of a customer to a third party CLICKTECHSOLUTION.COM

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.