INFORMATION SECURITY &

ETHICAL HACKING

- Jophine Pranjal Antony

Information Security Securing valuable information

stored as soft copy is called information

security.

Types:

Data SecurityComputer SecurityLAN SecurityInternet Security

What is hacking?Unauthorized use or attempts to circumvent or bypass the security mechanism of an information system like a computer / server / network.

HACKED!!!

Basic ThreatsTheft of passwordemail based threatsLaunch of malicious programs

(Trojans)

Be

Careful...

Concept of HackingWhite hat hacking (penetration

testing)Black hat hackingGrey hat hacking

Don’t get

trapped

Anatomy of HackingEither break username and

password orBomb the server with exploits

(weakness)

Please!!! wake

up

SAM FileSecurity Accounts Manager (SAM)

%systemroot%\system32\config

Passwords are not stored in SAM file rather than their hashes are. If you are logged in as administrator even then direct manipulation to this file is not possible. For authentication purpose the entered password is hashed and then compared.

Virus & WormsA VIRUS is a malicious piece of

code which cause an unexpected, harmful and negative effect on the victim’s system.

A WORM is similar to a VIRUS, but has additional ability to reside in the memory of infected computer, duplicate itself & spreads copies of itself via email, chat or the network.

Spyware & Trojan HorseSpyware is a software which gathers information

about the victim & passes on that information to the attacker, without even taking the victim’s consent.Tools: spy check, spyware info, spy stopper.

Trojan Horse is a piece of software which appears to perform a certain action but, in fact performs, another!

“It is an unauthorized program contained within a legitimate program. This performs function unknown by the user.”

Key LoggerIt is a spy software which monitors all

keystrokes made on the victim’s computer.Types:

1. Hardware key logger2. Software key logger.

Prevention:A typical key logger automatically loads itself

into memory, each time the computer boots.“So one should search all the start up files of

the system and remove it if any suspicious file or application is found”.

Password Cracking

Password guessingDictionary based attacksBrute Force AttacksDefault PasswordSocial Engineering

Tips for Strong PasswordDon’t use personal information for

password.Don’t use words in dictionary including

foreign languages.Use combination of uppercase and

lowercase letters, numbers and symbols.Don’t substitute number for letters to make

words.Eg. s0ph1st1cated

Use longer passwords. CONT…

Tips for Strong PasswordDon’t passwords that you see in security

articles, even if they are exceptionally complex.

Select passwords which can only be understood by you. For others it should look like random combination of characters.Eg: mfc!rB&G (“my favorite colors (!) are Blue & Green”)

Select password which you can type faster.

Thank YouCourtesy: Appin HomeTech