Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking-Over the years Presented by Praveen Desani.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Hacking-Over the years Presented by Praveen Desani."— Presentation transcript:

1 Hacking-Over the years Presented by Praveen Desani

2 Overview: Importance of security. Hacking. Methodologies. Motives.

3 Importance of Security: Computers and internet are becoming pervasive. Consequence of being online. It has become a part of product design, developing and deployment.

4 Importance of Security: There are even organizations which provide “Security as a service” We need to know how computer attacks are performed.

5 Hacking Clever programmer. Modification of a program/device to give user access to features that were otherwise unavailable to them.

6 Hacking Its usually a technical activity. SCRIPT KIDDIES

7 Attacking Methods: Intrusion Physical Intrusion usually internal employees eg., booting with floppy or taking the system part physically System Intrusion low level privilages Exploit un-patched security vulnerabilities.

8 Remote Intrusion: Valid account names/Cracking weak passwords Exploiting common security vulnerabilities (buffer overflow).

9 What it takes for an attack? 1.Need to carry out some information gathering on the target. 2.Plan their way into the system. 3.Reduce chance of getting caught. During all these procedures, Network traffice would look normal.

10 Pattern they follow: 1. Foot printing. Getting complete profile and security arrangements Information of interest including the technology the use (like internet, intranet, remote access) Security policies and procedures. 2. Network Enumeration. Attacker tries to find out domain names and associated Networks related.

11 Pattern they follow…. 3. DNS Interrogation. After NE is done, query the DNS. Revealing info about the organizations. Zone Transfer Mechanism. Leak of private DNS information. 4.Network Reconnaissance. Identifying the potential target. Try to map network topologies and identify paths. Eg: trace route program

12 5. Scanning Knocking the walls. Which systems are alive and reachable? Ping sweeps, port scans, automatic discovery tools. At this point IDS warns, but not yet attacked.

13 Unauthorized Access: 1. Acquiring passwords. 2. Clear Text Sniffing. There is no encryption of passwords with protocols like telnet, FTP, HTTP. Easy for attackers to eavesdrop using network protocol analyzers to obtain password.. 3. Encryption sniffing. How about encrypted passwords? Decryption using dictionary, brute force attack

14 4. Replay attack. No need to decrypt. Reprogram the client software. 5. Password file stealing. /etc/passwd in Unix SAM in WinNT Steal these files and run cracking programs. 6. Observation. Usage of long and difficult to guess passwords. Attackers with physical access. Shoulder surfing.

15 7. Social Engineering. Cracking techniques that rely on weakness in users ie., admin, operators. Calling up systems operator posing as a field service technician with urgent access problem. 8. Software Bugs. Vulnerabilities brought by bugs in S/W Buffer overflow are found by buffer vulnerabilities on certain programs. Searching for these bugs directly. Examining every place the program prompts for input and trying to overflow it with random data.

16 What’s the need to learn? Does it help? Yes… Developing more efficient ways to protect the system.

17 Motives: 49% -- discovery learning, challenge, knowledge and pleasure 24% -- recognition, excitement (of doing something illegal) 27% -- self-gratification, addiction, espionage, theft and profit. Addiction and curiosity.

18 How have they grown over the Years?? 1 st Generation : Talented techies, programmers and Scientists (mostly from MIT ) 2 nd Generation: Forward thinking to recognize the potential of computer niche. 3 rd Generation: Young people who used PC and entertainment value of PC and began developing games(illegal copying,cracking the copy right protection)

19 4 th Generation: Criminal Activity Claim that motivation was curiosity/hunger for knowledge.

20 Types of Hackers: White Hack: Focusing on securing IT systems. Have clearly defined code of ethics. Improve discovered security breaches. ….Tim-Berners Lee….. Grey Hat: no personnel gain, no malicious intentions. testing and monitoring. Black Hat : crackers/they are criminals. maintain knowledge of vulnerabilities. Doesn’t reveal to general public/manufacturing for corrections.

21 What needs to be done? Intrinsically and Globally imperfect. There are many holes (not just technical ones) They also stem from bad-security practices and procedures. Educating the users, Security Administrators Securing the Environment

22 Comments/questions??

23 Discussion…. Whom to blame? Who should be liable? Should government step in and regulate? Is it upto the individual computer users and companies to stay on top of technology? Should we blame the software industry for selling insecure products?

24 Whom to blame? Lack of liability? Building a security product with no liability is of no use. Eg., There are different rules and regulations in the situation of drug release. But Are there any regulations and rules in a Software Release??

Download ppt "Hacking-Over the years Presented by Praveen Desani."

Similar presentations

ETHICAL HACKING.

ETHICAL HACKING.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.

1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.

 Ethical Hacking is testing the resources for a good cause and for the betterment of technology.  Technically Ethical Hacking means penetration.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 PRESENTATION by ~ Gagan Deep Singh. 2 WHY IS IT SUCH A CRUCIAL TOPIC- The vast size of our systems The investments we make in our systems Confidential.

1 PRESENTATION by ~ Gagan Deep Singh. 2 WHY IS IT SUCH A CRUCIAL TOPIC- The vast size of our systems The investments we make in our systems Confidential.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.

Hacking and Network Defense. Introduction  With the media attention covering security breaches at even the most tightly controlled organization, it is.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Similar presentations

Ads by Google