Hackers: Detection and Prevention



Similar documents
Computer Networks & Computer Security

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Intrusion Detection. Tianen Liu. May 22, paper will look at different kinds of intrusion detection systems, different ways of

How to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01

Intruders and viruses. 8: Network Security 8-1


Common Cyber Threats. Common cyber threats include:

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Penetration Testing Service. By Comsec Information Security Consulting

Hack Your SQL Server Database Before the Hackers Do

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

COB 302 Management Information System (Lesson 8)

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Network and Host-based Vulnerability Assessment

Worms, Trojan Horses and Root Kits

PEER-TO-PEER NETWORK

Network Based Intrusion Detection Using Honey pot Deception

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

IDS and Penetration Testing Lab ISA 674

Computer Security DD2395

Computer Viruses: How to Avoid Infection

Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science

Wireless Network Security

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

Network Incident Report

Cracking and Computer Security

CONFIGURING TCP/IP ADDRESSING AND SECURITY

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

IDS / IPS. James E. Thiel S.W.A.T.

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

A Proposed Architecture of Intrusion Detection Systems for Internet Banking

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Certified Ethical Hacker (CEH)

24/7 Visibility into Advanced Malware on Networks and Endpoints

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

COSC 472 Network Security

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

Global Partner Management Notice

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

HoneyBOT User Guide A Windows based honeypot solution

GFI White Paper PCI-DSS compliance and GFI Software products

A Decision Maker s Guide to Securing an IT Infrastructure

Network Security: Introduction

Banking Security using Honeypot

PROACTIVE PROTECTION MADE EASY

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Hacking: Information Gathering and Countermeasures

1 Introduction. Agenda Item: Work Item:

Introduction to Ethical Hacking and Network Defense. Objectives. Hackers

Network Traffic Monitoring With Attacks and Intrusion Detection System

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

IntruPro TM IPS. Inline Intrusion Prevention. White Paper

INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

FIREWALL POLICY November 2006 TNS POL - 008

WHITE PAPER. An Introduction to Network- Vulnerability Testing

Information Technology Cyber Security Policy

Second-generation (GenII) honeypots

Potential Targets - Field Devices

Firewalls & Intrusion Detection

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Host-based Intrusion Prevention System (HIPS)

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

INTRUSION DETECTION SYSTEMS and Network Security

A Case for Managed Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

CS574 Computer Security. San Diego State University Spring 2008 Lecture #7

Firewalls, Tunnels, and Network Intrusion Detection

74% 96 Action Items. Compliance

Managed Security Services

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control

California State University, Chico. Information Security Incident Management Plan

Introduction of Intrusion Detection Systems

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

How To Protect A Network From Attack From A Hacker (Hbss)

How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security

The Self-Hack Audit Stephen James Payoff

CYBER SECURITY. II. SCANDALOUS HACKINGS To show the seriousness of hacking we have included some very scandalous hacking incidences.

COMPUTER-INTERNET SECURITY. How am I vulnerable?

Incident Response Plan for PCI-DSS Compliance

Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software

Transcription:

Computer Networks & Computer Security SE 4C03 Project Report Hackers: Detection and Prevention Due Date: March 29 th, 2005 Modified: March 28 th, 2005 Student Name: Arnold Sebastian Professor: Dr. Kartik Kirishnan

Introduction Internet security is one of the major concerns of organizations, companies, systems, and normal personal-computer users. These stakeholders mainly fear the exposure of their secure documents and information, let alone the soundness of their systems from bugs and worms. The main fear of governmental organizations is hackers that break into their security system to retrieve information via unethical acts. Yet, it is unfair to classify hackers as being the bad people without exploring their background and their purpose. In an original context, hacking is regarded as dedication or passion towards certain interests or habits. Hence, a hacker is referred as an individual who is passionate in what he or she does. Since the information revolution, the word hacking became a buzzword and is generally recognized as illegal or destructive use of computer systems due to misinformation by the media. Therefore, it is interesting to explore what kind of hackers are out there, how they break internet and computer security, and their main reason to doing so. Also, to examine how these hackers could be stopped, we include a discussion on some of the methods employed by hackers. Much alike the unauthorized entry in real life, hacking allows hackers to gain access to others private information. The range of actions that a hacker can take may range from mere learning to complete deletion or alteration of the information. Hacker Types and reasons There are different kinds and names for these individuals that possess an exceptional knowledge for computer and internet security. Few of these terminologies will be discussed, while many can be found in Deborah Radcliff s article [1]. A hacker can be specified as a brilliant programmer, a computer criminal, a gray hat, or a white hat hacker [2]. Black hats, are very skilled crackers who are not easily caught. They possess extensive knowledge in technology and use them to find more vulnerability of systems. White hats, on the other hand, use their skills in attacking computer systems and networks to improve existing defensive measures. A brilliant programmer is someone who can write code very fast, and produce a program that delivers ideas as intended. These individuals are mainly harmless and will not hack programs unless requested to by their company. When these hackers write code to break the security features of programs, systems, and network, they will mainly be identified as crackers. Crackers are those who commit evil acts by breaking the security features of software. These individuals are either driven by personal interests, curiosity, or are paid to crack software or a network system by companies that hire them. Crackers use - 2 -

different tools and methods to break the security of a system. Some of these methods are Trojan horse, Snooper, Virus, Worm, Vulnerability and Port Scanner, Exploit, Social engineering, Root Kit, Leet, Packet Sniffing, and many other methods. [2] On the other hand, a cracker can be classified as a Samurai (or a white hat [3]) when he/she is hired for legal cracking jobs. These individuals break into systems and networks to test their security. They see themselves as warriors defending their employer s systems from unethical crackers. All terms and conditions aside the main psychological reason for hackers to peruse their occupation is driven by self satisfaction. This can be in the form of curiosity, the pleasure of committing evil acts, or the enjoyment of showing off what they are able to do, as in kids sending out worms and viruses in mass emails for personal war with other individuals, on the account of innocent computer users [4]. To fight such intrusions and invasions of privacy, many methods were developed to companies and individuals. Hacking Tools A worm is an application that looks for weaknesses in a system or a network, and reproduces itself on that system till the system crashes. A virus on the other hand, is attached to software, and is spread once the software is executed. The danger of a virus can be as harmless as a sound, or a picture, or as harmful as a worm, that changes the binary setting of the computer, and crashes the system. Further light will be shed on how each of viruses and worms act when accessing a system. Snooper is an application that enables the cracker to capture secure information, while it is in transit within a computer or a network. For example, information transported between web pages for form applications transitions and stages, and the transportation of information from a form to the server. Trojan Horse is a method that enables the cracker to set up a way to intrude on a computer or a system, by having his/her code installed with useful software on the machine, network, or system. The cracker can enter the system through that back door later on. Examples of this useful software are programs that mimic login screens, viruses that fool the user to download programs, and other applications. Packet Sniffing can be used for network monitoring, and for troubleshooting. It can be a powerful tool to gather information that helps compromise the network. The Hacker Enumeration tools help to enumerate or list out various aspects of target machines, user accounts, protocols, registry keys, and more. [6] Other methods such as changing the code of a system to cover the existence of hacker software (Root Kit), can be found along with more information about the mentioned methods and techniques in the Wikipedia site [2], and on the Net Security source [5]. - 3 -

Hacking Thwarting Some of the methods and techniques that are used to reduce the effects of hackers and malicious software are developed by different companies. Companies vary in their ideas of what is the weakest point in a network that should be protected from hackers. Each software tool has its negatives and positives, and below, is a discussion of some of the tools that are used to lessen the intrusion of a hacker or virus to a network system. Intrusion Detection System (IDS) monitors network traffic for suspicious activities and alerts the system or network administrator (Passive IDS), or in certain cases, blocks the user or the source IP address from accessing the network (Active IDS). There are many approaches in detecting suspicious traffic into the network; therefore, the tool comes in many varieties and detection methods. Some are network based (NIDS), and some are host based (HIDS). Others are based on the signature of known threats, or comparing traffic patterns against baseline while looking for anomalies. [5] At any case, the main negative of this tool is the bottle neck formed on the monitored point. When an anti-virus company detects the existence of a Virus or an intruder to a system, they would analyze the suspected file. Depending on the type of the file, actions like: disassembly, macro scanning, code analysis, etc. is done to eliminate the Virus or disconnect the intruder. [7] On the other hand, when a Worm arrives via e-mail with variety of extensions, it copies several files into the system directory, from which it can change or modify critical registry keys, delete files, or change the contents of files. There are corporations that specialize in catching these files and preventing the change or modifications of any system files or registry keys. A Worm can also establish a TCP server and starts listening, then download and execute arbitrary files [9]. A reasonable method to fight this kind of Worm is to prevent arbitrary programs from being installed on a server or listening on ports. A Worm can also create an outbound connection to a remote website in an attempt to generate a denial of service attack. A reasonable method to prevent this attack is allowing outbound connections via http only where it is appropriate, and preventing arbitrary http connections. The Worm can then scan for files with e-mail addresses, and uses its own SMTP engine to email itself to those addresses, and spread by that method quadratically making it difficult to be stopped. To reduce this spread, one could prevent any arbitrary program to install an SMTP engine, and from making any outbound SMTP connections.[8] This is but one of the methods that a Worm can harm a system or a network, and spread across rapidly. Conclusion In conclusion, hackers can be classified in different terms according to their personal interests and actions. Hackers utilize many methods to intrude to a system or a network, such as the Trojan Horse, the Vulnerability Scanner, the Packet Sniffing, and many other ways. To a certain degree, hacking can be considered proper and ethical only if the intensions are to learn and to discover security weaknesses. The only method that a computer or a network can be secured from these attacks is to counter attack these - 4 -

individuals by using their techniques to find the weaknesses of a system, and fix it, or use IDS. The software designs and implementations will continue to evolve, but so will the methods and tools for hacking. It only remains how fast companies can discover the functionality of a Virus or a Worm, and utilize a method to stop their effects. - 5 -

References [1] Radcliff, Deborah, Jan, 1999. Internet Security News: [ISN] Hackers for Hire. [Online] Available at: http://www.landfield.com/isn/mailarchive/ 1999/Jan/0053.html (March 29, 2004) [2] Wikipedia, The Free Encyclopedia, March, 2004. [Online] Available at: http://en.wikipedia.org/wiki/hacker (March 29, 2004) [3] Riley, James, 2001. Industry looks to get hacked to bits. [Online] Available at: http://www.consensus.com.au/itwritersawards/itwarchive/itwentries01/itw 01f-jr-ih36.htm (March 29, 2004) [4] Kapica, Jack, March, 2004. Globetechnology: The syntax of Viruses. [Online] Available at: http://www.globetechnology.com/servlet/story/rtgam.20040304.gtkapicamar 4/BNStory/Technology/ (March 29, 2004) [5] Internet and Network Security, 2004. Introduction to Intrusion Detection Systems (IDS) [Online] Available at: http://netsecurity.about.com/cs/hackertools/a/aa030504_2.htm (March 29, 2004) [6] Pekka Himanen, The Hacker Ethic, Random House 2001 [7] Panda Software, 2004. Panda Software About. [Online] Available at: http://us.pandasoftware.com/about/press/viewnews.aspx?noticia=4842 (March 11, 2004) [8] Platform Logic, 2004. SoBigF: Intrusion Prevention. [Online] Available at: http://www.platformlogic.com/solutions/mydoom.asp (March 29, 2004) - 6 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information