190 likes | 525 Views
INFORMATION SECURITY & ETHICAL HACKING. - Jophine Pranjal Antony. Information Security. Securing valuable information stored as soft copy is called information security. Types: Data Security Computer Security LAN Security Internet Security. What is hacking?.
E N D
INFORMATION SECURITY & ETHICAL HACKING - JophinePranjalAntony
Information Security Securing valuable information stored as soft copy is called information security. Types: • Data Security • Computer Security • LAN Security • Internet Security
What is hacking? Unauthorized use or attempts to circumvent or bypass the security mechanism of an information system like a computer / server / network. HACKED!!!
Basic Threats • Theft of password • email based threats • Launch of malicious programs (Trojans) Be Careful...
Concept of Hacking • White hat hacking (penetration testing) • Black hat hacking • Grey hat hacking Don’t get trapped
Anatomy of Hacking • Either break username and password or • Bomb the server with exploits (weakness) Please!!! wake up
SAM File Security Accounts Manager (SAM) %systemroot%\system32\config Passwords are not stored in SAM file rather than their hashes are. If you are logged in as administrator even then direct manipulation to this file is not possible. For authentication purpose the entered password is hashed and then compared.
Virus & Worms • A VIRUS is a malicious piece of code which cause an unexpected, harmful and negative effect on the victim’s system. • A WORM is similar to a VIRUS, but has additional ability to reside in the memory of infected computer, duplicate itself & spreads copies of itself via email, chat or the network.
Spyware & Trojan Horse • Spyware is a software which gathers information about the victim & passes on that information to the attacker, without even taking the victim’s consent. Tools: spy check, spyware info, spy stopper. • Trojan Horse is a piece of software which appears to perform a certain action but, in fact performs, another! • “It is an unauthorized program contained within a legitimate program. This performs function unknown by the user.”
Key Logger • It is a spy software which monitors all keystrokes made on the victim’s computer. Types: • Hardware key logger • Software key logger. Prevention: • A typical key logger automatically loads itself into memory, each time the computer boots. • “So one should search all the start up files of the system and remove it if any suspicious file or application is found”.
Password Cracking • Password guessing • Dictionary based attacks • Brute Force Attacks • Default Password • Social Engineering
Tips for Strong Password • Don’t use personal information for password. • Don’t use words in dictionary including foreign languages. • Use combination of uppercase and lowercase letters, numbers and symbols. • Don’t substitute number for letters to make words. Eg. s0ph1st1cated • Use longer passwords. Cont…
Tips for Strong Password • Don’t passwords that you see in security articles, even if they are exceptionally complex. • Select passwords which can only be understood by you. For others it should look like random combination of characters. Eg: mfc!rB&G (“my favorite colors (!) are Blue &Green”) • Select password which you can type faster.
Thank You Courtesy: AppinHomeTech