In my college i will created this presentation for seminar with my own interest so this will help you for your career.Please you also create any presentation and upload it,Thank you.
3. Vulnerability is some flaw in our environment that a malicious attacker could
use to cause damage in your organization. Vulnerabilities could exist in
numerous areas in our environments, including our system design, business
operations, installed softwares, and network configurations.
4. •Input validation errors, such as:
• Format string attacks
• SQL injection
• E-mail injection
• Directory traversal
• Cross-site scripting in web applications
•Race conditions, such as:
• Time-of-check-to-time-of-use bugs
• Sym link races
•Privilege-confusion bugs, such as:
• Cross-site request forgery in web applications
• Click jacking
• FTP bounce attack
5. In 1988 a "worm program" written by a
college student shut down about 10 percent
of computers connected to the Internet.
This was the beginning of the era of cyber
attacks.
Today we have about 10,000 incidents of
cyber attacks which are reported and the
number grows.
Computer Crime – The Beginning
6. In February, Kevin Mitnick is arrested for a second
time. He is charged with stealing 20,000 credit card
numbers. He eventually spends four years in jail
and on his release his parole conditions demand
that he avoid contact with computers and mobile
phones.
On November 15, Christopher Pile becomes the first
person to be jailed for writing and distributing a
computer virus. Mr Pile, who called himself the
Black Baron, was sentenced to 18 months in jail.
The US General Accounting Office reveals that US
Defense Department computers sustained 250,000
attacks in 1995.
Computer Crime - 1995
7. Some of the sites which have been compromised
U.S. Department of Commerce
NASA
CIA
Greenpeace
Motorola
UNICEF
Church of Christ …
Some sites which have been rendered ineffective
Yahoo
Microsoft
Amazon …
Why Security?
8. Hackers
White hat :
Black hat
Grey hat
A white hat hackers breaks security for non-malicious reasons, perhaps to test their
own security system or while working for a security company which makes security
software. The term "white hat" in Internet slang refers to an ethical hacker.
A "black hat" hacker is a hacker who "violates computer security for little reason
beyond maliciousness or for personal gain"
A grey hat hacker is a combination of a black hat and a white hat hacker.
11. How to translate the hackers’ language
(2)
Ex)
1 d1d n0t h4ck th1s p4g3, 1t w4s l1k3 th1s wh3n 1 h4ck3d 1n
I did not hack this page, it was like this when I hacked in
12. Reverse Engineering
Integrated Circuit’s
Binary Software’s
Source Code
Reverse engineering, also called back engineering, is the
process of extracting knowledge or design information
from anything man-made
13. An exploit (using something to one’s own knowledge) is a piece of
software, a chunk of data, or a sequence of commands that takes
advantage of a bug, glitch or vulnerability in order to cause
unintended or unanticipated behavior to occur on computer
software, hardware, or something electronic
What is Exploit :
15. Password hashed and stored
Salt added to randomize password & stored on system
Password attacks launched to crack encrypted password
Password Security
Hash
Function
Hashed
Password
Salt
Compare
Password
Client
Password
Server
Stored Password
Hashed
Password
Allow/Deny Access
19. SQL Injection
SQL injection takes advantage of the syntax of SQL to inject commands that
can read or modify a database, or compromise the meaning of the original
query.
20. SELECT UserList.Username FROM UserList WHERE UserList.Username =
'Username' AND UserList.Password = 'Password'
SELECT UserList.Username FROM UserList WHERE
UserList.Username = 'Username' AND UserList.Password =
'Password' AND ‘1’ = ‘1’
Example SQL Code:
Injected Code:
21. Wireless Hacking
Wireless hacking is made by the Getting the control the
Wireless Networks.Wireless Hacking is made by the
Password attacks,Modem dialing via proxy servers
25. Definition:
Attacker spoofs the address of another machine and inserts
itself between the attacked machine and the spoofed machine
to intercept replies
IP Spoofing – Source Routing
Replies sent back
to 10.10.20.30
Spoofed Address
10.10.20.30
Attacker
10.10.50.50
John
10.10.5.5
From Address: 10.10.20.30
To Address: 10.10.5.5
• The path a packet may change can vary over time
• To ensure that he stays in the loop the attacker uses source routing
to ensure that the packet passes through certain nodes on the
network
Attacker intercepts packets
as they go to 10.10.20.30
Server Hacking
26. Definition:
Attack through which a person can render a system unusable or
significantly slow down the system for legitimate users by
overloading the system so that no one else can use it.
Types:
1. Crashing the system or network
– Send the victim data or packets which will cause system to crash or
reboot.
2. Exhausting the resources by flooding the system or network with
information
– Since all resources are exhausted others are denied access to the
resources
3. Distributed DOS attacks are coordinated denial of service attacks
involving several people and/or machines to launch attacks
Denial of Service (DOS)
Attack
27. Types:
1. Ping of Death
2. SSPing
3. Land
4. Smurf
5. SYN Flood
6. CPU Hog
7. Win Nuke
8. RPC Locator
9. Jolt2
10. Bubonic
11. Microsoft Incomplete TCP/IP Packet Vulnerability
12. HP Openview Node Manager SNMP DOS Vulneability
13. Netscreen Firewall DOS Vulnerability
14. Checkpoint Firewall DOS Vulnerability
Denial of Service (DOS)
Attack
28. Threats
A threat is an agent that may want to or definitely can result in
harm to the target organization. Threats include organized crime,
spyware, malware, adware companies, and disgruntled internal
employees who start attacking their employer. Worms and viruses
also characterize a threat as they could possibly cause harm in your
organization even without a human directing them to do so by
infecting machines and causing damage automatically. Threats are
usually referred to as “attackers” or “bad guys”.
34. Attacker can
monitor the session
periodically inject commands into session
launch passive and active attacks from the session
Session Hijacking
Bob telnets to Server
Bob authenticates to Server
Bob
Attacker
Server
Die! Hi! I am Bob