2. THREAT:anaction oreventthatmightcompromise
security. Athreat isapotential violationofsecurity.
VULNERABILITY–existenceofaweakness,design,or
implementation errorthatcanleadtoanunexpectedand
undesirableeventcompromisingthesecurityofthesystem.
EXPLOIT–adefinedwaytobreachthesecurityofanITsystem
throughavulnerability.
ATTACK–anassaultonthesystemsecuritythatisderivedfrom
anintelligentthreat. Anattackisanyactionthatviolatessecurity.
WHAT YOU SHOULD KNOW FIRST ...
3. HACKER CATEGORIES…
BLACK HAT…
individualswithextraordinary computing skills,resorting to
maliciousordestructive activities. Alsoknownascrackers.
WHITE HAT…
individualsprofessing hacker skillsandusingthem for
defensive purposes. Alsoknownassecurity analysts.
GRAY HAT…
individuals who work both offensively and
defensively at various times.
SUICIDERS…
individualswhoaimtobringdowncritical infrastructure for a
“cause” (Hacktivism) anddonotworryaboutpunishment.
9. PHASES OF SCANNING…
Check for live
systems
Identify services
Banner grabbing
OS
fingerprinting
Scan for
vulnerabilities
Draw network
diagrams of
vulnerable hosts
Prepare proxiesAttack
11. HOW TO GAIN ACCESS ??!
Thereareseveralwaysanattackercangainaccesstoasystem.
Theattackermustbeabletoexploitaweaknessorvulnerabilityin
asystem.
12. HOW TO GAIN ACCESS ??!
Applyingpatchesandhotfixesarenoteasyintoday’scomplex
networks.
AttackerslookforOSvulnerabilities andexploitthemtogain
accesstoanetworksystem.
OS ATTACKS… APPLICAION LEVEL ATTACKS
SHRINK WRAP CODE… MISCONFG. ATTACKS
13. HOW TO GAIN ACCESS ??!
Securityisoftenanafterthoughtandusuallydeliveredasan“add-on”
component.Poorornon-existenterrorcheckinginapplicationsleadstobuffer
overflowattacks.
OS ATTACKS… APPLICAION LEVEL ATTACKS
SHRINK WRAP CODE… MISCONFG. ATTACKS
14. HOW TO GAIN ACCESS ??!
WhenyouinstallanOSorapplication,itcomeswithtonsofsamplescriptsto
makethelifeofanadministratoreasy.Theproblemis“notcustomizingthese
scripts”.Thiswillleadtodefaultcodeorshrinkwrapcodeattack
OS ATTACKS… APPLICAION LEVEL ATTACKS
SHRINK WRAP CODE… MISCONFG. ATTACKS
15. HOW TO GAIN ACCESS ??!
Inordertomaximizeyourchancesofconfiguringamachinecorrectly,remove
anyunneededservicesorsoftware.
OS ATTACKS… APPLICAION LEVEL ATTACKS
SHRINK WRAP CODE… MISCONFG. ATTACKS