logging in or signing up Hacking-computer security-RAJA aSGuest104435 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: Embed: Flash iPad Dynamic Copy Does not support media & animations Automatically changes to Flash or non-Flash embed WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 413 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: July 12, 2011 This Presentation is Public Favorites: 2 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Computer Security: Computer Security HackersHacker: HackerHacker Terms: Hacker Terms Hacking - showing computer expertise Cracking - breaching security on software or systems Phreaking - cracking telecom networks Spoofing - faking the originating IP address in a datagram Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore Port Scanning - searching for vulnerabilitiesSlide 4: Internet has grown very fast and security has lagged behind. Legions of hackers have emerged as impedance to entering the hackers club is low. It is hard to trace the perpetrator of cyber attacks since the real identities are camouflaged It is very hard to track down people because of the ubiquity of the network. Large scale failures of internet can have a catastrophic impact on the economy which relies heavily on electronic transactions CrisisComputer Crimes: Computer Crimes Financial Fraud Credit Card Theft Identity Theft Computer specific crimes Denial-of-service Denial of access to information Viruses Melissa virus cost New Jersey man 20 months in jail Melissa caused in excess of $80 Million Intellectual Property Offenses Information theft Trafficking in pirated information Storing pirated information Compromising information Destroying informationSlide 6: Because they can A large fraction of hacker attacks have been pranks Financial Gain Espionage or spy Venting anger at a company or organization Terrorism Why do Hackers Attack?Slide 7: Active Attacks Denial of Service Breaking into a site Intelligence Gathering Resource Usage Deception Passive Attacks Sniffing Passwords Network Traffic Sensitive Information Information Gathering Types of Hacker AttackSlide 8: Over the Internet Over LAN Locally Offline Theft Modes of Hacker AttackSlide 9: Definition: An attacker alters his identity so that some one thinks he is some one else Email, User ID, IP Address, … Attacker exploits trust relation between user and networked machines to gain access to machines Types of Spoofing: IP Spoofing: Email Spoofing Web Spoofing SpoofingSlide 10: Definition: Attacker uses IP address of another computer to acquire information or gain access IP Spoofing – Flying-Blind Attack Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 Attacker changes his own IP address to spoofed address Attacker can send messages to a machine masquerading as spoofed machine Attacker can not receive messages from that machineSlide 11: Definition: Attacker sends messages masquerading as some one else What can be the repercussions? Types of Email Spoofing: Create an account with similar email address Sanjaygoel@yahoo.com: A message from this account can perplex the students Modify a mail client Attacker can put in any return address he wants to in the mail he sends Telnet to port 25 Most mail servers use port 25 for SMTP. Attacker logs on to this port and composes a message for the user. Email SpoofingSlide 12: Basic Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.com Man-in-the-Middle Attack Attacker acts as a proxy between the web server and the client Attacker has to compromise the router or a node through which the relevant traffic flows URL Rewriting Attacker redirects web traffic to another site that is controlled by the attacker Attacker writes his own web site address before the legitimate link Tracking State When a user logs on to a site a persistent authentication is maintained This authentication can be stolen for masquerading as the user Web SpoofingSlide 13: Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. Types: Crashing the system or network Send the victim data or packets which will cause system to crash or reboot. Exhausting the resources by flooding the system or network with information Since all resources are exhausted others are denied access to the resources Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks Denial of Service (DOS) AttackSlide 14: Find a valid user ID Create a list of possible passwords Rank the passwords from high probability to low Type in each password If the system allows you in – success ! If not, try again, being careful not to exceed password lockout (the number of times you can guess a wrong password before the system shuts down and won’t let you try any more) Password Attacks - ProcessSlide 15: Dictionary Attack Hacker tries all words in dictionary to crack password 70% of the people use dictionary words as passwords Brute Force Attack Try all permutations of the letters & symbols in the alphabet Hybrid Attack Words from dictionary and their variations used in attack Social Engineering People write passwords in different places People disclose passwords naively to others Shoulder Surfing Hackers slyly watch over peoples shoulders to steal passwords Dumpster Diving People dump their trash papers in garbage which may contain information to crack passwords Password Attacks - TypesSlide 16: Computer Security is a continuous battle As computer security gets tighter hackers are getting smarter Very high stakes ConclusionsSlide 17: KNOW HACKING BUT NO HACKING You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Hacking-computer security-RAJA aSGuest104435 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: Embed: Flash iPad Dynamic Copy Does not support media & animations Automatically changes to Flash or non-Flash embed WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 413 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: July 12, 2011 This Presentation is Public Favorites: 2 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Computer Security: Computer Security HackersHacker: HackerHacker Terms: Hacker Terms Hacking - showing computer expertise Cracking - breaching security on software or systems Phreaking - cracking telecom networks Spoofing - faking the originating IP address in a datagram Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore Port Scanning - searching for vulnerabilitiesSlide 4: Internet has grown very fast and security has lagged behind. Legions of hackers have emerged as impedance to entering the hackers club is low. It is hard to trace the perpetrator of cyber attacks since the real identities are camouflaged It is very hard to track down people because of the ubiquity of the network. Large scale failures of internet can have a catastrophic impact on the economy which relies heavily on electronic transactions CrisisComputer Crimes: Computer Crimes Financial Fraud Credit Card Theft Identity Theft Computer specific crimes Denial-of-service Denial of access to information Viruses Melissa virus cost New Jersey man 20 months in jail Melissa caused in excess of $80 Million Intellectual Property Offenses Information theft Trafficking in pirated information Storing pirated information Compromising information Destroying informationSlide 6: Because they can A large fraction of hacker attacks have been pranks Financial Gain Espionage or spy Venting anger at a company or organization Terrorism Why do Hackers Attack?Slide 7: Active Attacks Denial of Service Breaking into a site Intelligence Gathering Resource Usage Deception Passive Attacks Sniffing Passwords Network Traffic Sensitive Information Information Gathering Types of Hacker AttackSlide 8: Over the Internet Over LAN Locally Offline Theft Modes of Hacker AttackSlide 9: Definition: An attacker alters his identity so that some one thinks he is some one else Email, User ID, IP Address, … Attacker exploits trust relation between user and networked machines to gain access to machines Types of Spoofing: IP Spoofing: Email Spoofing Web Spoofing SpoofingSlide 10: Definition: Attacker uses IP address of another computer to acquire information or gain access IP Spoofing – Flying-Blind Attack Replies sent back to 10.10.20.30 Spoofed Address 10.10.20.30 Attacker 10.10.50.50 John 10.10.5.5 From Address: 10.10.20.30 To Address: 10.10.5.5 Attacker changes his own IP address to spoofed address Attacker can send messages to a machine masquerading as spoofed machine Attacker can not receive messages from that machineSlide 11: Definition: Attacker sends messages masquerading as some one else What can be the repercussions? Types of Email Spoofing: Create an account with similar email address Sanjaygoel@yahoo.com: A message from this account can perplex the students Modify a mail client Attacker can put in any return address he wants to in the mail he sends Telnet to port 25 Most mail servers use port 25 for SMTP. Attacker logs on to this port and composes a message for the user. Email SpoofingSlide 12: Basic Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.com Man-in-the-Middle Attack Attacker acts as a proxy between the web server and the client Attacker has to compromise the router or a node through which the relevant traffic flows URL Rewriting Attacker redirects web traffic to another site that is controlled by the attacker Attacker writes his own web site address before the legitimate link Tracking State When a user logs on to a site a persistent authentication is maintained This authentication can be stolen for masquerading as the user Web SpoofingSlide 13: Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. Types: Crashing the system or network Send the victim data or packets which will cause system to crash or reboot. Exhausting the resources by flooding the system or network with information Since all resources are exhausted others are denied access to the resources Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks Denial of Service (DOS) AttackSlide 14: Find a valid user ID Create a list of possible passwords Rank the passwords from high probability to low Type in each password If the system allows you in – success ! If not, try again, being careful not to exceed password lockout (the number of times you can guess a wrong password before the system shuts down and won’t let you try any more) Password Attacks - ProcessSlide 15: Dictionary Attack Hacker tries all words in dictionary to crack password 70% of the people use dictionary words as passwords Brute Force Attack Try all permutations of the letters & symbols in the alphabet Hybrid Attack Words from dictionary and their variations used in attack Social Engineering People write passwords in different places People disclose passwords naively to others Shoulder Surfing Hackers slyly watch over peoples shoulders to steal passwords Dumpster Diving People dump their trash papers in garbage which may contain information to crack passwords Password Attacks - TypesSlide 16: Computer Security is a continuous battle As computer security gets tighter hackers are getting smarter Very high stakes ConclusionsSlide 17: KNOW HACKING BUT NO HACKING