A Mini E-Book on

INTRODUCTION TO HACKING
Sasikanth Balachandran

This book is used for education and information purposes only. The author is not responsible for the misuse of the information contained in this book.

Introduction to Hacking Sasikanth Balachandran

I've been making a list of the things they don't teach you at school. They don't teach you how to love somebody. They don't teach you how to be famous. They don't teach you how to be rich or how to be poor. They don't teach you how to walk away from someone you don't love any longer. They don't teach you how to know what's going on in someone else's mind. They don't teach you what to say to someone who's dying. They don't teach you anything worth knowing. - Neil Gaiman

Introduction to Hacking Sasikanth Balachandran

Computer Hacking

Computer hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creators original purpose. People who engage in computer hacking activities are often called hackers. Since the word hack has long been used to describe someone who is incompetent at his/her profession, some hackers claim this term is offensive and fails to give appropriate recognition to their skills. Computer hacking is most common among teenagers and young adults, although there are many older hackers as well. Many hackers are true technology buffs who enjoy learning more about how computers work and consider computer hacking an art form. They often enjoy programming and have expert-level skills in one particular program. For these individuals, computer hacking is a real life application of their problem-solving skills. Its a chance to demonstrate their abilities, not an opportunity to harm others.

Since a large number of hackers are self-taught prodigies, some corporations actually employ computer hackers as part of their technical support staff. These individuals use their skills to find flaws in the companys security system so that they can be repaired quickly. In many cases, this type of computer hacking helps prevent identity theft and other serious computer-related crimes.

Introduction to Hacking Sasikanth Balachandran

Computer hacking can also lead to other constructive technological developments, since many of the skills developed from hacking apply to more mainstream pursuits. For example, former hackers Dennis Ritchie and Ken Thompson went on to create the UNIX operating system in the 1970s. This system had a huge impact on the development of Linux, a free UNIX-like operating system. Shawn Fanning, the creator of Napster, is another hacker well known for his accomplishments outside of computer hacking. In comparison to those who develop an interest in computer hacking out of simple intellectual curiosity, some hackers have less noble motives. Hackers who are out to steal personal information, change a corporations financial data, break security codes to gain unauthorized network access, or conduct other destructive activities are sometimes called crackers. This type of computer hacking can earn you a trip to a federal prison for up to 20 years. If you are interested in protecting your home computer against malicious hackers, investing in a good firewall is highly recommended. Its also a good idea to check your software programs for updates on a regular basis. For example, Microsoft offers a number of free security patches for its Internet Explorer browser.

Hacking is the act of breaking in to a computer system and is a criminal offence under the computer misuse. The really simple definition of hacking: is gaining an unauthorized access to a computer system. Hacking, for the most part is about learning how a system works and how to make it do things it wasn't designed to do, or you haven't got the privileges to do. Usually people instantly think hacking is gaining access into a server, taking a copy of a credit card database or some other attack. This is one end of the spectrum. The other end (the most common end), is perhaps best reflected in wireless routers. A hacker buys a Linksys router, realises that the hardware is extraordinarily limited, and then flashes it and installs new firmware and after a few more tweaks is able to have a cheap router doing the job of a very expensive cisco router.

Introduction to Hacking Sasikanth Balachandran

Types of Hacking
Inside Jobs Most security breaches originate inside the network that is under attack. Inside jobs include stealing passwords (which hackers then use or sell), performing industrial espionage, causing harm (as disgruntled employees), or committing simple misuse. Sound policy enforcement and observant employees who guard their passwords and PCs can thwart many of these security breaches. Rogue Access Points Rogue access points (APs) are unsecured wireless access points that outsiders can easily breech. (Local hackers often advertise rogue APs to each other.) Rogue APs are most often connected by well-meaning but ignorant employees.

Back Doors Hackers can gain access to a network by exploiting back doors administrative shortcuts, configuration errors, easily deciphered passwords, and unsecured dial-ups. With the aid of computerized searchers (bots), hackers can probably find any weakness in your network.

Introduction to Hacking Sasikanth Balachandran

Viruses and Worms Viruses and worms are self-replicating programs or code fragments that attach themselves to other programs (viruses) or machines (worms). Both viruses and worms attempt to shut down networks by flooding them with massive amounts of bogus traffic, usually through e-mail. Trojan Horses Trojan horses, which are attached to other programs, are the leading cause of all break-ins. When a user downloads and activates a Trojan horse, the hacked software (SW) kicks off a virus, password gobbler, or remote-control SW that gives the hacker control of the PC. Denial of Service DoS attacks give hackers a way to bring down a network without gaining internal access. DoS attacks work by flooding the access routers with bogus traffic (which can be e-mail or Transmission Control Protocol, TCP, packets). Distributed DoSs (DDoS5) are coordinated DoS attacks from multiple sources. A DDoS is more difficult to block because it uses multiple, changing, source IP addresses. Anarchists, Crackers, and Kiddies Who are these people, and why are they attacking I your network? Anarchists are people who just like to break stuff. They usually exploit any target of opportunity. Crackers are hobbyists or professionals who break passwords and develop Trojan horses or other SW (called warez). They either use the SW themselves (for bragging rights) or sell it for profit. Script kiddies are hacker wannabes. They have no real hacker skills, so they buy or download warez, which they launch. Other attackers include disgruntled employees, terrorists, political operatives, or anyone else who feels slighted, exploited, ripped off, or unloved.

Introduction to Hacking Sasikanth Balachandran

Sniffing and Spoofing Sniffing refers to the act of intercepting TCP packets. This interception can happen through simple eavesdropping or something more sinister. Spoofing is the act of sending an illegitimate packet with an expected acknowledgment (ACK), which a hacker can guess, predict, or obtain by snooping.

As the cost of hacking attacks continues to rise, businesses have been forced to increase spending on network security. However, hackers have also developed new skills that allow them to break into more complex systems. Hacking typically involves compromising the security of networks, breaking the security of application software, or creating malicious programs such as viruses. The most popular forms of network hacking are denial of service (DoS) attacks and mail bombs. DoS attacks are designed to swamp a computer network, causing it to crash. Mail bombs act in a similar fashion, but attack the network's mail servers. When eBay was attacked in February 2000, its Web server was bombarded with fake requests for Web pages, which overloaded the site and caused it to crash. Network hackers also try to break into secure areas to find sensitive data. Once a network is hacked, files can be removed, stolen, or erased. A group of teens in Wichita, Kansas, for example, hacked into AOL and stole credit card numbers that they then used to buy video games.

Introduction to Hacking Sasikanth Balachandran

Application hackers break security on application software-software including word processing and graphics programs-in order to get it for free. One way they gain access to software that requires a serial number for installation is by setting up a serial number generator that will try millions of different combinations until a match is found. Application hackers also sometimes attack the program itself in an attempt to remove certain security features. Hackers that create viruses, logic bombs, worms, and Trojan horses are involved in perhaps the most malicious hacking activities. A virus is a program that has the potential to attack and corrupt computer files by attaching itself to a file to replicate itself. It can also cause a computer to crash by utilizing all of the computer's resources. For example, e-mail systems were inundated with the "ILOVEYOU" and the "Love Bug" viruses in May of 2000, and the damage to individuals, businesses, and institutions was estimated at roughly $10 billion. Similar to viruses, logic bombs are designed to attack when triggered by a certain event like a change in date. Worms attack networks in order to replicate and spread. In July of 2001, a worm entitled "Code Red" began attacking Microsoft Internet Information Server (IIS) systems. The worm infected servers running Windows NT 4, Windows 2000, Windows XP, and IIS 4.0 and defaced Web sites, leaving the phrase "Welcome to www.worm.com Hacked by Chinese!" Finally, a Trojan horse is a program that appears to do one thing, but really does something else. While a computer system might recognize a Trojan horse as a safe program, upon execution, it can release a virus, worm, or logic bomb.

Introduction to Hacking Sasikanth Balachandran

Hacker
A Hacker is somebody who finds weaknesses in a computer or computer network and exploits them through a process called penetration or penetration testing (depending on the motive). Hackers may be motivated by a multitude of reasons such as profit, protest, challenge, or to aid security by pointing out vulnerabilities. The subculture that has evolved around hackers is often referred to as the computer underground and is now a known community.

McGraw Hill Science and Technology Dictionary: A person who uses a computer system without a specific, constructive purpose or without proper authorization. Barrons Business Dictionary: An expert computer programmer who enjoys figuring out the inner workings of computer systems or networks . Some have a reputation for using their expertise to illegally break into secure programs in computers hooked up to the Internet or other networks. This sense, however, has now been taken over by the term cracker, and hacker is again a title to be proudly claimed. The Jargon Files Guide of Hacker Slang: A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person

Introduction to Hacking Sasikanth Balachandran

who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. A person capable of appreciating hack value. A person who is good at programming quickly. An expert at a particular program, or one who frequently does work using it or on it; as in a Unix hacker. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.

Gale Encyclopedia and Espionage and Intelligence: Computer hackers are people who gain remote access (typically unauthorized and unapproved) to files stored in another computer, or even to the operating system of the computer. In the 1950 and 1960s, hackers were motivated more by a desire to learn the operating characteristics of a computer than by any malicious intent. Indeed, in those days hackers were often legitimate computer programmers who were seeking ways of routing information more quickly through the then-cumbersome operating system of computers. Since then, however, computer hacking has become much more sophisticated, organized, and, in many cases, illegal. Some hackers are motivated by a desire to cripple sensitive sites, make mischief, and to acquire restricted information. In the late 1990s, several computer hackers attempted to gain access to files in the computer network at the Pentagon. The incidents, which were dubbed Solar Sunrise, were regarded as a dress rehearsal for a later and more malicious cyber-attack, and stimulated a revamping of the military's computer defenses. In another example, computer hackers were able to gain access to patient files at the Indiana University School of Medicine in February 2003. The threats to civilian privacy and national security from computer hackers was deemed so urgent that the U.S. government enacted the Cyber-Security Enhancement Act in July 2002, as part of the Homeland Security measures in the wake of the terrorist attacks on September

Introduction to Hacking Sasikanth Balachandran

11, 2001. Under this legislation, hackers can be regarded as terrorists, and can be imprisoned for up to 20 years. One tool that a hacker can use to compromise an individual computer or a computer network is a virus. Depending on their design and intent, the consequences of a virus can range from the inconvenient (i.e., defacing of a Web site) to the catastrophic (i.e., disabling of a computer network). Within a few years during the 1990s, the number of known computer viruses increased to over 30,000. That number is now upwards of 100,000, with new viruses appearing virtually daily. Despite the threat that they can pose, computer hackers can also be of benefit. By exposing the flaws in a computer network, hackers can aid in the redesign of the system to make information more inaccessible to unauthorized access.

Introduction to Hacking Sasikanth Balachandran

Types of Hackers
White Hat Hackers A white hat hacker is a computer security specialist who breaks into protected computer systems and networks to test and asses their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them. Although the methods used are similar, if not identical, to those employed by malicious hackers, white hat hackers have permission to employ them against the organization that has hired them. White hat hackers are usually seen as hackers who are using their skills to benefit society. They may be reformed black hat hackers or they may just be well-versed in the methods and techniques used by hackers. An organization can hire these consultants to do tests and implement best practices that will make them less vulnerable to real hacking attempts in the future. From the most part, the term is synonymous with ethical hacker. The term comes from the old Western movies where the clich was for the good boy to wear a white cowboy hat. Of course, the bad guys always seemed to wear a black hat.

Black Hat Hackers A "black hat hacker" (also known as a cracker) is a hacker who violates computer security with malicious intent or for personal gain". Black hat hackers form the stereotypical, illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". Black hat hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. They choose their targets using a two-pronged process known as the "pre-hacking stage".

Introduction to Hacking Sasikanth Balachandran

Part 1: Targeting The hacker determines what network to break into during this phase. The target may be of particular interest to the hacker, either politically or personally, or it may be picked at random. Next, they will port scan a network to determine if it is vulnerable to attacks, which is just testing all ports on a host machine for a response. Open portsthose that do respondwill allow a hacker to access the system. Part 2: Research and Information Gathering It is in this stage that the hacker will visit or contact the target in some way in hopes of finding out vital information that will help them access the system. The main way that hackers get desired results from this stage is from "social engineering", which will be explained below. Aside from social engineering, hackers can also use a technique called "dumpster diving". Dumpster diving is when a hacker will literally search through users' garbage in hopes of finding documents that have been thrown away, which may contain information a hacker can use directly or indirectly, to help them gain access to a network. Part 3: Finishing the Attack This is the stage when the hacker will invade the preliminary target that he/she was planning to attack or steal. Many "hackers" will be caught after this point, lured in or grabbed by any data also known as a honeypot.

Grey Hat hackers In the hacking community, a grey hat refers to a proficient and tech-savvy hacker who is ambivalent enough to sometimes use his program manipulating skills to act illegally in either good or ill will. Grey hats (also known as grey hat hackers) are considered as hybrids of the black hat and white hat hacker types. Their intentions for hacking don't usually delve into any of the traditional well-intentioned or maliciously driven extremes; that is, they may or may not commit crimes from time to time during the course of their digital undertakings, so they're not exclusively indulging on any one type of activity like their security-improving or network-destroying counterparts would. One of the reasons why a grey hat would categorize him as "grey" is to distance himself from the two opposing hacker spectrumswhite and black, constructive or malicious. For instance, even though a grey hat could gain unauthorized access to a network (an illegal crime in most jurisdictions), he could, at the same time, provide a patch for the exposed vulnerability that

Introduction to Hacking Sasikanth Balachandran

allowed him access in the first place without compromising the system he invaded. Also, grey hats may or may not disclose vulnerabilities to the administrators or the general public, or they could even sell them to either white hats or black hats if they so choose. A grey hat is willing to go to the extremes black hats typically indulge in to prove a point that is usually promoted by white hats; his grey "morality" is the very thing that sets him apart from other pigeonholed hackers. In most situations, they may not disclose their activities due to legal consequences; it's not out of the question for grey hat hackers to hack for personal gain, although it's also not unheard of for them to compromise whole systems for the supposed "greater good" either. Just like any black hat or white hat hacker, grey hats do hack for a reason, and even though they don't automatically hack for destructive or cruel intentions, they do prefer leaving their motives ambiguous, if not altogether unknown. They may or may not notify a webmaster of a particular vulnerability, or they may even demonstrate the potency of the security hole by action instead of words. Moreover, a grey hat will live or die by his anonymity, and he'll basically do whatever he wants to any computer system he fancies regardless if it's harmful or beneficial (or even both) to the aforesaid network. At any rate, grey hat hackings are undetectable events that are more passive in nature when compared to black hat hackings (or more active in nature when compared to the detailed warnings and fix suggestions that white hat hackers provide) such as monitoring, penetration testing, or less damaging types of data access, transfer, and retrieval. Blue Hat Hackers A "blue hat hacker" is someone who is used to bug test a system prior to its launch, looking for exploits so they can be closed. Microsoft also uses the term Blue Hat to represent a series of security briefing events. Elite Hackers Hacker is a term commonly used to refer to an individual who secretly gains access into systems and networks for the purpose of earning money. Some, however, practice the creative art of hacking for the reason that they get a certain level of enthusiasm from the test that they are being put into. During the early years, hackers were considered to be as computer underground. The culture only progressed through time and is now regarded as an open community.

Introduction to Hacking Sasikanth Balachandran

Elite hacker is the name utilized by the community with the aim of identifying those individuals who are deemed to be as experts in their line of work. These people are actually on the cutting edge of both the computer and network industry. Neophyte Hackers A neophyte is a new hacker that is making an honest effort to enter the world of hacking. Not to be confused with script kiddies, neophytes already have a strong understanding of how computers, networks, and programs work. Neophytes understand that it takes will, patience, and learning before they can truly claim them-self to a classification such as white hat, black hat, grey hat, or blue hat. Script Kiddies An amateur, who tries to illegally gain access to a computer system using programs (scripts) that others have written. Although they may have some programming skill, script kiddies do not have the experience to write their own programs that exploit vulnerabilities. They also tend to be indiscriminate and may try to compromise any computer on the Internet they can reach. Hacktivist A hacktivist is a hacker regardless of classification who utilizes technology to announce a social, ideological, religious, or political message. In general, most hacktivism involves website defacement or denial-of-service attacks.

Introduction to Hacking Sasikanth Balachandran

Hacking Techniques
(Computer Security and Insecurity)

Computer Security Defining "computer security" is not trivial. The difficulty lies in developing a definition that is broad enough to be valid regardless of the system being described, yet specific enough to describe what security really is. In a generic sense, security is "freedom from risk or danger." In the context of computer science, security is the prevention of, or protection against,

access to information by unauthorized recipients, and intentional but unauthorized destruction or alteration of that information

This can be re-stated: "Security is the ability of a system to protect information and system resources with respect to confidentiality and integrity." Note that the scope of this second definition includes system resources, which include CPUs, disks, and programs, in addition to information.

A Taxonomy of Computer Security Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym "CIA":

Introduction to Hacking Sasikanth Balachandran

Confidentiality -- Ensuring that information is not accessed by unauthorized persons Integrity -- Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users Authentication -- Ensuring that users are the persons they claim to be

A strong security protocol addresses all three of these areas. Take, for example, Netscape's SSL (Secure Sockets Layer) protocol. It has enabled an explosion in ecommerce which is really about trust (or more precisely, about the lack of trust). SSL overcomes the lack of trust between transacting parties by ensuring confidentiality through encryption, integrity through checksums, and authentication via server certificates. Computer security is not restricted to these three broad concepts. Additional ideas that are often considered part of the taxonomy of computer security include:

Access control -- Ensuring that users access only those resources and services that they are entitled to access and that qualified users are not denied access to services that they legitimately expect to receive. Non-repudiation -- Ensuring that the originators of messages cannot deny that they in fact sent the messages. Availability -- Ensuring that a system is operational and functional at a given moment, usually provided through redundancy; loss of availability is often referred to as "denialof-service" Privacy -- Ensuring that individuals maintain the right to control what information is collected about them, how it is used, who has used it, who maintains it, and what purpose it is used for

These additional elements don't neatly integrate into a singular definition. From one perspective, the concepts of privacy, confidentiality, and security are quite distinct and possess different attributes. Privacy is a property of individuals; confidentiality is a property of data; and security is a property assigned to computer hardware and software systems. From a practical perspective, the concepts are interwoven. A system that does not maintain data confidentiality or individual privacy could be theoretically or even mathematically "secure," but it probably wouldn't be wise to deploy anywhere in the real world. Computer security can also be analyzed by function. It can be broken into five distinct functional areas:

Risk avoidance -- A security fundamental that starts with questions like: Does my organization or business engage in activities that are too risky? Do we really need an

Introduction to Hacking Sasikanth Balachandran

unrestricted Internet connection? Do we really need to computerize that secure business process? Should we really standardize on a desktop operating system with no access control intrinsic? Deterrence -- Reduces the threat to information assets through fear. Can consist of communication strategies designed to impress potential attackers of the likelihood of getting caught. Prevention -- The traditional core of computer security. Consists of implementing safeguards like the tools covered in this book. Absolute prevention is theoretical, since there's a vanishing point where additional preventative measures are no longer costeffective. Detection -- Works best in conjunction with preventative measures. When prevention fails, detection should kick in, preferably while there's still time to prevent damage. Includes log-keeping and auditing activities Recovery -- When all else fails, be prepared to pull out backup media and restore from scratch, or cut to backup servers and net connections, or fall back on a disaster recovery facility. Arguably, this function should be attended to before the others

Analyzing security by function can be a valuable part of the security planning process; a strong security policy will address all five areas, starting with recovery. This book, however, is primarily concerned with prevention and detection. Security Domains Computer security is also frequently defined in terms of several interdependent domains that roughly map to specific departments and job titles:

Physical security -- Controlling the comings and goings of people and materials; protection against the elements and natural disasters Operational/procedural security -- Covering everything from managerial policy decisions to reporting hierarchies Personnel security -- Hiring employees, background screening, training, security briefings, monitoring, and handling departures System security -- User access and authentication controls, assignment of privilege, maintaining file and file system integrity, backups, monitoring processes, log-keeping, and auditing Network security -- Protecting network and telecommunications equipment, protecting network servers and transmissions, combating eavesdropping, controlling access from entrusted networks, firewalls, and detecting intrusions

Introduction to Hacking Sasikanth Balachandran

This text is solely concerned with the latter two. System and network security are difficult, if not impossible, to separate in a UNIX system. Nearly every UNIX distribution in the past fifteen years has included a TCP/IP protocol implementation as well as numerous network services such as FTP, Telnet, DNS, and, more recently, HTTP. Computer Insecurity Computer insecurity is the concept that a computer system is always vulnerable to attack, and that this fact creates a constant battle between those looking to improve security and those looking to circumvent security. Vulnerabilities To understand the techniques for securing a computer system, it is important to first understand the various types of "attacks" that can be made against it. These threats can typically be classified into one of these seven categories: Exploits An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a software "bug" or "glitch" in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial of service attack. Many development methodologies rely on testing to ensure the quality of any code released; this process often fails to discover unusual potential exploits. The term "exploit" generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in Trojan horses and computer viruses. In some cases, vulnerability can lie in certain programs' processing of a specific file type, such as a nonexecutable media file. Some security web sites maintain lists of currently known un-patched vulnerabilities found in common programs.

Eavesdropping Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network. For instance, programs such as Carnivore and NarusInsight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers. Even machines that operate as a closed system (i.e., with no contact to the outside world) can be

Introduction to Hacking Sasikanth Balachandran

eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware such as TEMPEST. Social engineering and human error A computer system is no more secure than the human systems responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example sending messages that they are the system administrator and asking for passwords. This deception is known as Social engineering.

Denial-of-service attack Unlike other exploits, denial of service attacks is not used to gain unauthorized access or control of a system. They are instead designed to render it unusable. Attackers can deny service to individual victims, such as by deliberately entering a wrong password 3 consecutive times and thus causing the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. These types of attack are, in practice, very hard to prevent, because the behavior of whole networks needs to be analyzed, not only the behavior of small pieces of code. Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts (commonly referred to as "zombie computers", used as part of a botnet with, for example; a worm, Trojan horse, or backdoor exploit to control them.) are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion. Another technique to exhaust victim resources is through the use of an attack amplifier where the attacker takes advantage of poorly

Introduction to Hacking Sasikanth Balachandran

designed protocols on 3rd party machines, such as FTP or DNS, in order to instruct these hosts to launch the flood. There are also commonly found vulnerabilities in applications that cannot be used to take control over a computer, but merely make the target application malfunction or crash. This is known as a denial-of-service exploit.

Indirect attacks An indirect attack is an attack launched by a third party computer. By using someone else's computer to launch an attack, it becomes far more difficult to track down the actual attacker. There have also been cases where attackers took advantage of public anonymizing systems, such as the tor onion router system. Backdoors A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. A specific form of backdoors are rootkits, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports. It may also fake information about disk and memory usage.

Introduction to Hacking Sasikanth Balachandran

Direct access attacks Someone who has gained access to a computer can install any type of devices to compromise security, including operating system modifications, software worms, key loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media, for instance CD-R/DVD-R, tape; or portable devices such as key-drives, digital cameras or digital audio players. Another common technique is to boot an operating system contained on a CD-ROM or other bootable media and read the data from the hard drive(s) this way. The only way to defeat this is to encrypt the storage media and store the key separate from the system. Reducing vulnerabilities Computer code is regarded by some as a form of mathematics. It is theoretically possible to prove the correctness of certain classes of computer programs, though the feasibility of actually achieving this in large-scale practical systems is regarded as small by some with practical experience in the industry. It's also possible to protect messages in transit (i.e., communications) by means of cryptography. One method of encryption the one-time pad is unbreakable when correctly used. This method was used by the Soviet Union during the Cold War, though flaws in their implementation allowed some cryptanalysis. The method uses a matching pair of keycodes, securely distributed, which are used once-and-only-once to encode and decode a single message. For transmitted computer encryption this method is difficult to use properly (securely), and highly inconvenient as well. Other methods of encryption, while breakable in theory, are often virtually impossible to directly break by any means publicly known today. Breaking them requires some non-cryptographic input, such as a stolen key, stolen plaintext (at either end of the transmission), or some other extra cryptanalytic information. Social engineering and direct computer access (physical) attacks can only be prevented by noncomputer means, which can be difficult to enforce, relative to the sensitivity of the information. Even in a highly disciplined environment, such as in military organizations, social engineering attacks can still be difficult to foresee and prevent. In practice, only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it's usually possible for a determined hacker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. Few attackers would audit applications for vulnerabilities just to attack a single specific system. It is possible to reduce an attacker's chances by keeping systems up to date,

Introduction to Hacking Sasikanth Balachandran

using a security scanner or/and hiring competent people responsible for security. The effects of data loss/damage can be reduced by careful backing up and insurance.

The reasons for the supposed failure of these developments are varied: Programs originally intended for research have been wrongly criticized for not fulfilling needs of production systems. Vying for scarce funding, researchers and developers often promise more than they can deliver. Funding for the programs has been unpredictable, and requirements may change as the programs are shuffled among agencies. Often the requirements ultimately expressed are inconsistent with the original goals of the program, leading to unfortunate design compromises. Developments are often targeted to a specific model of computer or operating system, and inconsistent levels of funding have stretched out programs to the point where the original target system is technologically obsolete by the time the program is ready for implementation. The public does not realize that the first version of an operating system always performs poorly, requiring significant additional design and tuning before becoming acceptable. Vendors do not release such preliminary systems, postponing their Version 1.0 announcement until the performance problems have been addressed. Government programs are highly visible, and any problems (even in early versions) tend to be viewed by critics as inherent characteristics. Worse, contracts are often written in such a way that the first version is the final product, and additional money is rarely available for performance tuning. Several large government procurements have specified the use of security technology that was thought to be practical at the time but was in fact based on research still in the laboratory. When the research failed to progress fast enough to satisfy the needs of the program, security requirements were waived and the program lost its credibility. Industry has understood for a long time that developing a new operating system involves far more than a one-time expense to build it; rather, a high level of continuous support is required over the life of the system. The federal government seems to have realized this, as well.

Introduction to Hacking Sasikanth Balachandran

References:
Ashland, R. E. 1985. B1 Security for Sperry 1100 Operating System. In Proceedings of the 8th National Computer Security Conference, pp. 1057. Gaithersburg, Md.: National Bureau of Standards. A description of mandatory controls proposed for Sperry (now Unisys) operating systems. Blotcky, S.; Lynch, K.; and Lipner, S. 1986. SE/VMS: Implementing Mandatory Security in VAX/VMS. In Proceedings of the 9th National Computer Security Conference, pp. 4754. Gaithersburg, Md.: National Bureau of Standards. Fraim, L. J. 1983. SCOMP: A Solution to the Multilevel Security Problem. Computer 16(7): 26 34. Reprinted in Advances in Computer System Security, vol. 2, ed. R. Turn, pp. 18592. Dedham, Mass.: Artech House. Organick, E. I. 1972. The Multics System: An Examination of Its Structure. Cambridge, Mass.: MIT Press. A description of Multicsat that time implemented on a processor without hardwaresupported protection rings. Symantec. (2010). State of Enterprise Security 2010. Richardson, R. (2010). 2009 CSI Computer Crime & Security Survey. Computer Security Institute. Computer Security Institute. Cashell, B., Jackson, W. D., Jickling, M., & Webel, B. (2004). The Economic Impact of CyberAttacks. Congressional Research Service, Government and Finance Division. Washington DC: The Library of Congress. Ross J. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems, ISBN 0-471-38922-6 Stephen Haag, Maeve Cummings, Donald McCubbrey, Alain Pinsonneault, Richard Donovan: Management Information Systems for the information age, ISBN 0-07-091120-7 Peter G. Neumann: Principled Assuredly Trustworthy Composable Architectures 2004 Paul A. Karger, Roger R. Schell: Thirty Years Later: Lessons from the Multics Security Evaluation, IBM white paper.

Introduction to Hacking Sasikanth Balachandran

Robert C. Seacord: Secure Coding in C and C++. Addison Wesley, September, 2005. ISBN 0-32133572-4 Clifford Stoll: Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage, Pocket Books, ISBN 0-7434-1146-3 John R. Vacca (ed.): Computer and information security handbook, Morgan Kaufmann Publishers, 2009

Introduction to Hacking Sasikanth Balachandran