Wanna be a h4ck3r

Transcript

1. Wanna be h4ck3r snapshot of security concept By Eslam Mamdouh

   El Husseiny

2. ؟ نوكأ نم @EslamElHusseiny www.eslamizmy.org

3. Wanna be h4ck3r • Agenda – Security policy – Attackers

   – Type of attacks – So am I a looser ? – Live demo – ؟ نيدعب و بط – هدك ةيافك صلخ

4. Security policy • Document describing the way computer equipment may/may

   not be used • Security policy aspects: – Physical security – Network security – Authentication – Authorization

5. Physical Security • Ensure that nobody can access computer hardware

   – Locks on doors – Access codes – Signing-in of staff – Physical protection of cabling

6. Physical Security • Physical environment – Uninterruptible Power Supply (UPS)

   – Fire suppression system – Air Conditioning (heat, moisture) • Physical breakdown of computer hardware – Spare components – Backups (consider off-site storage)

7. Network Security • Ensure that no unauthorized user can access

   the system – over the network – Internet – other WAN – LAN • Needs to be done for every networked system

8. Authentication • User name/Password • Public key cryptography • Smart

   cards • Biometrics

9. Authorization • Determining what you may do • Usually dependent

   on group membership

10. Attackers • Hackers – A hacker is someone who wants

    to satisfy his curiosity • Means no harm • May cause harm accidentally

11. Attackers • Crackers – A cracker is someone who wants

    to gain something • Access to your system to use resources • Access to data (e.g. credit card numbers) • Publicity • Revenge

12. Attackers • Script Kiddies – A Script Kiddie is someone

    who uses hackers tools without understanding what they do

13. Types of Attack (1) • Scanning – Which services are

    enabled – Which software and version is used • Sniffing – Monitoring data (e.g. passwords) in transit • Break-in – Gain access to a computer, preferably as superuser

14. Types of Attack (1) • Brute Force – Try every

    possible combination until one works • Man-in-the-Middle – Act as the server to a client – Act as a client to the server

15. Types of Attack (1) • Denial of Service (DoS) –

    Prevent legitimate users from working – Usually done by crashing or overloading the system or network • Distributed Denial of Service (DDoS) – DoS attack from many different sources simultaneously

16. Types of Attack (2) MW ViSTA

17. Types of Attack (2) • Maleware • Worm • Virus

    • Spyware • Trojan • Adware

18. Types of Attack (2) • Virus – Malicious program that

    attaches itself to other programs • Worm – Self-replicating malicious program • Trojan Horse – Apparently useful program with a malicious component

19. What You Have to Lose • Loss of resources –

    Disk space – Bandwidth – CPU time • Loss or alteration of data • Loss or impairment of service • Loss of reputation, goodwill, trust

20. What You Have to Lose • Disclosure of personal, proprietary

    or confidential • information • Financial loss • Stolen credit card numbers • Legal, criminal action against you

21. Live Demo

22. And so !

23. كماظن فرعإ

24. Quiz !

25. Questions ?

26. References ➢ Mainly IBM Slides

27. thanks