Hacking-Over the years Presented by Praveen Desani.

Slides:

Advertisements

Similar presentations

ETHICAL HACKING.

Advertisements

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

Cryptography and Network Security Chapter 20 Intruders

System Security Scanning and Discovery Chapter 14.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

1 PRESENTATION by ~ Gagan Deep Singh. 2 WHY IS IT SUCH A CRUCIAL TOPIC- The vast size of our systems The investments we make in our systems Confidential.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Threats and Attacks Principles of Information Security, 2nd Edition

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Norman SecureSurf Protect your users when surfing the Internet.

ETHICAL HACKING ETHICAL HACKING A LICENCE TO HACK Submitted By: Usha Kalkal M.Tech(1 st Sem) Information technology.

ISEC0511 Programming for Information System Security

Operating Systems Protection & Security.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.

Chapter 4.  Can technology alone provide the best security for your organization?

The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

SATAN Presented By Rick Rossano 4/10/00. OUTLINE What is SATAN? Why build it? How it works Capabilities Why use it? Dangers of SATAN Legalities Future.

Software Security Testing Vinay Srinivasan cell:

Information Systems Security Operations Security Domain #9.

Linux Networking and Security

Engineering Essential Characteristics Security Engineering Process Overview.

APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Ethical Hacking Han Li  Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking.

Intrusion Detection Reuven, Dan A. Wei, Li Patel, Rinku H.

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Security, Privacy and Crime Presented by Abhishek Sharma.

Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.

Introduction to Security Dr. John P. Abraham Professor UTPA.

Computer Security By Duncan Hall.

PREPARED BY : Harsh patel dhruv patel sreejit sundaram.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

Filip Chytrý Everyone of you in here can help us improve online security....

ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.

 Terms:  “Security”: is a system’s ability to provide services while maintaining the five IA pillars  “Attack”: an action that violates one of the.

General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.

HACKING Submitted By: Ch. Leela Sasi, I M.C.A, Y11MC29011, CJJC P.G College.

Secure Software Confidentiality Integrity Data Security Authentication

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Kennesaw State University

12: Security The Security Problem Authentication Program Threats

Operating System Concepts

Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.

How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.

Operating System Concepts

Presentation transcript:

Hacking-Over the years Presented by Praveen Desani

Overview: Importance of security. Hacking. Methodologies. Motives.

Importance of Security: Computers and internet are becoming pervasive. Consequence of being online. It has become a part of product design, developing and deployment.

Importance of Security: There are even organizations which provide “Security as a service” We need to know how computer attacks are performed.

Hacking Clever programmer. Modification of a program/device to give user access to features that were otherwise unavailable to them.

Hacking Its usually a technical activity. SCRIPT KIDDIES

Attacking Methods: Intrusion Physical Intrusion usually internal employees eg., booting with floppy or taking the system part physically System Intrusion low level privilages Exploit un-patched security vulnerabilities.

Remote Intrusion: Valid account names/Cracking weak passwords Exploiting common security vulnerabilities (buffer overflow).

What it takes for an attack? 1.Need to carry out some information gathering on the target. 2.Plan their way into the system. 3.Reduce chance of getting caught. During all these procedures, Network traffice would look normal.

Pattern they follow: 1. Foot printing. Getting complete profile and security arrangements Information of interest including the technology the use (like internet, intranet, remote access) Security policies and procedures. 2. Network Enumeration. Attacker tries to find out domain names and associated Networks related.

Pattern they follow…. 3. DNS Interrogation. After NE is done, query the DNS. Revealing info about the organizations. Zone Transfer Mechanism. Leak of private DNS information. 4.Network Reconnaissance. Identifying the potential target. Try to map network topologies and identify paths. Eg: trace route program

5. Scanning Knocking the walls. Which systems are alive and reachable? Ping sweeps, port scans, automatic discovery tools. At this point IDS warns, but not yet attacked.

Unauthorized Access: 1. Acquiring passwords. 2. Clear Text Sniffing. There is no encryption of passwords with protocols like telnet, FTP, HTTP. Easy for attackers to eavesdrop using network protocol analyzers to obtain password.. 3. Encryption sniffing. How about encrypted passwords? Decryption using dictionary, brute force attack

4. Replay attack. No need to decrypt. Reprogram the client software. 5. Password file stealing. /etc/passwd in Unix SAM in WinNT Steal these files and run cracking programs. 6. Observation. Usage of long and difficult to guess passwords. Attackers with physical access. Shoulder surfing.

7. Social Engineering. Cracking techniques that rely on weakness in users ie., admin, operators. Calling up systems operator posing as a field service technician with urgent access problem. 8. Software Bugs. Vulnerabilities brought by bugs in S/W Buffer overflow are found by buffer vulnerabilities on certain programs. Searching for these bugs directly. Examining every place the program prompts for input and trying to overflow it with random data.

What’s the need to learn? Does it help? Yes… Developing more efficient ways to protect the system.

Motives: 49% -- discovery learning, challenge, knowledge and pleasure 24% -- recognition, excitement (of doing something illegal) 27% -- self-gratification, addiction, espionage, theft and profit. Addiction and curiosity.

How have they grown over the Years?? 1 st Generation : Talented techies, programmers and Scientists (mostly from MIT ) 2 nd Generation: Forward thinking to recognize the potential of computer niche. 3 rd Generation: Young people who used PC and entertainment value of PC and began developing games(illegal copying,cracking the copy right protection)

4 th Generation: Criminal Activity Claim that motivation was curiosity/hunger for knowledge.

Types of Hackers: White Hack: Focusing on securing IT systems. Have clearly defined code of ethics. Improve discovered security breaches. ….Tim-Berners Lee….. Grey Hat: no personnel gain, no malicious intentions. testing and monitoring. Black Hat : crackers/they are criminals. maintain knowledge of vulnerabilities. Doesn’t reveal to general public/manufacturing for corrections.

What needs to be done? Intrinsically and Globally imperfect. There are many holes (not just technical ones) They also stem from bad-security practices and procedures. Educating the users, Security Administrators Securing the Environment

Comments/questions??

Discussion…. Whom to blame? Who should be liable? Should government step in and regulate? Is it upto the individual computer users and companies to stay on top of technology? Should we blame the software industry for selling insecure products?

Whom to blame? Lack of liability? Building a security product with no liability is of no use. Eg., There are different rules and regulations in the situation of drug release. But Are there any regulations and rules in a Software Release??