Presentation is loading. Please wait.

Presentation is loading. Please wait.

How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.

Published byHendri Hartanto Modified over 5 years ago

Similar presentations

Presentation on theme: "How hackers do it Ron Woerner Security Administrator CSG Systems, Inc."— Presentation transcript:

1

2 How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.
Hacking 101 How hackers do it Ron Woerner Security Administrator CSG Systems, Inc. G:\Dataware\Marketing\Sales Training\August ‘97 Boot Camp\CMS.ppt

3 What do you think when you hear:
Hacker or cracker Melissa, LoveBug (ILOVEYOU) Denial of Service (DoS) attacks Packet sniffing Password cracking Information warfare or Cybercrime Social engineering 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

4 Home Security Analogy Systems Security is like securing your house
Policies are the written understanding Access control and passwords are the keys Window and door locks keep out intruders A security camera watches open doors The intent is to make the environment less inviting to those looking for easy pickings 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

5 The “Crown Jewels” Question: What are your “Crown Jewels”?
What attracts hackers to your company? Why would a hacker take interest in your company? What is your companies biggest vulnerabilities? 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

6 CSG Systems, Inc.Confidential & Proprietary
Security Risks You need to be concerned about: Disclosure of confidential information - The disclosure of personal and private information about individuals can lead to civil or criminal liability for your company. Data loss - Data can be electronically destroyed or altered either accidentally or maliciously. Damage to reputation - Customers, potential customers, investors, and potential investors are all influenced by a security incident. Downtime - A security incident can shut an organization down. 4/30/2019 CSG Systems, Inc.Confidential & Proprietary ©2000, CSG Systems, Inc. All rights reserved

7 Anatomy of a Hack Perimeter / Vulnerability Assessment Exploitation
Footprinting Scanning Enumeration Exploitation Gaining Access Escalating privileges Pilfering Covering Tracks Creating backdoors 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

8 Assessment Footprinting - Information gathering
Open source search on the site Network Solutions ( ARIN whois ( This gives network and contact information DNS lookup (nslookup, Sam Spade) The Domain Name Server gives further network and system information 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

9 Assessment Scanning - System type Enumeration - Getting details
IP Address determination - ping sweep Determines which systems I can access Port Scan (TCP/UDP) Shows what is “open” on those systems Enumeration - Getting details System/application vulnerabilities What’s running on a particular system System users Who is on that system 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

10 Exploitation Gaining access Escalating privilege (gaining root/admin)
Password eavesdropping Buffer overflows Application vulnerabilities Escalating privilege (gaining root/admin) Password cracking Network sniffing 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

11 Exploitation Pilfering - getting the “crown jewels” Covering Tracks
Finding whatever is valuable such as Credit information Personal information Additional system information Covering Tracks Loading a “root kit” Clear log files Hide tools Secure the system Creating back doors - so they can get in again 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

12 Denial of Service (DoS)
Rendering a service offered by a workstation or server unavailable to others - Disabling the target. Reasons: To get a system reboot Hacker covering his/her tracks Malicious intent How it’s done: Ping of death - ICMP techniques Syn (network) vulnerabilities 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

13 Social Engineering An attack based on deceiving users or administrators at the target site to gain information or access. The “old con job” Typically done by telephoning users or operators. The “hackers” pretend to be an authorized user and attempt to gain information about the systems and/or gain illicit access to systems. Requires little technical skill. Relies on people’s “natural” trusting nature. 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

14 What you can do ALL systems/applications are insecure! It’s up to the administrators and users for security. Think Security Secure passwords Physical security Report incidents/anomalies Work with system/application administrators 4/30/2019 ©2000, CSG Systems, Inc. All rights reserved

Download ppt "How hackers do it Ron Woerner Security Administrator CSG Systems, Inc."

Similar presentations

Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L1 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L1 1 Implementing Secure Converged Wide Area Networks (ISCW)
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Forces that Have Brought the world to it’s knees over the centuries.

Forces that Have Brought the world to it’s knees over the centuries.
Hacker Update Rick Shaw – President,CorpNet Security, Inc. Mick Johannes – CTO, CorpNet Security, Inc.

Hacker Update Rick Shaw – President,CorpNet Security, Inc. Mick Johannes – CTO, CorpNet Security, Inc.
Types of Attacks, Hackers Motivations and Methods

Types of Attacks, Hackers Motivations and Methods
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Hacking-Over the years Presented by Praveen Desani.

Hacking-Over the years Presented by Praveen Desani.
Wardriving 7/29/2004 The “Bad Karma Gang”. Agenda Introduction to Wardriving The Tools of Wardriving Wardriving Green Lake.

Wardriving 7/29/2004 The “Bad Karma Gang”. Agenda Introduction to Wardriving The Tools of Wardriving Wardriving Green Lake.
Network and Server Attacks and Penetration Chapter 12.

Network and Server Attacks and Penetration Chapter 12.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.

Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Similar presentations

Ads by Google