Presentation is loading. Please wait.

Presentation is loading. Please wait.

Joseph Owen.  Aims:  To look at types of hackers  To look at different types of attacks  How to protect your network  Objectives  You will know.

Published byJody Adams Modified over 8 years ago

Similar presentations

Presentation on theme: "Joseph Owen.  Aims:  To look at types of hackers  To look at different types of attacks  How to protect your network  Objectives  You will know."— Presentation transcript:

1 Joseph Owen

2  Aims:  To look at types of hackers  To look at different types of attacks  How to protect your network  Objectives  You will know 3 types of hackers  You will know 6 types of attacks  You will know how to protect your networks against these types of attacks

3  The best way to protect your website, is to know how others try and attack it  Nothing in this lecture will teach you any details about using the attacks  Any attempt to attack/gain access to networks is illegal under the Computer Misuse Act, 1990

4  1. Unauthorised access to computer material  2. Unauthorised access with intent to commit of facilitate commission of further offences  3. Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.  3a. Making, supplying or obtaining articles for use in offence under section 1 or 3  http://www.legislation.gov.uk/ukpga/1990/18/contents

5  Due to the threat of attack, many companies employ a team to protect their network  Quite often this team know how to get into the network, then close the hole behind them  You could make very good money doing so  You sign documents to say what you are doing, and declare you will not use your skills for the wrong reasons

6  Quite often major companies will not report attacks  If a bank was target successfully and it made the news  People would worry about their savings etc…  They would take their money elsewhere

7  Otherwise known as ethical hackers  The hacking they undertake is legal and/or permitted by the company  Used to reinforce systems, and stop other hackers  This does not include, hacking for ‘the greater good’

8  Unlike white hat, grey hat hackers are breaking the law  They general feel they are doing so for good  They do not hack for personal gain, but the gain of others, although they can sometimes request a fee for fixing defects  This could include, other hackers, companies, small firms, government etc…

9  100% illegal  Hacking for personal gain, including financial, blackmail etc…  They can hack into networks to steal, replace or destroy data  Could often be a team of hackers, who may not even know each other, working anonymously

10  Script kiddie  Someone who uses existing scripts to attempt to hack  Hacktivist  A form of electronic protests  Blue hat  Used in the beta stage of software development

11  The first recorded computer virus  Written by Bob Thomas in 1971  It used an open port to enter the computer, display a message and self replicate to other computers on the network  I’m the creeper, catch me if you can!

12  DOS/Ddos  Packet sniffing  Man in the middle  Password cracking  SQL injection  Social engineering

13  Where data packets are sent in massive quantities to an IP address to put a strain on the web server  This stops legitimate users being able to access the site due to the ‘high traffic’  Distributed (DDoS) is where ‘zombie’ computers are led by master computers DDoS – Packet Sniffing – Man in the middle – Password Cracking – SQL injection – Social Engineering

14 The zombie computers may be legitimate users who are unaware their machine is being used in an attack Due to the nature of the web this can be spread worldwide

15  A server side firewall, preventing the packets reaching your server  Discuss with your ISP, as they may provide solutions and/or protection against attacks  DDoS mitigation services, where you can pay a fee for someone to reroute the packets to a dummy server DDoS – Packet Sniffing – Man in the middle – Password Cracking – SQL injection – Social Engineering

16  A device will sit in the network intercepting packets  This could be between router and computer  Between you and you ISP  Can either be:  Filtered, configured to take certain information such as passwords  Unfiltered, takes everything it can  Software was initially used legally to detect network faults DDoS – Packet Sniffing – Man in the middle – Password Cracking – SQL injection – Social Engineering

17 ComputerRouter ISP

18 ComputerRouter ISP Sniffer

19 ComputerRouter ISP Sniffer

20  Use higher levels of encryption  Use HTTPS channels to reduce the risk of data leaks  Use a variety of passwords for different applications/devices  This will limit the damage if they successfully gain data DDoS – Packet Sniffing – Man in the middle – Password Cracking – SQL injection – Social Engineering

21  Network eavesdropping  A machine inserts itself into a network and starts conversations with the computers or servers, tricking them into thinking that they are the other party  Works in real time, so no suspicion caused DDoS – Packet Sniffing – Man in the middle – Password Cracking – SQL injection – Social Engineering

22 Party 1Party 2 Party 1MITM Party 2 Expected Reality

23  Encryption that the MITM will not be able to decipher  HTTPS  Security certificates  As you can see, similar to stopping packet sniffers DDoS – Packet Sniffing – Man in the middle – Password Cracking – SQL injection – Social Engineering

24  This attack can have many variations:  Password Guessing  Brute Force  Dictionary attacks  Password resetting  Hash decrypting  Many people reuse the same passwords for many logins so results can be catastrophic DDoS – Packet Sniffing – Man in the middle – Password Cracking – SQL injection – Social Engineering

25  Use secure passwords  https://howsecureismypassword.net/  Don’t reuse passwords  Update passwords  Never disclose your passwords DDoS – Packet Sniffing – Man in the middle – Password Cracking – SQL injection – Social Engineering

26  Using SQL (Structured Querying Language) to fool data input fields  Most online forms have a database running in the background  Instead of putting your name in a form, enter code to retrieve information DDoS – Packet Sniffing – Man in the middle – Password Cracking – SQL injection – Social Engineering

27

28  The most common form of attack  Tricking the user into giving away their details  A rich relative from Nigeria  The ‘bank’ needing your details  Very effective on the non computer literate DDoS – Packet Sniffing – Man in the middle – Password Cracking – SQL injection – Social Engineering

29  Never give away information regarding your accounts  Never give away personal information (might be used for security questions)  Educate your friends/family/staff about the dangers DDoS – Packet Sniffing – Man in the middle – Password Cracking – SQL injection – Social Engineering

30  Root kit  Software to undermine the computer system  Key loggers  Records the keys pressed on a keyboard and sends them to the attacker  Trojan horse  Pretends to be legitimate software, but it is really a virus

Download ppt "Joseph Owen.  Aims:  To look at types of hackers  To look at different types of attacks  How to protect your network  Objectives  You will know."

Similar presentations

By Andy Scott, Michael Murray and Adam Kanopa

By Andy Scott, Michael Murray and Adam Kanopa
UNIT 20 The ex-hacker.

UNIT 20 The ex-hacker.
ETHICAL HACKING.

ETHICAL HACKING.
Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.

Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Prepared by: Nahed Al-Salah

Prepared by: Nahed Al-Salah
1 UNIT 20 The ex-hacker Lecturer: Ghadah Aldehim.

1 UNIT 20 The ex-hacker Lecturer: Ghadah Aldehim.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Hacking By: Caleb Herring Katie Edom. What is Computer Hacking Computer Hacking is defined as one who uses programming skills to access, legally.

Computer Hacking By: Caleb Herring Katie Edom. What is Computer Hacking Computer Hacking is defined as one who uses programming skills to access, legally.
By Carlos G. Coca.  Originally a person who was skilled at programming language who was able to create/alter web content.  Now: “A person who illegally.

By Carlos G. Coca.  Originally a person who was skilled at programming language who was able to create/alter web content.  Now: “A person who illegally.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Issues Raised by ICT.

Issues Raised by ICT.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Similar presentations

Ads by Google