HACKING AND WAYS TO PREVENT HACKING WHAT IS

  • Slides: 22
Download presentation
HACKING AND WAYS TO PREVENT HACKING

HACKING AND WAYS TO PREVENT HACKING

WHAT IS HACKING ? • Hacking is unauthorized use of computer and network resources.

WHAT IS HACKING ? • Hacking is unauthorized use of computer and network resources. • The term "hacker" originally meant a very gifted programmer. In recent years though, with easier access to multiple systems, it now has negative implications. • A successful hacker looks for poor configuration of Web servers, old or unpatched software, disabled security controls, and poorly chosen or default passwords.

HISTORY OF HACKING • Since early 1960’s the positive term “HACKER” started having its

HISTORY OF HACKING • Since early 1960’s the positive term “HACKER” started having its negative aftereffects. • In one of the first arrests of hackers, the FBI had busted six teen-age hackers. • Kevin David Mitnick who is currently behind bars was considered as the world’s famous hacker in late 20 th century.

TYPES OF HACKERS • White hat : - A white hat hacker breaks security

TYPES OF HACKERS • White hat : - A white hat hacker breaks security for non-malicious reasons. • Grey hat : - A grey hat hacker is a hacker of ambiguous ethics and/or borderline legality, often frankly admitted. • Black Hat : - A black hat hacker is someone who subverts computer security without authorization or who uses technology for terrorism, vandalism, credit card fraud, identity theft, intellectual property theft, or many other types of crime.

TYPES OF HACKERS CONTD. • Cyberterrorist : - A Cyberterrorist uses technology to commit

TYPES OF HACKERS CONTD. • Cyberterrorist : - A Cyberterrorist uses technology to commit terrorism. Their intentions are to cause harm to social, ideological, religious, political, or governmental establishments. • Script kiddie : - A script kiddie a non-expert who breaks into computer systems by using prepackaged automated tools written by others. • Hacktivist : - A hacktivist is a hacker who utilizes technology to announce a political message.

COMMON METHODS OF HACKING • Security exploit : A security exploit is a prepared

COMMON METHODS OF HACKING • Security exploit : A security exploit is a prepared application that takes advantage of a known weakness. • Vulnerability scanner : A vulnerability scanner is a tool used to quickly check computers on a network for known weaknesses. These check to see which ports on a specified computer are "open" or available to access the computer, and sometimes will detect what program or service is listening on that port, and its version number. • Packet Sniffer : A packet sniffer is an application that captures data packets, which can be used to capture passwords and other data in transit over the network.

COMMON METHODS OF HACKING CONTD. : - • Spoofing attack : A spoofing attack

COMMON METHODS OF HACKING CONTD. : - • Spoofing attack : A spoofing attack involves one program, system, or website successfully masquerading as another by falsifying data and thereby being treated as a trusted system by a user or another program • Rootkit : A rootkit is designed to conceal the compromise of a computer's security, and can represent any of a set of programs which work to subvert control of an operating system from its legitimate operators.

COMMON METHODS OF HACKING CONTD. : - • Social engineering : Social Engineering is

COMMON METHODS OF HACKING CONTD. : - • Social engineering : Social Engineering is the art of getting persons to reveal sensitive information about a system. This is usually done by impersonating someone or by convincing people to believe you have permissions to obtain such information. • Trojan horse : Trojan horse is a program which seems to be doing one thing, but is actually doing another. A trojan horse can be used to set up a back door in a computer system such that the intruder can gain access later.

COMMON METHODS OF HACKING CONTD. : - • Virus : A virus is a

COMMON METHODS OF HACKING CONTD. : - • Virus : A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. • Worm : Like a virus, a worm is also a self-replicating program. A worm differs from a virus in that it propagates through computer networks without user intervention. • Key loggers : A keylogger is a tool designed to record ('log') every keystroke on an affected machine for later retrieval.

WHAT MAKES HACKING SO INTRESTING? ● Hobby : Amateurs and electronic enthusiast are the

WHAT MAKES HACKING SO INTRESTING? ● Hobby : Amateurs and electronic enthusiast are the primary members of this group. These hackers begin by putting together usernames such as the Altair 8800, ABC 80 and the ABC 800. ● Academic : Students infact use hacking as a tool to download papers using the networking interface for their benefits. ● Network: Phone phreaks have developed ways to utilize the phone system to make calls. The old phone system used dozen of switches that were controlled by tone commands. Once these switches were discovered they could be used to control the phone system. Even wi-fi has come under serious threat.

HOW FATAL CAN HACKING BE…. • The Chinese military hacked into a Pentagon computer

HOW FATAL CAN HACKING BE…. • The Chinese military hacked into a Pentagon computer network in June 2007 in the most successful cyber attack on the US defence department. • A 15 -year-old youth faces charges of hacking into a government computer system that tracks the positions of U. S. Air Force planes worldwide, according to government officials.

WAYS TO PREVENT HACKING… • Implement a firewall : A firewall is a barrier

WAYS TO PREVENT HACKING… • Implement a firewall : A firewall is a barrier that keeps hackers and viruses out of computer networks. Firewalls intercept network traffic and allow only authorized data to pass through. • Develop a corporate security policy : Establish a corporate security policy that details practices to secure the network. The policy should direct employees to choose unique passwords that are a combination of letters and numbers. Passwords should be changed every 90 days to limit hackers’ ability to gain possession of a functioning password. When someone leaves company, immediately delete the user name and password. The corporate policy should outline consequences for network tampering and unauthorized entry.

WAYS TO PREVENT HACKING CONTD. . • Install anti-virus software : All computers should

WAYS TO PREVENT HACKING CONTD. . • Install anti-virus software : All computers should run the most recent version of an anti -virus protection subscription. Ideally a server should be configured to push virus updates out periodically to all client systems. Employees should be educated about viruses and discouraged from opening e-mail attachments or e-mail from unknown senders. • Keep operating systems up to date : Upgrade operating systems frequently and regularly install the latest patches or versions of software, which are often free over the Web. If you use Microsoft Windows, check www. windowsupdate. com periodically for the latest patches. • Don’t run unnecessary network services : When installing systems, any non-essential features should be disabled. If a feature is installed but not actively used, it is less likely to be updated regularly, presenting a larger security threat. Also, allow only the software employees need to do their job effectively.

WAYS TO PREVENT HACKING CONTD. . • Conduct a vulnerability test : Conducting a

WAYS TO PREVENT HACKING CONTD. . • Conduct a vulnerability test : Conducting a vulnerability test is a cost-effective way to evaluate the current security program. This test highlights flaws and limitations in the program, and experts can offer suggestions for improvement. The best method for conducting a vulnerability test is to contact a computer consulting company and provide access to your system for a day or two. This will provide ample time for network appraisal and follow-up discussion and planning. • Keep informed about network security : Numerous books, magazines and online resources offer information about effective security tools and “lessons learned. ” Also, the Web provides ample and very current information about security – type in the key words “network security. ”

PREVENT HACKING OF WIRELESS NETWORKS • Use Secure Portals and Payment Gateways : Banking

PREVENT HACKING OF WIRELESS NETWORKS • Use Secure Portals and Payment Gateways : Banking transactions made on unsecured websites can lead to leaking of credit card details. These details can then be used to generate a card bearing the same data as the original credit card which can then be used fraudulently. It is imperative to use secure portals and trusted payment gateways like Paypal, etc. • Be Aware of Phishing : Phishing is a fraudulent process of attempting to acquire sensitive information like user Ids and passwords by issuing fake emails on the pretext of security verification. The emails appear to originate from genuine banks and the user is misled into submitting the information. The golden rule to follow is to never share or submit passwords or user Ids.

PREVENT HACKING OF WIRELESS NETWORKS CONTD… • Change Wireless Network Passwords : Most users

PREVENT HACKING OF WIRELESS NETWORKS CONTD… • Change Wireless Network Passwords : Most users of wireless networks do not change the default password provided by the router vendor. These default passwords are known to hackers and it makes a hacker’s job easy to intrude any home network from hundreds of meters away. One should change the default password immediately before using the wireless network. • Change Service Set ID or SSID : SSID or Service Set ID is the name of the wireless network. Wireless router vendors leave a default SSID on installation of the router software. Hackers can easily swap a home computer’s default SSID with theirs without the user’s knowledge. Like the network password the SSID also needs to be changed immediately before using the wireless network.

PREVENT HACKING OF WIRELESS NETWORKS CONTD… • Hide the Service Set ID or SSID

PREVENT HACKING OF WIRELESS NETWORKS CONTD… • Hide the Service Set ID or SSID : Sometimes changing the SSID is also not full proof as hackers have advanced methods to intrude into a wireless network if the SSID is known. To prevent such cases the SSID needs to be hidden. Router configuration softwares allow the SSID to be hidden and the steps are provided in the manuals. • Convert to Static IP Instead of Dynamic : Most home users use IP addresses on the internet that are dynamic and are provided by randomly picking one from on the fly from a pool of IP addresses. Hackers can obtain a valid IP address from this pool and use it to gain access to the home user’s computer. This feature of assigning dynamic IP addresses can be turned off and a fixed IP can be used instead. Additionally if firewall access rules on the router and computer are limited to this static IP address, then the home computer is secure.

BENEFITS OF HACKING Ø Industry related : The computer industry was virtually founded on

BENEFITS OF HACKING Ø Industry related : The computer industry was virtually founded on the ideals of hacking. From the very first hackers that began assembling those early machines to the innovations that have changed computers forever, hacking has always been a part of the computer field. The benefits that the industry has gained from hacking are: • Rapid advancement • An inability to stagnate • Diversification • Innovation

BENEFITS OF HACKING CONTD… Ø Individual related : Consumers benefit everyday from hackers and

BENEFITS OF HACKING CONTD… Ø Individual related : Consumers benefit everyday from hackers and their endless search for knowledge. Although, the hackers mainly seem to compete against one another, society benefits from the discoveries that are made. The benefits that individuals have gained from hacking are: • Continually improving security • Product improvements • Increased attention to consumer's needs • Reliable, free software • Free computer and software assistance

INDIAN INITIATIVE AGAINST CYBER ATTACKS • Section 66 of Information Technology Act: Whoever with

INDIAN INITIATIVE AGAINST CYBER ATTACKS • Section 66 of Information Technology Act: Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person, destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking. Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both. • National Anti-Hacking Group(NAG) is a Cyber/Information Security consultancy team backed by a large number of computer buffs, security experts, computer gurus, students and ethical hackers. This Indian based team is working to create awareness in the field of Cyber & Information Security.

HACKING N PREVENTION – A TOM N JERRY TALE • As technological advancements are

HACKING N PREVENTION – A TOM N JERRY TALE • As technological advancements are made, the hackers update themselves and in most cases are ahead of the technology to find loopholes. Commercial and home users of the internet should therefore get educated and become aware of basic do’s and don’ts to combat fraudulent activity through wireless networks on the internet.

CREDITS : - SOURABH MISHRA ARSHAD AKBAR

CREDITS : - SOURABH MISHRA ARSHAD AKBAR