SlideShare a Scribd company logo

Cyber security and detailed informat.ppt

Download as PPT, PDF
R
raga04269

The document discusses the significance of information security, the hacking cycle, types of hacker attacks, and ethical hacking practices. It explains concepts such as computer security, antivirus, and firewalls, along with the steps involved in hacking and penetration testing. Additionally, it highlights the necessity of these security measures in protecting organizations from financial loss and reputational damage.

Engineering
1 of 25
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Presented By: Cibin V Antoney Department Of Computer Science and Engineering St. Joseph College of Engineering
Objective Importance of information security in today's world. Elements of security. Various phases of the Hacking Cycle. Types of hacker attacks.  Hacktivism.  Ethical hacking. Vulnerability research and tools. Steps for conducting ethical hacking..
Introduction to hacking and security 1. What is hacking? Hacking is a process to bypass the security mechanisms of information system or network. Hacking is done in step partly by creative thinking and partly by using different tools at a time. 2.Who is a hacker? Hackers in reality are actually good and extremely intelligent people who by using their knowledge in a constructive manner help organizations, companies, government, etc. to secure documents and secret information on the internet.They spend enormous amount of time trying to breach the security of networks, web servers and emails. Usually they use selection of specialist software to identify weakness, which are then exploited.
2.Understanding the need to hack your own systems To catch a thief, think like a thief. That's the basis for ethical hacking. The law of averages works against security. With the increased number and expanding knowledge of hackers combined with the growing number of system Vulnerabilities and other unknowns, the time will come when all computer systems are hacked or compromised in someway. A.So our overall goals as an ethical hacker should be as follows: Hack your systems in a nondestructive fashion. Enumerate vulnerabilities and, if necessary, prove to management that vulnerabilities exit and can be exploited. Apply results to remove the vulnerabilities and better secure your system. B. What is computer security? Security is process not product. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible use to minimize the security threads. C. What hacker can do? Hacker can enter any remote system to get all information without any trace. Hack any email password, website, and take down network with help of ddos attack. Hacker can break any password. Hacker can call to anyone without tracing.
Antivirus Antivirus Effective antivirus software guards your computer from all forms of malware, including traditional computer viruses, worms, Trojan horses and even sophisticated, blended attacks. Not only does antivirus software detect and eliminate any viruses or malware that may have already infected your hard drive, many solutions that offer a free virus scan actively prevent new infections before they have a chance to affect your computer. Antivirus software will scan and analyze emails and files for infection as they are downloaded. Using the method of signature-based detection, antivirus software checks a file's contents against a dictionary of known virus signatures - a pattern of code that uniquely identifies a virus. If a virus signature is found, the antivirus software will remove the threat. Antivirus software obviously detects potential threats in a few different ways. But what about the latest and greatest viruses? Because people create new viruses every day, an antivirus program will constantly update its dictionary of virus signatures. Many antivirus software programs including those that offer free virus protection also employ heuristic analysis, which can identify variants of known malware - viruses that have been mutated or refined by attackers to create different strains.
How antivirus work? How to bypass antivirus? To bypass antivirus we need to build new RAT or virus using own coding else we need to modify exciting code using crypter, binders, packers, etc.
Firewall Firewall is second pyramiding of IT security unauthorized or unwanted communications between computer networks or hosts. A firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks. An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to. Basically, a firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources.
What does firewall do? A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewall can filter packets based on their source. And destination addresses and port numbers. This is known as address filtering. Firewall can also filter specific type of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependent upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.
Cyber security and detailed informat.ppt
Steps of Hacking:
Information gathering This is a first step of hacking and penetration testing attack; first we collect all information's of target with help of tools and manual ways. Without much information our success rate of attacks also low. Manual Process: 1. Get URL using Google search. 2. Using whois sites. 5. www.who.is 6. www.robtex.com 7. www.domaintools.com
Cyber security and detailed informat.ppt
II. Scanning & Banner Grabbing After getting information of target user we need to know OS type, version of application that are running on open PORTS etc to successful exploitation. Following tools we need to use: 1. Port & network scanning: Port and networking scanning is used to know open port and active Pc in network.  Nmap  Angry IP scanner Hping 2. Banner Grabbing: Banner grabbing is a process to know exact version of target application to search loopholes or exploits or zero day.  Telnet  ID serve
III . Vulnerability Scanning This step is used to find out loopholes in applications using tools, after we use public and private exploit to enter on target system remotely. Vulnerability scanner: Acunetix netsparke nessus Whatweb [ Find out web application ][ Backtrack Tool ] E.g.: /whatweb bytecode.com IV Exploitation (Obtaining access) V. Maintaining access & erasing evidence
D0s ATTACK 1. Ddos Attack A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Examples include: attempts to "flood" a network, thereby preventing legitimate networktraffic attempts to disrupt connections between two machines, thereby preventing access to a service attempts to prevent a particular individual from accessing a service attempts to disrupt service to a specific system or person.
Cyber security and detailed informat.ppt
Ping Of Death •ping -t-1 6550 google.com [ max buffer size = 65500 ] •Effective system [ Solaris 2.4, minix, win3.11,95] SYN-ATTACK •Hping -i sudo hping3 -i ul -S -p 80 192.168.1.1 UDP/HTTP/TCP Flooding • LOIC • HOIC Smurf Attack •make your own packet and flood on network  pktbuilder  packETH 1.6 (linux & windows) MAC Flooding •flooding network switches •ARP spoofing •net cut[windows]
Cyber security and detailed informat.ppt
WIRELESS HACKING WIRELESS HACKING How home WiFi Work
Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate. The step by step procedure in wireless hacking can be explained with help of different topics as follows:- 1. Stations and Access 2. Channels 3. Wired Equivalent Privacy (WEP)
MALWARE This is a big catchall phrase that covers all sorts of software with nasty intent. Not buggy software, not programs you don't like, but software which is specifically written with the intent to harm. Virus: This is a specific type of malware that spreads itself once it's initially run. It's different from other types of malware because it can either be like a parasite that attaches to good files on your machine, or it can be self-contained and search out other machines to infect. Worm: Think of inchworms rather than tapeworms. These are not parasitic worms, but the kind that move around on their own. In the malware sense, they're viruses that are self- contained (they don't attach themselves like a parasite) and go around searching out other machines to infect. Trojan: Do you remember that story you had to read in high school about the big wooden horse that turned out to be full of guys with spears? This is the computer equivalent. You run a file that is supposed to be something fun or important, but it turns out that it's neither fun nor important, and it's now doing nasty things to your machine.
A penetration testing is a method of evaluating the security of a computer system or a network by simulating an attack from a malicious source, known as black hat hackers, or crackers. The process involves an active analysis of the system from any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weakness in process or technical countermeasures. PENETRATION TESTING PENETRATION TESTING
1. Why conduct a penetration testing? From a business perspective, penetration testing helps safeguard your organization against failure through: Preventing financial loss through fraud or through lost revenue due to unreliable business system and processes. Proving due diligence and compliance to your industry regulators, customers and shareholders. Protecting your brand by avoiding loss of consumer confidence and business reputation.
Cyber security and detailed informat.ppt
Cyber security and detailed informat.ppt

More Related Content

PPT
Cybersecurity, Hacking, and Privacy
Nicholas Davis
 
PDF
4 threatsandvulnerabilities
richarddxd
 
PPTX
Ethical hacking ppt
Nitesh Dubey
 
PPT
Ethical Hacking
aashish2cool4u
 
PPT
CyberSecurity presentation for basic knowledge about this topic
piyushkamble6
 
PPTX
Cyber security
ankit yadav
 
PPTX
Security threats explained
Abhijeet Karve
 
PPT
Tutorial 09 - Security on the Internet and the Web
dpd
 
Cybersecurity, Hacking, and Privacy
Nicholas Davis
 
4 threatsandvulnerabilities
richarddxd
 
Ethical hacking ppt
Nitesh Dubey
 
Ethical Hacking
aashish2cool4u
 
CyberSecurity presentation for basic knowledge about this topic
piyushkamble6
 
Cyber security
ankit yadav
 
Security threats explained
Abhijeet Karve
 
Tutorial 09 - Security on the Internet and the Web
dpd
 

Similar to Cyber security and detailed informat.ppt (20)

PPTX
Network security and viruses
Aamlan Saswat Mishra
 
PPTX
Computing safety ryr
ryrsyd
 
PPTX
Computing safety
Brulius
 
PPTX
Ethical Hacking
Nitheesh Adithyan
 
PPTX
Mitppt
Aarti Prakash
 
PPTX
Basics of hacking
Ali Asghar Jafari Lari
 
PPTX
CSE-Ethical-Hacking-ppt.pptx
VishnuVarma47
 
PDF
Edu 03Anju 23 assignment.pdf
ANJUMOHANANU
 
PPTX
Computer security threats & prevention
PriSim
 
PPTX
Computer security
sruthiKrishnaG
 
PPT
Ch # 10 computer security risks and safe guards
MuhammadRobeel3
 
PPTX
Cyber Security PPT
ashish kumar
 
PPTX
Computer security ethics_and_privacy
Ardit Meti
 
DOCX
Cyber crime
Salma Zafar
 
PPTX
Program and System Threats
Reddhi Basu
 
DOCX
Cyber Security Company.docx
ArindamGhosal6
 
PDF
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
Yasser Mohammed
 
PDF
Module 5.Malware
Sitamarhi Institute of Technology
 
PDF
Module 5.pdf
Sitamarhi Institute of Technology
 
PPTX
cybersecurity
maha797959
 
Network security and viruses
Aamlan Saswat Mishra
 
Computing safety ryr
ryrsyd
 
Computing safety
Brulius
 
Ethical Hacking
Nitheesh Adithyan
 
Mitppt
Aarti Prakash
 
Basics of hacking
Ali Asghar Jafari Lari
 
CSE-Ethical-Hacking-ppt.pptx
VishnuVarma47
 
Edu 03Anju 23 assignment.pdf
ANJUMOHANANU
 
Computer security threats & prevention
PriSim
 
Computer security
sruthiKrishnaG
 
Ch # 10 computer security risks and safe guards
MuhammadRobeel3
 
Cyber Security PPT
ashish kumar
 
Computer security ethics_and_privacy
Ardit Meti
 
Cyber crime
Salma Zafar
 
Program and System Threats
Reddhi Basu
 
Cyber Security Company.docx
ArindamGhosal6
 
EXTERNAL - Whitepaper - How 3 Cyber ThreatsTransform Incident Response 081516
Yasser Mohammed
 
Module 5.Malware
Sitamarhi Institute of Technology
 
Module 5.pdf
Sitamarhi Institute of Technology
 
cybersecurity
maha797959
 
Ad

Recently uploaded (20)

PPT
Project quality management in manufacturing
BarMusaTetik
 
PDF
composite construction of structures.pdf
AinieButt1
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PPTX
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
PPTX
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PPTX
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PPTX
additive manufacturing of ss316l using mig welding
premcdr7799
 
PDF
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
PDF
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
DOCX
573137875-Attendance-Management-System-original
AYUSHMANAV
 
Project quality management in manufacturing
BarMusaTetik
 
composite construction of structures.pdf
AinieButt1
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
UNIT-1 - COAL BASED THERMAL POWER PLANTS
Chandra Kumar S
 
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
Recipes for Real Time Voice AI WebRTC, SLMs and Open Source Software.pptx
Alberto González Trastoy
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
additive manufacturing of ss316l using mig welding
premcdr7799
 
Digital Logic Computer Design lecture notes
CHINNASUNKAIAH1
 
Embodied AI: Ushering in the Next Era of Intelligent Systems
Yu Huang
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
573137875-Attendance-Management-System-original
AYUSHMANAV
 
Ad

Cyber security and detailed informat.ppt

  • 1. Presented By: Cibin V Antoney Department Of Computer Science and Engineering St. Joseph College of Engineering
  • 2. Objective Importance of information security in today's world. Elements of security. Various phases of the Hacking Cycle. Types of hacker attacks.  Hacktivism.  Ethical hacking. Vulnerability research and tools. Steps for conducting ethical hacking..
  • 3. Introduction to hacking and security 1. What is hacking? Hacking is a process to bypass the security mechanisms of information system or network. Hacking is done in step partly by creative thinking and partly by using different tools at a time. 2.Who is a hacker? Hackers in reality are actually good and extremely intelligent people who by using their knowledge in a constructive manner help organizations, companies, government, etc. to secure documents and secret information on the internet.They spend enormous amount of time trying to breach the security of networks, web servers and emails. Usually they use selection of specialist software to identify weakness, which are then exploited.
  • 4. 2.Understanding the need to hack your own systems To catch a thief, think like a thief. That's the basis for ethical hacking. The law of averages works against security. With the increased number and expanding knowledge of hackers combined with the growing number of system Vulnerabilities and other unknowns, the time will come when all computer systems are hacked or compromised in someway. A.So our overall goals as an ethical hacker should be as follows: Hack your systems in a nondestructive fashion. Enumerate vulnerabilities and, if necessary, prove to management that vulnerabilities exit and can be exploited. Apply results to remove the vulnerabilities and better secure your system. B. What is computer security? Security is process not product. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible use to minimize the security threads. C. What hacker can do? Hacker can enter any remote system to get all information without any trace. Hack any email password, website, and take down network with help of ddos attack. Hacker can break any password. Hacker can call to anyone without tracing.
  • 5. Antivirus Antivirus Effective antivirus software guards your computer from all forms of malware, including traditional computer viruses, worms, Trojan horses and even sophisticated, blended attacks. Not only does antivirus software detect and eliminate any viruses or malware that may have already infected your hard drive, many solutions that offer a free virus scan actively prevent new infections before they have a chance to affect your computer. Antivirus software will scan and analyze emails and files for infection as they are downloaded. Using the method of signature-based detection, antivirus software checks a file's contents against a dictionary of known virus signatures - a pattern of code that uniquely identifies a virus. If a virus signature is found, the antivirus software will remove the threat. Antivirus software obviously detects potential threats in a few different ways. But what about the latest and greatest viruses? Because people create new viruses every day, an antivirus program will constantly update its dictionary of virus signatures. Many antivirus software programs including those that offer free virus protection also employ heuristic analysis, which can identify variants of known malware - viruses that have been mutated or refined by attackers to create different strains.
  • 6. How antivirus work? How to bypass antivirus? To bypass antivirus we need to build new RAT or virus using own coding else we need to modify exciting code using crypter, binders, packers, etc.
  • 7. Firewall Firewall is second pyramiding of IT security unauthorized or unwanted communications between computer networks or hosts. A firewall is a set of related programs, located at a network gateway server that protects the resources of a private network from users from other networks. An enterprise with an intranet that allows its workers access to the wider Internet installs a firewall to prevent outsiders from accessing its own private data resources and for controlling what outside resources its own users have access to. Basically, a firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources.
  • 8. What does firewall do? A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewall can filter packets based on their source. And destination addresses and port numbers. This is known as address filtering. Firewall can also filter specific type of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependent upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.
  • 11. Information gathering This is a first step of hacking and penetration testing attack; first we collect all information's of target with help of tools and manual ways. Without much information our success rate of attacks also low. Manual Process: 1. Get URL using Google search. 2. Using whois sites. 5. www.who.is 6. www.robtex.com 7. www.domaintools.com
  • 13. II. Scanning & Banner Grabbing After getting information of target user we need to know OS type, version of application that are running on open PORTS etc to successful exploitation. Following tools we need to use: 1. Port & network scanning: Port and networking scanning is used to know open port and active Pc in network.  Nmap  Angry IP scanner Hping 2. Banner Grabbing: Banner grabbing is a process to know exact version of target application to search loopholes or exploits or zero day.  Telnet  ID serve
  • 14. III . Vulnerability Scanning This step is used to find out loopholes in applications using tools, after we use public and private exploit to enter on target system remotely. Vulnerability scanner: Acunetix netsparke nessus Whatweb [ Find out web application ][ Backtrack Tool ] E.g.: /whatweb bytecode.com IV Exploitation (Obtaining access) V. Maintaining access & erasing evidence
  • 15. D0s ATTACK 1. Ddos Attack A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Examples include: attempts to "flood" a network, thereby preventing legitimate networktraffic attempts to disrupt connections between two machines, thereby preventing access to a service attempts to prevent a particular individual from accessing a service attempts to disrupt service to a specific system or person.
  • 17. Ping Of Death •ping -t-1 6550 google.com [ max buffer size = 65500 ] •Effective system [ Solaris 2.4, minix, win3.11,95] SYN-ATTACK •Hping -i sudo hping3 -i ul -S -p 80 192.168.1.1 UDP/HTTP/TCP Flooding • LOIC • HOIC Smurf Attack •make your own packet and flood on network  pktbuilder  packETH 1.6 (linux & windows) MAC Flooding •flooding network switches •ARP spoofing •net cut[windows]
  • 20. Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate. The step by step procedure in wireless hacking can be explained with help of different topics as follows:- 1. Stations and Access 2. Channels 3. Wired Equivalent Privacy (WEP)
  • 21. MALWARE This is a big catchall phrase that covers all sorts of software with nasty intent. Not buggy software, not programs you don't like, but software which is specifically written with the intent to harm. Virus: This is a specific type of malware that spreads itself once it's initially run. It's different from other types of malware because it can either be like a parasite that attaches to good files on your machine, or it can be self-contained and search out other machines to infect. Worm: Think of inchworms rather than tapeworms. These are not parasitic worms, but the kind that move around on their own. In the malware sense, they're viruses that are self- contained (they don't attach themselves like a parasite) and go around searching out other machines to infect. Trojan: Do you remember that story you had to read in high school about the big wooden horse that turned out to be full of guys with spears? This is the computer equivalent. You run a file that is supposed to be something fun or important, but it turns out that it's neither fun nor important, and it's now doing nasty things to your machine.
  • 22. A penetration testing is a method of evaluating the security of a computer system or a network by simulating an attack from a malicious source, known as black hat hackers, or crackers. The process involves an active analysis of the system from any potential vulnerabilities that may result from poor or improper system configuration, known and/or unknown hardware or software flaws, or operational weakness in process or technical countermeasures. PENETRATION TESTING PENETRATION TESTING
  • 23. 1. Why conduct a penetration testing? From a business perspective, penetration testing helps safeguard your organization against failure through: Preventing financial loss through fraud or through lost revenue due to unreliable business system and processes. Proving due diligence and compliance to your industry regulators, customers and shareholders. Protecting your brand by avoiding loss of consumer confidence and business reputation.