Hacking over the years
Download
1 / 24

Hacking-Over the years - PowerPoint PPT Presentation

Hacking-Over the years Presented by Praveen Desani Overview: Importance of security. Hacking. Methodologies. Motives. Importance of Security: Computers and internet are becoming pervasive. Consequence of being online.

Related searches for Hacking-Over the years

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

Hacking-Over the years

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Hacking-Over the years

Presented by

Praveen Desani


Overview:

Importance of security.

Hacking.

Methodologies.

Motives.


Importance of Security:

Computers and internet are becoming pervasive.

Consequence of being online.

It has become a part of product design, developing and deployment.


Importance of Security:

There are even organizations which provide “Security as a service”

We need to know how computer attacks are performed.


Hacking

Clever programmer.

Modification of a program/device to give user access to features that were otherwise unavailable to them.


Hacking

Its usually a technical activity.

SCRIPT KIDDIES


Attacking Methods:

Intrusion

Physical Intrusion

usually internal employees eg., booting with floppy or taking the system part physically

System Intrusion

low level privilages

Exploit un-patched security vulnerabilities.


Remote Intrusion:

Valid account names/Cracking weak passwords

Exploiting common security vulnerabilities (buffer overflow).


What it takes for an attack?

  • Need to carry out some information gathering on the target.

  • Plan their way into the system.

  • Reduce chance of getting caught.

    During all these procedures, Network traffice would look normal.


Pattern they follow:

1. Foot printing.

Getting complete profile and security arrangements

Information of interest including the technology the use (like internet, intranet, remote access)

Security policies and procedures.

2. Network Enumeration.

Attacker tries to find out domain names and associated Networks related.


Pattern they follow….

3. DNS Interrogation.

After NE is done , query the DNS.

Revealing info about the organizations.

Zone Transfer Mechanism.

Leak of private DNS information.

4.Network Reconnaissance.

Identifying the potential target.

Try to map network topologies and identify paths.

Eg: trace route program


5. Scanning

Knocking the walls.

Which systems are alive and reachable?

Ping sweeps, port scans, automatic discovery tools.

At this point IDS warns, but not yet attacked.


Unauthorized Access:

1. Acquiring passwords.

2. Clear Text Sniffing.

There is no encryption of passwords with protocols like telnet, FTP, HTTP.

Easy for attackers to eavesdrop using network protocol analyzers to obtain password.

.

3. Encryption sniffing.

How about encrypted passwords?

Decryption using dictionary, brute force attack


4.Replay attack.

No need to decrypt.

Reprogram the client software.

5. Password file stealing.

/etc/passwd in Unix

SAM in WinNT

Steal these files and run cracking programs.

6. Observation.

Usage of long and difficult to guess passwords.

Attackers with physical access.

Shoulder surfing.


7. Social Engineering.

Cracking techniques that rely on weakness in users

ie., admin, operators.

Calling up systems operator posing as a field service technician with urgent access problem.

8. Software Bugs.

Vulnerabilities brought by bugs in S/W

Buffer overflow are found by

buffer vulnerabilities on certain programs.

Searching for these bugs directly.

Examining every place the program prompts for input and trying to overflow it with random data.


What’s the need to learn?

Does it help? Yes…

Developing more efficient ways to protect the system.


Motives:

49% -- discovery learning, challenge, knowledge and pleasure

24% -- recognition, excitement

(of doing something illegal)

27% -- self-gratification, addiction, espionage, theft and profit.

Addiction and curiosity.


How have they grown over the Years??

1st Generation:

Talented techies, programmers and Scientists

(mostly from MIT )

2nd Generation:

Forward thinking to recognize the potential of computer niche.

3rd Generation:

Young people who used PC and entertainment value of PC and began developing games(illegal copying,cracking the copy right protection)


4th Generation:

Criminal Activity

Claim that motivation was curiosity/hunger for knowledge.


Types of Hackers:

White Hack:

Focusing on securing IT systems.

Have clearly defined code of ethics.

Improve discovered security breaches.

….Tim-Berners Lee…..

Grey Hat:

no personnel gain, no malicious intentions.

testing and monitoring.

Black Hat :

crackers/they are criminals.

maintain knowledge of vulnerabilities.

Doesn’t reveal to general public/manufacturing for corrections.


What needs to be done?

Intrinsically and Globally imperfect.

There are many holes(not just technical ones)

They also stem from bad-security practices and procedures.

Educating the users, Security Administrators

Securing the Environment


Comments/questions??


Discussion….

Whom to blame?

Who should be liable?

Should government step in and regulate?

Is it upto the individual computer users and companies to stay on top of technology?

Should we blame the software industry for selling insecure products?


Whom to blame?

Lack of liability?

Building a security product with no liability is of no use.

Eg.,

There are different rules and regulations in the situation of drug release.

But Are there any regulations and rules in a Software Release??


ad
  • Login