SlideShare a Scribd company logo

Hacking and its Defence

Download as PPT, PDF
Greater Noida Institute Of Technology
Greater Noida Institute Of Technology

information about hacking and its defence .

Internet
1 of 39
GROUP MEMBERS ANAND KUMAR MISHRA Hacking and its Defense
Objective  Why this topic?? Surprising Facts on Hacking – • U.S. Department of Defense is attacked some 250,000 times each year - Source: The Business Journal • A Microsoft-operated site was cracked and defaced Monday by someone calling himself “flipz.” It was the first time a Microsoft Web site has been breached successfully. - Dated: oct 26 Source: abc.com • Worldwide cost of the Code Red computer worms that were unleashed on the Internet in July and August has reached about $2.6 billion U.S. ($1.1 billion in clean-up costs and $1.5 billion in lost productivity) - Source: www.ns2000.org
 Estimated total cost for 2001- $15 billion  Love Bug - $8.7 billion  Melissa- $1.2 billion  Explorer-$1 billion  SirCam- $1.035 billion  Finally, www would have been radically different if there were no Hackers.
 Cost of virus attacks on information systems around the world  2000 - $17.1 billion  1999 - $12.1 billion  Here, we will Discuss the practice of hacking in general and demonstrate a few of the current common methods, exploits and Preventions….
Reasons to hack !!  Curiosity  Fame  Belief in open systems  Revenge  Notoriety/Fame  Profit ($$$ or other gain)  Revolutionary
Glossary  Hacking – 2 definitions 1. Hobby/Profession of working with computers. 2. Hacking refers to acts of unauthorized access or intrusion, in a computer, network, or telecom system by means of computer device, gadget and or softwares. – often referred to as the 2nd one who refer cyber criminals as “Crackers”
 Phreaking- The art and Science of Cracking the Phone Network (for eg: free long- distance calls). By extension, security – cracking especially communication networks.  Back-Door Program- A feature programmers often build into programs to allow special privileges normally denied to users of the program. Often programmers build back doors so they can fix bugs. If hackers or others learn about a back door, the feature may pose a security risk.
Glossary  Smurfing - Popular hacking technique by which attackers can persuade your network to perform a denial of service attack on a machine somewhere else on the Internet. Such attacks can also generate large quantities of traffic on your network… Prevention: use a line: no ip directed-broadcast  Spoofing A common technique used to attack sites is to create TCP/IP packets which appear to be from local IP addresses. Prevention: The site router is in an ideal place to detect and prevent these attacks, since it can detect when packets with internal source addresses arrive on the external interface of the router…
Glossary  Trojan Horse Program A program which may be planted on your hard drive by an email message attachment, and may be designed to send information about your system back to the hackers which wrote it.  Spy Ware A program which you have downloaded from a legitimate company, but which—unbeknownst to you—has been written to track your every move on the internet for marketing purposes and send the information back to the company.
Glossary  Denial of Service An attack specifically designed to prevent the normal functioning of a system and thereby to prevent lawful access to the system by authorized users. Hackers can cause denial of service attacks by destroying or modifying data or by overloading the system's servers until service to authorized users is delayed or prevented.  Sniffing The use of a sniffer to capture passwords as they cross a network. The network could be a local area network, or the Internet itself. The sniffer can be hardware or software.
Glossary  Virus - Vital Information Resources Under Siege A computer virus is a specific type of malicious computer code that replicates itself or inserts copies or new versions of itself in other programs.  Worm Worms are parasitic computer programs that replicate, but unlike viruses, do not infect other computer program files. Worms can create copies on the same computer, or can send the copies to other computers via a network
Damages likely be Caused !!  Stealing or destroying data  Disabling protection systems  Shutting down entire networks  Disclosure of Information, such as theft of credit card numbers  Denial of service attacks including Smurfing…
A common methodology is the following  1. Gather target information.  2. Identify services offered by target to the public (whether intentional or not).  3. Research the discovered services for known vulnerabilities.  4. Attempt to exploit the services.  5. Utilize exploited services to gain additional privileges from the target. Reiterate steps 1-5 until goals are achieved.
Steps Hackers generally follow !! Step 1: Gather target information..  Domain names, IP address ranges  InterNIC contact information  Physical addresses  Organizational structures  Alliances and financial information  Names of officers, managers, technical staff  Newsgroup posts
Step 2: Indentify services !!  Web Servers  FTP Servers  DNS Servers  e-mail gateways  Help desks/phone support  other (gopher, LDAP, irc, etc.)
Step 3: Research vulnerabilities  Vendor announcements.  Default configurations.  Poor configurations. (ie. Passwords, cleartext protocols)  Gather available exploits or develop new exploit  Derived exploits  Some original work.
Step 4: Exploit Vulnerabilities.  Attempt to exploit vulnerabilities to gain access to the target.  Continue until Successful. Step 5: Utilize increased access  Exploit additional vulnerabilities to gain additional access and information to use in penetrating further into an organization.  The hacker "becomes" a legitimate user (even an administrator).
 Only requires normal web user access to an IIS webserver (i.e. port 80 or 443).  Using non-standard ports for your web server only makes this marginally more difficult. You do publish how to access your webserver to someone, right? (also, you would be surprised what search engines contain about you.)  Using SSL (https protocol) will not prevent the exploit from succeeding. Demo on IIS Web Exploit !!
 Target: Windows NT Server 4.0sp6a, IIS 4.0  Attacker: Linux 2.2.17-21mdk kernel, Window NT Worstation 4.0 sp6a Demo : Software Levels
 Target IP address is 192.168.168.125  Query whois database at ARIN.net to locate owner and domain information.  Also try reverse DNS mappings for host/domain names. Demo : Target info
Use nmap to scan target for services of interest. $ nmap -sS -p 21-25,80,135-139,443 192.168.168.125 Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ ) Interesting ports on (192.168.168.125): (The 7 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 80/tcp open http 135/tcp open loc-srv 139/tcp open netbios-ssn 443/tcp open https Nmap run completed -- 1 IP address (1 host up) scanned in 1 second Demo : Services information
Use netcat or telnet commands to determine web server information. $ nc 198.168.168.125 80 HEAD / HTTP/1.0 <CR> HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Content-Location: http://192.168.168.125/Default.htm Date: Mon, 06 Aug 2001 23:40:10 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Mon, 30 Jul 2001 15:28:47 GMT ETag: "c0bf6c53c19c11:b50" Content-Length: 4325 Demo: Research services
 Unicode “dot dot” exploit to traverse filesystem  Default configuration of Inetpubscripts directory is used to upload and execute commands of our choice.  Get target to fetch useful commands.  Get target to initiate a command session.  Use target to obtain additional information. Demo : Exploit services to gain access
 Stay current on patch levels for Microsoft's OS and web server.  Implement good firewalling.  Use an IDS system (or two!).  Host security is important (Microsoft's "Securing IIS” and “Securing Windows NT” documents).  Pattern matching intercept proxies. Prevention on IIS
Demonstration  Ping, ifconfig, tracert(Icmp) Hacking tools  IP – tools.exe  Wotweb.exe  Superscan.exe
Prevention  The Price of a New Web Server $ 800  The Price of the Application Firewall $ 2500 Having to tell your boss that you’ve Just been Hacked!! PRICELESS!!
Some Defense Arsenals for Computer Security !! 1. Password Protection 2. AntiVirus Software 3. Encryption 4. Audit Trails 5. Smart Cards and Biometrics 6. Firewalls Here we will focus about Firewalls…
Firewall Firewall H/W firewall S/W firewall Router/internet gateways Application Packet Proxy filtering Firewall firewall (Squid: -Microsoft proxy server) (ipchains:-Linux)
Proxy Server Example
There are two types of Firewall. 1. Dual Homed 2. Demilitarized Setup.
Internet Router Firewall + router +DHCP Server Hub Comp Comp Comp Comp Comp CompComp Dual Homed (Secure Network)
Internet Firewall Web Server mail DNS Firewall Database Server mail DNS Demilitarized Setup (More Secure Network)
Firewall Example 1
Firewall Example 2
Firewall Products  Some Firewall Providers:  McAFEE ASAP  Trend Micro  Zone Alarm.. Single user- Cost $ 40 (for 1 year) 50 users - Cost $1500  Some Versions of it are Free to download…..
Useful security related links !!  SANS Institute (www.sans.org)  Security Focus Archives (www.securityfocus.com)  Snort IDS home (www.snort.org)  Security archives (archives.neohapsis.com)  CERT Coordination Center (www.cert.org)  http://www.courses.dsu.edu/ infs750  www.insecure.org
Mailing Lists  Risks Digest (www.risks.org)  BUGTRAQ (www.securityfocus.com/bugtraq/archive)  NTBugtraq (www.ntbugtraq.com)  Win2KSecurity Advice (www.ntsecurity.net)
Securing Web servers  Apache project (www.apache.org) http://httpd.apache.org/docs/misc/tutorials.html  support.microsoft.com "Resources for Securing Internet Information Services”, Article ID Q282060.
Conclusion  How to prevent becoming a target? !! The only reliable solution to reduce the risk of a successful intrusion attempt is staying current with your security infrastructure. This is an ongoing dynamic process. !! Areas to be explored includes  More about Hackers  SSL, L2TP, Proxy servers (security devices and software)  More on Server Vulnerabilities

Recommended

Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush GuptaTenet Systems Pvt Ltd
 
Ransomware
RansomwareRansomware
Ransomwarem3 Networks Limited
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Julia Yu-Chin Cheng
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceVi Tính Hoàng Nam
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 

Recommended

Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush GuptaTenet Systems Pvt Ltd
 
Ransomware
RansomwareRansomware
Ransomwarem3 Networks Limited
 
Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSavvius, Inc
 
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...
Evolving Threat Landscapes Web-Based Botnet Through Exploit Kits and Scripts ...Julia Yu-Chin Cheng
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicJulia Yu-Chin Cheng
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Ceh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceCeh v5 module 08 denial of service
Ceh v5 module 08 denial of serviceVi Tính Hoàng Nam
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hackingVi Tính Hoàng Nam
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
42 - Malware - Understand the Threat and How to Respond
42 - Malware - Understand the Threat and How to Respond42 - Malware - Understand the Threat and How to Respond
42 - Malware - Understand the Threat and How to RespondThomas Roccia
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionn|u - The Open Security Community
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Network Security
Network SecurityNetwork Security
Network SecurityVIKAS SINGH BHADOURIA
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Aaron Lancaster
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing RansomwareNapier University
 
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.Stefano Maccaglia
 
Fundamentals of Computing Chapter 9
Fundamentals of Computing Chapter 9Fundamentals of Computing Chapter 9
Fundamentals of Computing Chapter 9Mohd Harris Ahmad Jaal
 
Drive by downloads-cns
Drive by downloads-cnsDrive by downloads-cns
Drive by downloads-cnsmmubashirkhan
 
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffersCeh v5 module 07 sniffers
Ceh v5 module 07 sniffersVi Tính Hoàng Nam
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!Roberto Martelloni
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and virusesAamlan Saswat Mishra
 
A to z of Cyber Crime
A to z of Cyber CrimeA to z of Cyber Crime
A to z of Cyber CrimeJessore University of Science & Technology, Jessore.
 
Hacking
HackingHacking
Hackingrameswara reddy venkat
 
Hacking
HackingHacking
HackingRoshan Chaudhary
 

More Related Content

What's hot

Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomwareSophos Benelux
 
42 - Malware - Understand the Threat and How to Respond
42 - Malware - Understand the Threat and How to Respond42 - Malware - Understand the Threat and How to Respond
42 - Malware - Understand the Threat and How to RespondThomas Roccia
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and crackingHarshil Barot
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Aaron Lancaster
 
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.Stefano Maccaglia
 
Drive by downloads-cns
Drive by downloads-cnsDrive by downloads-cns
Drive by downloads-cnsmmubashirkhan
 

What's hot (20)

Ceh v5 module 05 system hacking
Ceh v5 module 05 system hackingCeh v5 module 05 system hacking
Ceh v5 module 05 system hacking
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
 
How to stay protected against ransomware
How to stay protected against ransomwareHow to stay protected against ransomware
How to stay protected against ransomware
 
42 - Malware - Understand the Threat and How to Respond
42 - Malware - Understand the Threat and How to Respond42 - Malware - Understand the Threat and How to Respond
42 - Malware - Understand the Threat and How to Respond
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
 
Web backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detectionWeb backdoors attacks, evasion, detection
Web backdoors attacks, evasion, detection
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Network Security
Network SecurityNetwork Security
Network Security
 
Introduction of hacking and cracking
Introduction of hacking and crackingIntroduction of hacking and cracking
Introduction of hacking and cracking
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Security
 
Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?Why are you still getting CryptoLocker?
Why are you still getting CryptoLocker?
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
 
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
Light, Dark and... a Sunburst... dissection of a very sophisticated attack.
 
Fundamentals of Computing Chapter 9
Fundamentals of Computing Chapter 9Fundamentals of Computing Chapter 9
Fundamentals of Computing Chapter 9
 
Drive by downloads-cns
Drive by downloads-cnsDrive by downloads-cns
Drive by downloads-cns
 
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffersCeh v5 module 07 sniffers
Ceh v5 module 07 sniffers
 
WannaCry? No Thanks!
WannaCry? No Thanks!WannaCry? No Thanks!
WannaCry? No Thanks!
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
A to z of Cyber Crime
A to z of Cyber CrimeA to z of Cyber Crime
A to z of Cyber Crime
 

Similar to Hacking and its Defence

Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersSomyos U.
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hackingCmano Kar
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTDHRUV562167
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicpiyushkamble6
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Network And Application Layer Attacks
Network And Application Layer AttacksNetwork And Application Layer Attacks
Network And Application Layer AttacksArun Modi
 

Similar to Hacking and its Defence (20)

Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hacking
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
Cyber security
Cyber securityCyber security
Cyber security
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
31.ppt
31.ppt31.ppt
31.ppt
 
31.ppt
31.ppt31.ppt
31.ppt
 
Network And Application Layer Attacks
Network And Application Layer AttacksNetwork And Application Layer Attacks
Network And Application Layer Attacks
 

More from Greater Noida Institute Of Technology

More from Greater Noida Institute Of Technology (20)

Airline Analysis of Data Using Hadoop
Airline Analysis of Data Using HadoopAirline Analysis of Data Using Hadoop
Airline Analysis of Data Using Hadoop
 
College Administration Management System
College Administration Management System College Administration Management System
College Administration Management System
 
Web security
Web securityWeb security
Web security
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Viruses worms
Viruses wormsViruses worms
Viruses worms
 
Spoofing
SpoofingSpoofing
Spoofing
 
Sentimental Analysis of twitter data .
Sentimental Analysis of twitter data .Sentimental Analysis of twitter data .
Sentimental Analysis of twitter data .
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer
 
Security tools
Security toolsSecurity tools
Security tools
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
BroadBand Over powerline .
BroadBand Over powerline .BroadBand Over powerline .
BroadBand Over powerline .
 
Modern Networking Hacking
Modern Networking HackingModern Networking Hacking
Modern Networking Hacking
 
Network security
Network securityNetwork security
Network security
 
Lifi Technology
Lifi TechnologyLifi Technology
Lifi Technology
 
Hack wireless internet connections or wifi
Hack wireless internet connections or wifiHack wireless internet connections or wifi
Hack wireless internet connections or wifi
 
Hacking step (Methodology)
Hacking step (Methodology)Hacking step (Methodology)
Hacking step (Methodology)
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
How to become Hackers .
How to become Hackers .How to become Hackers .
How to become Hackers .
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber crime and Security
Cyber crime and SecurityCyber crime and Security
Cyber crime and Security
 

Recently uploaded

Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 

Recently uploaded (20)

Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 

Hacking and its Defence

  • 1. GROUP MEMBERS ANAND KUMAR MISHRA Hacking and its Defense
  • 2. Objective  Why this topic?? Surprising Facts on Hacking – • U.S. Department of Defense is attacked some 250,000 times each year - Source: The Business Journal • A Microsoft-operated site was cracked and defaced Monday by someone calling himself “flipz.” It was the first time a Microsoft Web site has been breached successfully. - Dated: oct 26 Source: abc.com • Worldwide cost of the Code Red computer worms that were unleashed on the Internet in July and August has reached about $2.6 billion U.S. ($1.1 billion in clean-up costs and $1.5 billion in lost productivity) - Source: www.ns2000.org
  • 3.  Estimated total cost for 2001- $15 billion  Love Bug - $8.7 billion  Melissa- $1.2 billion  Explorer-$1 billion  SirCam- $1.035 billion  Finally, www would have been radically different if there were no Hackers.
  • 4.  Cost of virus attacks on information systems around the world  2000 - $17.1 billion  1999 - $12.1 billion  Here, we will Discuss the practice of hacking in general and demonstrate a few of the current common methods, exploits and Preventions….
  • 5. Reasons to hack !!  Curiosity  Fame  Belief in open systems  Revenge  Notoriety/Fame  Profit ($$$ or other gain)  Revolutionary
  • 6. Glossary  Hacking – 2 definitions 1. Hobby/Profession of working with computers. 2. Hacking refers to acts of unauthorized access or intrusion, in a computer, network, or telecom system by means of computer device, gadget and or softwares. – often referred to as the 2nd one who refer cyber criminals as “Crackers”
  • 7.  Phreaking- The art and Science of Cracking the Phone Network (for eg: free long- distance calls). By extension, security – cracking especially communication networks.  Back-Door Program- A feature programmers often build into programs to allow special privileges normally denied to users of the program. Often programmers build back doors so they can fix bugs. If hackers or others learn about a back door, the feature may pose a security risk.
  • 8. Glossary  Smurfing - Popular hacking technique by which attackers can persuade your network to perform a denial of service attack on a machine somewhere else on the Internet. Such attacks can also generate large quantities of traffic on your network… Prevention: use a line: no ip directed-broadcast  Spoofing A common technique used to attack sites is to create TCP/IP packets which appear to be from local IP addresses. Prevention: The site router is in an ideal place to detect and prevent these attacks, since it can detect when packets with internal source addresses arrive on the external interface of the router…
  • 9. Glossary  Trojan Horse Program A program which may be planted on your hard drive by an email message attachment, and may be designed to send information about your system back to the hackers which wrote it.  Spy Ware A program which you have downloaded from a legitimate company, but which—unbeknownst to you—has been written to track your every move on the internet for marketing purposes and send the information back to the company.
  • 10. Glossary  Denial of Service An attack specifically designed to prevent the normal functioning of a system and thereby to prevent lawful access to the system by authorized users. Hackers can cause denial of service attacks by destroying or modifying data or by overloading the system's servers until service to authorized users is delayed or prevented.  Sniffing The use of a sniffer to capture passwords as they cross a network. The network could be a local area network, or the Internet itself. The sniffer can be hardware or software.
  • 11. Glossary  Virus - Vital Information Resources Under Siege A computer virus is a specific type of malicious computer code that replicates itself or inserts copies or new versions of itself in other programs.  Worm Worms are parasitic computer programs that replicate, but unlike viruses, do not infect other computer program files. Worms can create copies on the same computer, or can send the copies to other computers via a network
  • 12. Damages likely be Caused !!  Stealing or destroying data  Disabling protection systems  Shutting down entire networks  Disclosure of Information, such as theft of credit card numbers  Denial of service attacks including Smurfing…
  • 13. A common methodology is the following  1. Gather target information.  2. Identify services offered by target to the public (whether intentional or not).  3. Research the discovered services for known vulnerabilities.  4. Attempt to exploit the services.  5. Utilize exploited services to gain additional privileges from the target. Reiterate steps 1-5 until goals are achieved.
  • 14. Steps Hackers generally follow !! Step 1: Gather target information..  Domain names, IP address ranges  InterNIC contact information  Physical addresses  Organizational structures  Alliances and financial information  Names of officers, managers, technical staff  Newsgroup posts
  • 15. Step 2: Indentify services !!  Web Servers  FTP Servers  DNS Servers  e-mail gateways  Help desks/phone support  other (gopher, LDAP, irc, etc.)
  • 16. Step 3: Research vulnerabilities  Vendor announcements.  Default configurations.  Poor configurations. (ie. Passwords, cleartext protocols)  Gather available exploits or develop new exploit  Derived exploits  Some original work.
  • 17. Step 4: Exploit Vulnerabilities.  Attempt to exploit vulnerabilities to gain access to the target.  Continue until Successful. Step 5: Utilize increased access  Exploit additional vulnerabilities to gain additional access and information to use in penetrating further into an organization.  The hacker "becomes" a legitimate user (even an administrator).
  • 18.  Only requires normal web user access to an IIS webserver (i.e. port 80 or 443).  Using non-standard ports for your web server only makes this marginally more difficult. You do publish how to access your webserver to someone, right? (also, you would be surprised what search engines contain about you.)  Using SSL (https protocol) will not prevent the exploit from succeeding. Demo on IIS Web Exploit !!
  • 19.  Target: Windows NT Server 4.0sp6a, IIS 4.0  Attacker: Linux 2.2.17-21mdk kernel, Window NT Worstation 4.0 sp6a Demo : Software Levels
  • 20.  Target IP address is 192.168.168.125  Query whois database at ARIN.net to locate owner and domain information.  Also try reverse DNS mappings for host/domain names. Demo : Target info
  • 21. Use nmap to scan target for services of interest. $ nmap -sS -p 21-25,80,135-139,443 192.168.168.125 Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ ) Interesting ports on (192.168.168.125): (The 7 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 80/tcp open http 135/tcp open loc-srv 139/tcp open netbios-ssn 443/tcp open https Nmap run completed -- 1 IP address (1 host up) scanned in 1 second Demo : Services information
  • 22. Use netcat or telnet commands to determine web server information. $ nc 198.168.168.125 80 HEAD / HTTP/1.0 <CR> HTTP/1.1 200 OK Server: Microsoft-IIS/4.0 Content-Location: http://192.168.168.125/Default.htm Date: Mon, 06 Aug 2001 23:40:10 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Mon, 30 Jul 2001 15:28:47 GMT ETag: "c0bf6c53c19c11:b50" Content-Length: 4325 Demo: Research services
  • 23.  Unicode “dot dot” exploit to traverse filesystem  Default configuration of Inetpubscripts directory is used to upload and execute commands of our choice.  Get target to fetch useful commands.  Get target to initiate a command session.  Use target to obtain additional information. Demo : Exploit services to gain access
  • 24.  Stay current on patch levels for Microsoft's OS and web server.  Implement good firewalling.  Use an IDS system (or two!).  Host security is important (Microsoft's "Securing IIS” and “Securing Windows NT” documents).  Pattern matching intercept proxies. Prevention on IIS
  • 25. Demonstration  Ping, ifconfig, tracert(Icmp) Hacking tools  IP – tools.exe  Wotweb.exe  Superscan.exe
  • 26. Prevention  The Price of a New Web Server $ 800  The Price of the Application Firewall $ 2500 Having to tell your boss that you’ve Just been Hacked!! PRICELESS!!
  • 27. Some Defense Arsenals for Computer Security !! 1. Password Protection 2. AntiVirus Software 3. Encryption 4. Audit Trails 5. Smart Cards and Biometrics 6. Firewalls Here we will focus about Firewalls…
  • 28. Firewall Firewall H/W firewall S/W firewall Router/internet gateways Application Packet Proxy filtering Firewall firewall (Squid: -Microsoft proxy server) (ipchains:-Linux)
  • 30. There are two types of Firewall. 1. Dual Homed 2. Demilitarized Setup.
  • 31. Internet Router Firewall + router +DHCP Server Hub Comp Comp Comp Comp Comp CompComp Dual Homed (Secure Network)
  • 32. Internet Firewall Web Server mail DNS Firewall Database Server mail DNS Demilitarized Setup (More Secure Network)
  • 35. Firewall Products  Some Firewall Providers:  McAFEE ASAP  Trend Micro  Zone Alarm.. Single user- Cost $ 40 (for 1 year) 50 users - Cost $1500  Some Versions of it are Free to download…..
  • 36. Useful security related links !!  SANS Institute (www.sans.org)  Security Focus Archives (www.securityfocus.com)  Snort IDS home (www.snort.org)  Security archives (archives.neohapsis.com)  CERT Coordination Center (www.cert.org)  http://www.courses.dsu.edu/ infs750  www.insecure.org
  • 37. Mailing Lists  Risks Digest (www.risks.org)  BUGTRAQ (www.securityfocus.com/bugtraq/archive)  NTBugtraq (www.ntbugtraq.com)  Win2KSecurity Advice (www.ntsecurity.net)
  • 38. Securing Web servers  Apache project (www.apache.org) http://httpd.apache.org/docs/misc/tutorials.html  support.microsoft.com "Resources for Securing Internet Information Services”, Article ID Q282060.
  • 39. Conclusion  How to prevent becoming a target? !! The only reliable solution to reduce the risk of a successful intrusion attempt is staying current with your security infrastructure. This is an ongoing dynamic process. !! Areas to be explored includes  More about Hackers  SSL, L2TP, Proxy servers (security devices and software)  More on Server Vulnerabilities