a branch of computer technology known as information
security as applied to computers and networks
Security by design
Hardware mechanisms that protect computers and data
Secure operating systems
Capabilities and access control lists
Hacker (computersecurity) or cracker, who accesses a
computersystem by circumventing its security system
Hacker (programmer subculture), who shares an anti-
authoritarian approach to software development now
associatedwith the free software movemen
Hacker (hobbyist), who makes innovative customizations
or combinations of retail electronic and computer
Learn how to program
Get one of the open-source Unixes and learn to use and
Learn how to use the World Wide Web
If you don't have functional English, learn it!!
The world is full of fascinating problems waiting to be
No problem should ever have to be solved twice.
Boredom and drudgery are evil.
Freedom is good.
Attitudeis no substitutefor competence.
Help test and debug open-source software
Publish useful information
Help keep the infrastructure working
Serve the hacker culture itself
hackersfirst perform routine and detailed reconnaissance.
Methods of reconnaissance include Dumpster Diving, Social
Engineering, Google Searching & Google Hacking, and work
their way up to more insidious methods such as infiltrating
youremployees environmentsfrom coffee shops to simply
walking in and setting up in aÂ cubicle and asking a lot of
can reveal vulnerabilities that create a hit list, or triage
list, for hackers to work through.
Typically, hackers perform port scans and port mapping,
while attempting to discover what services and versions of
services are actively available on any open or available ports.
Open ports can lead to a hacker gaining direct access to
services and possibly to internal network connections.
Whether the hacker is successful attacking an internal
system has much to do with how vulnerable the specific
system is, which is related to system configurations and
Hackers may choose to continue attacking and exploiting
the target system, or to explore deeper into the target
network and look for more systems and services
Hackers can continue to sniff your network looking for more
information to use againstyou.
Most hackers will attempt to cover their footprints and
tracks as carefully as possible.
Gaining root level access and administrative access is a big
part of covering one’s tracks as the hacker can remove log
entries and do so as a privileged administrator as opposed
to an unknown hacker.
Man In The Middle Attack
Packet sniffer comes in two categories:
Alice sends a message to Bob, which is intercepted by
Alice "Hi Bob, it's Alice. Give me your key"--> Mallory Bob
Mallory relays this message to Bob; Bob cannot tell it is not
really from Alice:
Alice Mallory "Hi Bob, it's Alice. Give me your key"--> Bob
Bob responds with his encryption key:
Alice Mallory <--[Bob's_key] Bob
Mallory replaces Bob's key with her own, and relays this to
Alice, claiming that it is Bob's key:
Alice <--[Mallory's_key] Mallory Bob
Alice encrypts a message with what she believes to be Bob's
key, thinking that only Bob can read it:
Alice "Meet me at the bus stop!"[encryptedwith Mallory's key]-->
DDOS (Distributed Denial of Service Attacks)
Disableservices by default.
LOGICAL VIEW OF ATTACK NET
Slave SlaveSlave SlaveSlave
Close Service/Port If Not Use
Don’t Use “Remeber me” While Login
TCP session hijackingis when
a hacker takes over a TCP
session between two