PROTECTION FROM HACKING ATTACKS

By Sugirtha Jasmine M (ME Cyber Security)Information Security Analyst

1.MALWARES

• Malware is a collective term for any malicious software which enters system without authorization of user of the system.• The term is created from merging

the words malicious and softwares

Types of Malwares

• VIRUS (VITAL INFORMATION RESOURCES UNDER SEIZE)

• A Virus is computer program that executes when an infected program is executed.

• On MS-DOS system, these files usually have the extensions .exe, .com, .bat, .sys

• Virus always needs a trigger to execute itself and after execution itself and after execution they leave the memory part.

• Types of VirusBoot sector VirusFile infecting VirusesPolymorphic virusesStealth VirusesMulti Partite Viruses

• Boot sector VirusesBoot sector viruses are those that

infect the boot sector on a computer system

• File infecting Virusesare unsurprisingly viruses that infect

files. Sometime these viruses are memory resident

• Polymorphic Virusesit change their appearance with each

infection. Such encryption viruses are usually difficult to detect because they are better at hiding themselves from antivirus software.

• Stealth Virusesit attempt to hide from both the

operating system and anti-virus software.• Multi partite viruses

it infects both boot sector files and executable files.

HOW VIRUSES SPREAD?

WORMS

• Worms are constructed to infiltrate legitimate data processing programs and alter or destroy the data.• It do not replicate themselves

TROJAN HORSES

• A trojan horse is a destructive program that has been concealed in an innocuous piece of software• It is not viruses because they do

not reproduce themselves and spread as viruses do.

LOGIC BOMBS

• Writing a logic bomb program is similar to trojan horses.• It depends on time and date

BOTS AND BOTNETS

• A bot is a program that operates automatically as an agent for a user or another program

• Hackers forward bots to the victim system

• It also used for mass spam mailings, installing key logging software that can steal victims password and data.

VULNERABILITY TO MALWARE

• Use of the same operating system• Software bugs• Over privileged users• Unconfirmed code

ANTI-MALWARE STRATERGIES

• Anti viruses and Anti malware software• Website Security Scans• Eliminating Over Privileged Scan

MALWARE DETECTION TECHNIQUES

• Signature based malware detection techniques• Specification based detection• Behavior based detection

COUNTER MEASURES

• Vaccine Software and Keep it Up-to-date• Email attachment File Should be scanned• Downloaded file should be scanned• For application utilize security functions• Security patches should be applied• Symptoms of Virus infection must be

Overlooked• Incase of emergency data should be Backed up

NETWORK INTRUSION

• Computer Networks that are currently to the internet are vulnerable to a variety of exploits that can compromise their intended operations.

TYPES OF INTRUSION

• Non TechnicalSocial Engineering attackPretextingPhishingSmishingVishingTabnabbing

• Technical Intrusion DOSInput ValidationKeyloggersSniffing

Non Technical Intrusion

• Social Engineering IntrusionAs humans we are bound by both nature

and nurture to the social contract which, like many contracts, might be twisted to our disadvantage. Such twisting is called Social Engineering.

• Common types of social EngineeringHuman Based

ImpersonationImportant UserDumpster DivingShoulder Surfing

• Computer BasedPopup WindowsMail AttachmentsSpamWebsites

• PretextingPretexting is an act of creating and using

an invented scenario to obtain information from the target, usually over the telephone.

• Phishingit uses both social engineering and

technical activities to to steals consumers personal identity data and financial account credentials.

• SmishingSmishing is the cell phone equivalent to

“Phishing” , text messages that lead you to a counterfeit web site trying to get your personal information using SMS.

• VishingVoIP Phishing is an electronic fraud tactic

in which individuals are tricked in to revealing critical financial or personal information to unauthorized entities

TECHNICAL INTRUSION

• DOSTo make service unavailable.TypesPing of DeathLAND attackTear drop attackSYN flood attackICMP flood attackSmurf attack

• Ping of DeathAn attacker sends an ICMP echo request

packet that is larger than the maximum packet size.Since the received ICMP echo packet is larger than the normal IP packet size. The target cant reassemble the packets. So the OS crashes or reboot

• LAND AttackWhen the attacker initiates a SYN

Flood attack using the IP address of the victim as source and destination IP address, then it is said that the attacker has launched a LAND ATTACK.

• Tear Drop AttackThis type of attack deals with

fragmentation and reassembly of IP Packets. The IP header contains the necessary fields to handle fragmentation issues

• SYN Flood AttackAn attacker could deliberately flood the

server with TCP SYN segments without acknowledging back the server SYN response.

• ICMP Flood AttackSimilar to the SYN flood attack, an ICMP

flood attack takes place when an attacker overloads its victim with huge number of ICMP echo request with spoofed source IP address.

Smurf attackit is a type of network level DOS attack

using ICMP echo replies from computer in the same broadcast network by sending forged ICMP echo request

• DDOS Attackthe attacks come from multiple host or

system

• Input ValidationInput Validation Attacks are where an attacker intentionally sends unusual input in the hopes of confusing the application.SQL InjectionSQL injection is an attack in which malicious code is inserted in to strings that are later passed to an instance of SQL Server.Manual or Using Tools

• Blind SQL InjectionIt is used when a web application is

vulnerable to an SQL injection but the results of the injection are not visible to the attacker.

• XSS Cross site scriptingis generally believed to be one of the most common application layer hacking techniques. In general cross site scripting refers to that hacking techniques that leverages vulnerabilities in the code of the web application to allow an attacker to send malicious content from an end user and collect some type of data from the victim

• BUFFER OVERFLOW– An Buffer overflow occurs when a progress or

program running on your computer system uses more memory than it was allocated and has to store the extra data in the temporary location called a buffer overflow

• KEY LOGGERThis is the one of the simplest method

for hacking the computer. A keylogger is a piece of hardware or software that logs everything someone types.

• SNIFFINGSniffing is observing packets passing by on the network. It is a popular way to steal data from the network, usually in form of passwords, ID Names, etc

• SESSION HIJACKING– It is the exploitation of a valid computer session ,

sometimes called a session key. To gain unauthorized access to information or services in a computer system

PASSWORD INTRUSION

• Any attack designed to allow an unauthorized user access to an authorized password

Types of password attacksDefault passwordDictionary PasswordBruteforce Password

BACKDOOR

• A secret or underhand means of access (to a place or a position) or an undocumented way to get access to a computer system

ROOTKITS

• A rootkits is a collection of programs that enable administrator-level access to a computer or computer network.

MONITORING TOOLS

• The term monitoring or network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator.

ART OF GOOGLING

• Google search or Google web search is a web search engine owned by Google.

• And it is the most used search engine on the web.

• Google receives several hundred million queries each day through its various services.

• Biggest database

• GOOGLE SEARCH• I’M FEELING LUCKING• ADVANCED SEARCH• PREFERENCES• LANGUAGE TOOL• GOOGLE AS A PROXY SERVER

SEARCHING TECHNIQUES

• Basic Search Technique• Advance search Technique

BASIC SEARCH TECHNIQUES

• Basic Keyword Search• Phrase Search “jbbub”• Operator Search + or – • Range Search eg: jdk 1.3.1.6

ADVANCE SEARCHING TECHNIQUES

• Site Operator .gov .com• InTitle Operator intitle: index of master name• Inurl operator inurl:etc/passwd• File type Operator• Link Operator• Cache operator• Phonebook Operator

THANK YOU