SlideShare uma empresa Scribd logo

L5 understanding hacking

Transferir como PPT, PDF
Rushdi Shams
Rushdi Shams
TecnologiaNegócios
1 de 23
Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 1
 the term hacker simply referred to an adept computer user, and gurus still use the term to refer to themselves in that original sense.  when breaking into computer systems (technically known as cracking) became popular, the media used the hacker to refer only to computer criminals Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 2
 Hacking is illegal. Title 18, United States Code, Section 1030, by Congress in 1984  the perpetrator must “knowingly” commit the crime  notification that unauthorized access is illegal be posted  For a computer-related crime to become a federal crime, the attacker must be shown to have caused at least $5,000 worth of damage. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 3
 2004 CANSPAM Act specifically criminalizes the transmission of unsolicited commercial e-mail without an existing business relationship.  Before that, spamming was not a crime!  Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 4
 Because of the time it takes, there are only two serious types of hackers: › the underemployed and › those hackers being paid by someone to hack. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 5
 Hackers fall quite specifically into these categories, in order of increasing threat: › Security experts › Script kiddies › Underemployed adults › Ideological hackers › Criminal hackers › Corporate spies › Disgruntled employees Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 6
 Most security experts are capable of hacking but decline to do so for moral or economic reasons.  Computer security experts have found that there’s more money in preventing hacking than in perpetrating it  hundreds of former hackers now consult independently as security experts to medium- sized businesses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 7
 Script kiddies are students who hack  These hackers may use their own computers, or (especially at colleges) they may use the more powerful resources of the school to perpetrate their hacks.  joyride through cyberspace looking for targets of opportunity  concerned mostly with impressing their peers and not getting caught. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 8
 in most instances, you’ll never know they were there unless you have software that detects unusual activity or unless they make a mistake.  These hackers constitute about 90 percent of the total manual hacking activity on the Internet.  They use the tools produced by others,  script kiddies hack primarily to get free stuff  They share pirated software and serial numbers Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 9
 Underemployed adults are former script kiddies  either dropped out of school or failed to achieve full-time employment and family commitments  Many of the tools script kiddies use are created by these adult hackers  Adult hackers often create the “crackz” applied by other hackers to unlock commercial software.  This group also writes the majority of the software viruses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 10
 Ideological hackers are those who hack to further some political purpose.  Since the year 2000, ideological hacking has gone from just a few verified cases to an information war  They deface websites or perpetrate DoS attacks against their ideological enemies.  looking for mass media coverage of their exploits  have the implicit support of their home government Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 11
 Criminal hackers hack for revenge, to perpetrate theft, or for the sheer satisfaction of causing damage.  exceedingly rare because the intelligence required to hack usually also provides ample opportunity for the individual to find some socially acceptable means of support  little risk to institutions that do not deal in large volumes of computer-based financial transactions Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 12
 very rare because it’s extremely costly and legally very risky to employ illegal hacking tactics against competing companies  Many high technology businesses are young and naïve about security  Nearly all high-level military spy cases involve individuals who have incredible access to information but as public servants don’t make much money Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 13
 Disgruntled employees are the most dangerous —and most likely—security problem of all  Attacks range from the complex (a network administrator who spends time reading other people’s e-mail) to the simple (a frustrated clerk who takes a fire axe to your database server). Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 14
 There are only four ways for a hacker to access your network: 1. By connecting over the Internet 2. By using a computer on your network directly 3. By dialing in via a Remote Access Service (RAS) server 4. By connecting via a nonsecure wireless network Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 15
 Solving the direct intrusion problem is easy:  Employ strong physical security at your premises  treat any cable or connection that leaves the building as a security concern.  putting firewalls between your WAN links and your internal network or behind wireless links Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 16
 Put your RAS servers outside your firewall in the public security zone,  force legitimate users to authenticate with your firewall first to gain access to private network resources.  Allow no device to answer a telephone line behind your firewall. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 17
 802.11b came with a much-touted built-in encryption scheme called the Wired-Equivalent Privacy (WEP) that promised to allow secure networking with the same security as wired networks have.  It sounded great.  Too bad it took less than 11 hours for security experts to hack it Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 18
 newer 128-bit WEP service is more secure, but it should still not be considered actually equivalent to wired security Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 19
 Target selection  Information gathering  Attack Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 20
 To pass this stage, some vector of attack must be available, so the machine must have either advertised its presence or have been found through some search activity. › DNS Look-up › Network Address Scanning › Port Address Scanning › Service Scanning Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 21
› SNMP Data gathering › Architecture probes › Directory service look-up Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 22
 Phishing  Automated password guessing  Buffer overflow  MiM  Session Hijacking  Source Routing  Trojan horse  Forged e-mails  Floods Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 23

Recomendados

PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)Pace IT at Edmonds Community College
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksAman Gupta
 
Ethical Hacking & IT Security Courses in SIFS
Ethical Hacking & IT Security Courses in SIFSEthical Hacking & IT Security Courses in SIFS
Ethical Hacking & IT Security Courses in SIFSSifs India
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification courseNishaPaunikar1
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking reportAkhilesh Patel
 
Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Tech
 
Information security holistic approach-hkit
Information security holistic approach-hkitInformation security holistic approach-hkit
Information security holistic approach-hkitHK IT solutions... unlimited...
 
What is a Malware - Kloudlearn
What is a Malware - KloudlearnWhat is a Malware - Kloudlearn
What is a Malware - KloudlearnKloudLearn
 

Recomendados

PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)
PACE-IT, Security+3.2: Summary of Types of Attacks (part 2)Pace IT at Edmonds Community College
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksAman Gupta
 
Ethical Hacking & IT Security Courses in SIFS
Ethical Hacking & IT Security Courses in SIFSEthical Hacking & IT Security Courses in SIFS
Ethical Hacking & IT Security Courses in SIFSSifs India
 
Cyber security certification course
Cyber security certification courseCyber security certification course
Cyber security certification courseNishaPaunikar1
 
ethical hacking report
ethical hacking report ethical hacking report
ethical hacking reportAkhilesh Patel
 
Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Certified Cyber Security Analyst
Lucideus Certified Cyber Security Analyst Lucideus Tech
 
Information security holistic approach-hkit
Information security holistic approach-hkitInformation security holistic approach-hkit
Information security holistic approach-hkitHK IT solutions... unlimited...
 
What is a Malware - Kloudlearn
What is a Malware - KloudlearnWhat is a Malware - Kloudlearn
What is a Malware - KloudlearnKloudLearn
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Tech
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq OWASP-Qatar Chapter
 
How to analyze cyber threats
How to analyze cyber threatsHow to analyze cyber threats
How to analyze cyber threatsAkankshaPathak27
 
The top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsThe top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsCyberhunter Cyber Security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingUmang Patel
 
Cyber security and Cyber Crime
Cyber security and Cyber CrimeCyber security and Cyber Crime
Cyber security and Cyber CrimeDeepak Kumar
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
Analytical Study on Network Security Breach’s
Analytical Study on Network Security Breach’sAnalytical Study on Network Security Breach’s
Analytical Study on Network Security Breach’sijtsrd
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber securityShri ramswaroop college of engineering and management
 
Cyber crime liability report
Cyber crime liability reportCyber crime liability report
Cyber crime liability reportSayali Sawant
 
Report on Hacking
Report on HackingReport on Hacking
Report on HackingSharique Masood
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for studentsKandarp Shah
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofingijtsrd
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 
this is test for today
this is test for todaythis is test for today
this is test for todayDreamMalar
 
Security Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh NetworkSecurity Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh Networkijtsrd
 
CEH
CEHCEH
CEHObaid Ur Rehman
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?RONIKMEHRA
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityJamshidRaqi
 
L2 Intrusion Detection System (IDS)
L2 Intrusion Detection System (IDS)L2 Intrusion Detection System (IDS)
L2 Intrusion Detection System (IDS)Rushdi Shams
 
L4 vpn
L4 vpnL4 vpn
L4 vpnRushdi Shams
 

Mais conteúdo relacionado

Mais procurados

Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Tech
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq OWASP-Qatar Chapter
 
How to analyze cyber threats
How to analyze cyber threatsHow to analyze cyber threats
How to analyze cyber threatsAkankshaPathak27
 
The top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsThe top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsCyberhunter Cyber Security
 
Cyber security and Cyber Crime
Cyber security and Cyber CrimeCyber security and Cyber Crime
Cyber security and Cyber CrimeDeepak Kumar
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
Analytical Study on Network Security Breach’s
Analytical Study on Network Security Breach’sAnalytical Study on Network Security Breach’s
Analytical Study on Network Security Breach’sijtsrd
 
Cyber crime liability report
Cyber crime liability reportCyber crime liability report
Cyber crime liability reportSayali Sawant
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for studentsKandarp Shah
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofingijtsrd
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 
this is test for today
this is test for todaythis is test for today
this is test for todayDreamMalar
 
Security Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh NetworkSecurity Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh Networkijtsrd
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?RONIKMEHRA
 

Mais procurados (20)

Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
 
Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Company Profile 2014
Lucideus Company Profile 2014
 
Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq Implementing a comprehensive application security progaram - Tawfiq
Implementing a comprehensive application security progaram - Tawfiq
 
How to analyze cyber threats
How to analyze cyber threatsHow to analyze cyber threats
How to analyze cyber threats
 
The top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutionsThe top 5 basics fundamentals of network security cyberhunter solutions
The top 5 basics fundamentals of network security cyberhunter solutions
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber security and Cyber Crime
Cyber security and Cyber CrimeCyber security and Cyber Crime
Cyber security and Cyber Crime
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - Kloudlearn
 
Analytical Study on Network Security Breach’s
Analytical Study on Network Security Breach’sAnalytical Study on Network Security Breach’s
Analytical Study on Network Security Breach’s
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber security
 
Cyber crime liability report
Cyber crime liability reportCyber crime liability report
Cyber crime liability report
 
Report on Hacking
Report on HackingReport on Hacking
Report on Hacking
 
Cyber security awareness for students
Cyber security awareness for studentsCyber security awareness for students
Cyber security awareness for students
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofing
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security
 
this is test for today
this is test for todaythis is test for today
this is test for today
 
Security Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh NetworkSecurity Technique and Congestion Avoidance in Mesh Network
Security Technique and Congestion Avoidance in Mesh Network
 
CEH
CEHCEH
CEH
 
CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?CYBERSECURITY | Why it is important?
CYBERSECURITY | Why it is important?
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 

Destaque

L2 Intrusion Detection System (IDS)
L2 Intrusion Detection System (IDS)L2 Intrusion Detection System (IDS)
L2 Intrusion Detection System (IDS)Rushdi Shams
 
L1 l2 l3 introduction to machine translation
L1 l2 l3 introduction to machine translationL1 l2 l3 introduction to machine translation
L1 l2 l3 introduction to machine translationRushdi Shams
 
Semi-supervised classification for natural language processing
Semi-supervised classification for natural language processingSemi-supervised classification for natural language processing
Semi-supervised classification for natural language processingRushdi Shams
 
Probabilistic logic
Probabilistic logicProbabilistic logic
Probabilistic logicRushdi Shams
 
Knowledge structure
Knowledge structureKnowledge structure
Knowledge structureRushdi Shams
 
Knowledge representation
Knowledge representationKnowledge representation
Knowledge representationRushdi Shams
 
Propositional logic
Propositional logicPropositional logic
Propositional logicRushdi Shams
 
Syntax and semantics
Syntax and semanticsSyntax and semantics
Syntax and semanticsRushdi Shams
 
Natural Language Processing: Parsing
Natural Language Processing: ParsingNatural Language Processing: Parsing
Natural Language Processing: ParsingRushdi Shams
 
Types of machine translation
Types of machine translationTypes of machine translation
Types of machine translationRushdi Shams
 
Propositional And First-Order Logic
Propositional And First-Order LogicPropositional And First-Order Logic
Propositional And First-Order Logicankush_kumar
 

Destaque (17)

L2 Intrusion Detection System (IDS)
L2 Intrusion Detection System (IDS)L2 Intrusion Detection System (IDS)
L2 Intrusion Detection System (IDS)
 
L4 vpn
L4 vpnL4 vpn
L4 vpn
 
L1 l2 l3 introduction to machine translation
L1 l2 l3 introduction to machine translationL1 l2 l3 introduction to machine translation
L1 l2 l3 introduction to machine translation
 
Belief function
Belief functionBelief function
Belief function
 
Semi-supervised classification for natural language processing
Semi-supervised classification for natural language processingSemi-supervised classification for natural language processing
Semi-supervised classification for natural language processing
 
L1 phishing
L1 phishingL1 phishing
L1 phishing
 
L3 defense
L3 defenseL3 defense
L3 defense
 
Probabilistic logic
Probabilistic logicProbabilistic logic
Probabilistic logic
 
L15 fuzzy logic
L15 fuzzy logicL15 fuzzy logic
L15 fuzzy logic
 
Knowledge structure
Knowledge structureKnowledge structure
Knowledge structure
 
Knowledge representation
Knowledge representationKnowledge representation
Knowledge representation
 
Propositional logic
Propositional logicPropositional logic
Propositional logic
 
Syntax and semantics
Syntax and semanticsSyntax and semantics
Syntax and semantics
 
Natural Language Processing: Parsing
Natural Language Processing: ParsingNatural Language Processing: Parsing
Natural Language Processing: Parsing
 
First order logic
First order logicFirst order logic
First order logic
 
Types of machine translation
Types of machine translationTypes of machine translation
Types of machine translation
 
Propositional And First-Order Logic
Propositional And First-Order LogicPropositional And First-Order Logic
Propositional And First-Order Logic
 

Semelhante a L5 understanding hacking

Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptxBWUBTS19022
 
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...PavanKumarSurala
 
ICT Form 4: Hacking
ICT Form 4: HackingICT Form 4: Hacking
ICT Form 4: HackingQhaiyum Shah
 
The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking - Mark - Fullbright
 
Ethi mini1 - ethical hacking
Ethi mini1 - ethical hackingEthi mini1 - ethical hacking
Ethi mini1 - ethical hackingBeing Uniq Sonu
 
The Secret Of Hacking Trial Pages
The Secret Of Hacking Trial PagesThe Secret Of Hacking Trial Pages
The Secret Of Hacking Trial Pagesleoimpact
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityPriyanshu Ratnakar
 
Cyber Security Method (Deep - Dig) & challenge's ppt by G S Shaktawat
Cyber Security Method (Deep - Dig) & challenge's ppt by G S ShaktawatCyber Security Method (Deep - Dig) & challenge's ppt by G S Shaktawat
Cyber Security Method (Deep - Dig) & challenge's ppt by G S ShaktawatG.S Shaktawat
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxasharshaikh8
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingijtsrd
 
What Is Denial Of Service Attack
What Is Denial Of Service AttackWhat Is Denial Of Service Attack
What Is Denial Of Service AttackStephanie Williams
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)Shivam Sahu
 

Semelhante a L5 understanding hacking (20)

Hacking
HackingHacking
Hacking
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testing
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
 
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...
Hacking_ The Ultimate Hacking for Beginners_ How to Hack_ Hacking Intelligenc...
 
ICT Form 4: Hacking
ICT Form 4: HackingICT Form 4: Hacking
ICT Form 4: Hacking
 
The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking The Basics of Protecting Against Computer Hacking
The Basics of Protecting Against Computer Hacking
 
Ethi mini1 - ethical hacking
Ethi mini1 - ethical hackingEthi mini1 - ethical hacking
Ethi mini1 - ethical hacking
 
The Secret Of Hacking Trial Pages
The Secret Of Hacking Trial PagesThe Secret Of Hacking Trial Pages
The Secret Of Hacking Trial Pages
 
It
ItIt
It
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber Security Method (Deep - Dig) & challenge's ppt by G S Shaktawat
Cyber Security Method (Deep - Dig) & challenge's ppt by G S ShaktawatCyber Security Method (Deep - Dig) & challenge's ppt by G S Shaktawat
Cyber Security Method (Deep - Dig) & challenge's ppt by G S Shaktawat
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptx
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Β. Hucking
Β. Hucking Β. Hucking
Β. Hucking
 
CYBER SECUIRTY PRESENTATION.pptx
CYBER SECUIRTY PRESENTATION.pptxCYBER SECUIRTY PRESENTATION.pptx
CYBER SECUIRTY PRESENTATION.pptx
 
What Is Denial Of Service Attack
What Is Denial Of Service AttackWhat Is Denial Of Service Attack
What Is Denial Of Service Attack
 
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)PowerPoint Presentation On Ethical Hacking in Brief (Simple)
PowerPoint Presentation On Ethical Hacking in Brief (Simple)
 

Mais de Rushdi Shams

Research Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchResearch Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchRushdi Shams
 
Common evaluation measures in NLP and IR
Common evaluation measures in NLP and IRCommon evaluation measures in NLP and IR
Common evaluation measures in NLP and IRRushdi Shams
 
Machine learning with nlp 101
Machine learning with nlp 101Machine learning with nlp 101
Machine learning with nlp 101Rushdi Shams
 
L2 l3 l4 software process models
L2 l3 l4 software process modelsL2 l3 l4 software process models
L2 l3 l4 software process modelsRushdi Shams
 
L1 overview of software engineering
L1 overview of software engineeringL1 overview of software engineering
L1 overview of software engineeringRushdi Shams
 
L13 why software fails
L13 why software failsL13 why software fails
L13 why software failsRushdi Shams
 
Lecture 14,15 and 16 file systems
Lecture 14,15 and 16 file systemsLecture 14,15 and 16 file systems
Lecture 14,15 and 16 file systemsRushdi Shams
 
Lecture 11,12 and 13 deadlocks
Lecture 11,12 and 13 deadlocksLecture 11,12 and 13 deadlocks
Lecture 11,12 and 13 deadlocksRushdi Shams
 
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating SystemsLecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating SystemsRushdi Shams
 
Lecture 5, 6 and 7 cpu scheduling
Lecture 5, 6 and 7 cpu schedulingLecture 5, 6 and 7 cpu scheduling
Lecture 5, 6 and 7 cpu schedulingRushdi Shams
 
Lecture 1 and 2 processes
Lecture 1 and 2 processesLecture 1 and 2 processes
Lecture 1 and 2 processesRushdi Shams
 
Lecture 3 and 4 threads
Lecture 3 and 4 threadsLecture 3 and 4 threads
Lecture 3 and 4 threadsRushdi Shams
 
Distributed Database Management Systems (Distributed DBMS)
Distributed Database Management Systems (Distributed DBMS)Distributed Database Management Systems (Distributed DBMS)
Distributed Database Management Systems (Distributed DBMS)Rushdi Shams
 
My slide relational algebra
My slide relational algebraMy slide relational algebra
My slide relational algebraRushdi Shams
 

Mais de Rushdi Shams (14)

Research Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchResearch Methodology and Tips on Better Research
Research Methodology and Tips on Better Research
 
Common evaluation measures in NLP and IR
Common evaluation measures in NLP and IRCommon evaluation measures in NLP and IR
Common evaluation measures in NLP and IR
 
Machine learning with nlp 101
Machine learning with nlp 101Machine learning with nlp 101
Machine learning with nlp 101
 
L2 l3 l4 software process models
L2 l3 l4 software process modelsL2 l3 l4 software process models
L2 l3 l4 software process models
 
L1 overview of software engineering
L1 overview of software engineeringL1 overview of software engineering
L1 overview of software engineering
 
L13 why software fails
L13 why software failsL13 why software fails
L13 why software fails
 
Lecture 14,15 and 16 file systems
Lecture 14,15 and 16 file systemsLecture 14,15 and 16 file systems
Lecture 14,15 and 16 file systems
 
Lecture 11,12 and 13 deadlocks
Lecture 11,12 and 13 deadlocksLecture 11,12 and 13 deadlocks
Lecture 11,12 and 13 deadlocks
 
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating SystemsLecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
Lecture 7, 8, 9 and 10 Inter Process Communication (IPC) in Operating Systems
 
Lecture 5, 6 and 7 cpu scheduling
Lecture 5, 6 and 7 cpu schedulingLecture 5, 6 and 7 cpu scheduling
Lecture 5, 6 and 7 cpu scheduling
 
Lecture 1 and 2 processes
Lecture 1 and 2 processesLecture 1 and 2 processes
Lecture 1 and 2 processes
 
Lecture 3 and 4 threads
Lecture 3 and 4 threadsLecture 3 and 4 threads
Lecture 3 and 4 threads
 
Distributed Database Management Systems (Distributed DBMS)
Distributed Database Management Systems (Distributed DBMS)Distributed Database Management Systems (Distributed DBMS)
Distributed Database Management Systems (Distributed DBMS)
 
My slide relational algebra
My slide relational algebraMy slide relational algebra
My slide relational algebra
 

Último

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

L5 understanding hacking

  • 1. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 1
  • 2.  the term hacker simply referred to an adept computer user, and gurus still use the term to refer to themselves in that original sense.  when breaking into computer systems (technically known as cracking) became popular, the media used the hacker to refer only to computer criminals Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 2
  • 3.  Hacking is illegal. Title 18, United States Code, Section 1030, by Congress in 1984  the perpetrator must “knowingly” commit the crime  notification that unauthorized access is illegal be posted  For a computer-related crime to become a federal crime, the attacker must be shown to have caused at least $5,000 worth of damage. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 3
  • 4.  2004 CANSPAM Act specifically criminalizes the transmission of unsolicited commercial e-mail without an existing business relationship.  Before that, spamming was not a crime!  Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 4
  • 5.  Because of the time it takes, there are only two serious types of hackers: › the underemployed and › those hackers being paid by someone to hack. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 5
  • 6.  Hackers fall quite specifically into these categories, in order of increasing threat: › Security experts › Script kiddies › Underemployed adults › Ideological hackers › Criminal hackers › Corporate spies › Disgruntled employees Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 6
  • 7.  Most security experts are capable of hacking but decline to do so for moral or economic reasons.  Computer security experts have found that there’s more money in preventing hacking than in perpetrating it  hundreds of former hackers now consult independently as security experts to medium- sized businesses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 7
  • 8.  Script kiddies are students who hack  These hackers may use their own computers, or (especially at colleges) they may use the more powerful resources of the school to perpetrate their hacks.  joyride through cyberspace looking for targets of opportunity  concerned mostly with impressing their peers and not getting caught. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 8
  • 9.  in most instances, you’ll never know they were there unless you have software that detects unusual activity or unless they make a mistake.  These hackers constitute about 90 percent of the total manual hacking activity on the Internet.  They use the tools produced by others,  script kiddies hack primarily to get free stuff  They share pirated software and serial numbers Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 9
  • 10.  Underemployed adults are former script kiddies  either dropped out of school or failed to achieve full-time employment and family commitments  Many of the tools script kiddies use are created by these adult hackers  Adult hackers often create the “crackz” applied by other hackers to unlock commercial software.  This group also writes the majority of the software viruses. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 10
  • 11.  Ideological hackers are those who hack to further some political purpose.  Since the year 2000, ideological hacking has gone from just a few verified cases to an information war  They deface websites or perpetrate DoS attacks against their ideological enemies.  looking for mass media coverage of their exploits  have the implicit support of their home government Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 11
  • 12.  Criminal hackers hack for revenge, to perpetrate theft, or for the sheer satisfaction of causing damage.  exceedingly rare because the intelligence required to hack usually also provides ample opportunity for the individual to find some socially acceptable means of support  little risk to institutions that do not deal in large volumes of computer-based financial transactions Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 12
  • 13.  very rare because it’s extremely costly and legally very risky to employ illegal hacking tactics against competing companies  Many high technology businesses are young and naïve about security  Nearly all high-level military spy cases involve individuals who have incredible access to information but as public servants don’t make much money Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 13
  • 14.  Disgruntled employees are the most dangerous —and most likely—security problem of all  Attacks range from the complex (a network administrator who spends time reading other people’s e-mail) to the simple (a frustrated clerk who takes a fire axe to your database server). Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 14
  • 15.  There are only four ways for a hacker to access your network: 1. By connecting over the Internet 2. By using a computer on your network directly 3. By dialing in via a Remote Access Service (RAS) server 4. By connecting via a nonsecure wireless network Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 15
  • 16.  Solving the direct intrusion problem is easy:  Employ strong physical security at your premises  treat any cable or connection that leaves the building as a security concern.  putting firewalls between your WAN links and your internal network or behind wireless links Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 16
  • 17.  Put your RAS servers outside your firewall in the public security zone,  force legitimate users to authenticate with your firewall first to gain access to private network resources.  Allow no device to answer a telephone line behind your firewall. Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 17
  • 18.  802.11b came with a much-touted built-in encryption scheme called the Wired-Equivalent Privacy (WEP) that promised to allow secure networking with the same security as wired networks have.  It sounded great.  Too bad it took less than 11 hours for security experts to hack it Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 18
  • 19.  newer 128-bit WEP service is more secure, but it should still not be considered actually equivalent to wired security Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 19
  • 20.  Target selection  Information gathering  Attack Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 20
  • 21.  To pass this stage, some vector of attack must be available, so the machine must have either advertised its presence or have been found through some search activity. › DNS Look-up › Network Address Scanning › Port Address Scanning › Service Scanning Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 21
  • 22. › SNMP Data gathering › Architecture probes › Directory service look-up Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 22
  • 23.  Phishing  Automated password guessing  Buffer overflow  MiM  Session Hijacking  Source Routing  Trojan horse  Forged e-mails  Floods Rushdi Shams, Lecturer, Dept of CSE, KUET, Bangladesh 23