This document provides a snapshot of security concepts for wanna-be hackers. It outlines topics like security policies, types of attackers (hackers, crackers, script kiddies), types of attacks (scanning, sniffing, brute force, denial of service), and malware (viruses, worms, trojans). It also discusses physical security measures, network security including authentication and authorization, and potential losses from security breaches like data loss, financial loss, and legal action. The document concludes with references and contact information for questions.

1. Wanna be h4ck3r
snapshot of security concept
By
Eslam Mamdouh El Husseiny

2. ‫؟‬ ‫أكون‬ ‫من‬
@EslamElHusseiny
www.eslamizmy.org

3. Wanna be h4ck3r
● Agenda
– Security policy
– Attackers
– Type of attacks
– So am I a looser ?
– Live demo
– ‫؟‬ ‫بعدين‬ ‫و‬ ‫طب‬
– ‫كده‬ ‫كفاية‬ ‫خلص‬

4. Security policy
● Document describing the way computer
equipment may/may not be used
● Security policy aspects:
– Physical security
– Network security
– Authentication
– Authorization

5. Physical Security
● Ensure that nobody can access computer
hardware
– Locks on doors
– Access codes
– Signing-in of staff
– Physical protection of cabling

6. Physical Security
● Physical environment
– Uninterruptible Power Supply (UPS)
– Fire suppression system
– Air Conditioning (heat, moisture)
● Physical breakdown of computer hardware
– Spare components
– Backups (consider off-site storage)

7. Network Security
● Ensure that no unauthorized user can
access the system
– over the network
– Internet
– other WAN
– LAN
● Needs to be done for every networked
system

8. Authentication
● User name/Password
● Public key cryptography
● Smart cards
● Biometrics

9. Authorization
● Determining what you may do
● Usually dependent on group membership

10. Attackers
● Hackers
– A hacker is someone who wants to satisfy
his curiosity
● Means no harm
● May cause harm accidentally

11. Attackers
● Crackers
– A cracker is someone who wants to gain
something
● Access to your system to use resources
● Access to data (e.g. credit card numbers)
● Publicity
● Revenge

12. Attackers
● Script Kiddies
– A Script Kiddie is someone who uses
hackers tools without understanding what
they do

13. Types of Attack (1)
● Scanning
– Which services are enabled
– Which software and version is used
● Sniffing
– Monitoring data (e.g. passwords) in transit
● Break-in
– Gain access to a computer, preferably as
superuser

14. Types of Attack (1)
● Brute Force
– Try every possible combination until one
works
● Man-in-the-Middle
– Act as the server to a client
– Act as a client to the server

15. Types of Attack (1)
● Denial of Service (DoS)
– Prevent legitimate users from working
– Usually done by crashing or overloading
the system or network
● Distributed Denial of Service (DDoS)
– DoS attack from many different sources
simultaneously

16. Types of Attack (2)
MW ViSTA

17. Types of Attack (2)
●
Maleware
●
Worm
●
Virus
●
Spyware
●
Trojan
●
Adware

18. Types of Attack (2)
● Virus
– Malicious program that attaches itself to
other programs
● Worm
– Self-replicating malicious program
● Trojan Horse
– Apparently useful program with a malicious
component

19. What You Have to Lose
● Loss of resources
– Disk space
– Bandwidth
– CPU time
● Loss or alteration of data
● Loss or impairment of service
● Loss of reputation, goodwill, trust

20. What You Have to Lose
● Disclosure of personal, proprietary or
confidential
● information
● Financial loss
● Stolen credit card numbers
● Legal, criminal action against you

21. Live Demo

22. And so !

23. ‫نظامك‬ ‫إعرف‬

24. Quiz !

25. Questions ?

26. References
➢ Mainly IBM Slides

27. thanks
Eslam Mamdouh
Future Owner Of RedHat
eslam.husseiny@gmail.com