Title: Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents?
1Hackers, Crackers, andNetwork IntrudersHeroes,
villains, or delinquents?
- Tim McLaren
- Thursday, September 28, 2000
- McMaster University
2Agenda
- Hackers and their vocabulary
- Threats and risks
- Types of hackers
- Gaining access
- Intrusion detection and prevention
- Legal and ethical issues
3Hackerz Lingo
- Hacking - showing computer expertise
- Cracking - breaching security on software or
systems - Phreaking - cracking telecom networks
- Spoofing - faking the originating IP address in a
datagram - Denial of Service (DoS) - flooding a host with
datagrams (e.g. by smurfing) - Port Scanning - searching for vulnerabilities
4Hacking through the ages
- 1969 - Unix hacked together
- 1971 - Cap n Crunch phone exploit discovered
- 1988 - Morris Internet worm crashes 6,000 servers
- 1994 - 10 million transferred from CitiBank
accounts - 1995 - Kevin Mitnick sentenced to 5 years in jail
- 2000 - Major websites succumb to DDoS
5Recent news
- 15,700 credit and debit card numbers stolen from
Western Union (Sep. 8, 2000) - (hacked while web database was undergoing
maintenance)
6 7The threats
- Denial of Service (Yahoo, eBay, CNN)
- Graffiti, Slander, Reputation
- Loss of data
- Divulging private information (AirMiles,
corporate espionage) - Loss of financial assets (CitiBank)
8CIA.gov defacement example
9Web site defacement example
10Types of hackers
- Professional hackers
- Black Hats
- White Hats
- Script kiddies
11Top intrusion justifications
- 1. Im doing you a favour pointing out
vulnerabilities - 2. Im making a political statement
- 3. Because I can
- 4. Because Im paid to do it
12Gaining access
- Back doors
- Trojans
- Software vulnerability exploitation
- Password guessing
- Password/key stealing
13Back doors Trojans
- e.g. Whack-a-mole / NetBus
- Cable modems / DSL very vulnerable
- Protect with Virus Scanners, Port Scanners,
Personal Firewalls
14Port scanner example
15Software vulnerability exploitation
- Buffer overruns
- HTML / CGI scripts
- Other holes / bugs in software and services
- Tools and scripts used to scan ports for
vulnerabilities
16Password guessing
- Default or null passwords
- Password same as user name (use finger)
- Password files, trusted servers
- Brute force -- make sure login attempts audited!
17Password/key stealing
- Dumpster diving
- Social engineering
- Inside jobs (about 50 of intrusions resulting in
significant loss)
18Once inside, the hacker can...
- Modify logs
- Steal files
- Modify files
- Install back doors
- Attack other systems
19Intrusion detection systems (IDS)
- Vulnerability scanners
- pro-actively identifies risks
- Network-based IDS
- examine packets for suspicious activity
- can integrate with firewall
- require 1 dedicated IDS server per segment
20Intrusion detection systems (IDS)
- Host-based IDS
- monitors logs, events, files, and packets sent to
the host - installed on each host on network
- Honeypot
- decoy server
- collects evidence and alerts admin
21Intrusion prevention
- Patches and upgrades
- Disabling unnecessary software
- Firewalls and intrusion detection
- Honeypots
- Reacting to port scanning
22Risk management
Prevent (e.g. firewalls, IDS, patches)
Contain Control (e.g. port scan)
Probability
Ignore (e.g. delude yourself)
Backup Plan (e.g. redundancies)
Impact
23Legal and ethical questions
- Ethical hacking?
- How to react to mischief or nuisances?
- Is scanning for vulnerabilities legal?
- Can private property laws be applied on the
Internet?