Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Published byGarey Potter Modified over 10 years ago

Similar presentations

Presentation on theme: "Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University."— Presentation transcript:

1 Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University

2 Agenda Hackers and their vocabulary Threats and risks Types of hackers Gaining access Intrusion detection and prevention Legal and ethical issues

3 Hackerz Lingo Hacking - showing computer expertise Cracking - breaching security on software or systems Phreaking - cracking telecom networks Spoofing - faking the originating IP address in a datagram Denial of Service (DoS) - flooding a host with datagrams (e.g. by “smurfing”) Port Scanning - searching for vulnerabilities

4 Hacking through the ages 1969 - Unix ‘hacked’ together 1971 - Cap ‘n Crunch phone exploit discovered 1988 - Morris Internet worm crashes 6,000 servers 1994 - $10 million transferred from CitiBank accounts 1995 - Kevin Mitnick sentenced to 5 years in jail 2000 - Major websites succumb to DDoS

5 Recent news 15,700 credit and debit card numbers stolen from Western Union (Sep. 8, 2000) (hacked while web database was undergoing maintenance)

6

7 The threats Denial of Service (Yahoo, eBay, CNN) Graffiti, Slander, Reputation Loss of data Divulging private information (AirMiles, corporate espionage) Loss of financial assets (CitiBank)

8 CIA.gov defacement example

9 Web site defacement example

10 Types of hackers Professional hackers –Black Hats –White Hats Script kiddies

11 Top intrusion justifications 1.I’m doing you a favour pointing out vulnerabilities 2.I’m making a political statement 3.Because I can 4.Because I’m paid to do it

12 Gaining access Back doors Trojans Software vulnerability exploitation Password guessing Password/key stealing

13 Back doors & Trojans e.g. Whack-a-mole / NetBus Cable modems / DSL very vulnerable Protect with Virus Scanners, Port Scanners, Personal Firewalls

14 Port scanner example

15 Software vulnerability exploitation Buffer overruns HTML / CGI scripts Other holes / bugs in software and services Tools and scripts used to scan ports for vulnerabilities

16 Password guessing Default or null passwords Password same as user name (use finger) Password files, trusted servers Brute force -- make sure login attempts audited!

17 Password/key stealing Dumpster diving Social engineering Inside jobs (about 50% of intrusions resulting in significant loss)

18 Once inside, the hacker can... Modify logs Steal files Modify files Install back doors Attack other systems

19 Intrusion detection systems (IDS) Vulnerability scanners –pro-actively identifies risks Network-based IDS –examine packets for suspicious activity –can integrate with firewall –require 1 dedicated IDS server per segment

20 Intrusion detection systems (IDS) Host-based IDS –monitors logs, events, files, and packets sent to the host –installed on each host on network Honeypot –decoy server –collects evidence and alerts admin

21 Intrusion prevention Patches and upgrades Disabling unnecessary software Firewalls and intrusion detection ‘Honeypots’ Reacting to port scanning

22 Risk management Probability Impact Ignore (e.g. delude yourself) Prevent (e.g. firewalls, IDS, patches) Backup Plan (e.g. redundancies) Contain & Control (e.g. port scan)

23 Legal and ethical questions ‘Ethical’ hacking? How to react to mischief or nuisances? Is scanning for vulnerabilities legal? Can private property laws be applied on the Internet?

Download ppt "Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University."

Similar presentations

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
What is hacking? Taeho Oh

What is hacking? Taeho Oh
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare.

Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Defining Security Issues Chapter 8. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a.

Defining Security Issues Chapter 8. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Hackers, Crackers, and Network Intruders

Hackers, Crackers, and Network Intruders
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
22 November 2010. Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.

22 November Security and Privacy  Security: the protection of data, networks and computing power  Privacy: complying with a person's desires when.
Prentice Hall, 2002 1 Chapter 13 E-Commerce Security.

Prentice Hall, Chapter 13 E-Commerce Security.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Similar presentations

Ads by Google