|
1
|
- Date: 2nd March, Saturday, 2002
- Time:1-00 pm – 3-00 pm
- Place: Type A Studio, 434 W Ontario St., Suite 300, Chicago Downtown
|
|
2
|
|
|
3
|
- Hacker: Computer enthusiast,a person who enjoys learning programming
languages
and computer systems and can often be considered an expert on the
subject.
- Mass media referred hacker as individuals who gain unauthorized access
to computer systems for the purpose of stealing and corrupting data.
- Hackers maintain the proper term for such individuals is cracker.
- Other Terms: Black/White hate hackers
|
|
4
|
- Inspects all inbound and outbound network activity and identifies
suspicious patterns that may indicate a network or system attack from
someone attempting to break into or compromise a system
- Misuse detection: IDS analyzes the information it gathers and compares
it to large databases of attack signatures - like a virus detection
system in software
- Anomaly detection:system administrator defines the baseline, or normal,
state of the network’s traffic load, breakdown, protocol, and typical
packet size
- Network/Host based detection: the individual packets flowing through a
network/ on each host are analyzed
|
|
5
|
- A system designed to prevent unauthorized access to or from a Intranet(private network)
to Internet and first line of defense
- Implemented in both hardware and software
- 1.Packet filter: Each packet is
filtered, but what if IP spoofing?
- 2.Application gateway: Check only
Applications Ex. FTP/Telnet Resource consumption
- 3.Circuit-level gateway: Security
check only when TCP/UDP establish
- 4.Proxy Server:Intercepts
messages entering and leaving the network. It effectively hides the true
network addresses
- Limits the access between networks to prevent intrusion and does not
signal an attack from inside the network.
|
|
6
|
- A type of attack on a network that is designed to bring the network down
by flooding it with useless traffic
- Many DoS attacks -Ping of Death and Teardrop attacks,exploit limitations
in the TCP/IP protocols
- Almost all known DoS attacks, there are software fixes that system
administrators can install
|
|
7
|
- New marketing buzz word!!!
- Basically, its ASP for security.
|
|
8
|
- The study of measurable biological characteristics
- Techniques that rely on measurable physical characteristics that can be
automatically checked. Ex.computer analysis of fingerprints or speech
- Biometrics will play a critical role in future computers
- Future PC might include a fingerprint scanner
|
|
9
|
- Internet attached server that
acts as a decoy,luring in potential hackers in order to study their
activities and monitor how they are able to break into a system
- Designed to mimic systems that an intruder would like to break into but
limit the intruder from having access to an entire network
- If a honeypot is successful, the intruder will have no idea that s/he is
being tricked and monitored
- Most honeypots are installed inside within firewalls
|
|
10
|
- Mostly used protocol on Web and in IE/Netscape, is starts with https://
- SSL creates a secure connection between a client and a server over which
any amount of data can be sent securely
- Another protocol for transmitting data securely over the internet is
Secure HTTP (S-HTTP)
- S-HTTP is designed to transmit individual messages securely
- SSL and S-HTTP are complementary
|
|
11
|
- An attachment to an electronic message used for security
- To verify that a user sending a message is who s/he claims to be, and to
provide the receiver with the means to encode a reply
- The CA(Certificate Authority)issues an encrypted digital certificate
containing the applicant's public key
|
|
12
|
- Hacker’s Attitude
- Basic Hacking Skills
- Status in the Hacker Culture
- Hacker/Nerd Connection & Style
|
|
13
|
- The world is full of fascinating problems waiting to be solved
- No problem should ever have to be solved twice
- Boredom and drudgery are evil
- Freedom is good
- Attitude is no substitute for competence
|
|
14
|
- Learn how to program
- Get one of the open-source Unix and learn to use and run it.
- Learn how to use the World Wide Web and write HTML
- If you don’t have functional English, learn it
|
|
15
|
- Write open-source software
- Help test & debug open-source software
- Publish useful information
- Help keep the infrastructure working
- Serve the hacker culture itself
|
|
16
|
- You don’t have to be a nerd to be a hacker
- Hacker or Nerd or Geek???
- Learn to write your native language well.
- Read science fiction
- Study Zen, and/or take up martial arts
- Develop your appreciation of wordplay
- Be frank and friendly to everyone with less technical expertise (Add-on
by Ankur Patel!!!)
|
|
17
|
- Poor Programming Practices
- Malicious intent
- Economical Damage *
- Love Bug - $ 8.75 billion
- Code Red – $2.6 billion
- SirCam – $1.15 billion
- Nimda - $635 million
- ( * date: 02/21/02
- Source:http://www.newsfactor.com/perl/story/16407.html )
|
|
18
|
- 2 Categories:
- Keeping the web-site safe from external attacks
- Create Safe Web Pages
|
|
19
|
- Simple Measures
- Enforcing Policy
- Proxy Servers
- Operating System
- Web Server
- Firewalls
- Testing the Perimeter
|
|
20
|
- Your IP Address
- Your Network Shares
- Common Windows Security Problem
- Client for Microsoft Networks
- File/Printer Sharing for
Microsoft Networks
- NetBEUI Protocol
- Internet Protocol TCP/IP
|
|
21
|
- Pure HTML or WYSIWYG editors
- Malicious Java Applet/Java script/Active X
- Less Load Time
- Several User Interface Problems(Ex. Provide Digital Certificate)
- Watch the Gate through ASP/JSP/PHP/Perl/NSAPI/ISAPI
|
|
22
|
- Form is a common Gate
- Security for Usage of Form
- Client-side check of Forms
- Server-side check of Forms
|
|
23
|
|
|
24
|
|
|
25
|
- Mozilla cookie exploit
- Bug in IE 6
- Microsoft is opening up Windows source code
- - freesk8.org
|
|
26
|
- Business is going up for security
- US Market for Managed Security
- (IDC)$720 million – 2000 $2.2
billion – 2005
- CAGR –25.4% -Small to Medium Business
- (Gartner) – $4.3 billion 2002
- Mass adoption of Biometrics – 2003
- Coming up Conference of “Information Security in Chicago May 15-17, 2002
|
Notes
