Embed Size (px)
DESCRIPTION
Hacking and Network Defense. Introduction. With the media attention covering security breaches at even the most tightly controlled organization, it is more important than ever to learn about hackers. Hacker Profile. - PowerPoint PPT Presentation
Citation preview
Hacking and Network Hacking and Network DefenseDefense
IntroductionIntroduction
With the media attention covering With the media attention covering security breaches at even the most security breaches at even the most tightly controlled organization, it is tightly controlled organization, it is more important than ever to learn more important than ever to learn about hackers.about hackers.
Hacker ProfileHacker Profile ““Hacker” can be ranged from the Hacker” can be ranged from the
computer programmer you work with computer programmer you work with who hacks in the evening , to a high who hacks in the evening , to a high school student who plays on the school student who plays on the computer after he/she gets out of computer after he/she gets out of school, to almost anyone in between.school, to almost anyone in between.
Why?Why?• Enjoy the game of discovering the Enjoy the game of discovering the
vulnerabilitiesvulnerabilities• Criminal intentCriminal intent• Revenge Revenge
Enterprise RisksEnterprise Risks Disruption of ServicesDisruption of Services
Damaged ReputationDamaged Reputation
Exposure of Confidential informationExposure of Confidential information
Corruption of DataCorruption of Data
LiabilityLiability
Anatomy of an AttackAnatomy of an Attack
ProfilingProfiling• Gathering information about target Gathering information about target
ScanningScanning• Identify what systems are activeIdentify what systems are active
EnumeratingEnumerating• Determining valid user account and Determining valid user account and
sharesshares
Anatomy of an AttackAnatomy of an Attack
Enumerating (Cont.)Enumerating (Cont.)• How?How?
Social EngineeringSocial Engineering ObservationObservation EavesdroppingEavesdropping
ExploitingExploiting• Gain unlawful entry to a systemGain unlawful entry to a system
Different Kind of ExploitsDifferent Kind of Exploits
Buffer OverflowsBuffer Overflows• Result of poor programming Result of poor programming
Privilege EscalationPrivilege Escalation• Unsecured lower privilege accountUnsecured lower privilege account
Brute Force AttacksBrute Force Attacks• Password guessing gamePassword guessing game
Unexpected InputUnexpected Input• Username: jdoe; rm –rf /Username: jdoe; rm –rf /
Different Kind of ExploitsDifferent Kind of Exploits
DefacementsDefacements• Surprise on Web sitesSurprise on Web sites
Denial of Service (DoS)Denial of Service (DoS)• A fleet attackA fleet attack
Launch Pad AttacksLaunch Pad Attacks• A victim attacked by other victimA victim attacked by other victim
The Hackers ToolkitThe Hackers Toolkit Web ScannerWeb Scanner Port ScannerPort Scanner Password CrackersPassword Crackers Password GrindersPassword Grinders War DialersWar Dialers Program Password RecoveryProgram Password Recovery Credit Card Number GeneratorsCredit Card Number Generators Vulnerability ScannersVulnerability Scanners Packet SniffersPacket Sniffers Net BIOS Auditing ToolsNet BIOS Auditing Tools Virus, Trojans, WormsVirus, Trojans, Worms
Defending Against the HackDefending Against the Hack
1.1. Keep patched up to dateKeep patched up to date
2.2. Shut down unnecessary Shut down unnecessary services/portsservices/ports
3.3. Change default passwordsChange default passwords
4.4. Control physical access to systemControl physical access to system
5.5. Curtail unexpected inputCurtail unexpected input
Defending Against the HackDefending Against the Hack
6.6. Perform backups the test themPerform backups the test them
7.7. Educate people about social engineeringEducate people about social engineering
8.8. Encrypt and password-protect sensitive Encrypt and password-protect sensitive datadata
9.9. Implement security hardware and Implement security hardware and softwaresoftware
10.10. Develop a written security policy for the Develop a written security policy for the companycompany
More HackingMore Hacking Hacker toolsHacker tools
• http://www.insecure.org/tools.htmlhttp://www.insecure.org/tools.html Wireless NetworksWireless Networks
• Wireless LAN Analyzers Wireless LAN Analyzers Viruses and WormsViruses and Worms
• http://www.nai.comhttp://www.nai.com TerrorismTerrorism Security AdvisorySecurity Advisory
• http://www.microsoft.com/securityhttp://www.microsoft.com/security
