KEMBAR78
Ethical Hacking - Introduction to Computer Security | PPT
VE
Uploaded byVibrant Event
PPT, PDF185 views

Ethical Hacking - Introduction to Computer Security

The document provides an overview of computer security, highlighting significant historical breaches and the various forms of cyber attacks, including phishing, viruses, and social engineering. It emphasizes the need for awareness and protective measures such as cryptography and safe computing practices, while also explaining fundamental security goals such as integrity, confidentiality, and reliability. Overall, it stresses that complete computer security is unattainable and that users must actively engage in safeguarding their information.

Download to read offline
Introduction To Computer SecurityIntroduction To Computer Security • By :- Vibrant Technologies & Computers
• In 1983, Kevin Mitnick did an intrusion on a Pentagon’s computer • Robert Tappan Morris created the first worm and sent it from MIT to the web and caused $50,000 of damages • In 1994, Vladimir Levin intruded in an American bank computer and stole 10 millions dollars • Jonathan James “c0mrade”, 16 years old, infiltrated a NASA computer in 1999 and had access to data worth 1,7 millions dollars • Today (CSI Report, 2007): o 46% of companies have admitted to suffering financial losses due to security incidences. The reported loss amounted to a total of approximately $66,930,000. o 39% of companies have been unable (or unwilling) to estimate the cost of their losses. • Financial Losses, Personal losses, Privacy losses, Data Losses, Computer Malfunction and more….. Computer Security
Computer SecurityComputer Security • Computer and Network security was not at all well known, even about 12 years ago • Today, it is something everyone is aware of the need, but not sure what is really means • Interesting topic of threats, countermeasures, risks, stories, events and paranoia o With some mathematics, algorithms, designs and software issues mixed in o Yet, not enough people, even security specialists understand the issues and implications
Media StoriesMedia Stories • Consumers are bombarded with media reports narrating dangers of the online world o Identity Theft o Embezzlement and fraud o Credit card theft o Corporate Loss • Just “fear mongering”?
Security? What is that?Security? What is that? • Lock the doors and windows and you are secure o NOT • Call the police when you feel insecure o Really? • Computers are powerful, programmable machines o Whoever programs them controls them (and not you) • Networks are ubiquitous o Carries genuine as well as malicious traffic • End result: Complete computer security is unattainable, it is a cat and mouse game o Similar to crime vs. law enforcement
Goals of Computer SecurityGoals of Computer Security • Integrity: o Guarantee that the data is what we expect • Confidentiality o The information must just be accessible to the authorized people • Reliability o Computers should work without having unexpected problems • Authentication o Guarantee that only authorized persons can access to the resources
Security BasicsSecurity Basics • What does it mean to be secure? o “Include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy.” - The Wikipedia • Types of Security o Network Security o System and software security o Physical Security • Very little in computing is inherently secure, you must protect yourself! o Software cannot protect software (maybe hardware can) o Networks can be protected better than software
Some Types of AttacksSome Types of Attacks • What are some common attacks? o Network Attacks • Packet sniffing, man-in-the-middle, DNS hacking o Web attacks • Phishing, SQL Injection, Cross Site Scripting o OS, applications and software attacks • Virus, Trojan, Worms, Rootkits, Buffer Overflow o Social Engineering • (NOT social networking) • Not all hackers are evil wrongdoers trying to steal your info o Ethical Hackers, Consultants, Penetration testers, Researchers Need to know: Networking, Web Programming, Operating Systems, Programming languages and compilers.
Network AttacksNetwork Attacks • Packet Sniffing o Internet traffic consists of data “packets”, and these can be “sniffed” o Leads to other attacks such as password sniffing, cookie stealing session hijacking, information stealing • Man in the Middle o Insert a router in the path between client and server, and change the packets as they pass through • DNS hijacking o Insert malicious routes into DNS tables to send traffic for genuine sites to malicious sites Need to know: Networking protocols, routing, TCP-IP
Web AttacksWeb Attacks • Phishing o An evil website pretends to be a trusted website o Example: • You type, by mistake, “mibank.com” instead of “mybank.com” • mibank.com designs the site to look like mybank.com so the user types in their info as usual • BAD! Now an evil person has your info! • SQL Injection o Interesting Video showing an example • Cross Site Scripting o Writing a complex Javascript program that steals data left by other sites that you have visited in same browsing session Need to know: Web Programming, Javascript, SQL
VirusVirus • Definition o Piece of code that automatically reproduces itself. It’s attached to other programs or files, but requires user intervention to propagate. • Infection (targets/carriers) o Executable files o Boot sectors o Documents (macros), scripts (web pages), etc. • Propagation is made by the user. The mechanisms are storage elements, mails, downloaded files or shared folders Infection Propagation Payload
WormWorm • Definition o Piece of code that automatically reproduces itself over the network. It doesn’t need the user intervention to propagate (autonomous). • Infection o Via buffer overflow, file sharing, configuration errors and other vulnerabilities. • Target selection algorithm o Email addresses, DNS, IP, network neighborhood • Payload o Malicious programs o Backdoor, DDoS agent, etc. infection Propagation engine Payload Target Selection algorithm Scanning engine
Backdoor, trojan, rootkitsBackdoor, trojan, rootkits • Goal o The goal of backdoor, Trojan and rootkits is to take possession of a machine subsequently through an infection made via a backdoor. • Backdoor o A backdoor is a program placed by a black-hacker that allows him to access a system. A backdoor have many functionalities such as keyboard-sniffer, display spying, etc. • Trojan o A Trojan is a software that seems useful or benign, but is actually hiding a malicious functionality. • Rootkits (the ultimate virus) o Rootkits operate like backdoor and Trojan, but also modify existing programs in the operating system. That allows a black-hacker to control the system without being detected. A rootkit can be in user-mode or in kernel-mode.
Social EngineeringSocial Engineering
Social EngineeringSocial Engineering • Why is this social engineering? o Manipulating a person or persons into divulging confidential information • I am not dumb, so does this really apply to me? o YES! Attackers are ALSO not dumb. o Social Engineers are coming up with much better and much more elaborate schemes to attack users. o Even corporate executives can be tricked into revealing VERY secret info • What can I do to protect myself? o NEVER give out your password to ANYBODY. o Any system administrator should have the ability to change your password without having to know an old password Need to know: How to win friends (victims) and influence (scam) people (not CS).
Password AttacksPassword Attacks • Password Guessing o Ineffective except in targeted cases • Dictionary Attacks o Password are stored in computers as hashes, and these hashes can sometimes get exposed o Check all known words with the stored hashes • Rainbow Tables o Trade off storage and computation – uses a large number of pre- computed hashes without having a dictionary o Innovative algorithm, that can find passwords fast! • e.g. 14 character alphanumeric passwords are found in about 4- 10 minutes of computing using a 1GB rainbow table
Computer Security IssuesComputer Security Issues • Vulnerability is a point where a system is susceptible to attack. • A threat is a possible danger to the system. The danger might be a person (a system cracker or a spy), a thing (a faulty piece of equipment), or an event (a fire or a flood) that might exploit a vulnerability of the system. • Countermeasures are techniques for protecting your system
Vulnerabilities in SystemsVulnerabilities in Systems • How do viruses, rootkits enter a system? o Even without the user doing something “stupid” • There are vulnerabilities in most software systems. o Buffer Overflow is the most dangerous and common one • How does it work? o All programs run from memory. o Some programs allow access to reserved memory locations when given incorrect input. o Hackers find out where to place incorrect input and take control. o Easy to abuse by hackers, allows a hacker complete access to all resources
How can you achieve security?How can you achieve security? • Many techniques exist for ensuring computer and network security o Cryptography o Secure networks o Antivirus software o Firewalls • In addition, users have to practice “safe computing” o Not downloading from unsafe websites o Not opening attachments o Not trusting what you see on websites o Avoiding Scams
CryptographyCryptography • Simply – secret codes • Encryption o Converting data to unreadable codes to prevent anyone form accessing this information o Need a “key” to find the original data – keys take a few million- trillion years to guess • Public keys o An ingenious system of proving you know your password without disclosing your password. Also used for digital signatures o Used heavily in SSL connections • Hashing o Creating fingerprints of documents
Cryptographic ProtocolsCryptographic Protocols Symmetric encryption Authentication Asymmetric encryption Public Key Infrastructure
Why Care?Why Care? • Online banking, trading, purchasing may be insecure o Credit card and identity theft • Personal files could be corrupted o All school work, music, videos, etc. may be lost • Computer may become too slow to run o If you aren't part of the solution you are part of the problem • Pwn2Own contest - 2008 o Mac (Leopard) fell first via Safari, Vista took time but was hacked via Flash Player, Ubuntu stood ground. • Upon discovery, vulnerabilities can be used against many computers connected to the internet.
ThankThank You !!!You !!! For More Information click below link: Follow Us on: http://vibranttechnologies.co.in/ethical-hacking-classes-in- mumbai.html

More Related Content

PPT
Computer Security
byGreater Noida Institute Of Technology
 
PPT
All about Hacking
byMadhusudhan G
 
PPTX
Hacking (cs192 report )
byElipeta Sotabento
 
PPTX
Hacking and Types of Hacker.
byCoder Tech
 
PPTX
Ethical Hacking
byLalit Kumar
 
PPTX
Ethical hacking
byVipinYadav257
 
PDF
ISACA Ethical Hacking Presentation 10/2011
byXavier Mertens
 
PPT
Introduction to hackers
byHarsh Sharma
 
Computer Security
byGreater Noida Institute Of Technology
 
All about Hacking
byMadhusudhan G
 
Hacking (cs192 report )
byElipeta Sotabento
 
Hacking and Types of Hacker.
byCoder Tech
 
Ethical Hacking
byLalit Kumar
 
Ethical hacking
byVipinYadav257
 
ISACA Ethical Hacking Presentation 10/2011
byXavier Mertens
 
Introduction to hackers
byHarsh Sharma
 

What's hot

PPTX
Ethical Hacking
byRohit Trimukhe
 
PPT
Threats
bysbmiller87
 
PDF
CNIT 123 Ch 1: Ethical Hacking Overview
bySam Bowne
 
PPTX
Computer Hacking - An Introduction
byJayaseelan Vejayon
 
PDF
Bar Camp 11 Oct09 Hacking
byBarcamp Kerala
 
PPT
Hacking
byDianna Marie Manalo
 
PDF
Security in computer systems fundamentals
byManesh T
 
PDF
Ch 3: Network and Computer Attacks
bySam Bowne
 
PPT
Ethical hacking
byshinigami-99
 
PPTX
Session Slide
byMuralidharan Radhakrishnan
 
PPT
Hacking
byPurohit Rock
 
PPTX
Trends in electronic crimes and its impact on businesses like yours
byMotherGuardians
 
PPT
Basic security concepts_chapter_1
byabdifatah said
 
PDF
Certified Ethical Hacking - Book Summary
byudemy course
 
PPT
Ethical Hacking
byMukul Agarwal
 
PPTX
Corporate Intelligence: Bridging the security and intelligence community
byantitree
 
PPT
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
byyaminohime
 
PPTX
Cyber crimeppt1-samweg1 (1)
bySamwed Jain
 
PPTX
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
byEric Vanderburg
 
Ethical Hacking
byRohit Trimukhe
 
Threats
bysbmiller87
 
CNIT 123 Ch 1: Ethical Hacking Overview
bySam Bowne
 
Computer Hacking - An Introduction
byJayaseelan Vejayon
 
Bar Camp 11 Oct09 Hacking
byBarcamp Kerala
 
Hacking
byDianna Marie Manalo
 
Security in computer systems fundamentals
byManesh T
 
Ch 3: Network and Computer Attacks
bySam Bowne
 
Ethical hacking
byshinigami-99
 
Session Slide
byMuralidharan Radhakrishnan
 
Hacking
byPurohit Rock
 
Trends in electronic crimes and its impact on businesses like yours
byMotherGuardians
 
Basic security concepts_chapter_1
byabdifatah said
 
Certified Ethical Hacking - Book Summary
byudemy course
 
Ethical Hacking
byMukul Agarwal
 
Corporate Intelligence: Bridging the security and intelligence community
byantitree
 
Understanding Computers: Today and Tomorrow, 13th Edition Chapter 9 - Network...
byyaminohime
 
Cyber crimeppt1-samweg1 (1)
bySamwed Jain
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
byEric Vanderburg
 

Viewers also liked

PDF
SolidWorks Training Schedule
byRetouchreform™
 
PDF
AutoCAD Training Syllabus
byRetouchreform™
 
PPT
Introduction to computer security syllabus
byAyebazibwe Kenneth
 
PPT
Photoshop davhraga
byFLux YT
 
DOC
Ч. Ундрам - Байгууллагын өөрчлөлтийн менежмент
bybatnasanb
 
PDF
Masters of SlideShare
byKapost
 
PDF
STOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
byEmpowered Presentations
 
PDF
How To Get More From SlideShare - Super-Simple Tips For Content Marketing
byContent Marketing Institute
 
SolidWorks Training Schedule
byRetouchreform™
 
AutoCAD Training Syllabus
byRetouchreform™
 
Introduction to computer security syllabus
byAyebazibwe Kenneth
 
Photoshop davhraga
byFLux YT
 
Ч. Ундрам - Байгууллагын өөрчлөлтийн менежмент
bybatnasanb
 
Masters of SlideShare
byKapost
 
STOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
byEmpowered Presentations
 
How To Get More From SlideShare - Super-Simple Tips For Content Marketing
byContent Marketing Institute
 

Similar to Ethical Hacking - Introduction to Computer Security

PPT
Security for database administrator to enhance security
byssuser20fcbe
 
PPT
System-Security-acit-Institute
byACIT Education Pvt Ltd
 
PPT
Security issues in the wireless networks.ppt
byAvinashAvuthu2
 
PPTX
Awareness Security 123.pptx
byRajuSingh730938
 
PPTX
USG_Security_Awareness_Primer.pptx
bysumita02
 
PPTX
USG_Security_Awareness_Primer (1).pptx
byssuser59e4b8
 
PPTX
USG_Security_Awareness_Primer.pptx
byBilmyRikas
 
PPTX
Ethical hacking ppt
byNitesh Dubey
 
PPTX
AN INTRODUCTION TO COMPUTER SECURITY TECHNIQUES.pptx
byolisahchristopher
 
PDF
E Commerce security
byMayank Kashyap
 
PPTX
Network security and viruses
byAamlan Saswat Mishra
 
PPTX
Security in web based attacks and application.pptx
byumanggargcse
 
PPTX
Computer Security Presentation
byPraphullaShrestha1
 
PDF
Information & cyber security, Winter training ,bsnl. online
bySumanPramanik7
 
PDF
Information cyber security
bySumanPramanik7
 
PPTX
BCE L-3omputer security Basics.pptx
byKirti Verma
 
PPTX
Computer security
bysruthiKrishnaG
 
PPTX
Cyber security
bySabir Raja
 
PPT
L N Yadav Cyber SECURITY.ppt
bylowlesh1
 
PPT
L N Yadav Cyber SECURITY2.ppt
bylowlesh1
 
Security for database administrator to enhance security
byssuser20fcbe
 
System-Security-acit-Institute
byACIT Education Pvt Ltd
 
Security issues in the wireless networks.ppt
byAvinashAvuthu2
 
Awareness Security 123.pptx
byRajuSingh730938
 
USG_Security_Awareness_Primer.pptx
bysumita02
 
USG_Security_Awareness_Primer (1).pptx
byssuser59e4b8
 
USG_Security_Awareness_Primer.pptx
byBilmyRikas
 
Ethical hacking ppt
byNitesh Dubey
 
AN INTRODUCTION TO COMPUTER SECURITY TECHNIQUES.pptx
byolisahchristopher
 
E Commerce security
byMayank Kashyap
 
Network security and viruses
byAamlan Saswat Mishra
 
Security in web based attacks and application.pptx
byumanggargcse
 
Computer Security Presentation
byPraphullaShrestha1
 
Information & cyber security, Winter training ,bsnl. online
bySumanPramanik7
 
Information cyber security
bySumanPramanik7
 
BCE L-3omputer security Basics.pptx
byKirti Verma
 
Computer security
bysruthiKrishnaG
 
Cyber security
bySabir Raja
 
L N Yadav Cyber SECURITY.ppt
bylowlesh1
 
L N Yadav Cyber SECURITY2.ppt
bylowlesh1
 

Recently uploaded

PDF
Using Copilot with Microsoft Office Apps
byDeb Walther
 
PDF
Dragino商品カタログ 2025.7 LoRaWAN・NB-IoT・LTE-M(LTE Cat.M1)対応センサーリスト
byCRI Japan, Inc.
 
PDF
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
PDF
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
PPTX
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
PDF
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
PDF
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
PDF
Data Structure - 12 Graph
byAndiNurkholis1
 
PDF
The Journey Is The Reward - Apple Maps Travel Companion
byJohn Andrews
 
PDF
Beyond Generative AI: Creating Demand for Compute in the 2030s
byReidar Wasenius
 
PPTX
Session 5 - Specialized AI Associate Series: Build a Document Understanding ...
byDianaGray10
 
PDF
AGV PROTOCOL BRAND KIT COMPLETE VIEW.pdf
byfagbolade
 
PDF
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
PDF
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
PDF
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
PPTX
"Daily workflows with Cursor IDE", Maksym Anisimov
byFwdays
 
PPTX
UiPath Automation Suite Installation (Hands-On) [2/3]
bysuhanisingh58689
 
PPTX
WUG-DMV: Workfront Wizards: Tips & Tricks Exchange (Sept 2025)
byWUG-DC MARYLAND VIRGINIA
 
Using Copilot with Microsoft Office Apps
byDeb Walther
 
Dragino商品カタログ 2025.7 LoRaWAN・NB-IoT・LTE-M(LTE Cat.M1)対応センサーリスト
byCRI Japan, Inc.
 
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
From Data Chaos to Copilot Confidence: A Step-by-Step Microsoft 365 Copilot R...
byNikki Chapple
 
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
NDP Act GAID Simplified: From Confusion to Compliance
byMuiz Adeleke
 
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
Data Structure - 12 Graph
byAndiNurkholis1
 
The Journey Is The Reward - Apple Maps Travel Companion
byJohn Andrews
 
Beyond Generative AI: Creating Demand for Compute in the 2030s
byReidar Wasenius
 
Session 5 - Specialized AI Associate Series: Build a Document Understanding ...
byDianaGray10
 
AGV PROTOCOL BRAND KIT COMPLETE VIEW.pdf
byfagbolade
 
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
"Daily workflows with Cursor IDE", Maksym Anisimov
byFwdays
 
UiPath Automation Suite Installation (Hands-On) [2/3]
bysuhanisingh58689
 
WUG-DMV: Workfront Wizards: Tips & Tricks Exchange (Sept 2025)
byWUG-DC MARYLAND VIRGINIA
 

Ethical Hacking - Introduction to Computer Security

  • 2.
    Introduction To ComputerSecurityIntroduction To Computer Security • By :- Vibrant Technologies & Computers
  • 3.
    • In 1983,Kevin Mitnick did an intrusion on a Pentagon’s computer • Robert Tappan Morris created the first worm and sent it from MIT to the web and caused $50,000 of damages • In 1994, Vladimir Levin intruded in an American bank computer and stole 10 millions dollars • Jonathan James “c0mrade”, 16 years old, infiltrated a NASA computer in 1999 and had access to data worth 1,7 millions dollars • Today (CSI Report, 2007): o 46% of companies have admitted to suffering financial losses due to security incidences. The reported loss amounted to a total of approximately $66,930,000. o 39% of companies have been unable (or unwilling) to estimate the cost of their losses. • Financial Losses, Personal losses, Privacy losses, Data Losses, Computer Malfunction and more….. Computer Security
  • 4.
    Computer SecurityComputer Security •Computer and Network security was not at all well known, even about 12 years ago • Today, it is something everyone is aware of the need, but not sure what is really means • Interesting topic of threats, countermeasures, risks, stories, events and paranoia o With some mathematics, algorithms, designs and software issues mixed in o Yet, not enough people, even security specialists understand the issues and implications
  • 5.
    Media StoriesMedia Stories •Consumers are bombarded with media reports narrating dangers of the online world o Identity Theft o Embezzlement and fraud o Credit card theft o Corporate Loss • Just “fear mongering”?
  • 6.
    Security? What isthat?Security? What is that? • Lock the doors and windows and you are secure o NOT • Call the police when you feel insecure o Really? • Computers are powerful, programmable machines o Whoever programs them controls them (and not you) • Networks are ubiquitous o Carries genuine as well as malicious traffic • End result: Complete computer security is unattainable, it is a cat and mouse game o Similar to crime vs. law enforcement
  • 7.
    Goals of ComputerSecurityGoals of Computer Security • Integrity: o Guarantee that the data is what we expect • Confidentiality o The information must just be accessible to the authorized people • Reliability o Computers should work without having unexpected problems • Authentication o Guarantee that only authorized persons can access to the resources
  • 8.
    Security BasicsSecurity Basics •What does it mean to be secure? o “Include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy.” - The Wikipedia • Types of Security o Network Security o System and software security o Physical Security • Very little in computing is inherently secure, you must protect yourself! o Software cannot protect software (maybe hardware can) o Networks can be protected better than software
  • 9.
    Some Types ofAttacksSome Types of Attacks • What are some common attacks? o Network Attacks • Packet sniffing, man-in-the-middle, DNS hacking o Web attacks • Phishing, SQL Injection, Cross Site Scripting o OS, applications and software attacks • Virus, Trojan, Worms, Rootkits, Buffer Overflow o Social Engineering • (NOT social networking) • Not all hackers are evil wrongdoers trying to steal your info o Ethical Hackers, Consultants, Penetration testers, Researchers Need to know: Networking, Web Programming, Operating Systems, Programming languages and compilers.
  • 10.
    Network AttacksNetwork Attacks •Packet Sniffing o Internet traffic consists of data “packets”, and these can be “sniffed” o Leads to other attacks such as password sniffing, cookie stealing session hijacking, information stealing • Man in the Middle o Insert a router in the path between client and server, and change the packets as they pass through • DNS hijacking o Insert malicious routes into DNS tables to send traffic for genuine sites to malicious sites Need to know: Networking protocols, routing, TCP-IP
  • 11.
    Web AttacksWeb Attacks •Phishing o An evil website pretends to be a trusted website o Example: • You type, by mistake, “mibank.com” instead of “mybank.com” • mibank.com designs the site to look like mybank.com so the user types in their info as usual • BAD! Now an evil person has your info! • SQL Injection o Interesting Video showing an example • Cross Site Scripting o Writing a complex Javascript program that steals data left by other sites that you have visited in same browsing session Need to know: Web Programming, Javascript, SQL
  • 12.
    VirusVirus • Definition o Pieceof code that automatically reproduces itself. It’s attached to other programs or files, but requires user intervention to propagate. • Infection (targets/carriers) o Executable files o Boot sectors o Documents (macros), scripts (web pages), etc. • Propagation is made by the user. The mechanisms are storage elements, mails, downloaded files or shared folders Infection Propagation Payload
  • 13.
    WormWorm • Definition o Pieceof code that automatically reproduces itself over the network. It doesn’t need the user intervention to propagate (autonomous). • Infection o Via buffer overflow, file sharing, configuration errors and other vulnerabilities. • Target selection algorithm o Email addresses, DNS, IP, network neighborhood • Payload o Malicious programs o Backdoor, DDoS agent, etc. infection Propagation engine Payload Target Selection algorithm Scanning engine
  • 14.
    Backdoor, trojan, rootkitsBackdoor,trojan, rootkits • Goal o The goal of backdoor, Trojan and rootkits is to take possession of a machine subsequently through an infection made via a backdoor. • Backdoor o A backdoor is a program placed by a black-hacker that allows him to access a system. A backdoor have many functionalities such as keyboard-sniffer, display spying, etc. • Trojan o A Trojan is a software that seems useful or benign, but is actually hiding a malicious functionality. • Rootkits (the ultimate virus) o Rootkits operate like backdoor and Trojan, but also modify existing programs in the operating system. That allows a black-hacker to control the system without being detected. A rootkit can be in user-mode or in kernel-mode.
  • 15.
  • 16.
    Social EngineeringSocial Engineering •Why is this social engineering? o Manipulating a person or persons into divulging confidential information • I am not dumb, so does this really apply to me? o YES! Attackers are ALSO not dumb. o Social Engineers are coming up with much better and much more elaborate schemes to attack users. o Even corporate executives can be tricked into revealing VERY secret info • What can I do to protect myself? o NEVER give out your password to ANYBODY. o Any system administrator should have the ability to change your password without having to know an old password Need to know: How to win friends (victims) and influence (scam) people (not CS).
  • 17.
    Password AttacksPassword Attacks •Password Guessing o Ineffective except in targeted cases • Dictionary Attacks o Password are stored in computers as hashes, and these hashes can sometimes get exposed o Check all known words with the stored hashes • Rainbow Tables o Trade off storage and computation – uses a large number of pre- computed hashes without having a dictionary o Innovative algorithm, that can find passwords fast! • e.g. 14 character alphanumeric passwords are found in about 4- 10 minutes of computing using a 1GB rainbow table
  • 18.
    Computer Security IssuesComputerSecurity Issues • Vulnerability is a point where a system is susceptible to attack. • A threat is a possible danger to the system. The danger might be a person (a system cracker or a spy), a thing (a faulty piece of equipment), or an event (a fire or a flood) that might exploit a vulnerability of the system. • Countermeasures are techniques for protecting your system
  • 19.
    Vulnerabilities in SystemsVulnerabilitiesin Systems • How do viruses, rootkits enter a system? o Even without the user doing something “stupid” • There are vulnerabilities in most software systems. o Buffer Overflow is the most dangerous and common one • How does it work? o All programs run from memory. o Some programs allow access to reserved memory locations when given incorrect input. o Hackers find out where to place incorrect input and take control. o Easy to abuse by hackers, allows a hacker complete access to all resources
  • 20.
    How can youachieve security?How can you achieve security? • Many techniques exist for ensuring computer and network security o Cryptography o Secure networks o Antivirus software o Firewalls • In addition, users have to practice “safe computing” o Not downloading from unsafe websites o Not opening attachments o Not trusting what you see on websites o Avoiding Scams
  • 21.
    CryptographyCryptography • Simply –secret codes • Encryption o Converting data to unreadable codes to prevent anyone form accessing this information o Need a “key” to find the original data – keys take a few million- trillion years to guess • Public keys o An ingenious system of proving you know your password without disclosing your password. Also used for digital signatures o Used heavily in SSL connections • Hashing o Creating fingerprints of documents
  • 22.
    Cryptographic ProtocolsCryptographic Protocols Symmetricencryption Authentication Asymmetric encryption Public Key Infrastructure
  • 23.
    Why Care?Why Care? •Online banking, trading, purchasing may be insecure o Credit card and identity theft • Personal files could be corrupted o All school work, music, videos, etc. may be lost • Computer may become too slow to run o If you aren't part of the solution you are part of the problem • Pwn2Own contest - 2008 o Mac (Leopard) fell first via Safari, Vista took time but was hacked via Flash Player, Ubuntu stood ground. • Upon discovery, vulnerabilities can be used against many computers connected to the internet.
  • 24.
    ThankThank You !!!You!!! For More Information click below link: Follow Us on: http://vibranttechnologies.co.in/ethical-hacking-classes-in- mumbai.html

Editor's Notes

  • #8 CS = Computer Security