NAC2006 - PowerPoint PPT Presentation

1 / 42
About This Presentation
Title:

NAC2006

Description:

Corporate Espionage, Password Stealing, IP Violation, Spying etc. Tools: ... Yahoo, Amazon, Ebay, BUY.com brought down for more than 48 hours! ... – PowerPoint PPT presentation

Number of Views:32
Avg rating:3.0/5.0
Slides: 43
Provided by: Jay98
Category:
Tags: nac2006

less

Transcript and Presenter's Notes

Title: NAC2006


1

HACKED!!! Securing your Business

Hacked!!!

Ankit Fadia Ethical Hacker fadia.ankit_at_gmail.com


2
How to become a Computer Security Expert?
3
Hacker VS Cracker
Hacker Cracker
Lots of Knowledge Experience. Lots of Knowledge Experience.
Good Guy Bad Guy
Strong Ethics Poor Ethics
No Crime Commits crime
Fights Criminals. Is the criminal
4
Facts and Figures
FBI INTELLIGENCE REPORT
5
TOP 6 CYBERSECURITY ATTACKS
  • TOP 6 CyberSecurity Attacks
  • Privacy Attacks
  • Email Forging Attacks
  • Sniffer Attacks
  • DOS Attacks
  • Password Attacks

6
Individual Internet User
  • Mumbai Lady Case
  • A lady based in Mumbai, India lived in a 1 room
    apartment.
  • Was a techno-freak and loved chatting on the
    Internet.
  • Attacker broke into her computer switched her
    web camera on!
  • Biggest cyber crime involving privacy invasion in
    the world!

7
Government Sector
  • NASA
  • The premier space research agency in the world.
  • Had just finished a successful spaceship launch,
    when the unexpected happened.
  • The path of the spaceship was changed remotely by
    a 11 year old Russian teenager.
  • Loss of money. Unnecessary Worry.

8
PRIVACY ON THE INTERNET IP Addresses
  • Every system connected to a network has a unique
    Internet Protocol (IP) Address which acts as its
    identity on that network.
  • An IP Address is a 32-bit address which is
    divided into four fields of 8-bits each. For
    Example, 203.94.35.12
  • All data sent or received by a system will be
    addressed from or to the system.
  • An IP Address it to your computer, what your
    telephone number is to you!
  • An attackers first step is to find out the IP
    Address of the target system.

9
IP Addresses Finding an IP Address
  • A remote IP Address can easily be found out by
    any of the following methods
  • Through Instant Messaging Software or Internet
    Telephony (Skype)
  • Through Internet Relay Chat
  • Through Your website
  • Through Email Headers

10
Countermeasures
  • Countermeasures
  • Do not accept File transfers or calls from
    unknown people
  • Chat online ONLY after logging on through a Proxy
    Server.

11
IP Addresses Dangers Concerns
  • Dangers Concerns
  • DOS Attacks
  • Disconnect from the Internet
  • Trojans Exploitation
  • Geographical Information Click Here
  • File Sharing Exploits
  • Invades your Privacy
  • Spy on You
  • Steal your Passwords
  • Slow Your Internet Access Speed.

PRIVACY INVASION IS INDEED A REALITY!
12

TROJANS
  • TROJANS
  • Definition
  • Trojans act as RATs or Remote Administration
    Tools that allow remote control and remote access
    to the attacker.
  • Working See Demo.
  • Threats
  • Corporate Espionage, Password Stealing, IP
    Violation, Spying etc.
  • Tools
  • Netbus, Girlfriend, Back Orrifice and many
    others.

13
TROJANS
  • COUNTERMEASURES
  • Port Scan your own system regularly.
  • If you find a irregular port open, on which you
    usually do not have a service running, then your
    system might have a Trojan installed.
  • One can remove a Trojan using any normal
    Anti-Virus Software.
  • A typical Trojan automatically loads itself into
    the memory, each time the computer boots.
  • Hence, one should search all the start up files
    of the system and remove any references to
    suspicious programs.

14
TOP 5 CYBERSECURITY ATTACKS
  • TOP 5 CyberSecurity Attacks
  • Privacy Attacks
  • Email Forging Attacks
  • Sniffer Attacks
  • DOS Attacks
  • Password Attacks

15
Consumer Electronic Goods Sector
  • TV Group
  • One of the largest manufacturers of televisions
    and other electronic goods in the world.
  • Attacker sent an abusive forged email to all
    investors, employees and partners worldwide from
    the Chairmans account.
  • Tainted relations.

16
Email Forging
  • Email Forging
  • Definition
  • Email Forging is the art of sending an email from
    the victims email account without knowing the
    password.
  • Working
  • ATTACKER-----Sends Forged email-----? FROM
    VICTIM
  • Tools
  • None required! DEMO

17
Email Forging
  • COUNTERMEASURES
  • NOTHING can stop the attacker.
  • Use Secure email systems like PGP.
  • Digitally sign your emails.

18
TOP 6 CYBERSECURITY ATTACKS
  • TOP 6 CyberSecurity Attacks
  • Privacy Attacks
  • Email Forging Attacks
  • Sniffer Attacks
  • DOS Attacks
  • Password Attacks

19
Healthcare Sector
  • Healthcare Group
  • One of the largest shaving solutions companies in
    the world.
  • Attacker broke into network and cancelled
    approximately 35 different orders of raw
    materials from supplier.
  • Loss of revenue. Delay in Product launch.

20
Fashion Entertainment Sector
  • Fashion House Group
  • One of the most successful fashion designers in
    Europe.
  • Stole all designs and marketing plans.
  • Came out with the same range of clothes a week
    before.
  • Loss of Revenue. RD Creative work down the
    drain.

21

SNIFFERS
  • SNIFFERS
  • Definition
  • Sniffers are tools that can capture all data
    packets being sent across the entire network in
    the raw form.
  • Working ATTACKER-----Uses sniffer for
    spying-----? VICTIM
  • Threats
  • Corporate Espionage, Password Stealing, IP
    Violation, Spying etc.
  • Tools
  • Tcpdump, Ethereal, Dsniff and many more.

22
SNIFFERS
  • COUNTERMEASURES
  • Switch to Switching Networks. (Only the packets
    meant for that particular host reach the NIC)
  • Use Encryption Standards like SSL, SSH, IPSec.

23
TOP 6 CYBERSECURITY ATTACKS
  • TOP 6 CyberSecurity Attacks
  • Privacy Attacks
  • Email Forging Attacks
  • Sniffer Attacks
  • DOS Attacks
  • Password Attacks

24
Internet Services Sector
  • Internet Services
  • Yahoo, Amazon, Ebay, BUY.com brought down for
    more than 48 hours!
  • All users across the globe remained disconnected.
  • Attackers were never caught.
  • Loss of Revenue. Share values down.

25

Denial of Services (DOS) Attacks
  • DOS ATTACKS
  • Definition
  • Such an attack clogs up so much bandwidth on the
    target system that it cannot serve even
    legitimate users.
  • Working
  • ATTACKER-----Infinite/ Malicious Data-----?
    VICTIM
  • Tools
  • Ping of Death, SYN Flooding, Teardrop, Smurf,
    Land TYPES
  • Trin00, Tribal Flood Network etc TOOLS

26
Denial of Services (DOS) Attacks
  • BUSINESS THREATS
  • All services unusable.
  • All users Disconnected.
  • Loss of revenue.
  • Deadlines can be missed.
  • Unnecessary Inefficiency and Downtime.
  • Share Values go down. Customer Dissatisfaction.

27
DOS Attacks
  • COUNTERMEASURES
  • Separate or compartmentalize critical services.
  • Buy more bandwidth than normally required to
    count for sudden attacks.
  • Filter out USELESS/MALICIOUS traffic as early as
    possible.
  • Disable publicly accessible services.
  • Balance traffic load on a set of servers.
  • Regular monitoring and working closely with ISP
    will always help!
  • Patch systems regularly.
  • IPSec provides proper verification and
    authentication in the IP protocol.
  • Use scanning tools to detect and remove DOS
    tools.

28
TOP 6 CYBERSECURITY ATTACKS
  • TOP 6 CyberSecurity Attacks
  • Privacy Attacks
  • Email Forging Attacks
  • Sniffer Attacks
  • DOS Attacks
  • Password Attacks

29
Recommendations and Countermeasures
  • National CERTS and Cyber Cops.
  • Security EDUCATION and TRAINING.
  • Increase Security budgets.
  • Invest on a dedicated security team.
  • Security by obscurity?

30
THE FINAL WORD
  • THE FINAL WORD
  • The biggest threat that an organization faces
    continues to be from.

THEIR OWN EMPLOYEES!
31

Is Internet Banking Safer than ATM Machines?
  • ATM MACHINES VS INTERNET BANKING
  • ATM Machines Internet Banking
  • Easier to crack. Difficult to crack, if
    latest SSL used.
  • Soft Powdery Substance. Earlier SSL
    standards quite weak.
  • Unencrypted PIN Number.
  • Software/ Hardware Sniffer.
  • Fake ATM Machine

32

ATM Hacking
33

ATM Hacking
34

ATM Hacking
35

ATM Hacking
36

Mobile Phone Hacking
  • Mobile Phone Attacks
  • Different Types
  • BlueJacking
  • BlueSnarfing
  • BlueBug Attacks
  • Failed Authentication Attacks
  • Malformed OBEX Attack
  • Malformed SMS Text Message Attack
  • Malformed MIDI File DOS Attack
  • Jamming
  • Viruses and Worms
  • Secret Codes 92702689 or 3370

37
AN ETHCAL GUIDE TO HACKING MOBILE PHONES Ankit
Fadia


Title An Ethical Hacking Guide to Hacking
Mobile Phones Author Ankit Fadia Publisher
Thomson Learning

38
THE UNOFFICIAL GUIDE TO ETHICAL HACKING Ankit
Fadia


Title The Unofficial Guide To Ethical
Hacking Author Ankit Fadia Publisher Thomson
Learning


39
NETWORK SECURITY A HACKERS PERSPECTIVE Ankit
Fadia


Title Network Security A Hackers
Perspective Author Ankit Fadia Publisher
Thomson Learning


40
THE ETHICAL HACKING GUIDE TO CORPORATE
SECURITY Ankit Fadia


Title The Ethical Hacking Guide to Corporate
Security Author Ankit Fadia Publisher
Macmillan India Ltd.


41
THE ETHICAL HACKING SERIES Ankit Fadia

Title Email Hacking Author Ankit
Fadia Publisher Vikas Publications


Title Windows Hacking Author Ankit
Fadia Publisher Vikas Publications

42

HACKED!!! Securing your Business

Questions?

Ankit Fadia Ethical Hacker fadia.ankit_at_gmail.com

Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "NAC2006" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!