Presentation is loading. Please wait.

Presentation is loading. Please wait.

Week 1-1 CSc 196n Computer Attacks & Countermeasures 1.Aka Ethical Hacking 2.How to successfully defend against attacks Know your enemy How they think.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Week 1-1 CSc 196n Computer Attacks & Countermeasures 1.Aka Ethical Hacking 2.How to successfully defend against attacks Know your enemy How they think."— Presentation transcript:

1 Week 1-1 CSc 196n Computer Attacks & Countermeasures 1.Aka Ethical Hacking 2.How to successfully defend against attacks Know your enemy How they think How they act Tools they use 3.What is an Exploit? Crackers break into a computer network by exploiting weaknesses in operating system services.

2 Week 1-2 Week 1: Introduction The Security Triangle Easy to make network secure but more difficult to make it secure and usable securityfunctionality performance

3 Week 1-3 Week 1: Introduction –Attackers process: 1.Footprinting the target 2.Scanning the target 3.Enumeration of target 4.Compromise & escalate –Passive reconnaissance –collecting information about an intended target of a malicious hack without the target knowing what is occurring. –Active reconnaissance –collecting information about an intended target of a malicious hack by probing the target system.

4 Week 1-4 Week 1: Introduction –Types of attacks –Local –Remote –Categories of exploits 0-day ( new unpublished) Account cracking Buffer overflow Denial of service Impersonation

5 Week 1-5 Week 1: Introduction –Categories cont Lack of operational control Lack of process and procedure Man in the middle Misconfiguration Network sniffing Race condition Session hijacking System/application design errors

6 Week 1-6 Week 1: Introduction –SANS/FBI top 20 security threats –http://www.sans.org/top20/http://www.sans.org/top20/ –Goals attackers try to achieve Gain unauthorized access Obtain administrative or root level Destroy vital data Deny legitimate users service Individual selfish goals Criminal intent

7 Week 1-7 Week 1: Introduction –Ethical hackers vs. Crackers Hacker usually is a programmer constantly seeks further knowledge, freely share what they have discovered, and never intentionally damage data. Cracker breaks into or otherwise violates system integrity with malicious intent. They destroy vital data or cause problems for their targets.

8 Week 1-8 Week 1: Introduction –Self proclaimed ethical hacking Anyone who without authority performs system and network testing on their own or their companies hosts. –Hacktivism One who hacks for political purposes –Skills required for ethical hacking First and foremost, they must be completely trustworthy Typically have very strong programming and computer networking skills Adept at installing and maintaining systems that use the more popular operating systems

9 Week 1-9 Week 1: Introduction –Skills cont Detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors. Finally, good candidates for ethical hacking have more drive and patience than most people. Note both IBM and Fed Gov will not hire ex- hackers (crackers).

10 Week 1-10 Week 1: Introduction –Categories of Ethical Hackers The best ethical hacker candidates will have successfully published research papers or released popular open-source security software. The computer security community is strongly self-policing, given the importance of its work. Most ethical hackers, and many of the better computer and network security experts, did not set out to focus on these issues. Most computer users from various disciplines, such as astronomy and physics, mathematics, computer science, philosophy, or liberal arts, who took it personally when someone disrupted their work with a hack.

11 Week 1-11 Week 1: Introduction –What do Ethical Hackers do An ethical hacker's evaluation of a system's security seeks answers to three basic questions: 1.What can an intruder see on the target systems? 2.What can an intruder do with that information? 3.Does anyone at the target notice the intruder's attempts or successes?

12 Week 1-12 Week 1: Introduction –Security evaluation plan When the client requests an evaluation, there is quite a bit of discussion and paperwork that must be done up front. The discussion begins with the client's answers to these questions 1.What are you trying to protect? 2.What are you trying to protect against? 3.How much time, effort, and money are you willing to expend to obtain adequate protection?

13 Week 1-13 Week 1: Introduction –Types of Ethical Hacks “get out of jail free card,” this is the contractual agreement between the client and the ethical hackers, who typically write it together This agreement also protects the ethical hackers against prosecution, since much of what they do during the course of an evaluation would be illegal in most countries. best evaluation is done under a “no-holds- barred” approach

14 Week 1-14 Week 1: Introduction –Testing Types Remote network. Remote dial-up network. Local network. Stolen laptop computer. Social engineering. Physical entry –Each of these kinds of testing can be performed from three perspectives: as a total outsider, a “semi-outsider,” or a valid user.

15 Week 1-15 Week 1: Introduction –Testing Types Blue Teaming – tests performed with the knowledge and consent of the organization’s IT staff. –Least expensive and most frequently used Red Teaming – tests performed without the knowledge of the organization’s IT staff, but with the full knowledge and permission of upper management. –Requires more time - network scans must be slowed to operate below the IDS and firewall –More expensive –Provides a better indication of target system security controls

16 Week 1-16 Week 1: Introduction –Ethical Hacking Report The final report is a collection of all of the ethical hacker's discoveries made during the evaluation. Main point of the whole exercise: it does clients no good just to tell them that they have problems. The report must include specific advice on how to close the vulnerabilities and keep them closed.

17 Week 1-17 Week 1: Introduction –Hacking Report cont The actual delivery of the report is also a sensitive issue. If vulnerabilities were found, the report could be extremely dangerous if it fell into the wrong hands. The final report is typically delivered directly to an officer of the client organization in hard-copy form. The ethical hackers would have an ongoing responsibility to ensure the safety of any information they retain, so in most cases all information related to the work is destroyed at the end of the contract.

18 Week 1-18 Week 1: Ethics & Law –Cyber Security Enhancement Act of 2002 http://www.usdoj.gov/criminal/cybercrime/ho meland_CSEA.htmhttp://www.usdoj.gov/criminal/cybercrime/ho meland_CSEA.htm

19 Week 1-19 Week 1: Ethics & Law –Overview of US Federal Laws UNITED STATES CODE TITLE 18 PART I CHAPTER 47 http://gaia.ecs.csus.edu/~dsmith/csc250/lect ure_notes/wk14/wk14_5.htmlhttp://gaia.ecs.csus.edu/~dsmith/csc250/lect ure_notes/wk14/wk14_5.html

20 Week 1-20 Week 1: Ethics & Law –US Code Section 1029 Fraud and False Statements http://caselaw.lp.findlaw.com/scripts/ts_search. pl?title=18&sec=1029

21 Week 1-21 Week 1: Ethics & Law –US Code Section 1030 http://gaia.ecs.csus.edu/~dsmith/csc250/lect ure_notes/wk14/18uscode.htmlhttp://gaia.ecs.csus.edu/~dsmith/csc250/lect ure_notes/wk14/18uscode.html

22 Week 1-22 Week 1: Ethics & Law –California Penal Code 502 http://www.leginfo.ca.gov/calaw.html

23 Week 1-23 Week 1: Ethics & Law –Hacking Punishment –Federal Government says scanning is not a crime. http://gaia.ecs.csus.edu/~dsmith/csc250/lect ure_notes/wk14/portscans.htmlhttp://gaia.ecs.csus.edu/~dsmith/csc250/lect ure_notes/wk14/portscans.html

24 Week 1-24 Week 1: Ethics & Law –Ethics Laws and Ethics are not the same. Laws are written and interpreted by our court systems. Ethics are the moral behavior of a society. Laws apply to everyone, two individuals may have entirely different ethics. Ethics are not universal - vary from society to society. May also vary in the same individual over time.

25 Week 1-25 Week 1: Ethics & Law –Code of Ethics IEEE Code http://www.ieee.org/portal/index.jsp?pageID =corp_level1&path=about/whatis&file=code.xm l&xsl=generic.xslhttp://www.ieee.org/portal/index.jsp?pageID =corp_level1&path=about/whatis&file=code.xm l&xsl=generic.xsl ACM Code http://www.acm.org/constitution/code.html Computer Ethics Institute 10 Commandments http://www.brook.edu/its/cei/overview/Ten_ Commanments_of_Computer_Ethics.htmhttp://www.brook.edu/its/cei/overview/Ten_ Commanments_of_Computer_Ethics.htm

26 Week 1-26 Week 1: Ethics & Law –Colloquium for Information System Security Education http://www.ncisse.org/courseware/computere thics/index.htmhttp://www.ncisse.org/courseware/computere thics/index.htm

27 Week 1-27 Week 1: Ethics & Law –Summary To catch a hacker you have to know their MO (motus operandi). Ethical hacking involves knowledge of the laws and strong ethics.

Download ppt "Week 1-1 CSc 196n Computer Attacks & Countermeasures 1.Aka Ethical Hacking 2.How to successfully defend against attacks Know your enemy How they think."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
ETHICAL HACKING.

ETHICAL HACKING.
Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.

Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.
Introduction to Ethical Hacking, Ethics, and Legality.

Introduction to Ethical Hacking, Ethics, and Legality.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Ethical Hacking Pratheeba Murugesan. HACKER AENDA  What is Ethical Hacking?  Who are ethical hackers?  Every Website-A Target  Get out of jail free.

Ethical Hacking Pratheeba Murugesan. HACKER AENDA  What is Ethical Hacking?  Who are ethical hackers?  Every Website-A Target  Get out of jail free.
Using Your Knowledge – Security Threats

Using Your Knowledge – Security Threats
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Hacker Ethics Kim Bissett Sabrina Short. Hacker Ethic: In General  Freedom of Information The web is not physical; it couldn’t be interpreted as property,

Hacker Ethics Kim Bissett Sabrina Short. Hacker Ethic: In General  Freedom of Information The web is not physical; it couldn’t be interpreted as property,
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.

1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
Hazards of Hacking. Hacking Originally, hacking was used to describe a programmer who was very skilled at his/her profession Often, this person knew programming.

Hazards of Hacking. Hacking Originally, hacking was used to describe a programmer who was very skilled at his/her profession Often, this person knew programming.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
HACKER NOT CRACKER. HACKER IS  A person who enjoys exploring the details of programmable systems and how to stretch their capabilities  Most often programmers.

HACKER NOT CRACKER. HACKER IS  A person who enjoys exploring the details of programmable systems and how to stretch their capabilities  Most often programmers.
Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.

Ethical Hacking Introduction.  What is Ethical Hacking?  Types of Ethical Hacking  Responsibilities of a ethical hacker  Customer Expectations  Skills.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Similar presentations

Ads by Google