Computer security chapter 2: About Hacking

ThekoMoima 144 views 18 slides Feb 23, 2019
Slide 1
Slide 1 of 18
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18

About This Presentation

Computer security slide for chapter 2 for catholic comprehensive community college IT students by Theko Moima.

Size: 972.24 KB
Language: en
Added: Feb 23, 2019
Slides: 18 pages

Slide Content

CSE 334: COMPUTER SECURITY Semester 6, 2019 Instructor: Mr. Theko Michael Moima C|EH Email: [email protected]

About Hacking WHAT IS THIS HACKING? Hacking means to attack systems, networks and applications by exploiting their weaknesses (vulnerabilities) in order to gain unauthorized access. WHAT ARE THE GOALS OF HACKING? Data theft, Destruction or alteration, Unauthorized access, elevated privileges or any other unauthorized action or purpose.

Ethical Hacking WHAT IS IT THEN? - Use of hacking knowledge, tools and techniques to demonstrate the true exploitable vulnerabilities in a system, network or the IT infrastructure for the purpose of securing it. - Ethical hacking is what we shall be doing for this CSE334 course.

Hacking Terminology Target: the individual or the organization which shall be attacked by the hacker. Target value: the value (basically in terms of dollars, criticallity and aid to reputation) of a target to the hacker. Vulnerability: a weakness in a system, organization, software or a network that could lead to data disclosure or alteration, denial of service or unauthorized access e.t.c . An Exploit: a method or a technique used to exercise the vulnerability. “Zero-day” attack: an exploit for an unpublished vulnerability or for a vulnerability that for which there is no published patch or mitigation.

Examples- Attack vectors Virtual machines and infrastructure Databases Untrained users Untrained administrators Networks Social engineering Malware Mobile devices Operating systems Client-server applications Social media Web applications Voip and PABX

Motivations for hackers Money Revenge ( e.g bitter ex boyfrieds ) Hacking for cause Fun Espionage Intellectual property theft Damage to people and organizations Hacker reputation.

Recap on hacker types How did we say we classify hackers? Hackers can be categorized in several different ways based on based upon : -Motivation -Which side they are on (good or bad) -skills e.t.c

Hacker classification Script kiddies attributes : -Novice hackers. -Little technical knowledge. -use other people’s pre developed tools. -No IT programming or networking background. Black hats: - use hacking skills to purposely offend individuals or organizations - often motivated by money, revenge, terrorism, activism -Most of them are cyber terrorists

Hacker classifications cont.. White hats: - use hacking skills to defend against network attacks and make systems more secure. - Often called security consultants, analysts or engineers. Grey hats - can be good or bad or both - Often reformed black hats, or roque white hats State sponsored hackers -trained, funded, and supported agents of a nation state or gov -their goals are espionage or cyber warfare.

Hacker classes cont.. Hacktivists - Hackers who launch attack to spread their message about a cause. -they deface websites, causes Ddos attacks or disclose private data. - e.g anonymous and the shadow brokers e.t.c

Hacker classes cont.. Corporate hackers - target organizations intellectual property, or proprietary data -goal is to have the competitive advantage, money making or blackmailing purposes.

Types of testing Types of tests depend on what your goal is.: We have: -vulnerability testing -full penetration testing -targeted testing -Black box testing -Grey box testing -White box testing

Testing types Types of testing Testing for vulnerabilities only:- no exploits Vulnerability testing Full pentesting Full on testing for all targets with all attack vector exploitation . Testing on specific spots on the infrastructure. Targeted testing Black box testing No prior knowledge about the target

Testing types cont.. Types of testing Some limited knowledge about the target Grey box testing White box testing Full knowledge about the target system

Targeted Testing Databases Web application testing Client-server application testing Code review Physical security tests Social engineering Malware detection Network scanning Information leakage Red team testing Defensive testing only Incident response testing

Security controls Are security measures you use to secure the systems, organization and its data. Use a defense-in-depth strategy Administrative / management control Operational / physical control Logical / technical control

Defenses User education Patches Secure configuration Anti-malware Policies and procedures Planning Network security devices Data encryption Secure authentication Access controls, alarms, guns, gates and CCTVs.

Next lecture Hacking methodologies
Tags
ethical hacking cyber security hacking theko moima lesotho catholic comprehensive community college
Categories
Education
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 144
  • Slides 18
  • Age 2474 days
Related Slideshows
TLE-9-Prepare-Salad-and-Dressing.pptxkkk 11
TLE-9-Prepare-Salad-and-Dressing.pptxkkk
MaAngelicaCanceran
32 views
LESSON 1 ABOUT MEDIA AND INFORMATION.pptx 12
LESSON 1 ABOUT MEDIA AND INFORMATION.pptx
JojitGueta
25 views
GRADE-8-AQUACULTURE-WEEKQ1.pdfdfawgwyrsewru 60
GRADE-8-AQUACULTURE-WEEKQ1.pdfdfawgwyrsewru
MaAngelicaCanceran
41 views
Feelings PP Game FOR CHILDREN IN ELEMENTARY SCHOOL.pptx 26
Feelings PP Game FOR CHILDREN IN ELEMENTARY SCHOOL.pptx
KaistaGlow
40 views
Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx 54
Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx
acecamero20
25 views
Jeopardy_Figures_of_Speech.pptxvdsvdsvsdvsd 7
Jeopardy_Figures_of_Speech.pptxvdsvdsvsdvsd
acecamero20
25 views
View More in This Category