This document provides a snapshot of security concepts for wanna-be hackers. It outlines topics like security policies, types of attackers (hackers, crackers, script kiddies), types of attacks (scanning, sniffing, brute force, denial of service), and malware (viruses, worms, trojans). It also discusses physical security measures, network security including authentication and authorization, and potential losses from security breaches like data loss, financial loss, and legal action. The document concludes with references and contact information for questions.
3. Wanna be h4ck3r
● Agenda
– Security policy
– Attackers
– Type of attacks
– So am I a looser ?
– Live demo
– ؟ بعدين و طب
– كده كفاية خلص
4. Security policy
● Document describing the way computer
equipment may/may not be used
● Security policy aspects:
– Physical security
– Network security
– Authentication
– Authorization
5. Physical Security
● Ensure that nobody can access computer
hardware
– Locks on doors
– Access codes
– Signing-in of staff
– Physical protection of cabling
6. Physical Security
● Physical environment
– Uninterruptible Power Supply (UPS)
– Fire suppression system
– Air Conditioning (heat, moisture)
● Physical breakdown of computer hardware
– Spare components
– Backups (consider off-site storage)
7. Network Security
● Ensure that no unauthorized user can
access the system
– over the network
– Internet
– other WAN
– LAN
● Needs to be done for every networked
system
10. Attackers
● Hackers
– A hacker is someone who wants to satisfy
his curiosity
● Means no harm
● May cause harm accidentally
11. Attackers
● Crackers
– A cracker is someone who wants to gain
something
● Access to your system to use resources
● Access to data (e.g. credit card numbers)
● Publicity
● Revenge
12. Attackers
● Script Kiddies
– A Script Kiddie is someone who uses
hackers tools without understanding what
they do
13. Types of Attack (1)
● Scanning
– Which services are enabled
– Which software and version is used
● Sniffing
– Monitoring data (e.g. passwords) in transit
● Break-in
– Gain access to a computer, preferably as
superuser
14. Types of Attack (1)
● Brute Force
– Try every possible combination until one
works
● Man-in-the-Middle
– Act as the server to a client
– Act as a client to the server
15. Types of Attack (1)
● Denial of Service (DoS)
– Prevent legitimate users from working
– Usually done by crashing or overloading
the system or network
● Distributed Denial of Service (DDoS)
– DoS attack from many different sources
simultaneously
18. Types of Attack (2)
● Virus
– Malicious program that attaches itself to
other programs
● Worm
– Self-replicating malicious program
● Trojan Horse
– Apparently useful program with a malicious
component
19. What You Have to Lose
● Loss of resources
– Disk space
– Bandwidth
– CPU time
● Loss or alteration of data
● Loss or impairment of service
● Loss of reputation, goodwill, trust
20. What You Have to Lose
● Disclosure of personal, proprietary or
confidential
● information
● Financial loss
● Stolen credit card numbers
● Legal, criminal action against you