Upload
kashif-sohail
View
121
Download
0
Embed Size (px)
Citation preview
Lecture 19Hacking
WHAT IS NETWORK SECURITY?• Security is much larger than just packets, firewalls,
and hackers. Security includes:– Policies and procedures– Liabilities and laws– Human behavior patterns– Corporate security programs and implementation– Technical aspects- firewalls, intrusion detection systems,
proxies, encryption, antivirus software, hacks, cracks, and attacks
• Understanding hacking tools and how attacks are carried out is only one piece of the puzzle.
2
ATTACKS THERE ARE MANY TYPES OF ATTACKS• SPOOFING ATTACK• TELNET BASED ATTACK• DOS (Daniel of service) ATTACK• PING OF DEATH• DISTRIBUTED DOS ATTACK• MAILBOMBS
NEED FOR SECURITY
SOME EXELLENT SOFTWARE CAN PROVIDE YOU BEST SECURITY
LIKE• TROJAN• FIREWALL
TROJAN
WINDOWS TROJANS ARE SMALL ASPECT OF WINDOWS SECURUTY
TROJAN IS UNOTHORIZED PROGRAM CONTAINED WITHIN A LEGIMATE PROGRAM
THIS PROGRAM PERFORMS FUNCTION UNKNOWN BY USER
FIREWALL
FIREWALL IS ANY DEVICE USED TO PREVENT OUTSIDERS FROM GAINING ACCESS TO YOUR NETWORK
TYPES OF FIREWALLS• PACKET FILTER • APPLICATION PROXY• PACKET INSPECTION
Common Steps for Attackers
Reconnaissance– Intelligent work of obtaining information either
actively or passively– Examples:• Passively: Sniffing Traffic, eavesdropping• Actively: Obtaining data from American Registry for
Internet Numbers (ARIN), whois databases, web sites, social engineering
7
Common Steps for Attackers
• Scanning– Identifying systems that are running and services
that are active on them– Examples: Ping sweeps and port scans
8
Common Steps for Attackers
• Gaining Access– Exploiting identified vulnerabilities to gain
unauthorized access– Examples: Exploiting a buffer overflow or brute
forcing a password and logging onto a system
9
Common Steps for Attackers
• Maintaining Access– Uploading malicious software to ensure re-entry is
possible– Example: Installing a backdoor on a system
10
Common Steps for Attackers
• Covering Tracks– Carrying out activities to hide one’s malicious
activities– Example: Deleting or modifying data in a system
and its application logs
11