Hacking Forensics
20.01.2015 Views
Share Embed Flag

Hacking Forensics

Hacking Forensics

Hacking Forensics

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
isaca.org.hk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Befriending the insider<br />

External Attacks Most Frequent<br />

<br />

<br />

<br />

Teaming up with an insider<br />

or planting someone within<br />

the organization.<br />

A recent U.S. Treasury<br />

Department analysis noted<br />

that more than 60 percent<br />

of reported computer<br />

intrusions involved an<br />

insider.<br />

One kind of insider is a<br />

person who may have<br />

stumbled upon a glitch<br />

unknown to system<br />

administrators.<br />

Internet<br />

connection<br />

Internal<br />

systems<br />

Frequent Points of Attack<br />

38<br />

Source: 2000 CSI/FBI Computer Crime and Security Survey<br />

59<br />

0 20 40 60 80<br />

Percent of respondents<br />

<br />

<br />

Greater use of<br />

Internet<br />

Tools & techniques<br />

evolve to enable<br />

new opportunities<br />

for attack<br />

Copyright © 2005-2007, Krishna Rajagopal.<br />

Copyright © 2005-2007, Krishna Rajagopal.<br />

20-Year Trend: Stronger Attack Tools<br />

Trend Has Continued<br />

Relative Technical Complexity<br />

self-replicating<br />

code<br />

password<br />

guessing<br />

exploiting<br />

known<br />

vulnerabilities<br />

password<br />

cracking<br />

back<br />

doors<br />

disabling<br />

audits<br />

sniffer /<br />

sweepers<br />

hijacking<br />

sessions<br />

packet forging /<br />

spoofing<br />

GUI<br />

stealth<br />

diagnostics<br />

<strong>Hacking</strong><br />

Tools<br />

Average<br />

Intruder<br />

Relative Technical Complexity<br />

Windows<br />

Remote<br />

Control<br />

Trinoo<br />

Melissa<br />

DDoS<br />

Insertion<br />

Tools<br />

Stacheldraht<br />

PrettyPark<br />

<br />

<strong>Hacking</strong><br />

Tools<br />

Kiddie<br />

Scripter<br />

1980 1985 1990 1995<br />

Source: GAO Report to Congress, 1996<br />

1998 1999 2000<br />

2001<br />

Copyright © 2005-2007, Krishna Rajagopal.<br />

Copyright © 2005-2007, Krishna Rajagopal.<br />

Part 2: To Hack Or Not To Hack …<br />

Hacker Skills<br />

<br />

<br />

A Skilled hacker will possess the following skills:<br />

Hacker Technologies<br />

– Internet Engineering<br />

– TCP/IP, NFS, Wireless networks, GPRS<br />

– System Administration<br />

– Windows 2000, Linux, Solaris, Palm OS etc.<br />

– Network Management<br />

– SNMP, Tivoli, HP OpenView, Switches, Routers etc.<br />

– Reverse Engineering<br />

– Decompiles, circuit breakers<br />

– Distributing Computing<br />

– J2EE, RPC, Corba, Web Services<br />

– Cryptography<br />

– SSL, PKI, Digital Certificates<br />

– Social Engineering<br />

– Charm people, sweet talking, human deception techniques<br />

– Programming<br />

– C++, Java, Perl, JavaScript, HTML, ASP<br />

– Databases<br />

– SQL Server, Oracle, DB2, MySQL<br />

Copyright © 2005-2007, Krishna Rajagopal.<br />

Copyright © 2005-2007, Krishna Rajagopal.

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!