More Related Content
What's hot (20)
Viewers also liked (20)
Similar to Protection from hacking attacks (20)
Recently uploaded (20)
Protection from hacking attacks
- 1. PROTECTION FROM HACKING ATTACKS By Sugirtha Jasmine M (ME Cyber Security) Information Security Analyst
- 2. 1.MALWARES • Malware is a collective term for any malicious software which enters system without authorization of user of the system. • The term is created from merging the words malicious and softwares
- 3. Types of Malwares • VIRUS (VITAL INFORMATION RESOURCES UNDER SEIZE) • A Virus is computer program that executes when an infected program is executed. • On MS-DOS system, these files usually have the extensions .exe, .com, .bat, .sys • Virus always needs a trigger to execute itself and after execution itself and after execution they leave the memory part.
- 4. • Types of Virus Boot sector Virus File infecting Viruses Polymorphic viruses Stealth Viruses Multi Partite Viruses
- 5. • Boot sector Viruses Boot sector viruses are those that infect the boot sector on a computer system • File infecting Viruses are unsurprisingly viruses that infect files. Sometime these viruses are memory resident
- 6. • Polymorphic Viruses it change their appearance with each infection. Such encryption viruses are usually difficult to detect because they are better at hiding themselves from antivirus software. • Stealth Viruses it attempt to hide from both the operating system and anti-virus software. • Multi partite viruses it infects both boot sector files and executable files.
- 8. WORMS • Worms are constructed to infiltrate legitimate data processing programs and alter or destroy the data. • It do not replicate themselves
- 9. TROJAN HORSES • A trojan horse is a destructive program that has been concealed in an innocuous piece of software • It is not viruses because they do not reproduce themselves and spread as viruses do.
- 10. LOGIC BOMBS • Writing a logic bomb program is similar to trojan horses. • It depends on time and date
- 11. BOTS AND BOTNETS • A bot is a program that operates automatically as an agent for a user or another program • Hackers forward bots to the victim system • It also used for mass spam mailings, installing key logging software that can steal victims password and data.
- 12. VULNERABILITY TO MALWARE • Use of the same operating system • Software bugs • Over privileged users • Unconfirmed code
- 13. ANTI-MALWARE STRATERGIES • Anti viruses and Anti malware software • Website Security Scans • Eliminating Over Privileged Scan
- 14. MALWARE DETECTION TECHNIQUES • Signature based malware detection techniques • Specification based detection • Behavior based detection
- 15. COUNTER MEASURES • Vaccine Software and Keep it Up-to-date • Email attachment File Should be scanned • Downloaded file should be scanned • For application utilize security functions • Security patches should be applied • Symptoms of Virus infection must be Overlooked • Incase of emergency data should be Backed up
- 16. NETWORK INTRUSION • Computer Networks that are currently to the internet are vulnerable to a variety of exploits that can compromise their intended operations.
- 17. TYPES OF INTRUSION • Non Technical Social Engineering attack Pretexting Phishing Smishing Vishing Tabnabbing
- 18. • Technical Intrusion DOS Input Validation Keyloggers Sniffing
- 19. Non Technical Intrusion • Social Engineering Intrusion As humans we are bound by both nature and nurture to the social contract which, like many contracts, might be twisted to our disadvantage. Such twisting is called Social Engineering.
- 20. • Common types of social Engineering Human Based Impersonation Important User Dumpster Diving Shoulder Surfing
- 21. • Computer Based Popup Windows Mail Attachments Spam Websites
- 22. • Pretexting Pretexting is an act of creating and using an invented scenario to obtain information from the target, usually over the telephone.
- 23. • Phishing it uses both social engineering and technical activities to to steals consumers personal identity data and financial account credentials.
- 24. • Smishing Smishing is the cell phone equivalent to “Phishing” , text messages that lead you to a counterfeit web site trying to get your personal information using SMS.
- 25. • Vishing VoIP Phishing is an electronic fraud tactic in which individuals are tricked in to revealing critical financial or personal information to unauthorized entities
- 26. TECHNICAL INTRUSION • DOS To make service unavailable. Types Ping of Death LAND attack Tear drop attack SYN flood attack ICMP flood attack Smurf attack
- 27. • Ping of Death An attacker sends an ICMP echo request packet that is larger than the maximum packet size.Since the received ICMP echo packet is larger than the normal IP packet size. The target cant reassemble the packets. So the OS crashes or reboot
- 28. • LAND Attack When the attacker initiates a SYN Flood attack using the IP address of the victim as source and destination IP address, then it is said that the attacker has launched a LAND ATTACK.
- 29. • Tear Drop Attack This type of attack deals with fragmentation and reassembly of IP Packets. The IP header contains the necessary fields to handle fragmentation issues
- 30. • SYN Flood Attack An attacker could deliberately flood the server with TCP SYN segments without acknowledging back the server SYN response.
- 31. • ICMP Flood Attack Similar to the SYN flood attack, an ICMP flood attack takes place when an attacker overloads its victim with huge number of ICMP echo request with spoofed source IP address.
- 32. Smurf attack it is a type of network level DOS attack using ICMP echo replies from computer in the same broadcast network by sending forged ICMP echo request
- 33. • DDOS Attack the attacks come from multiple host or system
- 34. • Input Validation Input Validation Attacks are where an attacker intentionally sends unusual input in the hopes of confusing the application. SQL Injection SQL injection is an attack in which malicious code is inserted in to strings that are later passed to an instance of SQL Server. Manual or Using Tools
- 35. • Blind SQL Injection It is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker.
- 36. • XSS Cross site scripting is generally believed to be one of the most common application layer hacking techniques. In general cross site scripting refers to that hacking techniques that leverages vulnerabilities in the code of the web application to allow an attacker to send malicious content from an end user and collect some type of data from the victim
- 37. • BUFFER OVERFLOW – An Buffer overflow occurs when a progress or program running on your computer system uses more memory than it was allocated and has to store the extra data in the temporary location called a buffer overflow
- 38. • KEY LOGGER This is the one of the simplest method for hacking the computer. A keylogger is a piece of hardware or software that logs everything someone types.
- 39. • SNIFFING Sniffing is observing packets passing by on the network. It is a popular way to steal data from the network, usually in form of passwords, ID Names, etc
- 40. • SESSION HIJACKING – It is the exploitation of a valid computer session , sometimes called a session key. To gain unauthorized access to information or services in a computer system
- 41. PASSWORD INTRUSION • Any attack designed to allow an unauthorized user access to an authorized password Types of password attacks Default password Dictionary Password Bruteforce Password
- 42. BACKDOOR • A secret or underhand means of access (to a place or a position) or an undocumented way to get access to a computer system
- 43. ROOTKITS • A rootkits is a collection of programs that enable administrator-level access to a computer or computer network.
- 44. MONITORING TOOLS • The term monitoring or network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator.
- 45. ART OF GOOGLING • Google search or Google web search is a web search engine owned by Google. • And it is the most used search engine on the web. • Google receives several hundred million queries each day through its various services. • Biggest database
- 46. • GOOGLE SEARCH • I’M FEELING LUCKING • ADVANCED SEARCH • PREFERENCES • LANGUAGE TOOL • GOOGLE AS A PROXY SERVER
- 47. SEARCHING TECHNIQUES • Basic Search Technique • Advance search Technique
- 48. BASIC SEARCH TECHNIQUES • Basic Keyword Search • Phrase Search “jbbub” • Operator Search + or – • Range Search eg: jdk 1.3.1.6
- 49. ADVANCE SEARCHING TECHNIQUES • Site Operator .gov .com • InTitle Operator intitle: index of master name • Inurl operator inurl:etc/passwd • File type Operator • Link Operator • Cache operator • Phonebook Operator
- 50. THANK YOU