Computer Security - PowerPoint PPT Presentation

About This Presentation
Title:

Computer Security

Description:

Title: PowerPoint Presentation Subject: From Basic to Pro Hacker Author: Jit Ray Chowdhury Keywords: Spyware, Trojan Horses, Tracking Cookies, Hacking – PowerPoint PPT presentation

Number of Views:498
Avg rating:3.0/5.0
Slides: 45
Provided by: JitRayCh
Category:

less

Transcript and Presenter's Notes

Title: Computer Security


1
Computer Security
  • From Basics to Pro Hacker

By Jit Ray Chowdhury Roll 04 BCA 6th SEMESTER
Dinabandhu Andrews Institute of Technology and
Management Email ID-jit.ray.c_at_gmail.com Contact
No- 9831546599
2
Your computer could be watching your every move!
Image Source - http//www.clubpmi.it/upload/serviz
i_marketing/images/spyware.jpg
3
Introduction
  • Basic protection for Dummies

4
Virus!!
  • They dont just attack you computer but actually
    first they attack you as mostly they need some
    user interaction to get your PC infected and for
    that they play with your mind and fool you to do
    so.

5
Protecting against Virus.
  • For protecting your PC from virus you not only
    need to have a updated antivirus and firewall
    installed but also be aware of the ways virus
    fools you.
  • Example- like you commonly run external scripts
    send by virus on your scrapbook.

6
Must Know About
  • A program that monitors your actions. While they
    are sometimes like a remote control program used
    by a hacker, software companies to gather data
    about customers. The practice is generally
    frowned upon.

SPYWARE
Definition from BlackICE Internet Security
Systems - http//blackice.iss.net/glossary.php
An apparently useful and innocent program
containing additional hidden code which allows
the unauthorized collection, exploitation,
falsification, or destruction of data.
Definition from Texas State Library and
Archives Commission - http//www.tsl.state.tx.us/l
d/pubs/compsecurity/glossary.html
TROJAN HORSE
7
Symptoms
  • Targeted Pop-ups
  • Slow Connection
  • Targeted E-Mail (Spam)
  • Unauthorized Access
  • Spam Relaying
  • System Crash
  • Program Customisation

SPYWARE
SPYWARE / TROJAN
SPYWARE
TROJAN HORSE
TROJAN HORSE
SPYWARE / TROJAN
SPYWARE
8
Spyware-Network Overview
  • Push
  • Advertising
  • Pull
  • Tracking
  • Personal data

Image Source Image derived and produced by
Andrew Brown, Tim Cocks and Kumutha Swampillai,
February 2004.
9
Virus, Worm, Trojan Horse, Spyware
  • Virus cannot replicate themselves but worm and
    Trojan can do that.
  • A virus cannot be spread without a human action
    such as running an infected file or program but
    worm and Trojan have the capabilities to spread
    themselves automatically from computer to
    computer through network connection.

10
  • A virus do not consume system memory but worm
    consumes too much system memory and network
    bandwidth.
  • Trojans are used by malicious users to access
    your computer information but viruses and worms
    cant do so, they simply infect your computer.
  • Spyware collect data from your computer without
    consent for Precision Marketing by various
    companies

11
Hackers
  • The Attitude to the Infinity

11
12
What is Hacker?
  • Its about technical adeptness , being delight in
    solving problems and overcoming limits.
  • There is a community of expert programmers and
    networking wizards that traces its history back
    through decades to the first time-sharing
    minicomputers and the earliest ARPAnet
    experiments. The members of this culture
    originated the term hacker. Hackers built the
    Internet. Hackers made the Unix operating system
    what it is today. Hackers make the World Wide Web
    work. If you are part of this culture, if you
    have contributed to it and other people in it
    know who you are and call you a hacker, you're a
    hacker.

13
  • The hacker mind-set is not confined to this
    software-hacker culture. There are people who
    apply the hacker attitude to other things, like
    electronics or music actually, you can find it
    at the highest levels of any science or art.
    Software hackers recognize these kindred spirits
    elsewhere and may call them hackers too and
    some claim that the hacker nature is really
    independent of the particular medium the hacker
    works in. But in the rest of this document we
    will focus on the skills and attitudes of
    software hackers, and the traditions of the
    shared culture that originated the term hacker.

Jit Ray Chowdhury
http//jit.ray.c_at_googlepages.coom
14
  • There is another group of people who loudly call
    themselves hackers, but aren't. These are people
    (mainly adolescent males) who get a kick out of
    breaking into computers and freaking the phone
    system. Real hackers call these people crackers
    and have nothing to do with them. Real hackers
    mostly think crackers are lazy, irresponsible,
    and not very bright, and object that being able
    to break security doesn't make you a hacker any
    more than being able to hotwire cars makes you an
    automotive engineer. Unfortunately, many
    journalists and writers have been fooled into
    using the word hacker to describe crackers
    this irritates real hackers no end.
  • The basic difference is this hackers build
    things, crackers break them.

15
The Hacker Attitude
  • Dont learn to Hack, Hack to Learn.
  • The world is full of fascinating problems waiting
    to be solved.
  • No problem should ever have to be solved twice.
  • Boredom and drudgery are evil.
  • Attitude is no substitute for competence.

16
Dont learn to Hack, Hack to Learn
  • Hackers solve problems and build things, and
    they believe in freedom and voluntary mutual
    help.. You also have to develop a kind of faith
    in your own learning capacity a belief that
    even though you may not know all of what you need
    to solve a problem, if you tackle just a piece of
    it and learn from that, you'll learn enough to
    solve the next piece and so on, until you're
    done.

17
The world is full of fascinating problems waiting
to be solved
  • Being a hacker is lots of fun, but it's a kind
    of fun that takes lots of effort. The effort
    takes motivation. Successful athletes get their
    motivation from a kind of physical delight in
    making their bodies perform, in pushing their own
    physical limits. Similarly, to be a hacker you
    have to get a basic thrill from solving problems,
    sharpening your skills, and exercising your
    intelligence. If you aren't the kind of person
    that feels this way naturally, you'll need to
    become one in order to make it as a hacker.
    Otherwise you'll find your hacking energy is
    drained by distractions like money, and social
    approval.

18
No problem should ever have to be solved twice.
  • Creative brains are a valuable, limited resource.
    They shouldn't be wasted on re-inventing the
    wheel when there are so many fascinating new
    problems waiting out there
  • To behave like a hacker, you have to believe that
    the thinking time of other hackers is precious
    so much so that it's almost a moral duty for you
    to share information, solve problems and then
    give the solutions away just so other hackers can
    solve new problems instead of having to
    perpetually re-address old ones

19
Boredom and drudgery are evil.
  • Hackers (and creative people in general) should
    never be bored or have to drudge at stupid
    repetitive work, because when this happens it
    means they aren't doing what only they can do
    solve new problems. This wastefulness hurts
    everybody. Therefore boredom and drudgery are not
    just unpleasant but actually evil .
  • To behave like a hacker, you have to believe this
    enough to want to automate away the boring bits
    as much as possible, not just for yourself but
    for everybody else (especially other hackers).

20
Attitude is no substitute for competence.
  • To be a hacker, you have to develop some of these
    attitudes. But copying an attitude alone won't
    make you a hacker. Becoming a hacker will take
    intelligence, practice, dedication, and hard
    work.
  • Therefore, you have to learn to distrust attitude
    and respect competence of every kind. Hackers
    won't let posers waste their time, but they
    worship competence.
  • The hacker attitude is vital, but skills are even
    more vital. Attitude is no substitute for
    competence, and there's a certain basic toolkit
    of skills which you have to have before any
    hacker will dream of calling you one. This
    toolkit changes slowly over time as technology
    creates new skills and makes old ones obsolete.

21
Basic Hacking Skills
  • Learn how to program.
  • Get one of the open-source Unixes and learn to
    use and run it.
  • Learn how to use the World Wide Web and write
    HTML.
  • If you don't have functional English, learn it.

22
Class of Hackers
  • Black hats
  • Individuals with extraordinary computing skills,
    resorting to malicious or destructive activities.
    Also known as Crackers.
  • Gray Hats
  • Individuals who work both offensively and
    defensively at various times.
  • White Hats
  • Individuals professing hacker skills and using
    them for defensive purposes. Also known as
    Security Analysts.

23
  • Script Kiddies
  • Person, normally not technologically
    sophisticated, who randomly seeks out a specific
    weakness over the internet to gain root access to
    a system without really understanding what he is
    exploiting because the weakness was discovered by
    someone else.
  • Phreak
  • Person who breaks into telecommunications
    systems.
  • Ethical Hacker
  • May be Independent or maybe group of
    consultants - Claims to be knowledgeable about
    black hat activities.

24
Responsibility of Hackers
  • Write open-source software
  • Help test and debug open-source software
  • Publish useful information
  • Serve the hacker culture itself

25
Disciplined Life of Hackers
  • Again, to be a hacker, you have to enter the
    hacker mindset. There are some things you can do
    when you're not at a computer that seem to help.
    They're not substitutes for hacking (nothing is)
    but many hackers do them, and feel that they
    connect in some basic way with the essence of
    hacking.
  • Read science fiction. Go to science fiction
    conventions (a good way to meet hackers and
    proto-hackers).
  • Develop your appreciation of puns and wordplay

26
  • Train in a martial-arts form. The kind of mental
    discipline required for martial arts seems to be
    similar in important ways to what hackers do. The
    most popular forms among hackers are definitely
    Asian empty-hand arts such as Tae Kwon Do,
    various forms of Karate, Kung Fu, Aikido, or Ju
    Jitsu. The most hackerly martial arts are those
    which emphasize mental discipline, relaxed
    awareness, and control, rather than raw strength,
    athleticism, or physical toughness.
  • Study an actual meditation discipline. The
    perennial favorite among hackers is Zen. Other
    styles may work as well, but be careful to choose
    one that doesn't require you to believe crazy
    things.
  • Develop an analytical ear for music. Learn to
    appreciate peculiar kinds of music. Learn to play
    some musical instrument well, or how to sing.

27
  • The more of these things you already do, the more
    likely it is that you are natural hacker
    material. Why these things in particular is not
    completely clear, but they're connected with a
    mix of left- and right-brain skills that seems to
    be important hackers need to be able to both
    reason logically and step outside the apparent
    logic of a problem at a moment's notice.
  • Work as intensely as you play and play as
    intensely as you work. For true hackers, the
    boundaries between "play", "work", "science" and
    "art" all tend to disappear, or to merge into a
    high-level creative playfulness. Also, don't be
    content with a narrow range of skills. Though
    most hackers self-describe as programmers, they
    are very likely to be more than competent in
    several related skills system administration,
    web design, and PC hardware troubleshooting are
    common ones. A hacker who's a system
    administrator, on the other hand, is likely to be
    quite skilled at script programming and web
    design. Hackers don't do things by halves if
    they invest in a skill at all, they tend to get
    very good at it.

28
Hacking
  • The Professionalism

28
29
Why this knowledge is necessary?
  • Internet has grown very fast and security has
    lagged behind.
  • In 1988 a "worm program" written by a college
    student shut down about 10 percent of computers
    connected to the Internet. This was the
    beginning of the era of cyber attacks.
  • In India there is a demand for about 80,000
    security professionals where as only 22,000 are
    available and security specialists markets are
    expanding unlike other technology professions.

30
95 of Web Apps Have Vulnerabilities
  • Cross-site scripting (80 percent)
  • SQL injection (62 percent)
  • Parameter tampering (60 percent)
  • Cookie poisoning (37 percent)
  • Database server (33 percent)
  • Web server (23 percent)
  • Buffer overflow (19 percent)

31
Cross-site scripting
32
SQL injection
  • Unvalidated input SQL Injection example
  • username admin
  • password anything OR xx
  • Original Query
  • SELECT count() FROM userinfo WHERE
    name_at_username and pass_at_password
  • Database will execute
  • SELECT count() FROM userinfo WHERE nameadmin
    and passanything OR xx
  • Got logged in successfully!

33
Phases Involved in Ethical Hacking
  • Footprinting
  • Scanning
  • Enumeration
  • Gaining Access
  • Escalating privilege
  • Pilfering
  • Covering tracks
  • Creating back doors
  • Denial of service

34
Footprinting
  • Objective
  • Gathering Target Address range, namespace,
    acquisition and other information gathering
    essential for attack.
  • Techniques
  • Domain name lookup
  • Whois
  • Nslookup
  • Sam Spade
  • ARIN (American Registry of
  • Internet Numbers)

35
Scanning
  • Objective
  • Bulk target assessment and identification of
    listing services focuses the attackers attention
    on the most promising avenues of entry
  • Techniques
  • Ping sweep
  • TCP/UDP port scan
  • OS Detection

36
Enumeration
  • Objective
  • More intrusive probing now begins as attackers
    begin identifying valid user accounts or poorly
    protected resource shares
  • Techniques
  • List user accounts
  • List file shares
  • Identify applications

37
Gaining Access
  • Objective
  • Enough data has been gathered at this point to
    make an informed attempt to access the target
  • Techniques
  • Password eavesdropping
  • File share brute forcing
  • Password file grab
  • Buffer overflows

38
Pilfering
  • Objective
  • The information gathering process begins again
    to identify mechanisms to gain access to trusted
    systems
  • Techniques
  • Elevate trusts
  • Search for clearnet passwords

39
Covering Tracks
  • Objective
  • Once total ownership of the target is secured,
    hiding this fact from system administrators
    becomes paramount, lest they quickly end the romp
  • Techniques
  • Clear logs
  • Hide tools

40
Creating Back Doors
  • Objective
  • Trap doors will be laid in various parts of the
    system to ensure that privileged access is easily
    regained at the whim of the intruder
  • Techniques
  • Create rogue user accounts
  • Schedule batch jobs
  • Infect startup files
  • Plant remote control services
  • Install monitoring mechanisms
  • Replace apps with Trojans

41
Denial of Service
  • Objective
  • If an attacker is unsuccessful in gaining
    access, they may use readily available exploit
    code to disable a target as a last resort
  • Techniques
  • SYN flood
  • ICMP techniques
  • Identical SYN requests
  • Overlapping fragment/offset bugs
  • Out of bounds TCP options (OOB)
  • DDoS

42
Finally
  • There is always more to learn like Evading IDS,
    Firewalls, Honey pots,Buffer Overflows,
    Cryptography, Sniffers and protective measures to
    be taken to defend against all these. But its
    time for me to leave you on your own and take up
    the responsibility and learn it up yourself if
    your are passionate enough to pursue all this.

43
Thank You
  • Questions??

43
44
Bibliography / Links
  • 0A Brief History of Hackerdom -
    http//catb.org/esr/writings/hacker-history/hacke
    r-history.html
  • 1 "Spyware" Definition - BlackICE Internet
    Security Systems - http//blackice.iss.net/glossar
    y.php
  • 2 "Trojan Horse" Definition
  • Texas State Library and Archives Commission -
    http//www.tsl.state.tx.us/ld/pubs/compsecurity/gl
    ossary.html
  • 3 Zeinalipour-Yazti, D. Exploiting the
    Security Weaknesses of the Gnutella Protocol,
    University of California. 
  • 4 Joshi, R. Network Security Applications,
    Merchantile Communications, CANIT Conference
    2003.
  • 5 CERT Advisory CA-1999-02 http//www.cert.org/
    advisories/CA-1999-02.html
  • 6 Spyware Guide http//www.spyware-guide.com
  • 7 Trojan Horses - http//www.mpsmits.com/highlig
    hts/trojan_horses.shtml
  • 8 Trojan Horse - Back Orifice -
    http//www.nwinternet.com/pchelp/bo/bo.html
  • 9 NetBus - http//www.nwinternet.com/pchelp/nb/
    netbus.htm
  • 10 BBC News - http//news.bbc.co.uk/1/hi/technol
    ogy/3153229.stm
  • 11 Wired News Judge takes bite out of Gator
    www.wired.com/news/politics/0,1283,53875,00.html
  • 12 Tracking Cookies Demonstration at
    http//www.irt.org/instant/chapter10/tracker/index
    4.htm
  • 13 BonziBuddy - http//www.bonzi.com/bonzibuddy/
    bonzibuddyfreehom.asp
  • 14 Unwanted Links (Spyware)
    http//www.unwantedlinks.com
  • 15 Andersen, R. "Security Engineering", First
    Edition, J. Wiley and Sons, 2001.
  • 16 Scacchi, W. Privacy and Other Social
    Issues, Addison-Wesley, 2003.
  • http//www.ics.uci.edu/wscacchi/Tech-EC/Security
    Privacy/Privacy.ppt
Write a Comment
User Comments (0)
About PowerShow.com