1 / 24

Hacking-Over the years

Hacking-Over the years Presented by Praveen Desani Overview: Importance of security. Hacking. Methodologies. Motives. Importance of Security: Computers and internet are becoming pervasive. Consequence of being online.

andrew
Télécharger la présentation

Hacking-Over the years

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hacking-Over the years Presented by Praveen Desani

  2. Overview: Importance of security. Hacking. Methodologies. Motives.

  3. Importance of Security: Computers and internet are becoming pervasive. Consequence of being online. It has become a part of product design, developing and deployment.

  4. Importance of Security: There are even organizations which provide “Security as a service” We need to know how computer attacks are performed.

  5. Hacking Clever programmer. Modification of a program/device to give user access to features that were otherwise unavailable to them.

  6. Hacking Its usually a technical activity. SCRIPT KIDDIES

  7. Attacking Methods: Intrusion Physical Intrusion usually internal employees eg., booting with floppy or taking the system part physically System Intrusion low level privilages Exploit un-patched security vulnerabilities.

  8. Remote Intrusion: Valid account names/Cracking weak passwords Exploiting common security vulnerabilities (buffer overflow).

  9. What it takes for an attack? • Need to carry out some information gathering on the target. • Plan their way into the system. • Reduce chance of getting caught. During all these procedures, Network traffice would look normal.

  10. Pattern they follow: 1. Foot printing. Getting complete profile and security arrangements Information of interest including the technology the use (like internet, intranet, remote access) Security policies and procedures. 2. Network Enumeration. Attacker tries to find out domain names and associated Networks related.

  11. Pattern they follow…. 3. DNS Interrogation. After NE is done , query the DNS. Revealing info about the organizations. Zone Transfer Mechanism. Leak of private DNS information. 4.Network Reconnaissance. Identifying the potential target. Try to map network topologies and identify paths. Eg: trace route program

  12. 5. Scanning Knocking the walls. Which systems are alive and reachable? Ping sweeps, port scans, automatic discovery tools. At this point IDS warns, but not yet attacked.

  13. Unauthorized Access: 1. Acquiring passwords. 2. Clear Text Sniffing. There is no encryption of passwords with protocols like telnet, FTP, HTTP. Easy for attackers to eavesdrop using network protocol analyzers to obtain password. . 3. Encryption sniffing. How about encrypted passwords? Decryption using dictionary, brute force attack

  14. 4.Replay attack. No need to decrypt. Reprogram the client software. 5. Password file stealing. /etc/passwd in Unix SAM in WinNT Steal these files and run cracking programs. 6. Observation. Usage of long and difficult to guess passwords. Attackers with physical access. Shoulder surfing.

  15. 7. Social Engineering. Cracking techniques that rely on weakness in users ie., admin, operators. Calling up systems operator posing as a field service technician with urgent access problem. 8. Software Bugs. Vulnerabilities brought by bugs in S/W Buffer overflow are found by buffer vulnerabilities on certain programs. Searching for these bugs directly. Examining every place the program prompts for input and trying to overflow it with random data.

  16. What’s the need to learn? Does it help? Yes… Developing more efficient ways to protect the system.

  17. Motives: 49% -- discovery learning, challenge, knowledge and pleasure 24% -- recognition, excitement (of doing something illegal) 27% -- self-gratification, addiction, espionage, theft and profit. Addiction and curiosity.

  18. How have they grown over the Years?? 1st Generation: Talented techies, programmers and Scientists (mostly from MIT ) 2nd Generation: Forward thinking to recognize the potential of computer niche. 3rd Generation: Young people who used PC and entertainment value of PC and began developing games(illegal copying,cracking the copy right protection)

  19. 4th Generation: Criminal Activity Claim that motivation was curiosity/hunger for knowledge.

  20. Types of Hackers: White Hack: Focusing on securing IT systems. Have clearly defined code of ethics. Improve discovered security breaches. ….Tim-Berners Lee….. Grey Hat: no personnel gain, no malicious intentions. testing and monitoring. Black Hat : crackers/they are criminals. maintain knowledge of vulnerabilities. Doesn’t reveal to general public/manufacturing for corrections.

  21. What needs to be done? Intrinsically and Globally imperfect. There are many holes(not just technical ones) They also stem from bad-security practices and procedures. Educating the users, Security Administrators Securing the Environment

  22. Comments/questions??

  23. Discussion…. Whom to blame? Who should be liable? Should government step in and regulate? Is it upto the individual computer users and companies to stay on top of technology? Should we blame the software industry for selling insecure products?

  24. Whom to blame? Lack of liability? Building a security product with no liability is of no use. Eg., There are different rules and regulations in the situation of drug release. But Are there any regulations and rules in a Software Release??

More Related