12-04-2012, 11:33 AM
Hackers, Crackers, andNetwork Intruders
Hackers(1).ppt (Size: 368 KB / Downloads: 216)
Hacker Terms
Hacking - showing computer expertise
Cracking - breaching security on software or systems
Phreaking - cracking telecom networks
Spoofing - faking the originating IP address in a datagram
Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore
Port Scanning - searching for vulnerabilities
Types of hackers
Professional hackers
Black Hats – the Bad Guys
White Hats – Professional Security Experts
Script kiddies
Mostly kids/students
User tools created by black hats,
To get free stuff
Impress their peers
Not get caught
Gaining access
Front door
Password guessing
Password/key stealing
Back doors
Often left by original developers as debug and/or diagnostic tools
Forgot to remove before release
Trojan Horses
Usually hidden inside of software that we download and install from the net (remember nothing is free)
Many install backdoors
Software vulnerability exploitation
Often advertised on the OEMs web site along with security patches
Fertile ground for script kiddies looking for something to do
Underemployed Adult Hackers
Former Script Kiddies
Can’t get employment in the field
Want recognition in hacker community
Big in eastern european countries
Ideological Hackers
hack as a mechanism to promote some political or ideological purpose
Usually coincide with political events
Intrusion detection systems (IDS)
A lot of research going on at universities
Doug Somerville- EE Dept, Viktor Skorman – EE Dept
Big money available due to 9/11 and Dept of Homeland Security
Vulnerability scanners
pro-actively identifies risks
User use pattern matching
When pattern deviates from norm should be investigated
Network-based IDS
examine packets for suspicious activity
can integrate with firewall
require one dedicated IDS server per segment
Legal Recourse
Average armed robber will get $2500-$7500 and risk being shot or killed; 50-60% will get caught , convicted and spent an average of 5 years of hard time
Average computer criminal will net $50K-$500K with a risk of being fired or going to jail; only 10% are caught, of those only 15% will be turned in to authorities; less than 50% of them will do jail time
Prosecution
Many institutions fail to prosecute for fear of advertising
Many banks absorb the losses fearing that they would lose more if their customers found out and took their business elsewhere
Fix the vulnerability and continue on with business as usual