Abstract image of a woman sitting on books and studying on a laptop

Ch03

Download as PPT, PDF
G
gofortution

Hackers use various techniques to gain unauthorized access to computer systems and networks. Untargeted hackers perform reconnaissance like ping sweeps and stealth scans to find vulnerable systems. Targeted hackers research their target through activities like address and phone number reconnaissance, vulnerability scanning, and social engineering. Both use compromised systems and rootkits to maintain backdoor access. Common attack methods include exploiting vulnerabilities, buffer overflows, and social engineering tricks.

1 of 70
Downloaded 106 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
Lesson 3-Hacker Techniques
Overview Hacker’s motivation. Historical hacking techniques. Advanced techniques. Malicious code. Methods used by untargeted hacker. Methods used by targeted hacker.
Hacker’s Motivation The term “hacker” was originally coined for an _________ __________________________________________ A hacker currently refers to an individual who _________ ______________________________________________ Cracker is another term you might hear to refer to ________________________ who breaks into computer and computer networks
Hacker’s Motivation Originally, the most common motivation for hacking into computer systems is the The challenge motivation is usually associated with an ______________________________ An untargeted hacker is one who ____________________ ______________________________ The _________________________________________ ___________________________________________
Hacker’s Motivation Sites having _______________________ (software, money, information) are primary targets for hackers motivated by _________________________. Malicious attacks focus on ________________________ The hacker motivated by malicious intent aims at ________________________________________ The risk of a hacker being caught and convicted is ______. The potential gain from hacking is _______________.
Historical Hacking Techniques ____________________________ : When the Internet was originally created, most systems were configured to _______________________________________ given much consideration. Older versions of Network File System (NFS) used by UNIX allowed ______________________________________________________. Hackers used this open file sharing to ___________________________ _____________________________________________ NOTE: NFS is still used, is up to version 4 and has since made security much more robust.
Historical Hacking Techniques Open sharing (continued): Many operating systems were shipped out with the _________ ______________________________________________. What is the danger in this? Another vulnerability related to open sharing is __________ Rlogin allows users to access ________________________ _______________________________________ Hackers can get into a system with remote access, ___________ ____________________________________________________
Historical Hacking Techniques Weak passwords: __________________________________________________________________________________________________ A two-character password is easier to guess than an eight-character one. Easy to guess passwords allow hackers a quick entry into the system. Often through a ____________________________________ _______________________________________________
Password Supplement to text Passwords are the ________________________________________ on a system Password file stored in Directory /etc/passwd or /etc/shadow in Unix systems Password can be cracked if an attacker has gained _________________ ___________________________________________________ Or he must resort to Password Cracking – ________________________________________ ________________________________________________________
Password Supplement to text Question: If an attacker can only obtain a user-level password what kind of threat is that to your system? One way to protect passwords is to _____ ____________________________________________________________________________________________________________ even if the password files are obtained. Password cracking programs have already been made to work around a one-way hash.
Password Supplement to text Three general methods for cracking passwords ____________________________________ ____________________________________ Countermeasures- enforceable policies and filters __________________________ builds upon the dictionary method by _____________________ _____________________________________ Slight modifications of dictionary words Example: using a password of This would satisfy filters
Password Supplement to text Last of the three general methods for cracking passwords _____________________ will always recover the password- it’s just a matter of time. Most ___________________________________ ________________________________ Countermeasures- ____________________________________________ ______________________________________________________________ How feasible is that? Why would a system administrator want to use a password cracking tool?
Password Supplement to text Different password auditing programs __________________________ can be used on Unix or Windows machines Fast and configurable _______________________- can be used on Windows NT/2000/XP machines Newest version- ____________ (there is a fee for this program) Can crack using any method talked about earlier Configurable and easy to use
Password Supplement to text Example of a Strong Password Policy Password change Accounts locked All passwords must contain ______________ _________________________________ Can’t
Historical Hacking Techniques Programming flaws and social engineering: Hackers have used ________________________________ ___________________________________________________ Many shopping Websites store information entered by the buyer on a _______________________________________________ _____________________ is the use of non-technical means to gain unauthorized access to information or systems. Includes “dumpster diving”- The ______________________ are the most powerful tools used by a hacker using the social engineering technique.
Historical Hacking Techniques Buffer overflow: Buffer overflow is _______________________________________ _____________________________________________________ A hacker can exploit a buffer overflow to ______________________ _______________________________________________ Buffer overflows cause ______________________ such as allowing _______________________________________, cause another application to start, cause a change in a configuration file. Buffer overflows exist because ______________________________ ______________________________________________________ Widely used functions exist in ______________________ with buffer overflow issues
Historical Hacking Techniques Denial-of-Service (DoS): __________________ are malicious acts to deny legitimate users access to a system, network, application, or information. Most DoS attacks originate from ______________________. In a single-source DoS attack , a ____________________ ________________________________ The ________________________ are some of the single-source DoS attacks that have been identified. Ping of Death- sending of large amount of data in a ping packet
SYN flood DoS attack Solutions: ________________________________________________________ Obtain a device to ___________________ Both these solutions are not always successful in protecting systems from a SYN Flood attack.
Historical Hacking Techniques Distributed Denial-of-Service (DDoS): DDoS attacks originate from a _____________________ _____________________________________________ A Smurf attack is an example of a DDoS attack See next slide There are a number of tools available which enable a hacker to launch a DDoS attack.
Smurf DDos attack Gets all the ping responses from all members of the broadcast
Historical Hacking Techniques DDoS process using sophisticated tools: A hacker talks to a _____________________________________ _______________________________________ The ______________________________________ that have been placed on _____________________________. The slaves, also called __________ , perform the ___________ against the target system. The attacks could be comprised of UDP packets, TCP SYN flood packets or ICMP traffic See next slide for example…
Historical Hacking Techniques The architecture of DDoS attacks.
Advanced Techniques Sniffing switch networks. IP spoofing.
Sniffer suppliment Recall: A sniffer is a _____________________ __________________________________________________________________________________________ Packets could contain NOTE: sniffers can also be ___________________________ ________________________________________, but software based sniffers are far more common Sniffers were much easier to use back when they were used ________________________________ (with devices connected to a hub ) The hub would “broadcast” data to every device. Only the device with a matching MAC address would process the data. But a sniffer
Sniffing Switch Networks In a switched environment, the hacker must cause the switch to Can someone tell me how a switch works once it receives a frame? What is ARP used for?
Sniffing Switch Networks Sniffing through ARP spoofing: A sniffer may ______________________________________ ____________________________________________ The sniffer must then _____________________________ _______________________________________________ ARP spoofing is possible only on local subnets. Why would that be?
Sniffing Switch Networks Sniffing through ______________________: ________________________________________ is another way of getting the switch to redirect the traffic to the sniffer . Software is available ______________________ on Windows systems On Unix systems, the ability is Sniffing through DNS Spoofing: A sniffer responds to the sending system’s DNS requests. ______________________________________________________________________________________________________________________ DNS Spoofing is possible if the sniffer is ______________________ ______________________________________________________
Sniffing Switch Networks Sniffing by When the memory used by switches to store the mappings between MAC addresses and physical ports is full, some switches will ____________________________________________________________________________________________________ Effectively turning Sniffing requires that the hacker have a system on the ____________________________
Sniffer suppliment _____________________________ do the same things that sniffers do. Used to be that the __________________ the ____________________________________ Protocol analyzers can be Many good sniffers are Free tools are really all some incident handlers and security specialists use Downside is that you have to
Sniffer suppliment No matter what your needs, interest or budget, there is most likely at least one sniffer out there that does what you want Examples See next slide
Examples of Sniffers Windows version of TCPdump Free Windump Sniffer that decodes and prints many common protocols Analyzes only layers 3 and 4 protocols Free TCPdump Also an IDS Free Snort Decodes many specialized protocols Commercial Network Associates Sniffer Specializes in switched networks and man-in-the-middle sniffing Free Ettercap Graphical sniffer with additional analysis functions Analyzes all 7 layers of the OSI model Free Ethereal Suite of sniffing tools; including tools for sniffing switched networks Free Dsniff Comments Availability Sniffer
Details OF IP Spoofing What is Spoofing an IP address? _________________________________________________________________________________________________ ______________________________________________ enables the hacker to attempt an IP spoofing attack
IP Spoofing Details of IP spoofing Not sent back to Hacker’s machine The sequence number must be guessed and this must be done _________ ___________________________________________________________________________________
IP Spoof attack results If the attack progresses well, the hacker will have a legitimate connection to the target system He will
IP Spoofing Example Using IP spoofing in the real world First- we know the target and trusted systems have a trust relationship. The IP address of the trusted system will be allowed into the target system Second- Trusted system must be silenced (with a DoS attack) Third- Once we gain access to the target system (step 5), we can make changes- can you think of changes we can make?
Malicious Code Malicious codes include three types of programs:
Computer Viruses Computer viruses are __________________________ ______________________________________ Virus codes execute when the ___________________ _____________________________________ Malicious viruses may __________________________ _____________________________________________ Some viruses just spread themselves to other systems without performing any malicious acts.
How computer viruses spread… When on an infected computer, the virus will _____________________________ ___________________________________________________________________ More common method: read the e-mail address book of infected computer and _________________________________
Trojan Horse Programs A Trojan horse is a It is a program that looks benign but actually has a malicious purpose. _______________________________________________ _______________________________________________ Most Trojan horse programs contain a mechanism to _____ ______________________________________________ May be spread through a harmless looking business utility or game etc.
Worms A worm is a program that _______________________ _____________________________________________ CodeRed and Slapper Worm are recent examples of worms. Hybrid is the combination of two types of malicious codes into Example: Nimda- spread like a Trojan horse but then infected the system like a worm
Process of an attack Step involves ______________________ ______________________________ Done gathering info from various sources such as ____________________________ ____________ etc. (we will discuss some of these later on) Think of this step as
Process of an attack cont.. Allows attacker to focus their efforts and attention on _________________________________________ Identify Analyze acceptable risk Can use ______________ at this step best known and most flexible _________________ – used in both Windows and Unix environments Finds ports and services (such as OSs) available Uses IP packets for scanning
Process of an attack cont.. Use of nbstat NOTE: the above 3 steps are involved in
Process of an attack cont.. Through means such as _______________, __________________________ etc. ___________________ but NOT at level the hacker needs or wants to be at Will work on getting _____________________________________________________________________
Process of an attack cont.. Once in- hacker will ________________ from system administrators and other hackers Will also
Methods Used by Untargeted Hacker From the beginning of the chapter, can someone tell me what an untargeted hacker is? ____________________________________________________________________________________________________________________________________________________ What is the primary motivation of untargeted hackers?
Methods Used by Untargeted Hacker cont… Internet reconnaissance: Untargeted hackers look for ___________________________ they can find. The hacker may perform a stealth scan, sometimes in conjunction with a ping sweep. A stealth scan is _______________________________ ________________________________ (example on next slide) A ping sweep is ___________________________________ ____________________________________________
Methods Used by Untargeted Hacker cont… Stealth scanning SYN I can send a reset because I know the system is up
Methods Used by Untargeted Hacker cont… Reset scans So… Indicates the target system exists
Methods Used by Untargeted Hacker cont… Some untargeted hackers may also perform the reconnaissance in several steps. The hacker may choose a domain name and attempt to perform a zone transfer of DNS against this domain. A zone transfer _______________________________________________ __________________________________________________ From that list, the hacker may then run a tool such as Nmap to ______________________________________________ A stealth scan may be used to ___________________________, and the final list may be used for the actual attacks.
Methods Used by Untargeted Hacker cont… Telephone and wireless reconnaissance: Wardialing is a ____________________________________ _______________________________________________ Wardriving and Warchalking are methods of wireless reconnaissance (see next slide for definitions)
Methods Used by Untargeted Hacker cont… Wardriving involves driving around with a computer and a wireless network adapter for the express _________________________ _______________________________________ Warchalking means that the hacker uses ___________________ or sidewalk outside of a building to _______________________ ____________________________________________________ An untargeted hacker will use reconnaissance methods to identify systems. They will look for systems that may be vulnerable to the available exploits.
Methods Used by Untargeted Hacker cont… Use of Compromised Systems: Hackers normally place a ____________________________ ________________________________________________ The back door entries are put together in a rootkit . Hackers may close vulnerabilities they used to gain access, so that A compromised system may be used to attack other systems or for reconnaissance purposes. Example: installing a password sniffer to capture password for
Rootkit A type of A _______________________________ ___________________________________________________________________________ Process: User level access is obtained by a vulnerability or cracking a password Rootkit installed User passwords and id’s obtained Today, rootkits are _______________________ on a network
Methods Used by Targeted Hacker A targeted hacker ________________________________ ___________________________________________ A targeted hacker is motivated by a desire to ___________ _____________________________________________ The skill level of targeted hackers tends to be higher than that of untargeted hackers.
Methods Used by Targeted Hacker Reconnaissance: Address reconnaissance is the _________________________ _____________________________________________ Addresses can be identified through ______________________ ___________________________________________ or through text searches at Network Solutions. Additional info on the target can be found by doing a zone transfer if allowed. What is a zone transfer?
Methods Used by Targeted Hacker Reconnaissance (continued): Phone number reconnaissance is more difficult than identifying network addresses. Hacker may attempt to look for __________________________ ________________________________________________ The hacker can perform wireless reconnaissance by walking or driving around the organization’s building.
Methods Used by Targeted Hacker Reconnaissance (continued): System reconnaissance is used to ____________________ _______________________________________________ Ping sweeps, stealth scans, or port scans may be used to identify systems. These can be done in such a way so as to not send up a flag from an IDS Identifying the operating system may be done by _______________ ________________________________ such as which port are open and ___________________
Methods Used by Targeted Hacker Reconnaissance (continued): Attacking or ____________________________________ ____________________ Vulnerability scanners will provide information, but _________ ______________________________________________ See next slide for more info on vulnerability scanners
Vulnerability scanner supplement A Vulnerability scanner is a ___________ ______________________________________________________________________________________________________ Vulnerabilities checked include ______________________________________________________________________________________________________
Versions of vulnerability scanners Takes a _____________________________ to securing computer networks. _________________________________________________ _________________________________________________________________________________________________ Most Fast, reliable and includes a variety of plug-ins Will not fix security holes- just __________________ ________________________________________ Works on Unix-like systems but has a Windows version called
Methods Used by Targeted Hacker Reconnaissance (continued): Business reconnaissance will help the hacker identify the __________ ____________________________________________________ Studying the employees of the organization may prove valuable for the purpose of The hacker may gain access to the organization through its _______ ___________________________________________________________ Targeted hackers use physical reconnaissance extensively. Weaknesses in physical security may be used to gain access to the site. The hacker may also find information by searching a dumpster if trash and paper to be recycled is dumped into it. What is this called?
Methods Used by Targeted Hacker Electronic attack methods: The hacker may attempt to hide the attack from the intrusion detection system by The hacker must make the system ___________________ _________________ if the attack is successful. Only removing log files which show hacker’s presence The hacker will _________________________ to allow repeated access to a compromised system.
Methods Used by Targeted Hacker Electronic attack methods (continued): Systems with _________________ are prime targets for attacks via _______________________ The hacker may send a virus or a Trojan horse program to an employee’s home system to gain access. Wireless networks may provide the easiest access path. May be part of the organization’s internal network but have _______________________________________________
Methods Used by Targeted Hacker Physical attack methods: Social engineering is the safest physical attack method. It may lead to electronic information. Checking the dumpster or __________________________ ____________________ are other methods of physical attack.
Summary A hacker may be motivated by the challenge of breaking in, greed, or malicious intent. Open file sharing, weak passwords, programming flaws, and buffer overflows were exploited by hackers to break into systems. In social engineering, the hacker uses human nature and the ability to lie, to access information.
Summary In Denial-of-Service attacks, legitimate users are denied access to the system, network, information, or applications. In Distributed Denial-of-Service attacks, many systems are coordinated to attack a single target. Sniffing switch networks involves getting the switch to either redirect traffic to the sniffer or send all traffic to all ports.
Summary ARP spoofing, MAC duplicating, and DNS spoofing are the three methods of redirecting traffic. IP spoofing involves modifying the source address to make the packet appear as if coming from elsewhere. Viruses, Trojan horse programs, and worms are the three types of malicious codes.
Summary Untargeted hackers do not aim at accessing particular information or organizations, but look for any system that can be compromised. Targeted hackers have a reason for attacking a organization.
Homework due next class Essay/ research project described below: Find a recent (no longer than 1 year old) security article that covers a topic discussed in chapter 2. Print out article including the source and write an article summary. The summary should be 1 or 2 paragraphs in length and summarize the article. Feel free to also give your opinions. You may be asked to present your finding to the class Key Term Quiz and Multiple Choice Quiz P. 89- 92 ALL First Exam on Chapters 1, 2 and 3 coming up Wrap up lab work

More Related Content

PDF
Authentication framework using visual cryptography
eSAT Publishing House
 
PDF
Detection andprevention of fake access point using sensor nodes
eSAT Publishing House
 
PDF
IRJET- Encrypted Negative Password using RSA Algorithm
IRJET Journal
 
PDF
Honey words
Sreya Sridhar PP
 
PDF
Cv
Munim Chaudhry
 
PPT
Ccna+sec+ch01+ +overview+security
mysoria
 
PPT
RSA - WLAN Hacking
John Rhoton
 
PPT
Authentication: keys, MAC
Shafaan Khaliq Bhatti
 
Authentication framework using visual cryptography
eSAT Publishing House
 
Detection andprevention of fake access point using sensor nodes
eSAT Publishing House
 
IRJET- Encrypted Negative Password using RSA Algorithm
IRJET Journal
 
Honey words
Sreya Sridhar PP
 
Cv
Munim Chaudhry
 
Ccna+sec+ch01+ +overview+security
mysoria
 
RSA - WLAN Hacking
John Rhoton
 
Authentication: keys, MAC
Shafaan Khaliq Bhatti
 

Viewers also liked (18)

PPT
Classical Encryption
Shafaan Khaliq Bhatti
 
PPSX
Security & Privacy in WLAN - A Primer and Case Study
Mohammad Mahmud Kabir
 
PPT
Protocols for Public Key Management
Shafaan Khaliq Bhatti
 
PPTX
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
PPT
FireEye
gigamon
 
PPTX
Arsenal Football Club Scouting Report
Jose Silva Caparros
 
PDF
Wireless Hacking
VIKAS SINGH BHADOURIA
 
PPTX
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
TechSecIT
 
PPT
Chapter 3: Block Ciphers and the Data Encryption Standard
Shafaan Khaliq Bhatti
 
PPT
Chapter 2: Network Models
Shafaan Khaliq Bhatti
 
PPTX
Wlan security
Upasona Roy
 
PPTX
Spoofing Techniques
Raza_Abidi
 
PPT
Message Authentication: MAC, Hashes
Shafaan Khaliq Bhatti
 
PPTX
WiFi Secuiry: Attack & Defence
Prakashchand Suthar
 
PPT
T C P I P Weaknesses And Solutions
eroglu
 
PPT
Spoofing
Sanjeev
 
PPT
Public key cryptography and RSA
Shafaan Khaliq Bhatti
 
PPT
Block Ciphers Modes of Operation
Shafaan Khaliq Bhatti
 
Classical Encryption
Shafaan Khaliq Bhatti
 
Security & Privacy in WLAN - A Primer and Case Study
Mohammad Mahmud Kabir
 
Protocols for Public Key Management
Shafaan Khaliq Bhatti
 
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
FireEye
gigamon
 
Arsenal Football Club Scouting Report
Jose Silva Caparros
 
Wireless Hacking
VIKAS SINGH BHADOURIA
 
An Introduction of SQL Injection, Buffer Overflow & Wireless Attack
TechSecIT
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Shafaan Khaliq Bhatti
 
Chapter 2: Network Models
Shafaan Khaliq Bhatti
 
Wlan security
Upasona Roy
 
Spoofing Techniques
Raza_Abidi
 
Message Authentication: MAC, Hashes
Shafaan Khaliq Bhatti
 
WiFi Secuiry: Attack & Defence
Prakashchand Suthar
 
T C P I P Weaknesses And Solutions
eroglu
 
Spoofing
Sanjeev
 
Public key cryptography and RSA
Shafaan Khaliq Bhatti
 
Block Ciphers Modes of Operation
Shafaan Khaliq Bhatti
 
Ad

Similar to Ch03 (20)

DOC
NAME's Drafted Appendix - J
A-Square Technology Group/Nascent Applied Methods and Endeavors
 
PDF
Would a wanna cry make the industry wanna cry Mysore and Lear
NSW Environment and Planning
 
PPT
Ws wireless solution
Rafael Roque
 
PDF
[IJCT-V3I2P25] Authors: Mr.S.Jagadeesan,M.Sc, MCA., M.Phil., ME[CSE]., S.Rubiya
IJET - International Journal of Engineering and Techniques
 
PDF
Computer and Technology Today in our Lives
José Manuel Campos Noguera
 
PDF
Graphical password authentication using pccp with sound signature
eSAT Journals
 
PDF
Detection and prevention of fake access point using sensor nodes
eSAT Journals
 
PDF
NYMBLE: Servers Overcrowding Disobedient Users in Anonymizing Networks
rahulmonikasharma
 
PDF
False positive reduction by combining svm and knn algo
eSAT Journals
 
PDF
Gesture control algorithm for personal computers
eSAT Journals
 
PDF
Gesture control algorithm for personal computers
eSAT Publishing House
 
PDF
Operating System Lab Manual
Dwight Sabio
 
PDF
Post Lab activity1
Dwight Sabio
 
PDF
Clone Node Detection in Wireless Sensor Networks
rahulmonikasharma
 
DOC
Strayer cis 333 week 11 final exam set 3 new
olivergeorg
 
DOC
Strayer cis 333 week 11 final exam set 3 new
uopassignment
 
PDF
Computer Abstractions and Technology
Dr. Balaji Ganesh Rajagopal
 
DOC
Strayer cis 333 week 11 final exam set 3 new
aagnaa
 
PDF
Network Security and Risk Management
Hans Oosterling
 
DOCX
Ethical hacking.
Khushboo Aggarwal
 
NAME's Drafted Appendix - J
A-Square Technology Group/Nascent Applied Methods and Endeavors
 
Would a wanna cry make the industry wanna cry Mysore and Lear
NSW Environment and Planning
 
Ws wireless solution
Rafael Roque
 
[IJCT-V3I2P25] Authors: Mr.S.Jagadeesan,M.Sc, MCA., M.Phil., ME[CSE]., S.Rubiya
IJET - International Journal of Engineering and Techniques
 
Computer and Technology Today in our Lives
José Manuel Campos Noguera
 
Graphical password authentication using pccp with sound signature
eSAT Journals
 
Detection and prevention of fake access point using sensor nodes
eSAT Journals
 
NYMBLE: Servers Overcrowding Disobedient Users in Anonymizing Networks
rahulmonikasharma
 
False positive reduction by combining svm and knn algo
eSAT Journals
 
Gesture control algorithm for personal computers
eSAT Journals
 
Gesture control algorithm for personal computers
eSAT Publishing House
 
Operating System Lab Manual
Dwight Sabio
 
Post Lab activity1
Dwight Sabio
 
Clone Node Detection in Wireless Sensor Networks
rahulmonikasharma
 
Strayer cis 333 week 11 final exam set 3 new
olivergeorg
 
Strayer cis 333 week 11 final exam set 3 new
uopassignment
 
Computer Abstractions and Technology
Dr. Balaji Ganesh Rajagopal
 
Strayer cis 333 week 11 final exam set 3 new
aagnaa
 
Network Security and Risk Management
Hans Oosterling
 
Ethical hacking.
Khushboo Aggarwal
 
Ad

More from gofortution (6)

PPT
Cita310chap09
gofortution
 
PPT
Chapter 8
gofortution
 
PPT
gofortution
gofortution
 
PPT
Best!
gofortution
 
PPT
gofortution
gofortution
 
PPT
gofortution
gofortution
 
Cita310chap09
gofortution
 
Chapter 8
gofortution
 
gofortution
gofortution
 
Best!
gofortution
 
gofortution
gofortution
 
gofortution
gofortution
 

Ch03

  • 2. Overview Hacker’s motivation. Historical hacking techniques. Advanced techniques. Malicious code. Methods used by untargeted hacker. Methods used by targeted hacker.
  • 3. Hacker’s Motivation The term “hacker” was originally coined for an _________ __________________________________________ A hacker currently refers to an individual who _________ ______________________________________________ Cracker is another term you might hear to refer to ________________________ who breaks into computer and computer networks
  • 4. Hacker’s Motivation Originally, the most common motivation for hacking into computer systems is the The challenge motivation is usually associated with an ______________________________ An untargeted hacker is one who ____________________ ______________________________ The _________________________________________ ___________________________________________
  • 5. Hacker’s Motivation Sites having _______________________ (software, money, information) are primary targets for hackers motivated by _________________________. Malicious attacks focus on ________________________ The hacker motivated by malicious intent aims at ________________________________________ The risk of a hacker being caught and convicted is ______. The potential gain from hacking is _______________.
  • 6. Historical Hacking Techniques ____________________________ : When the Internet was originally created, most systems were configured to _______________________________________ given much consideration. Older versions of Network File System (NFS) used by UNIX allowed ______________________________________________________. Hackers used this open file sharing to ___________________________ _____________________________________________ NOTE: NFS is still used, is up to version 4 and has since made security much more robust.
  • 7. Historical Hacking Techniques Open sharing (continued): Many operating systems were shipped out with the _________ ______________________________________________. What is the danger in this? Another vulnerability related to open sharing is __________ Rlogin allows users to access ________________________ _______________________________________ Hackers can get into a system with remote access, ___________ ____________________________________________________
  • 8. Historical Hacking Techniques Weak passwords: __________________________________________________________________________________________________ A two-character password is easier to guess than an eight-character one. Easy to guess passwords allow hackers a quick entry into the system. Often through a ____________________________________ _______________________________________________
  • 9. Password Supplement to text Passwords are the ________________________________________ on a system Password file stored in Directory /etc/passwd or /etc/shadow in Unix systems Password can be cracked if an attacker has gained _________________ ___________________________________________________ Or he must resort to Password Cracking – ________________________________________ ________________________________________________________
  • 10. Password Supplement to text Question: If an attacker can only obtain a user-level password what kind of threat is that to your system? One way to protect passwords is to _____ ____________________________________________________________________________________________________________ even if the password files are obtained. Password cracking programs have already been made to work around a one-way hash.
  • 11. Password Supplement to text Three general methods for cracking passwords ____________________________________ ____________________________________ Countermeasures- enforceable policies and filters __________________________ builds upon the dictionary method by _____________________ _____________________________________ Slight modifications of dictionary words Example: using a password of This would satisfy filters
  • 12. Password Supplement to text Last of the three general methods for cracking passwords _____________________ will always recover the password- it’s just a matter of time. Most ___________________________________ ________________________________ Countermeasures- ____________________________________________ ______________________________________________________________ How feasible is that? Why would a system administrator want to use a password cracking tool?
  • 13. Password Supplement to text Different password auditing programs __________________________ can be used on Unix or Windows machines Fast and configurable _______________________- can be used on Windows NT/2000/XP machines Newest version- ____________ (there is a fee for this program) Can crack using any method talked about earlier Configurable and easy to use
  • 14. Password Supplement to text Example of a Strong Password Policy Password change Accounts locked All passwords must contain ______________ _________________________________ Can’t
  • 15. Historical Hacking Techniques Programming flaws and social engineering: Hackers have used ________________________________ ___________________________________________________ Many shopping Websites store information entered by the buyer on a _______________________________________________ _____________________ is the use of non-technical means to gain unauthorized access to information or systems. Includes “dumpster diving”- The ______________________ are the most powerful tools used by a hacker using the social engineering technique.
  • 16. Historical Hacking Techniques Buffer overflow: Buffer overflow is _______________________________________ _____________________________________________________ A hacker can exploit a buffer overflow to ______________________ _______________________________________________ Buffer overflows cause ______________________ such as allowing _______________________________________, cause another application to start, cause a change in a configuration file. Buffer overflows exist because ______________________________ ______________________________________________________ Widely used functions exist in ______________________ with buffer overflow issues
  • 17. Historical Hacking Techniques Denial-of-Service (DoS): __________________ are malicious acts to deny legitimate users access to a system, network, application, or information. Most DoS attacks originate from ______________________. In a single-source DoS attack , a ____________________ ________________________________ The ________________________ are some of the single-source DoS attacks that have been identified. Ping of Death- sending of large amount of data in a ping packet
  • 18. SYN flood DoS attack Solutions: ________________________________________________________ Obtain a device to ___________________ Both these solutions are not always successful in protecting systems from a SYN Flood attack.
  • 19. Historical Hacking Techniques Distributed Denial-of-Service (DDoS): DDoS attacks originate from a _____________________ _____________________________________________ A Smurf attack is an example of a DDoS attack See next slide There are a number of tools available which enable a hacker to launch a DDoS attack.
  • 20. Smurf DDos attack Gets all the ping responses from all members of the broadcast
  • 21. Historical Hacking Techniques DDoS process using sophisticated tools: A hacker talks to a _____________________________________ _______________________________________ The ______________________________________ that have been placed on _____________________________. The slaves, also called __________ , perform the ___________ against the target system. The attacks could be comprised of UDP packets, TCP SYN flood packets or ICMP traffic See next slide for example…
  • 22. Historical Hacking Techniques The architecture of DDoS attacks.
  • 23. Advanced Techniques Sniffing switch networks. IP spoofing.
  • 24. Sniffer suppliment Recall: A sniffer is a _____________________ __________________________________________________________________________________________ Packets could contain NOTE: sniffers can also be ___________________________ ________________________________________, but software based sniffers are far more common Sniffers were much easier to use back when they were used ________________________________ (with devices connected to a hub ) The hub would “broadcast” data to every device. Only the device with a matching MAC address would process the data. But a sniffer
  • 25. Sniffing Switch Networks In a switched environment, the hacker must cause the switch to Can someone tell me how a switch works once it receives a frame? What is ARP used for?
  • 26. Sniffing Switch Networks Sniffing through ARP spoofing: A sniffer may ______________________________________ ____________________________________________ The sniffer must then _____________________________ _______________________________________________ ARP spoofing is possible only on local subnets. Why would that be?
  • 27. Sniffing Switch Networks Sniffing through ______________________: ________________________________________ is another way of getting the switch to redirect the traffic to the sniffer . Software is available ______________________ on Windows systems On Unix systems, the ability is Sniffing through DNS Spoofing: A sniffer responds to the sending system’s DNS requests. ______________________________________________________________________________________________________________________ DNS Spoofing is possible if the sniffer is ______________________ ______________________________________________________
  • 28. Sniffing Switch Networks Sniffing by When the memory used by switches to store the mappings between MAC addresses and physical ports is full, some switches will ____________________________________________________________________________________________________ Effectively turning Sniffing requires that the hacker have a system on the ____________________________
  • 29. Sniffer suppliment _____________________________ do the same things that sniffers do. Used to be that the __________________ the ____________________________________ Protocol analyzers can be Many good sniffers are Free tools are really all some incident handlers and security specialists use Downside is that you have to
  • 30. Sniffer suppliment No matter what your needs, interest or budget, there is most likely at least one sniffer out there that does what you want Examples See next slide
  • 31. Examples of Sniffers Windows version of TCPdump Free Windump Sniffer that decodes and prints many common protocols Analyzes only layers 3 and 4 protocols Free TCPdump Also an IDS Free Snort Decodes many specialized protocols Commercial Network Associates Sniffer Specializes in switched networks and man-in-the-middle sniffing Free Ettercap Graphical sniffer with additional analysis functions Analyzes all 7 layers of the OSI model Free Ethereal Suite of sniffing tools; including tools for sniffing switched networks Free Dsniff Comments Availability Sniffer
  • 32. Details OF IP Spoofing What is Spoofing an IP address? _________________________________________________________________________________________________ ______________________________________________ enables the hacker to attempt an IP spoofing attack
  • 33. IP Spoofing Details of IP spoofing Not sent back to Hacker’s machine The sequence number must be guessed and this must be done _________ ___________________________________________________________________________________
  • 34. IP Spoof attack results If the attack progresses well, the hacker will have a legitimate connection to the target system He will
  • 35. IP Spoofing Example Using IP spoofing in the real world First- we know the target and trusted systems have a trust relationship. The IP address of the trusted system will be allowed into the target system Second- Trusted system must be silenced (with a DoS attack) Third- Once we gain access to the target system (step 5), we can make changes- can you think of changes we can make?
  • 36. Malicious Code Malicious codes include three types of programs:
  • 37. Computer Viruses Computer viruses are __________________________ ______________________________________ Virus codes execute when the ___________________ _____________________________________ Malicious viruses may __________________________ _____________________________________________ Some viruses just spread themselves to other systems without performing any malicious acts.
  • 38. How computer viruses spread… When on an infected computer, the virus will _____________________________ ___________________________________________________________________ More common method: read the e-mail address book of infected computer and _________________________________
  • 39. Trojan Horse Programs A Trojan horse is a It is a program that looks benign but actually has a malicious purpose. _______________________________________________ _______________________________________________ Most Trojan horse programs contain a mechanism to _____ ______________________________________________ May be spread through a harmless looking business utility or game etc.
  • 40. Worms A worm is a program that _______________________ _____________________________________________ CodeRed and Slapper Worm are recent examples of worms. Hybrid is the combination of two types of malicious codes into Example: Nimda- spread like a Trojan horse but then infected the system like a worm
  • 41. Process of an attack Step involves ______________________ ______________________________ Done gathering info from various sources such as ____________________________ ____________ etc. (we will discuss some of these later on) Think of this step as
  • 42. Process of an attack cont.. Allows attacker to focus their efforts and attention on _________________________________________ Identify Analyze acceptable risk Can use ______________ at this step best known and most flexible _________________ – used in both Windows and Unix environments Finds ports and services (such as OSs) available Uses IP packets for scanning
  • 43. Process of an attack cont.. Use of nbstat NOTE: the above 3 steps are involved in
  • 44. Process of an attack cont.. Through means such as _______________, __________________________ etc. ___________________ but NOT at level the hacker needs or wants to be at Will work on getting _____________________________________________________________________
  • 45. Process of an attack cont.. Once in- hacker will ________________ from system administrators and other hackers Will also
  • 46. Methods Used by Untargeted Hacker From the beginning of the chapter, can someone tell me what an untargeted hacker is? ____________________________________________________________________________________________________________________________________________________ What is the primary motivation of untargeted hackers?
  • 47. Methods Used by Untargeted Hacker cont… Internet reconnaissance: Untargeted hackers look for ___________________________ they can find. The hacker may perform a stealth scan, sometimes in conjunction with a ping sweep. A stealth scan is _______________________________ ________________________________ (example on next slide) A ping sweep is ___________________________________ ____________________________________________
  • 48. Methods Used by Untargeted Hacker cont… Stealth scanning SYN I can send a reset because I know the system is up
  • 49. Methods Used by Untargeted Hacker cont… Reset scans So… Indicates the target system exists
  • 50. Methods Used by Untargeted Hacker cont… Some untargeted hackers may also perform the reconnaissance in several steps. The hacker may choose a domain name and attempt to perform a zone transfer of DNS against this domain. A zone transfer _______________________________________________ __________________________________________________ From that list, the hacker may then run a tool such as Nmap to ______________________________________________ A stealth scan may be used to ___________________________, and the final list may be used for the actual attacks.
  • 51. Methods Used by Untargeted Hacker cont… Telephone and wireless reconnaissance: Wardialing is a ____________________________________ _______________________________________________ Wardriving and Warchalking are methods of wireless reconnaissance (see next slide for definitions)
  • 52. Methods Used by Untargeted Hacker cont… Wardriving involves driving around with a computer and a wireless network adapter for the express _________________________ _______________________________________ Warchalking means that the hacker uses ___________________ or sidewalk outside of a building to _______________________ ____________________________________________________ An untargeted hacker will use reconnaissance methods to identify systems. They will look for systems that may be vulnerable to the available exploits.
  • 53. Methods Used by Untargeted Hacker cont… Use of Compromised Systems: Hackers normally place a ____________________________ ________________________________________________ The back door entries are put together in a rootkit . Hackers may close vulnerabilities they used to gain access, so that A compromised system may be used to attack other systems or for reconnaissance purposes. Example: installing a password sniffer to capture password for
  • 54. Rootkit A type of A _______________________________ ___________________________________________________________________________ Process: User level access is obtained by a vulnerability or cracking a password Rootkit installed User passwords and id’s obtained Today, rootkits are _______________________ on a network
  • 55. Methods Used by Targeted Hacker A targeted hacker ________________________________ ___________________________________________ A targeted hacker is motivated by a desire to ___________ _____________________________________________ The skill level of targeted hackers tends to be higher than that of untargeted hackers.
  • 56. Methods Used by Targeted Hacker Reconnaissance: Address reconnaissance is the _________________________ _____________________________________________ Addresses can be identified through ______________________ ___________________________________________ or through text searches at Network Solutions. Additional info on the target can be found by doing a zone transfer if allowed. What is a zone transfer?
  • 57. Methods Used by Targeted Hacker Reconnaissance (continued): Phone number reconnaissance is more difficult than identifying network addresses. Hacker may attempt to look for __________________________ ________________________________________________ The hacker can perform wireless reconnaissance by walking or driving around the organization’s building.
  • 58. Methods Used by Targeted Hacker Reconnaissance (continued): System reconnaissance is used to ____________________ _______________________________________________ Ping sweeps, stealth scans, or port scans may be used to identify systems. These can be done in such a way so as to not send up a flag from an IDS Identifying the operating system may be done by _______________ ________________________________ such as which port are open and ___________________
  • 59. Methods Used by Targeted Hacker Reconnaissance (continued): Attacking or ____________________________________ ____________________ Vulnerability scanners will provide information, but _________ ______________________________________________ See next slide for more info on vulnerability scanners
  • 60. Vulnerability scanner supplement A Vulnerability scanner is a ___________ ______________________________________________________________________________________________________ Vulnerabilities checked include ______________________________________________________________________________________________________
  • 61. Versions of vulnerability scanners Takes a _____________________________ to securing computer networks. _________________________________________________ _________________________________________________________________________________________________ Most Fast, reliable and includes a variety of plug-ins Will not fix security holes- just __________________ ________________________________________ Works on Unix-like systems but has a Windows version called
  • 62. Methods Used by Targeted Hacker Reconnaissance (continued): Business reconnaissance will help the hacker identify the __________ ____________________________________________________ Studying the employees of the organization may prove valuable for the purpose of The hacker may gain access to the organization through its _______ ___________________________________________________________ Targeted hackers use physical reconnaissance extensively. Weaknesses in physical security may be used to gain access to the site. The hacker may also find information by searching a dumpster if trash and paper to be recycled is dumped into it. What is this called?
  • 63. Methods Used by Targeted Hacker Electronic attack methods: The hacker may attempt to hide the attack from the intrusion detection system by The hacker must make the system ___________________ _________________ if the attack is successful. Only removing log files which show hacker’s presence The hacker will _________________________ to allow repeated access to a compromised system.
  • 64. Methods Used by Targeted Hacker Electronic attack methods (continued): Systems with _________________ are prime targets for attacks via _______________________ The hacker may send a virus or a Trojan horse program to an employee’s home system to gain access. Wireless networks may provide the easiest access path. May be part of the organization’s internal network but have _______________________________________________
  • 65. Methods Used by Targeted Hacker Physical attack methods: Social engineering is the safest physical attack method. It may lead to electronic information. Checking the dumpster or __________________________ ____________________ are other methods of physical attack.
  • 66. Summary A hacker may be motivated by the challenge of breaking in, greed, or malicious intent. Open file sharing, weak passwords, programming flaws, and buffer overflows were exploited by hackers to break into systems. In social engineering, the hacker uses human nature and the ability to lie, to access information.
  • 67. Summary In Denial-of-Service attacks, legitimate users are denied access to the system, network, information, or applications. In Distributed Denial-of-Service attacks, many systems are coordinated to attack a single target. Sniffing switch networks involves getting the switch to either redirect traffic to the sniffer or send all traffic to all ports.
  • 68. Summary ARP spoofing, MAC duplicating, and DNS spoofing are the three methods of redirecting traffic. IP spoofing involves modifying the source address to make the packet appear as if coming from elsewhere. Viruses, Trojan horse programs, and worms are the three types of malicious codes.
  • 69. Summary Untargeted hackers do not aim at accessing particular information or organizations, but look for any system that can be compromised. Targeted hackers have a reason for attacking a organization.
  • 70. Homework due next class Essay/ research project described below: Find a recent (no longer than 1 year old) security article that covers a topic discussed in chapter 2. Print out article including the source and write an article summary. The summary should be 1 or 2 paragraphs in length and summarize the article. Feel free to also give your opinions. You may be asked to present your finding to the class Key Term Quiz and Multiple Choice Quiz P. 89- 92 ALL First Exam on Chapters 1, 2 and 3 coming up Wrap up lab work

Editor's Notes