How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.

Slides:



Advertisements
Similar presentations
Lesson 3-Hacker Techniques
Advertisements

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L1 1 Implementing Secure Converged Wide Area Networks (ISCW)
Cryptography and Network Security Chapter 20 Intruders
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Forces that Have Brought the world to it’s knees over the centuries.
Hacker Update Rick Shaw – President,CorpNet Security, Inc. Mick Johannes – CTO, CorpNet Security, Inc.
Types of Attacks, Hackers Motivations and Methods
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hacking-Over the years Presented by Praveen Desani.
Wardriving 7/29/2004 The “Bad Karma Gang”. Agenda Introduction to Wardriving The Tools of Wardriving Wardriving Green Lake.
Network and Server Attacks and Penetration Chapter 12.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Penetration Testing.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
ETHICAL HACKING ETHICAL HACKING A LICENCE TO HACK Submitted By: Usha Kalkal M.Tech(1 st Sem) Information technology.
APA of Isfahan University of Technology In the name of God.
Hacking Windows Justin Bell Department of Computer Science University of Wisconsin, Platteville
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)
Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.
13Computer Intrusions Dr. John P. Abraham Professor UTPA.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Software Security Testing Vinay Srinivasan cell:
CIS 450 – Network Security Chapter 3 – Information Gathering.
1.2 Security. Computer security is a branch of technology known as information security, it is applied to computers and networks. It is used to protect.
Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.
Module 8 – What's Next?  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification ○ Penetration.
DIYTP Assessing a System - Basics  Why?  Vulnerabilities  What to look at:  The six ‘P’s  Patch  Ports  Protect  Policies  Probe  Physical.
Information Systems Security Operations Security Domain #9.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
Hacking Windows and Windows Security Lesson 10. Windows 9X/Me/NT There are still some folks out there using Windows 95 and 98, ME, 2000, and NT. Remote.
Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.
Topic 5: Basic Security.
Security fundamentals Topic 1 Addressing security threats and vulnerabilities.
Footprinting and Scanning
Introduction to Security Dr. John P. Abraham Professor UTPA.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Filip Chytrý Everyone of you in here can help us improve online security....
© SYBEX Inc All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Network security Vlasov Illia
Topic 5 Penetration Testing 滲透測試
Seminar On Ethical Hacking Submitted To: Submitted By:
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Footprinting and Scanning
Secure Software Confidentiality Integrity Data Security Authentication
Security Fundamentals
Kennesaw State University
Answer the questions to reveal the blocks and guess the picture.
Footprinting and Scanning
John Butters Running Tiger Teams
Learning objectives By the end of this unit you should: Explain
Intrusion Detection system
Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein
Establishing a Security Program When None Exists
Test 3 review FTP & Cybersecurity
Presentation transcript:

How hackers do it Ron Woerner Security Administrator CSG Systems, Inc. Hacking 101 How hackers do it Ron Woerner Security Administrator CSG Systems, Inc. G:\Dataware\Marketing\Sales Training\August ‘97 Boot Camp\CMS.ppt

What do you think when you hear: Hacker or cracker Melissa, LoveBug (ILOVEYOU) Denial of Service (DoS) attacks Packet sniffing Password cracking Information warfare or Cybercrime Social engineering 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

Home Security Analogy Systems Security is like securing your house Policies are the written understanding Access control and passwords are the keys Window and door locks keep out intruders A security camera watches open doors The intent is to make the environment less inviting to those looking for easy pickings 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

The “Crown Jewels” Question: What are your “Crown Jewels”? What attracts hackers to your company? Why would a hacker take interest in your company? What is your companies biggest vulnerabilities? 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

CSG Systems, Inc.Confidential & Proprietary Security Risks You need to be concerned about: Disclosure of confidential information - The disclosure of personal and private information about individuals can lead to civil or criminal liability for your company. Data loss - Data can be electronically destroyed or altered either accidentally or maliciously. Damage to reputation - Customers, potential customers, investors, and potential investors are all influenced by a security incident. Downtime - A security incident can shut an organization down. 4/30/2019 CSG Systems, Inc.Confidential & Proprietary ©2000, CSG Systems, Inc. All rights reserved

Anatomy of a Hack Perimeter / Vulnerability Assessment Exploitation Footprinting Scanning Enumeration Exploitation Gaining Access Escalating privileges Pilfering Covering Tracks Creating backdoors 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

Assessment Footprinting - Information gathering Open source search on the site Network Solutions (www.networksolutions.com/cgi-bin/whois/whois) ARIN whois (www.arin.net/whois) This gives network and contact information DNS lookup (nslookup, Sam Spade) The Domain Name Server gives further network and system information 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

Assessment Scanning - System type Enumeration - Getting details IP Address determination - ping sweep Determines which systems I can access Port Scan (TCP/UDP) Shows what is “open” on those systems Enumeration - Getting details System/application vulnerabilities What’s running on a particular system System users Who is on that system 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

Exploitation Gaining access Escalating privilege (gaining root/admin) Password eavesdropping Buffer overflows Application vulnerabilities Escalating privilege (gaining root/admin) Password cracking Network sniffing 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

Exploitation Pilfering - getting the “crown jewels” Covering Tracks Finding whatever is valuable such as Credit information Personal information Additional system information Covering Tracks Loading a “root kit” Clear log files Hide tools Secure the system Creating back doors - so they can get in again 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

Denial of Service (DoS) Rendering a service offered by a workstation or server unavailable to others - Disabling the target. Reasons: To get a system reboot Hacker covering his/her tracks Malicious intent How it’s done: Ping of death - ICMP techniques Syn (network) vulnerabilities 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

Social Engineering An attack based on deceiving users or administrators at the target site to gain information or access. The “old con job” Typically done by telephoning users or operators. The “hackers” pretend to be an authorized user and attempt to gain information about the systems and/or gain illicit access to systems. Requires little technical skill. Relies on people’s “natural” trusting nature. 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

What you can do ALL systems/applications are insecure! It’s up to the administrators and users for security. Think Security Secure passwords Physical security Report incidents/anomalies Work with system/application administrators 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.