Transcript WHAT IS HACKING - IITK - Indian Institute of Technology Kanpur

WHAT IS HACKING ?
• Hacking is unauthorized use of computer and
network resources.
• The term "hacker" originally meant a very gifted
programmer. In recent years though, with easier
access to multiple systems, it now has negative
implications.
• A successful hacker looks for poor configuration
of Web servers, old or unpatched software,
disabled security controls, and poorly chosen or
default passwords.
HISTORY OF HACKING
• Since early 1960’s the positive term “HACKER”
started having its negative aftereffects.
• In one of the first arrests of hackers, the FBI
had busted six teen-age hackers.
• Kevin David Mitnick who is currently behind
bars was considered as the world’s famous
hacker in late 20th century .
TYPES OF HACKERS
• White hat :- A white hat hacker breaks security
for non-malicious reasons.
• Grey hat :- A grey hat hacker is a hacker of
ambiguous ethics and/or borderline legality,
often frankly admitted.
• Black Hat :- A black hat hacker is someone who
subverts computer security without authorization
or who uses technology for terrorism, vandalism,
credit card fraud, identity theft, intellectual
property theft, or many other types of crime.
TYPES OF HACKERS CONTD.
• Cyberterrorist :- A Cyberterrorist uses
technology to commit terrorism. Their intentions
are to cause harm to social, ideological, religious,
political, or governmental establishments.
• Script kiddie :- A script kiddie a non-expert who
breaks into computer systems by using prepackaged automated tools written by others.
• Hacktivist :- A hacktivist is a hacker who utilizes
technology to announce a political message.
COMMON METHODS OF HACKING
• Security exploit :A security exploit is a prepared application that takes
advantage of a known weakness.
• Vulnerability scanner :A vulnerability scanner is a tool used to quickly check
computers on a network for known weaknesses. These check
to see which ports on a specified computer are "open" or
available to access the computer, and sometimes will detect
what program or service is listening on that port, and its
version number.
• Packet Sniffer :A packet sniffer is an application that captures data
packets, which can be used to capture passwords and other
data in transit over the network.
COMMON METHODS OF HACKING CONTD. :-
• Spoofing attack :A spoofing attack involves one program, system,
or website successfully masquerading as another by
falsifying data and thereby being treated as a trusted
system by a user or another program
• Rootkit :A rootkit is designed to conceal the compromise
of a computer's security, and can represent any of a
set of programs which work to subvert control of an
operating system from its legitimate operators.
COMMON METHODS OF HACKING CONTD. :-
• Social engineering :Social Engineering is the art of getting
persons to reveal sensitive information about a
system. This is usually done by impersonating
someone or by convincing people to believe you
have permissions to obtain such information.
• Trojan horse :Trojan horse is a program which seems to be
doing one thing, but is actually doing another. A
trojan horse can be used to set up a back door in
a computer system such that the intruder can
gain access later.
COMMON METHODS OF HACKING CONTD. :-
• Virus :A virus is a self-replicating program that spreads by
inserting copies of itself into other executable code or
documents.
• Worm :Like a virus, a worm is also a self-replicating
program. A worm differs from a virus in that it
propagates through computer networks without user
intervention.
• Key loggers :A keylogger is a tool designed to record ('log')
every keystroke on an affected machine for later
retrieval.
WHAT MAKES HACKING SO INTRESTING?
●
Hobby :Amateurs and electronic enthusiast are the primary members of this
group. These hackers begin by putting together usernames such as the Altair
8800, ABC80 and the ABC800.
●
Academic :Students infact use hacking as a tool to download papers using the
networking interface for their benefits.
●
Network:Phone phreaks have developed ways to utilize the phone system to
make calls. The old phone system used dozen of switches that were
controlled by tone commands. Once these switches were discovered they
could be used to control the phone system. Even wi-fi has come under
serious threat.
HOW FATAL CAN HACKING BE….
• The Chinese military hacked into a Pentagon
computer network in June 2007 in the most
successful cyber attack on the US defence
department.
• A 15-year-old youth faces charges of hacking
into a government computer system that
tracks the positions of U.S. Air Force planes
worldwide, according to government officials.
WAYS TO PREVENT HACKING…
• Implement a firewall :A firewall is a barrier that keeps hackers and viruses out of
computer networks. Firewalls intercept network traffic and allow only
authorized data to pass through.
• Develop a corporate security policy :Establish a corporate security policy that details practices to
secure the network. The policy should direct employees to choose unique
passwords that are a combination of letters and numbers. Passwords
should be changed every 90 days to limit hackers’ ability to gain possession
of a functioning password. When someone leaves company, immediately
delete the user name and password. The corporate policy should outline
consequences for network tampering and unauthorized entry.
WAYS TO PREVENT HACKING CONTD..
• Install anti-virus software :All computers should run the most recent version of an
anti-virus protection subscription. Ideally a server should be configured to
push virus updates out periodically to all client systems. Employees should
be educated about viruses and discouraged from opening e-mail
attachments or e-mail from unknown senders.
• Keep operating systems up to date :Upgrade operating systems frequently and regularly install
the latest patches or versions of software, which are often free over the
Web. If you use Microsoft Windows, check www.windowsupdate.com
periodically for the latest patches.
• Don’t run unnecessary network services :When installing systems, any non-essential features should
be disabled. If a feature is installed but not actively used, it is less likely to
be updated regularly, presenting a larger security threat. Also, allow only
the software employees need to do their job effectively.
WAYS TO PREVENT HACKING CONTD..
• Conduct a vulnerability test :Conducting a vulnerability test is a cost-effective way to
evaluate the current security program. This test highlights flaws and
limitations in the program, and experts can offer suggestions for
improvement. The best method for conducting a vulnerability test is to
contact a computer consulting company and provide access to your
system for a day or two. This will provide ample time for network appraisal
and follow-up discussion and planning.
• Keep informed about network security :Numerous books, magazines and online resources offer
information about effective security tools and “lessons learned.” Also, the
Web provides ample and very current information about security – type in
the key words “network security.”
PREVENT HACKING OF WIRELESS NETWORKS
• Use Secure Portals and Payment Gateways :Banking transactions made on
unsecured websites can lead to leaking of credit card
details. These details can then be used to generate a card
bearing the same data as the original credit card which can
then be used fraudulently. It is imperative to use secure
portals and trusted payment gateways like Paypal, etc.
• Be Aware of Phishing :Phishing is a fraudulent process of
attempting to acquire sensitive information like user Ids
and passwords by issuing fake emails on the pretext of
security verification. The emails appear to originate from
genuine banks and the user is misled into submitting the
information. The golden rule to follow is to never share or
submit passwords or user Ids.
PREVENT HACKING OF WIRELESS NETWORKS CONTD…
• Change Wireless Network Passwords :Most users of wireless networks do not
change the default password provided by the router
vendor. These default passwords are known to hackers and
it makes a hacker’s job easy to intrude any home network
from hundreds of meters away. One should change the
default password immediately before using the wireless
network.
• Change Service Set ID or SSID :SSID or Service Set ID is the name of the
wireless network. Wireless router vendors leave a default
SSID on installation of the router software. Hackers can
easily swap a home computer’s default SSID with theirs
without the user’s knowledge. Like the network password
the SSID also needs to be changed immediately before
using the wireless network.
PREVENT HACKING OF WIRELESS NETWORKS CONTD…
• Hide the Service Set ID or SSID :Sometimes changing the SSID is also not full proof
as hackers have advanced methods to intrude into a wireless network if
the SSID is known. To prevent such cases the SSID needs to be hidden.
Router configuration softwares allow the SSID to be hidden and the steps
are provided in the manuals.
• Convert to Static IP Instead of Dynamic :Most home users use IP addresses on the internet
that are dynamic and are provided by randomly picking one from on the
fly from a pool of IP addresses. Hackers can obtain a valid IP address from
this pool and use it to gain access to the home user’s computer. This
feature of assigning dynamic IP addresses can be turned off and a fixed IP
can be used instead. Additionally if firewall access rules on the router and
computer are limited to this static IP address, then the home computer is
secure.
BENEFITS OF HACKING
 Industry related :The computer industry was virtually founded
on the ideals of hacking. From the very first hackers that
began assembling those early machines to the innovations
that have changed computers forever, hacking has always
been a part of the computer field. The benefits that the
industry has gained from hacking are:• Rapid advancement
• An inability to stagnate
• Diversification
• Innovation
BENEFITS OF HACKING CONTD…
 Individual related :Consumers benefit everyday from hackers
and their endless search for knowledge. Although, the
hackers mainly seem to compete against one another,
society benefits from the discoveries that
are made. The benefits that individuals have gained
from hacking are:• Continually improving security
• Product improvements
• Increased attention to consumer's needs
• Reliable, free software
• Free computer and software assistance
INDIAN INITIATIVE AGAINST CYBER ATTACKS
• Section 66 of Information Technology Act:Whoever with the intent to cause or knowing that he is likely to cause
wrongful loss or damage to the public or any person, destroys or deletes or
alters any information residing in a computer resource or diminishes its
value or utility or affects it injuriously by any means, commits hacking.
Whoever commits hacking shall be punished with imprisonment up to
three years, or with fine which may extend up to two lakh rupees, or with
both.
• National Anti-Hacking Group(NAG) is a Cyber/Information Security
consultancy team backed by a large number of computer buffs, security
experts, computer gurus, students and ethical hackers. This Indian based
team is working to create awareness in the field of Cyber & Information
Security.
HACKING N PREVENTION – A TOM N JERRY TALE
• As technological advancements are made, the
hackers update themselves and in most cases
are ahead of the technology to find loopholes.
Commercial and home users of the internet
should therefore get educated and become
aware of basic do’s and don’ts to combat
fraudulent activity through wireless networks
on the internet.