Hacking and Anti Hacking

  • Published on
    27-Jun-2015

  • View
    249

  • Download
    4

Transcript

  • 1. HACKINGDont Learn to Hack Hack to LearnS.K.Ahsan1

2. 2 3. IN THE NAME OFTHE MOST MERCIFUL THEBENEFICENT !3 4. S.K.Ahsan4 5. What is Hacking ? Brief History Who is a Hacker ? Types of Hacker What do Hackers do? Hackers Techniques & Attacks Anti-Hacking Demo Of HackingS.K.Ahsan 5 6. What is ?Hacking is not limited to computers. Thereal meaning of hacking is to expandthe capabilities of any electronic device;to use them beyond the originalintentions of the manufacturer.S.K.Ahsan 6 7. Hacking is the use of one's skills(computer, networking, etc.) to try and findvulnerabilities in a network infrastructure. S.K.Ahsan 7 8. Who is a ??? Some one who bypasses the systems control bytaking advantage of security weaknesses left inthe system by developers ! One who is both knowledgeable and skilled atcomputer programming and have its ownphilosophy and code of ethics !8 S.K.Ahsan 9. A Brief History of In 1960sThe first comuter hackers emerge at MITAI (Massachusetts Institute ofTechnology) there occurred the firsthacking incident an victims were electrictrains. 1960sS.K.Ahsan 9 10. In 1970s Phreaking : John Draper Hacked theAT&Ts long distance Calling for free . Phone hackers break into regional andinternational phone networks to make freecalls.S.K.Ahsan 10 11. 1980sPhone phreaks begin to move into the realm of computerhacking, and the first electronic bulletin board systems(BBSs) spring up.In 1980sBill Landreth(the Cracker)Hacked most secure networks.(Choas C.Club) Hacked Nuclear secrets in Germany.S.K.Ahsan>>> Use a Computer, Go to Jail ! ! !11 12. In 1990s Two teens Hacked (T online). 21 year old Argentinean was hackedNASA, Harvard an Naval war headsinfo.S.K.Ahsan 12 13. 1990sAfter a prolonged sting investigation,S.K.Ahsanswoop down on hackers in 14 U.S. cities, conductingearly-morning raids and arrests.The Internet begins to take off as a new browser, NetscapeNavigator, makes information on the Web more accessible. Hackerstake to the new venue quickly, moving all their information andhacking programs to new hacker Web sites.>>> As information and easy-to-use tools become available toanyone with Net access, the face of hacking begins to change.13 14. 1995-till dateThe hacking group Cult of the Dead Cow releases its Trojan horseprogram, a powerful hacking tool--at Def Con. Once a hackerinstalls the on a machine running Windows 95or Windows 98, the program allows unauthorized remote accessof the machine !Hackers launch attacks against , ,S.K.Ahsan, and !Microsoft becomes the prominent victim of a new type of hackthat attacks the domain name server.14 15. 2000 In one of the biggest denial-of-service attacks ,hackers launch attacks against eBay, Yahoo!,CNN.com., Amazon and others.S.K.Ahsan 15 16. S.K.Ahsan 16 17. Who is a ?There are at least two common interpretations: A programmer who breaks into computersystems in order to steal or change ordestroy information as a form of cyber-crime. A programmer for whom computing is itsown reward; may enjoy the challenge ofbreaking into other computers but does noharm.S.K.Ahsan 17 18. Types of White Hat HackersAre hackers in the noble sense of the term,whose goal is to help improve computersystems . Black Hat HackersAre people who break into computersystems for malicious purposes,commonly called pirates.S.K.Ahsan 18 19. S.K.Ahsan 19 20. How doS.K.Ahsan20 21. What Do Do?Threaten PeopleStole illegal or Private materialDamage SystemStole PasswordsCrack Unpaid SoftwaresModify data / streamS.K.Ahsan 21 22. Access confidential information Threaten someone from YOUR computer Broadcast your confidential letters ormaterials Store illegal or espionage materialS.K.Ahsan22 23. Eavesdrop and replay Imposer: server / client Modify data / stream Denial-of-ServiceS.K.Ahsan23 24. S.K.Ahsan24 25. System hackingNetwork hackingSoftware hackinghttp://wiki.answers.com/Q/What_are_the_types_of_hackingS.K.Ahsan 25 26. Foot printing Scanning Enumeration Gaining access Covering tracks Creating backdoors Denial of service26 S.K.Ahsan 27. Objective To learn as much as you can about targetsystem, it's remote access capabilities, itsports and services, and the aspects of itssecurity. Techniques Open source search Whois Web interface to whois ARIN whois27 S.K.Ahsan 28. Most security breechesoriginate inside the network thatis under attack. Which include stealing passwords, performingindustrial private data, orcommitting simple misuse.S.K.Ahsan 28 29. 29 S.K.Ahsan 30. 30 S.K.Ahsan 31. 31 S.K.Ahsan 32. 32 S.K.Ahsan 33. 33 S.K.Ahsan 34. Objective Bulk target assessment and identificationof listing services focuses the attention onthe most promising avenue of entry Techniques Ping sweep TCP/UDP port scan OS Detection34 S.K.Ahsan 35. Objective More intrusive probing now begins asattackers begin identifying valid useraccounts or poorly protected resourcesharesTechniques List user accounts List file shares Identify applications35 S.K.Ahsan 36. Objective Enough data has been gathered at thispoint to make an informed attempt toaccess the target Techniques File share brute forcing Password file grab Buffer overflows Password eavesdropping36 S.K.Ahsan 37. 37 S.K.Ahsan 38. 38 S.K.Ahsan 39. Objective Once total ownership of the target issecured, hiding this from systemadministrators become paramount ,lestthey quickly end the romp. Techniques Clear logs Hide tools39 S.K.Ahsan 40. Objective Trap doors will be laid in various parts ofthe system to ensure that privileged accessis easily regained at the whim if theintruder Techniques Create rogue user accounts Schedule batch jobs Infect startup files Plant remote control services Install monitoring mechanisms Replace apps with trojans40 S.K.Ahsan 41. Rogue access points (APs) are unsecured wirelessaccess points that outsiders can easily breech. Rogue APs are most often connected by wellmeaning but ignorant employees.S.K.Ahsan 41 42. Viruses and worms areself-replicating programsor code fragments thatattach themselves toother programs (viruses)or machines (worms). Viruses and worms attempt to shut down networks byflooding them with massive amounts of bogusTraffic,usually through e-mail.S.K.Ahsan 42 43. Hackers can gain access to aNetwork by exploiting back doors,administrative shortcuts, configurationerrors, easily decipheredpasswords, and unsecured dial-ups.S.K.Ahsan 43 44. Trojan horses, which areAttached to other programs, arethe leading cause of all break-ins. When a user Downloads andactivates a Trojan horse, the hacked software kicks offa virus, password gobbler, or remote-control SW thatgives the hacker control of the PC.i.eSnipersky,PerfectKeylogger.S.K.Ahsan 44 45. DoS attacks give hackers a way to bring down anetwork without gaining internal access. DoS attacks work by flooding the access routers withbogus traffic. A DDoS is more difficult to block because it usesmultiple, changing, source IP addresses.S.K.Ahsan 45 46. Who just like to break stuff. They usually exploit anytarget of opportunity. hobbyists or professionals who break passwords anddevelop Trojan horses or other SW (called warez). They have no real hacker skills, so they buy ordownload warez, which they launch and useCOwbOy Languages.S.K.Ahsan 46 47. The pirates who use the switched telephone network(STN) to make free phone calls.mainly attack chip card systems (particularly bankcards) to understand how they work and to exploittheir flaws. The term carding refers to chip cardpiracy.S.K.Ahsan 47 48. refers to the act of intercepting TCP packets. Thisinterception can happen through simpleeavesdropping or something more sinister.S.K.Ahsan 48 49. The act of sending an illegitimate packet with anexpected acknowledgment (ACK), which a hackercan guess, predict, or obtain by snooping.S.K.Ahsan 49 50. The method of luring an unsuspecting user into givingout their username and password for a secure webresource, usually a bank or credit card account. Ebay and PayPal are particularly susceptible to thistype of attack.S.K.Ahsan 50 51. S.K.Ahsan 51 52. S.K.Ahsan 52 53. S.K.Ahsan 53 54. 54 S.K.Ahsan 55. 55 S.K.Ahsan 56. 56 S.K.Ahsan 57. S.K.Ahsan 57 58. Hackers Techniques &AttacksS.K.Ahsan 58 59. S.K.Ahsan59 60. The oppositeof hacking".If hacking is defined as an attack on acomputer system then Anti-Hacking isthe protection of that system.S.K.Ahsan 60 61. S.K.Ahsan 61 62. S.K.Ahsan62 63. Don't ignore operating system updates Anti-virus software Activate the firewall in Windows XP Email software preview windows Logging out Audit your computer regularly Regularly remove spyware Password issues Increasing Security Against a Brute ForceAttackS.K.Ahsan 63 64. Don't wait to be alerted via mainstreammedia of problems that have beendiscovered It's wise to visit the software vendors'site and keep abreast of any criticalsecurity updates. In the case ofMicrosoft, you'll need to go to theWindows Update site.S.K.Ahsan 64 65. Anti-virus software used *properly*. Ensure that it's regularly updated. Even missing one update could bringdown your computer . remember to password protect thesettings on the software so no-one elsecan alter protection levels.S.K.Ahsan 65 66. S.K.Ahsan 66 67. Anti-virus software isn't enough,it's also agood idea to install firewall software which willhelp prevent unauthorized incoming andoutgoing communications from your computerwhile connected to the Internet. Port scanning is *very* common and iscarried out with a view to finding weaknessesin your system that can then be exploited.S.K.Ahsan 67 68. S.K.Ahsan 68 69. 3rd party solutions for filtering email of spamand viruses as their inboxes becomeinundated with junk. Email filtering can be very effective indramatically reducing security risks before themail even has a chance to be collected byyour email software.S.K.Ahsan 69 70. Ensure that you log out of online servicesproperly. Failure to do so can allow otherswho use your computer to gain access tothose services.S.K.Ahsan 70 71. If your computer is used by others, carryout regular audits of the software on it. It's safest to make it a policy not to allowany software to be installed without yourpermission. Spybot again is a very effective tool fordetecting and removing software that maybe a security risk.S.K.Ahsan 71 72. If you and your familiar do a lot of surfing anddownloading of shareware software, then it'slikely you'll also accumulate your fair share ofspyware. Some software companies use spyware thatis incorporated into their software products togather data about customers, which is oftensold to other companies.S.K.Ahsan 72 73. S.K.Ahsan 73 74. If you must store usernames and passwordson your system, ensure they are contained ina document that is password protected. Don't let Windows "remember" passwords foryou. Passwords should always be more than8 characters long and contain a mixture ofnumbers and letters. Learn more aboutpassword security issues.S.K.Ahsan 74 75. Increasing the length of the PIN Allowing the PIN to contain characters otherthan numbers, such as * or # Imposing a 30 second delay between failedauthentication attempts Locking the account after 5 failedauthentication attemptsS.K.Ahsan 75 76. S.K.Ahsan 76 77. S.K.Ahsan77 78. S.K.Ahsan78

Recommended

View more >