Hacking and Anti Hacking
Download as PPTX, PDF3 likes1,935 views
The document provides an overview of hacking, including a brief history from the 1960s to present. It discusses different types of hackers like white hat and black hat hackers. Common hacker techniques are described such as footprinting, scanning, gaining access, and covering tracks. The document also outlines methods for anti-hacking like keeping systems updated, using antivirus software, and enabling firewalls.
Hacking and Anti Hacking
- 1. HACKING Don’t Learn to Hack – Hack to Learn S.K.Ahsan 1
- 2. 2
- 3. IN THE NAME OF THE MOST MERCIFUL THE BENEFICENT ! 3
- 4. S.K.Ahsan 4
- 5. What is Hacking ? Brief History Who is a Hacker ? Types of Hacker What do Hackers do? Hacker’s Techniques & Attacks Anti-Hacking Demo Of Hacking S.K.Ahsan 5
- 6. What is “ ” ? Hacking is not limited to computers. The real meaning of hacking is to expand the capabilities of any electronic device; to use them beyond the original intentions of the manufacturer. S.K.Ahsan 6
- 7. • “ Hacking is the use of one's skills (computer, networking, etc.) to try and find vulnerabilities in a network infrastructure. ” S.K.Ahsan 7
- 8. Who is a ??? • Some one who bypasses the system’s control by taking advantage of security weaknesses left in the system by developers ! • One who is both knowledgeable and skilled at computer programming and have it’s own philosophy and code of ethics ! 8 S.K.Ahsan
- 9. A Brief History of In 1960s The first comuter hackers emerge at MIT AI (Massachusetts Institute of Technology) there occurred the first hacking incident an victims were electric trains. 1960’s S.K.Ahsan 9
- 10. In 1970s – Phreaking : John Draper Hacked the AT&T’s long distance Calling for free . – Phone hackers break into regional and international phone networks to make free calls. S.K.Ahsan 10
- 11. 1980’s Phone phreaks begin to move into the realm of computer hacking, and the first electronic bulletin board systems (BBSs) spring up. In 1980s Bill Landreth(the Cracker) Hacked most secure networks. (Choas C.Club) Hacked Nuclear secrets in Germany. S.K.Ahsan >>> Use a Computer, Go to Jail ! ! ! 11
- 12. In 1990s – Two teens Hacked (T online). – 21 year old Argentinean was hacked NASA, Harvard an Naval war heads info. S.K.Ahsan 12
- 13. 1990’s After a prolonged sting investigation, S.K.Ahsan swoop down on hackers in 14 U.S. cities, conducting early-morning raids and arrests. The Internet begins to take off as a new browser, Netscape Navigator, makes information on the Web more accessible. Hackers take to the new venue quickly, moving all their information and hacking programs to new hacker Web sites. >>> As information and easy-to-use tools become available to anyone with Net access, the face of hacking begins to change. 13
- 14. 1995-till date The hacking group Cult of the Dead Cow releases its Trojan horse program, a powerful hacking tool--at Def Con. Once a hacker installs the on a machine running Windows 95 or Windows 98, the program allows unauthorized remote access of the machine ! Hackers launch attacks against , , S.K.Ahsan , and ! Microsoft becomes the prominent victim of a new type of hack that attacks the domain name server. 14
- 15. 2000 – In one of the biggest denial-of-service attacks , hackers launch attacks against eBay, Yahoo!, CNN.com., Amazon and others. S.K.Ahsan 15
- 16. S.K.Ahsan 16
- 17. Who is a “ ” ? There are at least two common interpretations: A programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-crime. A programmer for whom computing is its own reward; may enjoy the challenge of breaking into other computers but does no harm. S.K.Ahsan 17
- 18. Types of White Hat Hackers Are hackers in the noble sense of the term, whose goal is to help improve computer systems . Black Hat Hackers Are people who break into computer systems for malicious purposes, commonly called pirates. S.K.Ahsan 18
- 19. S.K.Ahsan 19
- 20. How do S.K.Ahsan 20
- 21. What Do Do? Threaten People Stole illegal or Private material Damage System Stole Passwords Crack Unpaid Softwares Modify data / stream S.K.Ahsan 21
- 22. – Access confidential information – Threaten someone from YOUR computer – Broadcast your confidential letters or materials – Store illegal or espionage material S.K.Ahsan 22
- 23. – Eavesdrop and replay – Imposer: server / client – Modify data / stream – Denial-of-Service S.K.Ahsan 23
- 24. S.K.Ahsan 24
- 25. System hacking Network hacking Software hacking http://wiki.answers.com/Q/What_are_the_types_of_hacking S.K.Ahsan 25
- 26. • Foot printing • Scanning • Enumeration • Gaining access • Covering tracks • Creating backdoors • Denial of service 26 S.K.Ahsan
- 27. Objective – To learn as much as you can about target system, it's remote access capabilities, its ports and services, and the aspects of its security. Techniques – Open source search – Whois – Web interface to whois – ARIN whois 27 S.K.Ahsan
- 28. Most security breeches originate inside the network that is under attack. Which include stealing passwords, performing industrial private data, or committing simple misuse. S.K.Ahsan 28
- 29. 29 S.K.Ahsan
- 30. 30 S.K.Ahsan
- 31. 31 S.K.Ahsan
- 32. 32 S.K.Ahsan
- 33. 33 S.K.Ahsan
- 34. Objective – Bulk target assessment and identification of listing services focuses the attention on the most promising avenue of entry Techniques – Ping sweep – TCP/UDP port scan – OS Detection 34 S.K.Ahsan
- 35. Objective – More intrusive probing now begins as attackers begin identifying valid user accounts or poorly protected resource shares Techniques – List user accounts – List file shares – Identify applications 35 S.K.Ahsan
- 36. Objective – Enough data has been gathered at this point to make an informed attempt to access the target Techniques – File share brute forcing – Password file grab – Buffer overflows – Password eavesdropping 36 S.K.Ahsan
- 37. 37 S.K.Ahsan
- 38. 38 S.K.Ahsan
- 39. Objective – Once total ownership of the target is secured, hiding this from system administrators become paramount ,lest they quickly end the romp. Techniques – Clear logs – Hide tools 39 S.K.Ahsan
- 40. Objective – Trap doors will be laid in various parts of the system to ensure that privileged access is easily regained at the whim if the intruder Techniques – Create rogue user accounts – Schedule batch jobs – Infect startup files – Plant remote control services – Install monitoring mechanisms – Replace apps with trojans 40 S.K.Ahsan
- 41. Rogue access points (APs) are unsecured wireless access points that outsiders can easily breech. Rogue APs are most often connected by well meaning but ignorant employees. S.K.Ahsan 41
- 42. Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms). Viruses and worms attempt to shut down networks by flooding them with massive amounts of bogus Traffic,usually through e-mail. S.K.Ahsan 42
- 43. Hackers can gain access to a Network by exploiting back doors, administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. S.K.Ahsan 43
- 44. Trojan horses, which are Attached to other programs, are the leading cause of all break-ins. When a user Downloads and activates a Trojan horse, the hacked software kicks off a virus, password gobbler, or remote-control SW that gives the hacker control of the PC.i.e Snipersky,PerfectKeylogger. S.K.Ahsan 44
- 45. DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses. S.K.Ahsan 45
- 46. Who just like to break stuff. They usually exploit any target of opportunity. hobbyists or professionals who break passwords and develop Trojan horses or other SW (called warez). They have no real hacker skills, so they buy or download warez, which they launch and use “COwbOy “Languages. S.K.Ahsan 46
- 47. The pirates who use the switched telephone network (STN) to make free phone calls. mainly attack chip card systems (particularly bank cards) to understand how they work and to exploit their flaws. The term carding refers to chip card piracy. S.K.Ahsan 47
- 48. refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister. S.K.Ahsan 48
- 49. The act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping. S.K.Ahsan 49
- 50. The method of luring an unsuspecting user into giving out their username and password for a secure web resource, usually a bank or credit card account. Ebay and PayPal are particularly susceptible to this type of attack. S.K.Ahsan 50
- 51. S.K.Ahsan 51
- 52. S.K.Ahsan 52
- 53. S.K.Ahsan 53
- 54. 54 S.K.Ahsan
- 55. 55 S.K.Ahsan
- 56. 56 S.K.Ahsan
- 57. S.K.Ahsan 57
- 58. Hacker’s Techniques & Attacks S.K.Ahsan 58
- 59. S.K.Ahsan 59
- 60. “The opposite of hacking". If hacking is defined as an attack on a computer system then Anti-Hacking is the protection of that system. S.K.Ahsan 60
- 61. S.K.Ahsan 61
- 62. S.K.Ahsan 62
- 63. Don't ignore operating system updates Anti-virus software Activate the firewall in Windows XP Email software preview windows Logging out Audit your computer regularly Regularly remove spyware Password issues Increasing Security Against a Brute Force Attack S.K.Ahsan 63
- 64. Don't wait to be alerted via mainstream media of problems that have been discovered It's wise to visit the software vendors' site and keep abreast of any critical security updates. In the case of Microsoft, you'll need to go to the Windows Update site. S.K.Ahsan 64
- 65. Anti-virus software used *properly*. Ensure that it's regularly updated. Even missing one update could bring down your computer . remember to password protect the settings on the software so no-one else can alter protection levels. S.K.Ahsan 65
- 66. S.K.Ahsan 66
- 67. Anti-virus software isn't enough,it's also a good idea to install firewall software which will help prevent unauthorized incoming and outgoing communications from your computer while connected to the Internet. Port scanning is *very* common and is carried out with a view to finding weaknesses in your system that can then be exploited. S.K.Ahsan 67
- 68. S.K.Ahsan 68
- 69. 3rd party solutions for filtering email of spam and viruses as their inboxes become inundated with junk. Email filtering can be very effective in dramatically reducing security risks before the mail even has a chance to be collected by your email software. S.K.Ahsan 69
- 70. Ensure that you log out of online services properly. Failure to do so can allow others who use your computer to gain access to those services. S.K.Ahsan 70
- 71. If your computer is used by others, carry out regular audits of the software on it. It's safest to make it a policy not to allow any software to be installed without your permission. Spybot again is a very effective tool for detecting and removing software that may be a security risk. S.K.Ahsan 71
- 72. If you and your familiar do a lot of surfing and downloading of shareware software, then it's likely you'll also accumulate your fair share of spyware. Some software companies use spyware that is incorporated into their software products to gather data about customers, which is often sold to other companies. S.K.Ahsan 72
- 73. S.K.Ahsan 73
- 74. If you must store usernames and passwords on your system, ensure they are contained in a document that is password protected. Don't let Windows "remember" passwords for you. Passwords should always be more than 8 characters long and contain a mixture of numbers and letters. Learn more about password security issues. S.K.Ahsan 74
- 75. Increasing the length of the PIN Allowing the PIN to contain characters other than numbers, such as * or # Imposing a 30 second delay between failed authentication attempts Locking the account after 5 failed authentication attempts S.K.Ahsan 75
- 76. S.K.Ahsan 76
- 77. S.K.Ahsan 77
- 78. S.K.Ahsan 78