Wanna be h4ck3r
snapshot of security concept
ByEslam Mamdouh El Husseiny
@EslamElHusseiny
www.eslamizmy.org
Wanna be h4ck3r
AgendaSecurity policy
Attackers
Type of attacks
So am I a looser ?
Live demo
Security policy
Document describing the way computer equipment may/may not be
used
Security policy aspects:Physical security
Network security
Authentication
Authorization
Physical Security
Ensure that nobody can access computer hardwareLocks on
doors
Access codes
Signing-in of staff
Physical protection of cabling
Physical Security
Physical environmentUninterruptible Power Supply (UPS)
Fire suppression system
Air Conditioning (heat, moisture)
Physical breakdown of computer hardwareSpare components
Backups (consider off-site storage)
Network Security
Ensure that no unauthorized user can access the systemover the
network
Internet
other WAN
LAN
Needs to be done for every networked system
Authentication
User name/Password
Public key cryptography
Smart cards
Biometrics
Authorization
Determining what you may do
Usually dependent on group membership
Attackers
HackersA hacker is someone who wants to satisfy his
curiosityMeans no harm
May cause harm accidentally
Attackers
CrackersA cracker is someone who wants to gain somethingAccess
to your system to use resources
Access to data (e.g. credit card numbers)
Publicity
Revenge
Attackers
Script KiddiesA Script Kiddie is someone who uses hackers tools
without understanding what they do
Types of Attack (1)
ScanningWhich services are enabled
Which software and version is used
SniffingMonitoring data (e.g. passwords) in transit
Break-inGain access to a computer, preferably as superuser
Types of Attack (1)
Brute ForceTry every possible combination until one works
Man-in-the-MiddleAct as the server to a client
Act as a client to the server
Types of Attack (1)
Denial of Service (DoS)Prevent legitimate users from working
Usually done by crashing or overloading the system or
network
Distributed Denial of Service (DDoS)DoS attack from many
different sources simultaneously
Types of Attack (2)
MW ViSTA
Types of Attack (2)
Maleware
Worm
Virus
Spyware
Trojan
Adware
Types of Attack (2)
VirusMalicious program that attaches itself to other
programs
WormSelf-replicating malicious program
Trojan HorseApparently useful program with a malicious
component
What You Have to Lose
Loss of resourcesDisk space
Bandwidth
CPU time
Loss or alteration of data
Loss or impairment of service
Loss of reputation, goodwill, trust
What You Have to Lose
Disclosure of personal, proprietary or confidential
information
Financial loss
Stolen credit card numbers
Legal, criminal action against you
Live Demo
And so !
Quiz !
Questions ?
References
Mainly IBM Slides
thanks
Eslam MamdouhFuture Owner Of [email protected]
Click to edit the title text format
Click to edit the title text format
Click to edit the title text format
Click to edit the title text format
Click to edit the title text format
Click to edit the title text format
Click to edit the title text format
Click to edit the title text format
