Computer Networks & Computer Security



Similar documents
Hackers: Detection and Prevention

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Intruders and viruses. 8: Network Security 8-1

Intrusion Detection. Tianen Liu. May 22, paper will look at different kinds of intrusion detection systems, different ways of

Common Cyber Threats. Common cyber threats include:

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them

Worms, Trojan Horses and Root Kits


2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

WHITE PAPER PROCESS CONTROL NETWORK SECURITY: INTRUSION PREVENTION IN A CONTROL SYSTEMS ENVIRONMENT

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

PEER-TO-PEER NETWORK

How to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Network Incident Report

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

Penetration Testing Service. By Comsec Information Security Consulting

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

Hack Your SQL Server Database Before the Hackers Do

Network Based Intrusion Detection Using Honey pot Deception

HoneyBOT User Guide A Windows based honeypot solution

1 Introduction. Agenda Item: Work Item:

Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

A Proposed Architecture of Intrusion Detection Systems for Internet Banking

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

COB 302 Management Information System (Lesson 8)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

Global Partner Management Notice

Network and Host-based Vulnerability Assessment

Network Security: Introduction

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

IDS / IPS. James E. Thiel S.W.A.T.

24/7 Visibility into Advanced Malware on Networks and Endpoints

INTRUSION DETECTION SYSTEMS and Network Security

A Case for Managed Security

Certified Ethical Hacker (CEH)

CONFIGURING TCP/IP ADDRESSING AND SECURITY

Introduction of Intrusion Detection Systems

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

COSC 472 Network Security

IntruPro TM IPS. Inline Intrusion Prevention. White Paper

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control

Second-generation (GenII) honeypots

Computer Security DD2395

IDS and Penetration Testing Lab ISA 674

Wireless Network Security

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Cracking and Computer Security

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

1 Introduction. Agenda Item: Work Item:

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

Banking Security using Honeypot

GFI White Paper PCI-DSS compliance and GFI Software products

Client Guide for Symantec Endpoint Protection and Symantec Network Access Control

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

A Decision Maker s Guide to Securing an IT Infrastructure

TROJAN HORSES: THEY DECEIVE, THEY INVADE, THEY DESTROY

Description: Objective: Attending students will learn:

How To Protect Your Network From Attack From A Hacker On A University Server

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Network- vs. Host-based Intrusion Detection

Norton Personal Firewall for Macintosh

Firewalls, Tunnels, and Network Intrusion Detection

PROACTIVE PROTECTION MADE EASY

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

CS574 Computer Security. San Diego State University Spring 2008 Lecture #7

Network Traffic Monitoring With Attacks and Intrusion Detection System

WHITE PAPER. An Introduction to Network- Vulnerability Testing

B database Security - A Case Study

74% 96 Action Items. Compliance

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Intrusion Detection Systems. Darren R. Davis Student Computing Labs

Security Toolsets for ISP Defense

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Computer Viruses: How to Avoid Infection

The Self-Hack Audit Stephen James Payoff

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

End-user Security Analytics Strengthens Protection with ArcSight

Building A Secure Microsoft Exchange Continuity Appliance

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Firewalls & Intrusion Detection

Transcription:

Computer Networks & Computer Security Software Engineering 4C03 Project Report Hackers: Detection and Prevention Prof.: Dr. Kartik Krishnan Due Date: March 29 th, 2004 Modified: April 7 th, 2004 Std Name: Yamama Khadduri

Std #: 0052573 Email: khadduy@mcmaster.ca 1

Introduction: Internet security is one of the major concerns of organizations, companies, systems, and normal personal-computer users. These stakeholders mainly fear the exposure of their secure documents and information, let alone the soundness of their systems from bugs and worms. But how safe are these information? The main fear of governmental organizations is hackers that break into their security system to retrieve information via unethical acts. Yet, it is unfair to classify hackers as being the bad people without exploring their background and their purpose. Therefore, it is interesting to explore what kind of hackers are out there, how they break internet and computer security, and their main reason to doing so. Also, to examine how these hackers could be stopped, we include a discussion on some of the methods employed by hackers. Hackers Types: There are different kinds and names for these individuals that possess an exceptional knowledge for computer and internet security. Few of these terminologies will be discussed, while many can be found in Deborah Radcliff s article [1]. A hacker can be specified as a brilliant programmer, a computer criminal, a gray hat, or a white hat hacker [2]. A brilliant programmer is someone who can write code very fast, and produces a program that delivers ideas as intended. These kind of individuals is mainly harmless and will not bother with hacking programs unless asked to by their company. When these hackers start writing code to break the security features of programs, systems, and network, they will mainly be identified as crackers. Crackers are those who commit evil acts by breaking the security features of software. These individuals are either driven by personal interests, curiosity, or are paid to crack software or a network system by companies that hire them. Crackers use different tools and methods to break the security of a system. Some of these methods are Trojan Horse, Snooper, Virus, Worm, Vulnerability and Port Scanner, Exploit, Social engineering, Root Kit, Leet, Packet Sniffing, and many other methods. On the other hand, a cracker can be classified as a Samurai (or a white hat [3]) when he/she is hired for legal cracking jobs. These individuals break into systems and networks to test their security. They see themselves as warriors defending their employer s systems from unethical crackers. There are other types of hackers that specialize in commandeering card numbers of others for personal use (Carding), or are obsessed with encrypting their files and system security for their paranoia of the term privacy (Cypherpunk) [1]. 2

Hackers Reasons: No matter what the terms are, or what these individuals do, the main psychological reason for these individuals is driven towards self satisfaction. This can be in the form of curiosity, the pleasure of committing evil acts, or the enjoyment of showing off what they are able to do, as in kids sending out worms and viruses in mass emails for personal war with other individuals, on the account of innocent computer users [4]. To fight such intrusions and invasions of privacy, many methods were developed to companies and individuals. Hacking Tools: Trojan Horse is a method that enables the cracker to set up a way to intrude on a computer or a system, by having his/her code installed with useful software on the machine, network, or system. The cracker can enter the system through that back door later on. Examples of this useful software are programs that mimic login screens, viruses that fool the user to download programs, and other applications. Snooper is an application that enables the cracker to capture secure information while it is in transit within a computer or a network. For example, information transported between web pages for form applications transitions and stages, and the transportation of information from a form to the server. A worm is an application that looks for weaknesses in a system or a network, and reproduces itself on that system till the system crashes. A virus on the other hand, is attached to software, and is spread once the software is executed. The danger of a virus can be as harmless as a sound, or a picture, or as harmful as a worm, that changes the binary setting of the computer, and crashes the system. Further light will be shed on how each of viruses and worms act when accessing a system. Vulnerability Scanner is a tool that is used to check if a computer on a network has a known weakness. There are also port scanners that enable the cracker to determine the open port that can be accessed through to the computer. Packet Sniffing can be used for network monitoring, and for troubleshooting. It can be a powerful tool to gather information that helps compromise the network. The Hacker Enumeration tools help to enumerate or list out various aspects of target machines, user accounts, protocols, registry keys, and more. [6] Other methods such as changing the code of a system to cover the existence of hacker software (Root Kit), can be found along with more information about the mentioned methods and techniques in the Wikipedia site [2], and on the Net Security source [5]. 3

Hacking Thwarting: Some of the methods and techniques that are used to reduce the effects of hackers and malicious software are developed by different companies. Companies vary in their ideas of what is the weakest point in a network that should be protected from hackers. Each software tool has its negatives and positives, and below, is a discussion of some of the tools that are used to lessen the intrusion of a hacker or virus to a network system. Intrusion Detection System (IDS) monitors network traffic for suspicious activities and alerts the system or network administrator (Passive IDS), or in certain cases, blocks the user or the source IP address from accessing the network (Active IDS). There are many approaches in detecting suspicious traffic into the network; therefore, the tool comes in many varieties and detection methods. Some are network based (NIDS), and some are host based (HIDS). Others are based on the signature of known threats, or comparing traffic patterns against baseline while looking for anomalies. [5] At any case, the main negative of this tool is the bottle neck formed on the monitored point. Many companies have adopted methods to deal with infected computers and with hackers. In dealing with hacker attack, most companies and organizations use the IDS system to protect their network. Also, use the counter effect of the available methods that are known to date on how hackers can intrude to a network or a computer. This will include using the Trojan Horse, Vulnerability Scanner, Packet Sniffing, and the other mentioned methods to look for weaknesses in the server or the network. When an anti-virus company detects the existence of a Virus or an intruder to a system, they would analyze the suspected file. Depending on the type of the file, actions like: disassembly, macro scanning, code analysis, etc. is done to eliminate the Virus or disconnect the intruder. [7] On the other hand, when a Worm arrives via e-mail with variety of extensions, it copies several files into the system directory, from which it can change or modify critical registry keys, delete files, or change the contents of files. There are corporations that specialize in catching these files and preventing the change or modifications of any system files or registry keys. A Worm can also establish a TCP server and starts listening, then download and execute arbitrary files. A reasonable method to fight this kind of Worm is to prevent arbitrary programs from being installed on a server or listening on ports. A Worm can also create an outbound connection to a remote website in an attempt to generate a denial of service attack. A reasonable method to prevent this attack is allowing outbound connections via http only where it is appropriate, and preventing arbitrary http connections. 4

The Worm can then scan for files with e-mail addresses, and uses its own SMTP engine to email itself to those addresses, and spread by that method quadratically making it difficult to be stopped. To reduce this spread, one could prevent any arbitrary program to install an SMTP engine, and from making any outbound SMTP connections.[8] This is but one of the methods that a Worm can harm a system or a network, and spread across rapidly. Conclusion: In conclusion, hackers can be classified in different terms according to their personal interests and actions. Hackers utilize many methods to intrude to a system or a network, such as the Trojan Horse, the Vulnerability Scanner, the Packet Sniffing, and many other ways. The only method that a computer or a network can be secured from these attacks is to counter attack these individuals by using their techniques to find the weaknesses of a system, and fix it, or use IDS. Yet, the technology is improving significantly day by day, and new methods and techniques for intruding are discovered. It only remains how fast can companies discover the functionality of a Virus or a Worm, and utilize a method to stop their effects. 5

References: [1] Radcliff, Deborah, Jan, 1999. Internet Security News: [ISN] Hackers for Hire. [Online] Available at: http://www.landfield.com/isn/mailarchive/1999/jan/0053.html (March 29, 2004) [2] Wikipedia, The Free Encyclopedia, March, 2004. [Online] Available at: http://en.wikipedia.org/wiki/hacker (March 29, 2004) [3] Riley, James, 2001. Industry looks to get hacked to bits. [Online] Available at: http://www.consensus.com.au/itwritersawards/itwarchive/itwentries01/itw 01f-jr-ih36.htm (March 29, 2004) [4] Kapica, Jack, March, 2004. Globetechnology: The syntax of Viruses. [Online] Available at: http://www.globetechnology.com/servlet/story/rtgam.20040304.gtkapicamar 4/BNStory/Technology/ (March 29, 2004) [5] Internet and Network Security, 2004. Introduction to Intrusion Detection Systems (IDS) [Online] Available at: http://netsecurity.about.com/cs/hackertools/a/aa030504_2.htm (March 29, 2004) [6] Internet and Network Security, 2004. Hacker tools Utilities used by hackers, crackers & phreaks. [Online] Available at: http://netsecurity.about.com/cs/hackertools/ (March 29, 2004) [7] Panda Software, 2004. Panda Software About. [Online] Available at: http://us.pandasoftware.com/about/press/viewnews.aspx?noticia=4842 (March 11, 2004) [8] Platform Logic, 2004. SoBigF: Intrusion Prevention. [Online] Available at: http://www.platformlogic.com/solutions/mydoom.asp (March 29, 2004) 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information