L5 understanding hacking

346 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
346
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

L5 understanding hacking

  1. 1. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 1
  2. 2.  the term hacker simply referred to an adept computer user, and gurus still use the term to refer to themselves in that original sense.  when breaking into computer systems (technically known as cracking) became popular, the media used the hacker to refer only to computer criminals Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 2
  3. 3.  Hacking is illegal. Title 18, United States Code, Section 1030, by Congress in 1984  the perpetrator must “knowingly” commit the crime  notification that unauthorized access is illegal be posted  For a computer-related crime to become a federal crime, the attacker must be shown to have caused at least $5,000 worth of damage. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 3
  4. 4.  2004 CANSPAM Act specifically criminalizes the transmission of unsolicited commercial e-mail without an existing business relationship.  Before that, spamming was not a crime!  Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 4
  5. 5.  Because of the time it takes, there are only two serious types of hackers: › the underemployed and › those hackers being paid by someone to hack. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 5
  6. 6.  Hackers fall quite specifically into these categories, in order of increasing threat: › Security experts › Script kiddies › Underemployed adults › Ideological hackers › Criminal hackers › Corporate spies › Disgruntled employees Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 6
  7. 7.  Most security experts are capable of hacking but decline to do so for moral or economic reasons.  Computer security experts have found that there’s more money in preventing hacking than in perpetrating it  hundreds of former hackers now consult independently as security experts to medium- sized businesses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 7
  8. 8.  Script kiddies are students who hack  These hackers may use their own computers, or (especially at colleges) they may use the more powerful resources of the school to perpetrate their hacks.  joyride through cyberspace looking for targets of opportunity  concerned mostly with impressing their peers and not getting caught. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 8
  9. 9.  in most instances, you’ll never know they were there unless you have software that detects unusual activity or unless they make a mistake.  These hackers constitute about 90 percent of the total manual hacking activity on the Internet.  They use the tools produced by others,  script kiddies hack primarily to get free stuff  They share pirated software and serial numbers Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 9
  10. 10.  Underemployed adults are former script kiddies  either dropped out of school or failed to achieve full-time employment and family commitments  Many of the tools script kiddies use are created by these adult hackers  Adult hackers often create the “crackz” applied by other hackers to unlock commercial software.  This group also writes the majority of the software viruses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 10
  11. 11.  Ideological hackers are those who hack to further some political purpose.  Since the year 2000, ideological hacking has gone from just a few verified cases to an information war  They deface websites or perpetrate DoS attacks against their ideological enemies.  looking for mass media coverage of their exploits  have the implicit support of their home government Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 11
  12. 12.  Criminal hackers hack for revenge, to perpetrate theft, or for the sheer satisfaction of causing damage.  exceedingly rare because the intelligence required to hack usually also provides ample opportunity for the individual to find some socially acceptable means of support  little risk to institutions that do not deal in large volumes of computer-based financial transactions Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 12
  13. 13.  very rare because it’s extremely costly and legally very risky to employ illegal hacking tactics against competing companies  Many high technology businesses are young and naïve about security  Nearly all high-level military spy cases involve individuals who have incredible access to information but as public servants don’t make much money Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 13
  14. 14.  Disgruntled employees are the most dangerous —and most likely—security problem of all  Attacks range from the complex (a network administrator who spends time reading other people’s e-mail) to the simple (a frustrated clerk who takes a fire axe to your database server). Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 14
  15. 15.  There are only four ways for a hacker to access your network: 1. By connecting over the Internet 2. By using a computer on your network directly 3. By dialing in via a Remote Access Service (RAS) server 4. By connecting via a nonsecure wireless network Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 15
  16. 16.  Solving the direct intrusion problem is easy:  Employ strong physical security at your premises  treat any cable or connection that leaves the building as a security concern.  putting firewalls between your WAN links and your internal network or behind wireless links Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 16
  17. 17.  Put your RAS servers outside your firewall in the public security zone,  force legitimate users to authenticate with your firewall first to gain access to private network resources.  Allow no device to answer a telephone line behind your firewall. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 17
  18. 18.  802.11b came with a much-touted built-in encryption scheme called the Wired-Equivalent Privacy (WEP) that promised to allow secure networking with the same security as wired networks have.  It sounded great.  Too bad it took less than 11 hours for security experts to hack it Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 18
  19. 19.  newer 128-bit WEP service is more secure, but it should still not be considered actually equivalent to wired security Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 19
  20. 20.  Target selection  Information gathering  Attack Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 20
  21. 21.  To pass this stage, some vector of attack must be available, so the machine must have either advertised its presence or have been found through some search activity. › DNS Look-up › Network Address Scanning › Port Address Scanning › Service Scanning Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 21
  22. 22. › SNMP Data gathering › Architecture probes › Directory service look-up Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 22
  23. 23.  Phishing  Automated password guessing  Buffer overflow  MiM  Session Hijacking  Source Routing  Trojan horse  Forged e-mails  Floods Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 23

×