ICT role in 21st century education and it's challenges.
Access control attacks by Yaakub bin Idris
1. Logic Bomb
Logic bombs are typically installed by
privileged users who know what security
controls need to be circumvented in order to
go undetected until they detonate.
Piece of code that executes itself when pre-
defined conditions are met
Logic Bombs that execute on certain days
are known as Time Bombs
Code performs some “payload” not expected
by the user.
Shareware that deactivates itself are not logic
bombs.
System Scanning
A process used to collect information about a
device or network to facilitate an attack on
the system – what ports are open, what
services are running, and what system
software is being used.
By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)
4. Ethical hacking are terms that describe hacking
performed to help a company or individual identify
potential threats on the computer or network.
An ethical hacker attempts to hack their way past the
system security, finding any weak points in the
security that could be exploited by other hackers.
The organization uses what the ethical hacker finds to
improve the system security, in an effort to minimize, if
not eliminate, any potential hacker attacks.
We can describe as “HACKING WITH PERMISSION”
By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)
5. 1. Network services test: This is one of the most common types of penetration tests,
and involves finding target systems on the network, searching for openings in their
base operating systems and available network services and then exploiting them
remotely.
2. Client-side test: This kind of penetration test is intended to find vulnerabilities in
and exploit client-side software, such as web browsers, media players, document
editing programs, etc.
3. Web application test: These penetration tests look for security vulnerabilities in the
web-based applications and programs deployed and installed on the target
environment.
By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)
6. 4. Remote dial-up war dial: These penetration tests look for modems in a target
environment, and normally involve password guessing or brute forcing to login to
systems connected to discovered modems.
5. Wireless security test: These penetration tests involve discovering a target’s
physical environment to find unauthorized wireless access points or authorized
wireless access points with security weaknesses.
6. Social engineering test: This type of penetration test involves attempting to make
a user into revealing sensitive information such as a password or any other
sensitive data. These tests are often conducted over the phone, targeting selected
help desks, users or employees, evaluating processes, procedures, and user
awareness.
By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)
8. Two of the more common types of penetration test are Black Box and White Box.
1. External Testing - Black Box – It refers to a methodology when an ethical hacker
has no knowledge on the client's system under testing procedure. The goal of the
test is to simulate an external "real world" hacking or cyber warfare attack.
2. Internal Testing - White Box – It refers to a methodology when the client is giving full
IP information, network configuration, source code files and system etc., in a bid to
find weaknesses from any of the available information.
By: YAAKUB BIN IDRIS MN131051 (yaakub4@live.utm.my)