Cyber security and detailed informat.ppt
raga04269
20 views
25 slides
Aug 19, 2024
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
This ppt gives a detailed information about cyber security..
Slide Content
Presented By: Cibin V Antoney
Department Of Computer Science and
Engineering
St. Joseph College of Engineering
Department Of Computer Science and
Engineering
St. Joseph College of Engineering
Objective
Importance of information security in today's world.
Elements of security.
Various phases of the Hacking Cycle.
Types of hacker attacks.
Hacktivism.
Ethical hacking.
Vulnerability research and tools.
Steps for conducting ethical hacking..
Importance of information security in today's world.
Elements of security.
Various phases of the Hacking Cycle.
Types of hacker attacks.
Hacktivism.
Ethical hacking.
Vulnerability research and tools.
Steps for conducting ethical hacking..
Introduction to hacking and security
1. What is hacking?
Hacking is a process to bypass the security mechanisms of information system
or network. Hacking is done in step partly by creative thinking and partly by
using different tools at a time.
2.Who is a hacker?
Hackers in reality are actually good and extremely intelligent people who by
using their knowledge in a constructive manner help organizations,
companies, government, etc. to secure documents and secret information on
the internet.They spend enormous amount of time trying to breach the
security of networks, web servers and emails. Usually they use selection of
specialist software to identify weakness, which are then exploited.
1. What is hacking?
Hacking is a process to bypass the security mechanisms of information system
or network. Hacking is done in step partly by creative thinking and partly by
using different tools at a time.
2.Who is a hacker?
Hackers in reality are actually good and extremely intelligent people who by
using their knowledge in a constructive manner help organizations,
companies, government, etc. to secure documents and secret information on
the internet.They spend enormous amount of time trying to breach the
security of networks, web servers and emails. Usually they use selection of
specialist software to identify weakness, which are then exploited.
2.Understanding the need to hack your own systems
To catch a thief, think like a thief. That's the basis for ethical hacking. The law of averages works
against security. With the increased number and expanding knowledge of hackers combined with the
growing number of system Vulnerabilities and other unknowns, the time will come when all computer
systems are hacked or compromised in someway.
A.So our overall goals as an ethical hacker should be as follows:
Hack your systems in a nondestructive fashion.
Enumerate vulnerabilities and, if necessary, prove to management that vulnerabilities exit and can
be exploited.
Apply results to remove the vulnerabilities and better secure your system.
B. What is computer security?
Security is process not product. The objective of computer security includes protection of information
and property from theft, corruption, or natural disaster, while allowing the information and property
to remain accessible use to minimize the security threads.
C. What hacker can do?
Hacker can enter any remote system to get all information without any trace.
Hack any email password, website, and take down network with help of ddos attack.
Hacker can break any password.
Hacker can call to anyone without tracing.
To catch a thief, think like a thief. That's the basis for ethical hacking. The law of averages works
against security. With the increased number and expanding knowledge of hackers combined with the
growing number of system Vulnerabilities and other unknowns, the time will come when all computer
systems are hacked or compromised in someway.
A.So our overall goals as an ethical hacker should be as follows:
Hack your systems in a nondestructive fashion.
Enumerate vulnerabilities and, if necessary, prove to management that vulnerabilities exit and can
be exploited.
Apply results to remove the vulnerabilities and better secure your system.
B. What is computer security?
Security is process not product. The objective of computer security includes protection of information
and property from theft, corruption, or natural disaster, while allowing the information and property
to remain accessible use to minimize the security threads.
C. What hacker can do?
Hacker can enter any remote system to get all information without any trace.
Hack any email password, website, and take down network with help of ddos attack.
Hacker can break any password.
Hacker can call to anyone without tracing.
AntivirusAntivirus
Effective antivirus software guards your computer from all forms of malware, including
traditional computer viruses, worms, Trojan horses and even sophisticated, blended
attacks. Not only does antivirus software detect and eliminate any viruses or malware
that may have already infected your hard drive, many solutions that offer a free virus
scan actively prevent new infections before they have a chance to affect your computer.
Antivirus software will scan and analyze emails and files for infection as they are
downloaded.
Using the method of signature-based detection, antivirus software checks a file's contents
against a dictionary of known virus signatures - a pattern of code that uniquely identifies
a virus. If a virus signature is found, the antivirus software will remove the threat.
Antivirus software obviously detects potential threats in a few different ways. But what
about the latest and greatest viruses? Because people create new viruses every day, an
antivirus program will constantly update its dictionary of virus signatures. Many antivirus
software programs including those that offer free virus protection also employ heuristic
analysis, which can identify variants of known malware - viruses that have been mutated
or refined by attackers to create different strains.
Effective antivirus software guards your computer from all forms of malware, including
traditional computer viruses, worms, Trojan horses and even sophisticated, blended
attacks. Not only does antivirus software detect and eliminate any viruses or malware
that may have already infected your hard drive, many solutions that offer a free virus
scan actively prevent new infections before they have a chance to affect your computer.
Antivirus software will scan and analyze emails and files for infection as they are
downloaded.
Using the method of signature-based detection, antivirus software checks a file's contents
against a dictionary of known virus signatures - a pattern of code that uniquely identifies
a virus. If a virus signature is found, the antivirus software will remove the threat.
Antivirus software obviously detects potential threats in a few different ways. But what
about the latest and greatest viruses? Because people create new viruses every day, an
antivirus program will constantly update its dictionary of virus signatures. Many antivirus
software programs including those that offer free virus protection also employ heuristic
analysis, which can identify variants of known malware - viruses that have been mutated
or refined by attackers to create different strains.
How antivirus work?
How to bypass antivirus?
To bypass antivirus we need to build new RAT or virus using own coding else we need to
modify exciting code using crypter, binders, packers, etc.
How to bypass antivirus?
To bypass antivirus we need to build new RAT or virus using own coding else we need to
modify exciting code using crypter, binders, packers, etc.
Firewall
Firewall is second pyramiding of IT security unauthorized or unwanted communications
between computer networks or hosts.
A firewall is a set of related programs, located at a network gateway server that protects the
resources of a private network from users from other networks. An enterprise with an
intranet that allows its workers access to the wider Internet installs a firewall to prevent
outsiders from accessing its own private data resources and for controlling what outside
resources its own users have access to.
Basically, a firewall, working closely with a router program, examines each network packet to
determine whether to forward it toward its destination. A firewall also includes or works with
a proxy server that makes network requests on behalf of workstation users. A firewall is often
installed in a specially designated computer separate from the rest of the network so that no
incoming request can get directly at private network resources.
Firewall is second pyramiding of IT security unauthorized or unwanted communications
between computer networks or hosts.
A firewall is a set of related programs, located at a network gateway server that protects the
resources of a private network from users from other networks. An enterprise with an
intranet that allows its workers access to the wider Internet installs a firewall to prevent
outsiders from accessing its own private data resources and for controlling what outside
resources its own users have access to.
Basically, a firewall, working closely with a router program, examines each network packet to
determine whether to forward it toward its destination. A firewall also includes or works with
a proxy server that makes network requests on behalf of workstation users. A firewall is often
installed in a specially designated computer separate from the rest of the network so that no
incoming request can get directly at private network resources.
What does firewall do?
A firewall filters both inbound and outbound traffic. It can also manage public access to
private networked resources such as host applications. It can be used to log all attempts to
enter the private network and trigger alarms when hostile or unauthorized entry is
attempted. Firewall can filter packets based on their source.
And destination addresses and port numbers. This is known as address filtering. Firewall
can also filter specific type of network traffic. This is also known as protocol filtering
because the decision to forward or reject traffic is dependent upon the protocol used, for
example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.
A firewall filters both inbound and outbound traffic. It can also manage public access to
private networked resources such as host applications. It can be used to log all attempts to
enter the private network and trigger alarms when hostile or unauthorized entry is
attempted. Firewall can filter packets based on their source.
And destination addresses and port numbers. This is known as address filtering. Firewall
can also filter specific type of network traffic. This is also known as protocol filtering
because the decision to forward or reject traffic is dependent upon the protocol used, for
example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.
Step
s of Hacking:
s of Hacking:
Information gathering
This is a first step of hacking and penetration testing attack; first we collect all information's of
target with help of tools and manual ways. Without much information our success rate of
attacks also low.
Manual Process:
1. Get URL using Google search.
2. Using whois sites.
5. www.who.is
6. www.robtex.com
7. www.domaintools.com
This is a first step of hacking and penetration testing attack; first we collect all information's of
target with help of tools and manual ways. Without much information our success rate of
attacks also low.
Manual Process:
1. Get URL using Google search.
2. Using whois sites.
5. www.who.is
6. www.robtex.com
7. www.domaintools.com
II.Scanning & Banner Grabbing
After getting information of target user we need to know OS type, version of
application that are running on open PORTS etc to successful exploitation.
Following tools we need to use:
1.Port & network scanning:
Port and networking scanning is used to know open port and active Pc in
network.
Nmap
Angry IP scanner Hping
2. Banner Grabbing:
Banner grabbing is a process to know exact version of target application to
search loopholes or exploits or zero day.
Telnet
ID serve
After getting information of target user we need to know OS type, version of
application that are running on open PORTS etc to successful exploitation.
Following tools we need to use:
1.Port & network scanning:
Port and networking scanning is used to know open port and active Pc in
network.
Nmap
Angry IP scanner Hping
2. Banner Grabbing:
Banner grabbing is a process to know exact version of target application to
search loopholes or exploits or zero day.
Telnet
ID serve
III . Vulnerability Scanning
This step is used to find out loopholes in applications using tools,
after we use public and private exploit to enter on target system
remotely.
Vulnerability scanner:
Acunetix
netsparke
nessus
Whatweb [ Find out web application ][ Backtrack Tool ]
E.g.: /whatweb bytecode.com
IV Exploitation (Obtaining access)
V. Maintaining access & erasing evidence
This step is used to find out loopholes in applications using tools,
after we use public and private exploit to enter on target system
remotely.
Vulnerability scanner:
Acunetix
netsparke
nessus
Whatweb [ Find out web application ][ Backtrack Tool ]
E.g.: /whatweb bytecode.com
IV Exploitation (Obtaining access)
V. Maintaining access & erasing evidence
D0
s ATTACK
1. Ddos Attack
A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent
legitimate users of a service from using that service.
Examples include:
attempts to "flood" a network, thereby preventing legitimate networktraffic
attempts to disrupt connections between two machines, thereby preventing access to a
service
attempts to prevent a particular individual from accessing a service
attempts to disrupt service to a specific system or person.
s ATTACK
1. Ddos Attack
A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent
legitimate users of a service from using that service.
Examples include:
attempts to "flood" a network, thereby preventing legitimate networktraffic
attempts to disrupt connections between two machines, thereby preventing access to a
service
attempts to prevent a particular individual from accessing a service
attempts to disrupt service to a specific system or person.
Ping Of Death
•ping -t-1 6550 google.com [ max buffer size = 65500 ]
•Effective system [ Solaris 2.4, minix, win3.11,95]
SYN-ATTACK
•Hping -i sudo hping3 -i ul -S -p 80 192.168.1.1
UDP/HTTP/TCP Flooding
• LOIC
• HOIC
Smurf Attack
•make your own packet and flood on network
pktbuilder
packETH 1.6 (linux & windows)
MAC Flooding
•flooding network switches
•ARP spoofing
•net cut[windows]
•ping -t-1 6550 google.com [ max buffer size = 65500 ]
•Effective system [ Solaris 2.4, minix, win3.11,95]
SYN-ATTACK
•Hping -i sudo hping3 -i ul -S -p 80 192.168.1.1
UDP/HTTP/TCP Flooding
• LOIC
• HOIC
Smurf Attack
•make your own packet and flood on network
pktbuilder
packETH 1.6 (linux & windows)
MAC Flooding
•flooding network switches
•ARP spoofing
•net cut[windows]
W
IRELESS HACKING
W
IRELESS HACKING
How home WiFi Work
IRELESS HACKING
W
IRELESS HACKING
How home WiFi Work
Wireless networks broadcast their packets using radio frequency or optical
wavelengths. A modern laptop computer can listen in. Worse, an attacker can
manufacture new packets on the fly and persuade wireless stations to accept his
packets as legitimate.
The step by step procedure in wireless hacking can be explained with help of different
topics as follows:-
1. Stations and Access
2. Channels
3. Wired Equivalent Privacy (WEP)
wavelengths. A modern laptop computer can listen in. Worse, an attacker can
manufacture new packets on the fly and persuade wireless stations to accept his
packets as legitimate.
The step by step procedure in wireless hacking can be explained with help of different
topics as follows:-
1. Stations and Access
2. Channels
3. Wired Equivalent Privacy (WEP)
MALWARE
This is a big catchall phrase that covers all sorts of software with nasty intent. Not buggy
software, not programs you don't like, but software which is specifically written with the
intent to harm.
Virus:
This is a specific type of malware that spreads itself once it's initially run. It's different
from other types of malware because it can either be like a parasite that attaches to
good files on your machine, or it can be self-contained and search out other machines
to infect.
Worm:
Think of inchworms rather than tapeworms. These are not parasitic worms, but the kind
that move around on their own. In the malware sense, they're viruses that are self-
contained (they don't attach themselves like a parasite) and go around searching out
other machines to infect.
Trojan:
Do you remember that story you had to read in high school about the big wooden horse
that turned out to be full of guys with spears? This is the computer equivalent. You run a
file that is supposed to be something fun or important, but it turns out that it's neither
fun nor important, and it's now doing nasty things to your machine.
This is a big catchall phrase that covers all sorts of software with nasty intent. Not buggy
software, not programs you don't like, but software which is specifically written with the
intent to harm.
Virus:
This is a specific type of malware that spreads itself once it's initially run. It's different
from other types of malware because it can either be like a parasite that attaches to
good files on your machine, or it can be self-contained and search out other machines
to infect.
Worm:
Think of inchworms rather than tapeworms. These are not parasitic worms, but the kind
that move around on their own. In the malware sense, they're viruses that are self-
contained (they don't attach themselves like a parasite) and go around searching out
other machines to infect.
Trojan:
Do you remember that story you had to read in high school about the big wooden horse
that turned out to be full of guys with spears? This is the computer equivalent. You run a
file that is supposed to be something fun or important, but it turns out that it's neither
fun nor important, and it's now doing nasty things to your machine.
A penetration testing is a method of evaluating the security of a computer system or
a network by simulating an attack from a malicious source, known as black hat hackers,
or crackers. The process involves an active analysis of the system from any potential
vulnerabilities that may result from poor or improper system configuration, known and/or
unknown hardware or software flaws, or operational weakness in process or technical
countermeasures.
P
ENETRATION TESTING
P
ENETRATION TESTING
a network by simulating an attack from a malicious source, known as black hat hackers,
or crackers. The process involves an active analysis of the system from any potential
vulnerabilities that may result from poor or improper system configuration, known and/or
unknown hardware or software flaws, or operational weakness in process or technical
countermeasures.
P
ENETRATION TESTING
P
ENETRATION TESTING
1. Why conduct a penetration testing?
From a business perspective, penetration testing helps safeguard your organization against failure,
through:
Preventing financial loss through fraud or through lost revenue due to unreliable business
system and processes.
Proving due diligence and compliance to your industry regulators, customers and shareholders.
Protecting your brand by avoiding loss of consumer confidence and business reputation.
From a business perspective, penetration testing helps safeguard your organization against failure,
through:
Preventing financial loss through fraud or through lost revenue due to unreliable business
system and processes.
Proving due diligence and compliance to your industry regulators, customers and shareholders.
Protecting your brand by avoiding loss of consumer confidence and business reputation.
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 20
- Slides 25
- Age 474 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
51 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
49 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
39 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
38 views
21
Know for Certain
DaveSinNM
24 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
27 views