Transcript Attacks On systems And Networks

Attacks On systems And Networks
To understand how we can protect our system and network we need to know about
what kind of attacks a hacker/cracker would use.
Its important to understand that there is different kinds of attacks, and that a attack
can either concentrated on you / your system, or a wide range attacks, that scans
for weak systems to attack.
Attacks On systems And Nettwoks
We have 5 kinds of attacks:
Basic Attack
Identity Attack
Denial of Service Attack
Malicious Code Attack

Attacks On systems And Nettwoks
Basic Attacks
Basic attacks are attacks that not always require a high degree of technical
skill, but sometimes rely more on guesswork and cunning than anything else.
We divide Basic Attacks into subcategories:
Social engineering
 Tricks people to give you information
 Phissing attempts
 Dumpster diving
Password guessing
 Brute force attacks
 Dictionary attacks
Weak keys
 Exploits weak encryption keys with a known hack
Mathematical and birthday attacks

Identity Attacks
Identity attack, is an attack where the attacker tries to take over, modify or
sniff your network traffic.
We have three types of Identity attacks:
Man-in-the middle
 Passive attack, just captures the data traffic
 Active attack, captures and modify the data before sending it to the
receiver
Replay attack
 Captures data sent between a user and a server, then sends a fragment
of the captured data back to the server to obtain access without user
name and password.
Tcp/ip hijacking
 ARP Spoofing, edits the ARP table to send a packet to another
destination then targeted.
Denial Of Service Attack
A DOS attack tries to take down your system by flooding it with request such
as SYN request or ping request
Denial of service(Dos)
 Requests contact with a server(SYN), and does not answer to the AKC
reply from the server, this causes the server to wait for an answer for
several minutes, and this use a lot of resources.
 Smurf Attack. The attacker sends a ping request to a victim with a
spoofed senders address, causing the victim to answer to the spoofed
address.
Distributed Denial of service(DDos)
 Uses hundreds or thousands of computers to attack a system.
 A hacker breaks into a high performance computer and installs a special
software. The software scans for other vulnerability on them, if found,
installs a software. These computers are called zombies. Attacker only
sends a attack commando to the handler. The handler spreads the
message to all the zombies and the attack launches.
.

Malicious Code
Malicious code, also called malware, consist of computer programs design to
break into computers or to destroy data.
These are the most common types of malware:
Virus
 A small program secretly attached to another file, executes when file is
opened.
Worms
 Self-executing program, that often are attached to e-mail.
Logic bombs
 A small program that gets executed by a special event such as a date or a
change in a program/file.
Trojan Horses
 A program that hides its true intent and then reveal itself when activated.
Might be a screen saver that sends information back to a hacker.
Back doors
 A secret entrance into a computer of which the user is unaware of.
 A back door can be created by the software designer for testing purposes,
or by a hacker how creates a virus / Trojan horse, and distributes it.

.
How perform these attacks?
People how perform these kinds of attacks usually do it for a reason. It can
either be motivated by money or it can be done to earn respect among a
special group of people.
Hackers
 A hacker hacks your system to find a problem, and let you know, so that
crackers wont exploit it.
Crackers
 Have intent to harm or take over your system.
Script kiddies
 A unskilled user how downloads a software to perform an attack
Spies
 A person who has been hired to break into the the system to get
information
Employees
 Might insert a virus to the system if they feel overlooked....
Cyberterrosists
 Defacing, ddos attacks

.
How can we protect our self against attacks from hackers and crackers?
Update Operating system
Update network services
Update software
Have good procedures among employees
 Educate your users

Source::
Security + guide to Network Security fundamentals (second edition)