SlideShare una empresa de Scribd logo
1 de 27
Descargar para leer sin conexión
Wanna be h4ck3r
snapshot of security concept
By
Eslam Mamdouh El Husseiny
‫؟‬ ‫أكون‬ ‫من‬
@EslamElHusseiny
www.eslamizmy.org
Wanna be h4ck3r
● Agenda
– Security policy
– Attackers
– Type of attacks
– So am I a looser ?
– Live demo
– ‫؟‬ ‫بعدين‬ ‫و‬ ‫طب‬
– ‫كده‬ ‫كفاية‬ ‫خلص‬
Security policy
● Document describing the way computer
equipment may/may not be used
● Security policy aspects:
– Physical security
– Network security
– Authentication
– Authorization
Physical Security
● Ensure that nobody can access computer
hardware
– Locks on doors
– Access codes
– Signing-in of staff
– Physical protection of cabling
Physical Security
● Physical environment
– Uninterruptible Power Supply (UPS)
– Fire suppression system
– Air Conditioning (heat, moisture)
● Physical breakdown of computer hardware
– Spare components
– Backups (consider off-site storage)
Network Security
● Ensure that no unauthorized user can
access the system
– over the network
– Internet
– other WAN
– LAN
● Needs to be done for every networked
system
Authentication
● User name/Password
● Public key cryptography
● Smart cards
● Biometrics
Authorization
● Determining what you may do
● Usually dependent on group membership
Attackers
● Hackers
– A hacker is someone who wants to satisfy
his curiosity
● Means no harm
● May cause harm accidentally
Attackers
● Crackers
– A cracker is someone who wants to gain
something
● Access to your system to use resources
● Access to data (e.g. credit card numbers)
● Publicity
● Revenge
Attackers
● Script Kiddies
– A Script Kiddie is someone who uses
hackers tools without understanding what
they do
Types of Attack (1)
● Scanning
– Which services are enabled
– Which software and version is used
● Sniffing
– Monitoring data (e.g. passwords) in transit
● Break-in
– Gain access to a computer, preferably as
superuser
Types of Attack (1)
● Brute Force
– Try every possible combination until one
works
● Man-in-the-Middle
– Act as the server to a client
– Act as a client to the server
Types of Attack (1)
● Denial of Service (DoS)
– Prevent legitimate users from working
– Usually done by crashing or overloading
the system or network
● Distributed Denial of Service (DDoS)
– DoS attack from many different sources
simultaneously
Types of Attack (2)
MW ViSTA
Types of Attack (2)
●
Maleware
●
Worm
●
Virus
●
Spyware
●
Trojan
●
Adware
Types of Attack (2)
● Virus
– Malicious program that attaches itself to
other programs
● Worm
– Self-replicating malicious program
● Trojan Horse
– Apparently useful program with a malicious
component
What You Have to Lose
● Loss of resources
– Disk space
– Bandwidth
– CPU time
● Loss or alteration of data
● Loss or impairment of service
● Loss of reputation, goodwill, trust
What You Have to Lose
● Disclosure of personal, proprietary or
confidential
● information
● Financial loss
● Stolen credit card numbers
● Legal, criminal action against you
Live Demo
And so !
‫نظامك‬ ‫إعرف‬
Quiz !
Questions ?
References
➢ Mainly IBM Slides
thanks
Eslam Mamdouh
Future Owner Of RedHat
eslam.husseiny@gmail.com

Más contenido relacionado

Similar a wanna be h4ck3r !

chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfsatonaka3
 
Security Architectures and Models.pptx
Security Architectures and Models.pptxSecurity Architectures and Models.pptx
Security Architectures and Models.pptxRushikeshChikane2
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpagenakomuri
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.pptmiki304759
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14jemtallon
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksSam Bowne
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platformsBen Tullis
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYRohitK71
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
 
Cassandra Lunch #90: Securing Apache Cassandra
Cassandra Lunch #90: Securing Apache CassandraCassandra Lunch #90: Securing Apache Cassandra
Cassandra Lunch #90: Securing Apache CassandraAnant Corporation
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdfZeeshanMajeed15
 
Information security introduction
Information security introductionInformation security introduction
Information security introductionG Prachi
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
 

Similar a wanna be h4ck3r ! (20)

chapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdfchapter13 - Computing Security Ethics.pdf
chapter13 - Computing Security Ethics.pdf
 
Security Architectures and Models.pptx
Security Architectures and Models.pptxSecurity Architectures and Models.pptx
Security Architectures and Models.pptx
 
Basic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpageBasic security concepts_chapter_1_6perpage
Basic security concepts_chapter_1_6perpage
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
Real life hacking101
Real life hacking101Real life hacking101
Real life hacking101
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14
 
Ch 3: Network and Computer Attacks
Ch 3: Network and Computer AttacksCh 3: Network and Computer Attacks
Ch 3: Network and Computer Attacks
 
Isys20261 lecture 11
Isys20261 lecture 11Isys20261 lecture 11
Isys20261 lecture 11
 
Defensive information warfare on open platforms
Defensive information warfare on open platformsDefensive information warfare on open platforms
Defensive information warfare on open platforms
 
OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
 
Cassandra Lunch #90: Securing Apache Cassandra
Cassandra Lunch #90: Securing Apache CassandraCassandra Lunch #90: Securing Apache Cassandra
Cassandra Lunch #90: Securing Apache Cassandra
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
Lecture 7---Security (1).pdf
Lecture 7---Security (1).pdfLecture 7---Security (1).pdf
Lecture 7---Security (1).pdf
 
Network sec 1
Network sec 1Network sec 1
Network sec 1
 
Information security introduction
Information security introductionInformation security introduction
Information security introduction
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
ETHICAL HACKING
ETHICAL HACKING ETHICAL HACKING
ETHICAL HACKING
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
 

Último

Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingFrancesco Corti
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1DianaGray10
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInThousandEyes
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechProduct School
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTxtailishbaloch
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxKaustubhBhavsar6
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updateadam112203
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosErol GIRAUDY
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIVijayananda Mohire
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Muhammad Tiham Siddiqui
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.IPLOOK Networks
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 

Último (20)

Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is going
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENTSIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
SIM INFORMATION SYSTEM: REVOLUTIONIZING DATA MANAGEMENT
 
How to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptxHow to become a GDSC Lead GDSC MI AOE.pptx
How to become a GDSC Lead GDSC MI AOE.pptx
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 
Patch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 updatePatch notes explaining DISARM Version 1.4 update
Patch notes explaining DISARM Version 1.4 update
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenarios
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAI
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 

wanna be h4ck3r !

  • 1. Wanna be h4ck3r snapshot of security concept By Eslam Mamdouh El Husseiny
  • 3. Wanna be h4ck3r ● Agenda – Security policy – Attackers – Type of attacks – So am I a looser ? – Live demo – ‫؟‬ ‫بعدين‬ ‫و‬ ‫طب‬ – ‫كده‬ ‫كفاية‬ ‫خلص‬
  • 4. Security policy ● Document describing the way computer equipment may/may not be used ● Security policy aspects: – Physical security – Network security – Authentication – Authorization
  • 5. Physical Security ● Ensure that nobody can access computer hardware – Locks on doors – Access codes – Signing-in of staff – Physical protection of cabling
  • 6. Physical Security ● Physical environment – Uninterruptible Power Supply (UPS) – Fire suppression system – Air Conditioning (heat, moisture) ● Physical breakdown of computer hardware – Spare components – Backups (consider off-site storage)
  • 7. Network Security ● Ensure that no unauthorized user can access the system – over the network – Internet – other WAN – LAN ● Needs to be done for every networked system
  • 8. Authentication ● User name/Password ● Public key cryptography ● Smart cards ● Biometrics
  • 9. Authorization ● Determining what you may do ● Usually dependent on group membership
  • 10. Attackers ● Hackers – A hacker is someone who wants to satisfy his curiosity ● Means no harm ● May cause harm accidentally
  • 11. Attackers ● Crackers – A cracker is someone who wants to gain something ● Access to your system to use resources ● Access to data (e.g. credit card numbers) ● Publicity ● Revenge
  • 12. Attackers ● Script Kiddies – A Script Kiddie is someone who uses hackers tools without understanding what they do
  • 13. Types of Attack (1) ● Scanning – Which services are enabled – Which software and version is used ● Sniffing – Monitoring data (e.g. passwords) in transit ● Break-in – Gain access to a computer, preferably as superuser
  • 14. Types of Attack (1) ● Brute Force – Try every possible combination until one works ● Man-in-the-Middle – Act as the server to a client – Act as a client to the server
  • 15. Types of Attack (1) ● Denial of Service (DoS) – Prevent legitimate users from working – Usually done by crashing or overloading the system or network ● Distributed Denial of Service (DDoS) – DoS attack from many different sources simultaneously
  • 16. Types of Attack (2) MW ViSTA
  • 17. Types of Attack (2) ● Maleware ● Worm ● Virus ● Spyware ● Trojan ● Adware
  • 18. Types of Attack (2) ● Virus – Malicious program that attaches itself to other programs ● Worm – Self-replicating malicious program ● Trojan Horse – Apparently useful program with a malicious component
  • 19. What You Have to Lose ● Loss of resources – Disk space – Bandwidth – CPU time ● Loss or alteration of data ● Loss or impairment of service ● Loss of reputation, goodwill, trust
  • 20. What You Have to Lose ● Disclosure of personal, proprietary or confidential ● information ● Financial loss ● Stolen credit card numbers ● Legal, criminal action against you
  • 27. thanks Eslam Mamdouh Future Owner Of RedHat eslam.husseiny@gmail.com