Ankit Fadia Hacking Training Lesson 3 Homework

Presentation on theme: "Hacked!!! HACKED!!! Ankit Fadia Ethical Hacker"— Presentation transcript:

1 Hacked!!! HACKED!!! Ankit Fadia Ethical Hacker fadia.ankit@gmail.com
Securing your BusinessHacked!!!Ankit FadiaEthical Hacker

2 How to become a Computer Security Expert?

3 Lots of Knowledge & Experience.
Hacker VS CrackerHackerCrackerLots of Knowledge & Experience.Good GuyBad GuyStrong EthicsPoor EthicsNo CrimeCommits crimeFights Criminals.Is the criminal

4 Facts and FiguresFBI INTELLIGENCE REPORT

5 TOP 6 CyberSecurity Attacks: Privacy Attacks Email Forging Attacks
Sniffer AttacksDOS AttacksPassword Attacks

6 Individual Internet User
Mumbai Lady CaseA lady based in Mumbai, India lived in a 1 room apartment.Was a techno-freak and loved chatting on the Internet.Attacker broke into her computer & switched her web camera on!Biggest cyber crime involving privacy invasion in the world!

7 NASA The premier space research agency in the world.
Government SectorNASAThe premier space research agency in the world.Had just finished a successful spaceship launch, when the unexpected happened.The path of the spaceship was changed remotely by a 11 year old Russian teenager.Loss of money. Unnecessary Worry.

8 PRIVACY ON THE INTERNET: IP Addresses
Every system connected to a network has a unique Internet Protocol (IP) Address which acts as its identity on that network.An IP Address is a 32-bit address which is divided into four fields of 8-bits each. For Example,All data sent or received by a system will be addressed from or to the system.An IP Address it to your computer, what your telephone number is to you!An attacker’s first step is to find out the IP Address of the target system.

9 IP Addresses: Finding an IP Address
A remote IP Address can easily be found out by any of the following methods:Through Instant Messaging Software or Internet Telephony (Skype)Through Internet Relay ChatThrough Your websiteThrough Headers

10 Countermeasures Countermeasures
Do not accept File transfers or calls from unknown peopleChat online ONLY after logging on through a Proxy Server.

11 PRIVACY INVASION IS INDEED A REALITY!
IP Addresses: Dangers & ConcernsDangers & ConcernsDOS AttacksDisconnect from the InternetTrojans ExploitationGeographical Information: Click HereFile Sharing ExploitsInvades your PrivacySpy on YouSteal your PasswordsSlow Your Internet Access Speed.PRIVACY INVASION IS INDEED A REALITY!

12 TROJANS TROJANS Definition:
Trojans act as RATs or Remote Administration Tools that allow remote control and remote access to the attacker.Working: See Demo.Threats:Corporate Espionage, Password Stealing, IP Violation, Spying etc.Tools:Netbus, Girlfriend, Back Orrifice and many others.

13 TROJANS COUNTERMEASURES Port Scan your own system regularly.
If you find a irregular port open, on which you usually do not have a service running, then your system might have a Trojan installed.One can remove a Trojan using any normal Anti-Virus Software.A typical Trojan automatically loads itself into the memory, each time the computer boots.Hence, one should search all the start up files of the system and remove any references to suspicious programs.

14 TOP 5 CyberSecurity Attacks: Privacy Attacks Email Forging Attacks
Sniffer AttacksDOS AttacksPassword Attacks

15 Consumer Electronic Goods Sector
TV GroupOne of the largest manufacturers of televisions and other electronic goods in the world.Attacker sent an abusive forged to all investors, employees and partners worldwide from the Chairman’s account.Tainted relations.

16 Email Forging Email Forging Definition:
Forging is the art of sending an from the victim’s account without knowing the password.Working:ATTACKER-----Sends Forged  FROM VICTIMTools:None required! DEMO

17 Email Forging COUNTERMEASURES NOTHING can stop the attacker.
Use Secure systems like PGP.Digitally sign your s.

18 TOP 6 CyberSecurity Attacks: Privacy Attacks Email Forging Attacks
Sniffer AttacksDOS AttacksPassword Attacks

19 Healthcare SectorHealthcare GroupOne of the largest shaving solutions companies in the world.Attacker broke into network and cancelled approximately 35 different orders of raw materials from supplier.Loss of revenue. Delay in Product launch.

20 Fashion Entertainment Sector
Fashion House GroupOne of the most successful fashion designers in Europe.Stole all designs and marketing plans.Came out with the same range of clothes a week before.Loss of Revenue. R&D & Creative work down the drain.

21 SNIFFERS SNIFFERS Definition:
Sniffers are tools that can capture all data packets being sent across the entire network in the raw form.Working: ATTACKER-----Uses sniffer for spying----- VICTIMThreats:Corporate Espionage, Password Stealing, IP Violation, Spying etc.Tools:Tcpdump, Ethereal, Dsniff and many more.

22 SNIFFERS COUNTERMEASURES
Switch to Switching Networks. (Only the packets meant for that particular host reach the NIC)Use Encryption Standards like SSL, SSH, IPSec.

23 TOP 6 CyberSecurity Attacks: Privacy Attacks Email Forging Attacks
Sniffer AttacksDOS AttacksPassword Attacks

24 Internet Services Sector
Yahoo, Amazon, Ebay, BUY.com brought down for more than 48 hours!All users across the globe remained disconnected.Attackers were never caught.Loss of Revenue. Share values down.

25 Denial of Services (DOS) Attacks
Definition:Such an attack clogs up so much bandwidth on the target system that it cannot serve even legitimate users.Working:ATTACKER-----Infinite/ Malicious Data----- VICTIMTools:Ping of Death, SYN Flooding, Teardrop, Smurf, Land [TYPES]Trin00, Tribal Flood Network etc [TOOLS]

26 Denial of Services (DOS) Attacks
BUSINESS THREATSAll services unusable.All users Disconnected.Loss of revenue.Deadlines can be missed.Unnecessary Inefficiency and Downtime.Share Values go down. Customer Dissatisfaction.

27 DOS Attacks COUNTERMEASURES
Separate or compartmentalize critical services.Buy more bandwidth than normally required to count for sudden attacks.Filter out USELESS/MALICIOUS traffic as early as possible.Disable publicly accessible services.Balance traffic load on a set of servers.Regular monitoring and working closely with ISP will always help!Patch systems regularly.IPSec provides proper verification and authentication in the IP protocol.Use scanning tools to detect and remove DOS tools.

28 TOP 6 CyberSecurity Attacks: Privacy Attacks Email Forging Attacks
Sniffer AttacksDOS AttacksPassword Attacks

29 National CERTS and Cyber Cops. Security EDUCATION and TRAINING.
Recommendations and CountermeasuresNational CERTS and Cyber Cops.Security EDUCATION and TRAINING.Increase Security budgets.Invest on a dedicated security team.Security by obscurity?

30 THEIR OWN EMPLOYEES! THE FINAL WORD THE FINAL WORD
The biggest threat that an organization faces continues to be from….THEIR OWN EMPLOYEES!

31 ATM MACHINES VS INTERNET BANKING
Is Internet Banking Safer than ATM Machines?ATM MACHINES VS INTERNET BANKINGATM Machines Internet BankingEasier to crack Difficult to crack, if latest SSL used.Soft Powdery Substance Earlier SSL standards quite weak.Unencrypted PIN Number.Software/ Hardware Sniffer.Fake ATM Machine

32 ATM Hacking

33 ATM Hacking

34 ATM Hacking

35 ATM Hacking

36 Mobile Phone Hacking Mobile Phone Attacks Different Types: BlueJacking
BlueSnarfingBlueBug AttacksFailed Authentication AttacksMalformed OBEX AttackMalformed SMS Text Message AttackMalformed MIDI File DOS AttackJammingViruses and WormsSecret Codes: *# # or #3370*

37 AN ETHCAL GUIDE TO HACKING MOBILE PHONES
Ankit FadiaTitle: An Ethical Hacking Guide to Hacking Mobile PhonesAuthor: Ankit FadiaPublisher: Thomson Learning

38 THE UNOFFICIAL GUIDE TO ETHICAL HACKING
Ankit FadiaTitle: The Unofficial Guide To Ethical HackingAuthor: Ankit FadiaPublisher: Thomson Learning

39 NETWORK SECURITY: A HACKER’S PERSPECTIVE
Ankit FadiaTitle: Network Security: A Hacker’s PerspectiveAuthor: Ankit FadiaPublisher: Thomson Learning

40 THE ETHICAL HACKING GUIDE TO CORPORATE SECURITY
Ankit FadiaTitle: The Ethical Hacking Guide to Corporate SecurityAuthor: Ankit FadiaPublisher: Macmillan India Ltd.

41 THE ETHICAL HACKING SERIES
Ankit FadiaTitle: HackingAuthor: Ankit FadiaPublisher: Vikas PublicationsTitle: Windows HackingAuthor: Ankit FadiaPublisher: Vikas Publications

42 Questions? HACKED!!! Ankit Fadia Ethical Hacker fadia.ankit@gmail.com
Securing your BusinessQuestions?Ankit FadiaEthical Hacker

Chapter 1Auditing and Internal ControlReview Questions1.What is the purpose of an IT audit?Response: The purpose of an IT audit is to provide an independent assessment of some technology- or systems-related object, such as proper IT implementation, or controls over computer resources. Because most modern accounting information systems use IT, IT plays a significant role in a financial (external audit), where the purpose is to determine the fairness and accuracy of the financial statements.2. Discuss the concept of independence within the context of a financial audit. How is independence different for internal auditors? Response: The auditor cannot be an advocate of the client, but must independently attest to whether GAAP and other appropriate guidelines have been adequately met. Independence for internal auditors is different because they are employed by the organization, and cannot be as independent as the external auditor. Thus internal auditors must use professional judgment and independent minds in performing IA activities. 3.What are the conceptual phases of an audit? How do they differ between general auditing and IT auditing? Response: The three conceptual phases of auditing are:i. Audit planning, ii. Tests of internal controls, and iii. Substantive tests. Conceptually, no difference exists between IT auditing and general auditing. IT auditing is typically a subset of the overall audit; the portion that involves computer technology is the subset. 4.Distinguish between the internal and external auditors. Response: External auditors represent the interests of third-party stakeholders in the organization, such as stockholders, creditors, and government agencies. External auditing is conducted by certified public accountants who are independent of the organization’s management. Internal auditors represent the interests of management. Internal auditing tasks include conducting financial audits, examining an operation’s compliance with legal obligations, evaluating operational efficiency, detecting and pursuing fraud within the firm, and conducting IT audits. External auditors also conduct IT audits as a subset of financial audits. 5.What are the four primary elements described in the definition of auditing? Response: a. auditing standardsb. systematic processc.management assertions and audit objectives d. obtaining evidence6.Explain the concept of materiality. Response: Materiality refers to the size of the effect of a transaction. From a cost-benefit point of view, a threshold is set above which the auditor is concerned with the correct recording and effects of transactions. Rather than using standard formulas, auditors use their professional judgment to determine materiality.

0 comments

Leave a Reply

Your email address will not be published. Required fields are marked *