GEC-LIE Chapter-3.-Lesson-5-Hacking.pptx

AnjieVillarba1 49 views 51 slides Sep 10, 2024
Slide 1
Slide 1 of 51
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39
Slide 40
40
Slide 41
41
Slide 42
42
Slide 43
43
Slide 44
44
Slide 45
45
Slide 46
46
Slide 47
47
Slide 48
48
Slide 49
49
Slide 50
50
Slide 51
51

About This Presentation

GEC LIE LIVING IN IT ERA

Size: 5.35 MB
Language: en
Added: Sep 10, 2024
Slides: 51 pages

Slide Content

HACKING

WHAT IS HACKING? It is an attempt to exploit a computer system or a private network inside a computer. Simply put, it is the unauthorized access to or control over computer network security systems for some illicit purpose .

WHAT IS A HACKER? Someone who uses a computer system to gain unauthorized access to another system for data or who makes another system unavailable. These hackers will use their skills for a specific goal, such as stealing money, gaining fame by bringing down a computer system, or making a network unavailable -- even sometimes destroying them.

WHY DO HACKERS ATTACT? Steal/Leak Information Disrupt Services Money Driven by Purpose (Hacktivism, Idealism, Political Motives)

1. STEAL/LEAK INFORMATION A lot of times, hackers also steal information in order to assume your personal identity and then use it for something else like transferring money, taking a loan, etc. Such incidents have increased after Internet banking and mobile banking have started to become more popular.

II . DISRUPT SERVICES Hackers just love to take something down. And then also leave a statement on the website - more on that later. But hackers have successfully taken down many services by creating bots that overwhelm a server with traffic, thus, leading to a crash. It is known as a DoS (Denial of Service) attack and can put a company’s website out of service for a while.

III. MONEY This is what everyone usually fears about. We've seen many businesses reach out to us at the stage when they have already been hacked and a hacker is demanding money. Hackers not only hack businesses and ask for ransom but they also try hacking into regular user accounts and try to take advantage of things like online banking, online retail, etc. where financial transactions are involved.

I V. DRIVEN BY PURPOSE Many hackers are also drive by a specific purpose. Sometimes, this comes out only when they get caught. Some of them aim to be idealists and take it upon themselves to expose injustice, some have political motives, some simple target the government, and so on. A major example is a hacktivist group called Anonymous who have been popular around the world for challenging and taking down many governments. These hackers can target religious groups, governments, movements, to promote a particular agenda.

WHO IS KEVIN MITNIK? Kevin Mitnick is the world's most famous hacker, bestselling author, and the top cyber security speaker. Once one of the FBI's Most Wanted because he hacked into 40 major corporations just for the challenge, Kevin is now a trusted security consultant to the Fortune 500 and governments worldwide. He is also called “The Condor” and “The Darkside Hacker”

WHAT IS ETHICAL HACKING? Sometimes called as Penetration Testing , an act of intruding/penetrating into system or networks to find out threats, vulnerabilities in those systems which a malicious attacker may find and exploit causing loss of data, financial loss or other major damages.

The purpose of ethical hacking is to improve the security of the network or systems by fixing the vulnerabilities found during testing. Ethical hackers may use the same methods and tools used by the malicious hackers but with the permission of the authorized person for the purpose of improving the security and defending the systems from attacks by malicious users.

BENEFITS OF ETHICAL HACKING The primary benefit of ethical hacking is to prevent data from being stolen and misused by malicious attackers, as well as: Discovering vulnerabilities from an attacker’s POV so that weak points can be fixed. Implementing a secure network that prevents security breaches. Defending national security by protecting data from terrorists. Gaining the trust of customers and investors by ensuring the security of their products and data. Helping protect networks with real-world assessments.

PHASES OF ETHICAL HACKING Planning and Reconnaissance Scanning Gaining Access Maintaining Access Analysis

1. Analysis The first step in ethical hacking is to define the scope and goals of a test as well as the testing methods to be followed. It also addresses intelligence to understand the potential vulnerabilities and how a target works. The prospective footprinting is made through search engines, web services, social network sites, DNS, email, network, etc. by using footprinting tools.

2. Scanning In the second step, scanning is performed to understand how a target reacts to various intrusion attempts, in two ways – when the application’s code is static and when the application’s code is functioning. The later is the most practical way to understand the application’s performance in real-time.

3. Gaining Access This is a crucial step where the web application is attacked using SQL injections, cross-site scripting, backdoors, etc. to find the vulnerabilities and then exploit them by stealing, intercepting traffic, and interfering privileges to understand the amount of damage that it can cause.

4 . Maintaining Access In this step of penetration testing, the vulnerability is used as a persistent presence for a long duration in the infected system in order to steal sensitive information or to spread inside the network, quickly gaining access to the server.

5. Analysis The final stage of a penetration test is to compile the result by analyzing and commenting about the vulnerabilities exploited, access to the data, and the amount of time that the tester can remain unnoticed in the system.

TYPES OF HACKERS Black Hat - basically, these are the “bad guys”. They are the types of hackers who break into computer networks with purely negative motives such as monetary gain or reputation. White Hat - as opposed to the black hat, these are the “good guys”. They are ethical hackers who create algorithms to break existing internet networks so as to solve the loopholes in them. Grey Hat - basically, these are hackers who exploit the internet systems only to make public, certain vast datasets of information that would be of benefit to everyone. They don’t possess the bad intentions of black hats. Blue Hat - in one word, this is the amateur. Usually, their techniques are deployed out of ill motives such as revenge attacks.

Red Hat - the objective of a red hat hacker is to find black hat hackers, intercept and destroy their schemes. Script Kiddie - t his refers to the newbies. They don’t cause excessive damage; they use downloaded hacking software or purchased scripts to bombard traffic sites or simply disrupt the regular activity of a website. Phreaker - A hacker who identifies and exploits weaknesses in telephones instead of computers. Green Hat - this is the set of individuals who simply want to observe and learn about the world of hacking. It comprises those who join learning communities to watch videos and tutorials about hacking. Social Engineering Hackers - these are hackers who use psychological manipulation to make people to divulge private contents or to perform certain actions. It is a more complex crime scheme.

Hactivists - these are the types of hackers who break into systems and networks just to draw attention towards an alarming social cause. Cyber Terrorist - these are politically motivated attackers who break into computer systems to stir up violence against non-combatant targets by subnational groups or clandestine agents. State/Nation Sponsored Hackers - these are hackers who are employed by a country to attack the cybersphere of another nation or international agency as a result of warfare or to retrieve/steal information. Malicious Insider/Whistle-blower Hacker - these are the types of computer hackers who leak sensitive information from within an organization, especially data under the umbrella of government agencies. Elite Hackers - these are individuals who are considered the “cutting-edge geniuses”. They are the real experts and the innovators in the field of hacking.

Signs your phone may be hacked 1.Noticeable decrease in battery life 2. Sluggish performance 3. High data usage 4. Outgoing calls or texts you didn’t send 5. Mystery pop-ups 6. Unusual activity on any accounts linked to the device

COMMON HACKING TOOLS To accomplish a perfect hack, hackers implement a wide variety of techniques such as: Rootkits Keyloggers Vulnerability Scanner

Rootkits It is a program or set of software tools that allow threat actors to gain remote access to control a computer system that interacts or connects with the internet. Originally, a rootkit was developed to open a backdoor in a system to fix specific software issues. Unfortunately, this program is now used by hackers to destabilize the control of an operating system from its legitimate operator or user.

KEYLOGGERS This is a specially designed tool that logs or records every key pressed on a system. Keyloggers record every keystroke by clinging to the API (application programming interface) when typed through the computer keyboard. The recorded file then gets saved, which includes data like usernames, website visit details, screenshots, opened applications, etc.

VULNERABILITY SCANNER Classifies and detects various system weaknesses in networks, computers, communication systems, etc. This is one of the most common practices used by ethical hackers to find potential loopholes and fix them on an immediate basis. On the other hand, vulnerability scanners can also be used by black-hat hackers to check the system for potential weak spots in order to exploit the system.

Common Hacking Techniques SQL Injection Attack Distributed Denial-of-Service (DDoS) Waterhole attacks Fake WAP Eavesdropping (Passive Attacks) Phishing Virus, Trojan, Worms ClickJacking Attacks Cookie theft Bait and Switch

TOP HACKING AND SECURITY TOOLS Web Vulnerability Scanners – Burp Suite, Firebug, AppScan , OWASP Zed, Paros Proxy, Nikto , Grendel-Scan Vulnerability Exploitation Tools – Netsparker , sqlmap , Core Impact, WebGoat , BeEF Forensic Tools – Helix3 Pro, EnCase , Autopsy Port Scanners – Unicornscan , NetScanTools , Angry IP Scanner Traffic Monitoring Tools – Nagios, Ntop , Splunk , Ngrep , Argus Debuggers – IDA Pro, WinDbg , Immunity Debugger, GDB Rootkit Detectors – DumpSec , Tripwire, HijackThis Encryption Tools – KeePass, OpenSSL, OpenSSH / PuTTY /SSH, Tor Password Crackers – John the Ripper, Hydra, ophcrack

  Here are the top ten general tools used by cybersecurity pros, and the guys they go up against . 1 – Metasploit Framework 2 – Nmap 3 – OpenSSH 4 – Wireshark 5 – Nessus 6 – Aircrack -ng 7 – Snort 8 – John the Ripper 9 – Google 10 – L0phtCrack

COMPUTER CRIMES A person commits a “computer crime” when he or she:   1. Accesses a computer system without authorization; 2. Accesses or uses a computer system to obtain unauthorized computer services (including computer access, data processing, and data storage); 3. Intentionally or recklessly disrupts, degrades, or causes disruption or degradation of computer services or denies or causes denial of computer services to an authorized user; or 4. Intentionally or recklessly tampers with, takes, transfers, conceals, alters, or damages any equipment used in a computer system.

It is also a computer crime to misuse computer system data. A person commits this crime by: 1. Accessing a computer system to use, disclose, or copy data residing in, communicated by, or produced by a computer system; 2. Intentionally or recklessly and without authorization (a) tampering with, damaging, or taking data intended for use by a computer system or (b) intercepting or adding to data residing within a computer system; 3. Knowingly receiving or retaining data obtained through misuse of computer system information; or 4. Using or disclosing data he or she knows or believes was obtained through misuse of computer system information

UNAUTHORIZED USE OF COMPUTER OR COMPUTER NETWORK It is a crime to use a computer or computer network without authority and with the intent to: 1. Temporarily or permanently remove, halt, or disable computer data, programs, or software; 2. Cause a computer to malfunction; 3. Alter or erase computer data, programs, or software; 4. Create or alter a financial instrument or an electronic funds transfer;

5. Cause physical injury to another's property; 6. Make or cause to be made an unauthorized copy of computer data, programs, or software residing in, communicated by, or produced by a computer or computer network; or 7. Falsify or forge email information or other routing information in any manner in connection with the transmission of unsolicited bulk email through or into the computer network of an electronic mail service provider or its subscribers.

PHILIPPINES REPUBLIC ACT NO.8792 AN ACT PROVIDING FOR THE RECOGNITION AND USE OF ELECTRONIC COMMERCIAL AND NON-COMMERCIAL TRANSACTIONS, PENALTIES FOR UNLAWFUL USE THEREOF, AND OTHER PURPOSES PART V: FINAL PROVISIONS

Sec. 33. Penalties. The folowing Acts shall be penalized by fine and/or imprisonment, as follows: (a) Hacking or cracking which refers to unauthorized access into or interference in a computer system/server or information and communication system; or any access in order to corrupt, alter, steal or destroy using a computer or other similar information and communication devices, without the knowledge and consent of the owner of the computer or information and communications system, including the introduction of computer viruses and the like, resulting in the corruption, destruction, alteration, theft or loss of electronic data messages or electronic document shall be punished by a minimum fine of one hundred thousand pesos (P100,000.00) and a maximum commensurate to the damage incurred and a mandatory imprisonment of six (6) months to three (3) years.

Protect yourself while online Continually check the accuracy of personal accounts and deal with any discrepancies right away Use extreme caution when entering chat rooms or posting personal Web pages Limit the personal information you post on a personal Web pages Carefully monitor requests by online “friends” or acquaintances for predatory behavior Keep personal and financial information out of online conversations Use extreme caution when agreeing to meet an online “friend” or acquaintance in person

Security Tips to Prevent Hacking Use a 2-way firewall Update your operating system regularly Increase your browser security settings Avoid questionable Web sites Only download software from sites you trust. Carefully evaluate free software and file-sharing applications before downloading them.

Practice safe email and virus/malware protocols Don't open messages from unknown senders Immediately delete messages you suspect to be spam Make sure that you have the best security software products installed on your PC Use antivirus protection Get antispyware software protection

A Computer Hacker Can Be Traced When a Trojan or a virus hits a PC, we get to know about its presence from the malfunctioning of the machine. But knowing just that is not sufficient. We need to know how it got there and most importantly who put it there. By finding the attacker in the same way that a victim is discovered, one can have a broader view of the picture and establish the steps that are required to be taken against an attacker. A cracker or a hacker can be tracked down in several ways. Very often a hacker is more able to remove his traces than a cracker. While tracking their activities the emerging evidences should be preserved so that they cannot be lost or tampered with.

A hacker hides his Internet Protocol (IP), which is called "spoofing". He also conceals his intentions by purposely bouncing some of his communications on computers at different places in the world before attacking on a target computer. So the investigator must track all the bounce points usually to find the exact location of the hacker. The network security infrastructure has evolved various changes in its implementation from firewalls along with their upgrade versions, router security techniques, host system security, auditing, incident response plan, and intrusion detection systems (IDS).

Methods in tracking a hacker Tracerouting Reverse DNS Query DNS

1.Tracerouting

This technique shows all the computers within the range of a user and the target machine. Often the hostname address listed in the last machine belongs to the hacker's ISP Company. This way of resolving the ISP enables to find out its location and the areas where the hacker operates. This gives the clue of the geographical location that eases investigations.

2. Reverse DNS Query DNS

This technique is the most effective way of tracing a hacker. It helps to locate the country where the hacker resides though the exact geographical location cannot be determined without breaking into the ISP's Head Office.

3. DNS

The 'Domain Name Server' are machines connected to the Internet that keeps track of the IP Addresses and Domain Names of other PCs. A DNS search takes the 'ASCII Domain Name' or simply the 'hostname' and converts it into a numeric IP Address.

REFERENCES Merriam Webster https://www.merriam-webster.com/dictionary/cyber Collins Dictionary, British English, American English https://www.collinsdictionary.com/dictionary/english/security International Telecommunications Union https://www.itu.int/en/ITUD/Cybersecurity/Documents/Introduction%20to%20the%20Concept%20of%20IT%20Security.pdf Kaspersky https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security Cisco Umbrella https://umbrella.cisco.com/blog/2019/12/04/cisco-umbrella-top-10-cybersecurity-tips/?utm_medium=web-referral&utm_source=cisco&utm_campaign=cs-fy2020-q2-cisco-100-day-sprint&utm_term=pgm
Tags
science
Categories
Science Technology Education
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 49
  • Slides 51
  • Age 447 days
Related Slideshows
Earthquakes_Type of Faults_Science G8.pptx 23
Earthquakes_Type of Faults_Science G8.pptx
OctabellFabila1
31 views
Quiz #1 Science 10 in the first quarter for jhs 15
Quiz #1 Science 10 in the first quarter for jhs
HendrixAntonniAmante
30 views
Astronomy history from long ago till doday 9
Astronomy history from long ago till doday
ssuserbd9abe
29 views
Great history of astronomy from long ago till today 9
Great history of astronomy from long ago till today
ssuserbd9abe
27 views
EARTHQUAKE-DRILL.powerpoint............. 20
EARTHQUAKE-DRILL.powerpoint.............
chalobrido8
30 views
History of astronomy from old times to the present times 9
History of astronomy from old times to the present times
ssuserbd9abe
30 views
View More in This Category