General discussion

Locked

Prepare a manuscript titled "Protecting your network as an ethical hacker"

By Aldanatech ·
I am working on a research project on ethical hacking as part of my requirements to complete my Bachelor of Science degree with a concentration on Network Technology. The purpose of this project is to make a study on two important aspects of Information Technology security. One is ethical and unethical hacking. The other aspect is the methods for counter-hacking. Ethical and unethical hacking will focus on the differences between them, at what point is hacking considered ethical, and what is considered to be an ethical way of protecting yourself, and your network. The counter-hacking methods study will include preventive measures against common hacking methods, but not specific details on how the attack is actually performed. Details on the latest protection features and products from Cisco, Microsoft, Novell, and Symantec will also be featured. I might also include some details on the current laws that support network security.

This project is expected to be completed in two months. What I would like from you is to review my progress (about once a week or so) and provide with feedback such as corrections, additions, and clarifications. I would also like your opinion on my research topics. Do you believe any of them are irrelevant or unnecessary?

The URL of my project is:

http://www.aldanaweb.com/capella/

Moreover, I will keep track of my notes and progress in:

http://www.aldanaweb.com/capella/statusreport.htm

I trust the knowledge and expertise from everyone in Tech Republic and all the help you can provide me will be appreciated. Also, let me know if you would like me to include you in my contributors list.

This conversation is currently closed to new comments.

29 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

Try Cambridge University

by HAL 9000 Moderator In reply to I would love to find out ...

As that was the Uni that the Post Grad student was attending and was helping him before the courts to stop the suppression of his thesis work.

As far as network security goes it is pretty much the same the world over but it does differ between different networks as different companies have different needs so really there are no hard and fast rules in place about what is required but mainly general outlines. For instance medical and bank records are far better protected than records held by most small business this is really where knowledge of the Law becomes necessary as you need to know exactly under what pieces of Legislation they have to comply with.

Obviously total protection would be great but in the real world this just doesn't happen mainly owing to the costs involved. Then there are different protocols used between wired and wireless networks the list just goes on and on.

But you could try the Australian Broadcasting Commission at www.abc.com.au as they ran a program on "Hacking" in the old days sometime last year I'm told unfortunately I was out working at the time so I didn't get to see it so I really do not know if it was any good but from the trailers it was set from the Hackers side and attempted to explain why they did what they did, apparently they had a t least one of the original Hackers involved in making the show {God I wish I could program a VCR at times.} But I had to study all of this when I was at Uni all those years ago sometime around 74 on wards to 82 so everything is a bit vague now as it isn't something that I use at all.

Actually Guru of DOS would probably be useful on the UK side as he lives there and may know a lot more about that incident than me as I only heard about it from a work briefing and I've never actually seen anymore about the whole mess. But it may have received a lot more coverage in the UK than it did over here I'll see if I can get a message to him and ask him can he help.

Col

Collapse -

They are still in there.

by Aldanatech In reply to Try Cambridge University

Thank you Col I checked the Australian Broadcasting Commission site and they still have some on those reports. I will spend some time this week to check them out.

Collapse -

Is she an ethical hacker?

by Aldanatech In reply to Prepare a manuscript titl ...

The Network Security Breaker Scenario.

A friend of yours has developed a tool, that can contact corporate sites, scan their networks, and find weaknesses in their security system. She has made the software available to everyone via the Internet, including hackers and cyber-criminals. She says she is providing a useful product, which will help network managers improve their security systems. The companies whose networks were scanned say that she is assisting those people who will abuse them.

Are her actions ethical? Why or why not? What if she sold her software rather than providing it for no charge?

Collapse -

Easy answer NO

by HAL 9000 Moderator In reply to Is she an ethical hacker?

While she may have developed a tool to scan for weaknesses provided she isn't using it without authority she is doing nothing wrong.

Now it really doesn't matter if she sells it or makes it freely available anywhere the same applies as she isn't breaking any laws and it could prove a useful tool to any Network Admin.

Actually I think that this is a hypothetical question as if some one had developed a tool like this they could just about write their own paycheck as they would almost certainly be overnight millionaire's.

But if is a real program the best parallel would be the gun industry they can make and sell guns without breaking any laws as they are not responsible for what a certain individual may do with their product. The same applies here she isn't responsible for what it is used for and if it is a real product she isn't interested in making any money so she is more of a help to the Network Admin?s than a hindrance. If they knownly leave their systems vulnerable they deserve the consequences remember "Slammer" Microsoft put out a article informing everyone to update their code and when it hit Microsoft was one of the first take down, now some could argue that Microsoft was responsible for "Slammer" being written as they made known the weakness that Slammer exploited.

Get the Idea?

Incidently if this tool actually exists e-mail me and let me know where to find it as I would like a copy to play with and test all the networks that I consult for.

Col

Collapse -

Just a scenario

by Aldanatech In reply to Easy answer NO

I personally don't know of such a tool, but posted this scenario in relation to the discussion on Metasploit Framework 2.0. But thanks for your opinion. As always it is valuable for my research.

Collapse -

Credit card fraud

by Aldanatech In reply to Prepare a manuscript titl ...

Because I live in the border between the U.S. and Mexico, I get to be informed about what is going on in both Countries. Yesterday, there was a national news report from Mexico City on credit card cloning fraud. I couldn't find yesterday's report on their site, but here is a summary of what I found from a report on June 17th, 2002 (http://www.esmas.com/noticierostelevisa/mexico/239733.html):

According to Miguel Torruco M?rquez, national president of the Mexican Association of Hotels and AMHM), credit card fraud by card cloning rose to up 85 million US dollars. He declared before loan officials in the city of Monterrey, Nuevo Le?n that fraud against foreign tourists alone was up 227,000 dollars between 1999 and 2001. Even in the state of Nuevo Le?n, the fraud is estimated 25,000 pesos from December 2001 to present (June 17th, 2002), Torruco indicates that this crime significantly affects loaners for tourism services and proposed considering it a serious crime in every Mexican state. He solicited in the name of AMHM, the intervention of lawmakers to declare fraud of credit cards and other payment forms as a serious crime.

Now yesterday report was that the Mexican legislation finally completed changes to make credit card cloning a serious crime. Also, on a report from today, May 1st, 2004 (http://www.esmas.com/noticierostelevisa/mexico/160373.html), that the president of the Banking Association of Mexico will launch a massive recall to change over 8 million credit cards with smart chips starting next January in an effort to deter credit card cloning fraud. This recall is expected to last for about a year. According the Banking Association of Mexico, losses for credit card fraud rose to 20 million dollars this year.

Do you know how laws in other countries consider this kind of crime, and are they doing anything about it? Do you think smart chips will do the trick?

Collapse -

Colin's reply

by Aldanatech In reply to Credit card fraud

This was Col Luck's reply by e-mail:

From what you're describing it's nothing new and cloning plastic cards is a big business world wide. I honestly think that the figures that have been quoted are very much on the consertitive side and even replacing the current crop of credit cards with the so called "Smart Cards" will only mean that the criminals have to change their methods a bit. Recently we had a group here caught with 100,000 blank cards waiting to be stamped and the magnetic strip encoded it was estimated that they had already made well in excess of 20,000 cards and managed to steal several million dollars and we only have around 20 million people over here. It's a lot bigger in the USA and other large countries about the only place that is currently safe is in the back lots of China as there is no possibility of using plastic there.
Now what the banks and other companies don't tell you is that with every transaction not only is the dollar amount sent to the company but exactly what you have bought where and when. So if you walk into your nearest chain store and buy your weekly food on plastic they get to know exactly what you are buying where and what time you prefer to shop. This information is sold on to competitor of the products that you buy so you can be targeted for promotions of their goods.

Now back to your original question it is a very big problem world wide and will only get worse as I mentioned previously with the standard plastic the average person should be able to gain access to your pin number within 15 attempts if they know what they are doing. Now the proposed "Smart Cards" are only a half way measure as they will only store account details and verify with the banks central computer that this account is in fact active much the same thing happens now with the current crop of plastic so while it is passed off as being far more secure it actually is only a way to increase fees as there is no added security involved but the average person will get a warm fuzzy feeling in their stomach knowing that they are now carrying a microprocessor with them instead just a bit of plastic with a magnetic strip. It is only when the amounts available are keyed into the Smart Card technology that things will start to become secure but then it will be the banks responsibility when money is stolen and not the consumers so I honestly can't see that happening in the short term.

Just to give you an idea of how easy cloning these things are the AU Federal Government at great expense developed a counterfeit proof form of plastic money {instead of the old paper type} and it was claimed that it was impossible to fake as there was a clear plastic window with a watermark in it that was only possible to make in the Government mint. Unfortunately the average color photocopier could do just as good a job which was brought home to me when I saw a 12 year old in at his fathers work photocopying one side of a $100.00 note off. Now granted he was only playing but the copy was almost perfect and other than the obvious fact that it was only copied onto normal photocopy paper and not double sided it looked real enough until you touched it. Now if you wanted to do the job properly you could line up a whole swag of notes and duplex them onto film instead of paper and they would be very hard to tell from the real thing particularly if you only saw one at a time. This actually happened as one of there places that I consult for has several copies of these fake bank notes in house so that they can educate their tellers to pick the differences to the real thing. These of course where supplied by the Federal Government to all of the banks after they had been passed off as the real thing and it was only much latter that they where picked up as being fake.

Now if it is possible to do this with bank notes just how difficult do you think it will be to do to pieces of plastic that can be bought almost anywhere blank for company security purposes and programmed as required?

Collapse -

My reply

by Aldanatech In reply to Colin's reply

I do believe that part where you say banks selling information about my purchasing habits. It seems that every time I buy something with a credit card, a few months letter I get catalogs of products related to that purchases.

Collapse -

Would you hire a rehabilitated cracker

by Aldanatech In reply to Prepare a manuscript titl ...

Suppose you need to hire someone with strong network security skills, you find a candidate (a hacker), but he was convicted for using his skills for illegal purposes. Now suppose that was a long time ago, he completed his sentence, claims he is rehabilitated, and was not involved in any illegal activity since. Would you hire him? Why or why not? If you hire him, would you warn him he would work under close surveillance? Would you set any other condition? And if so, to what extent?

Collapse -

If it was a long time ago

by HAL 9000 Moderator In reply to Would you hire a rehabili ...

Most likely not as by now he is out of touch with what is going on the the Hacker community but if it was a recent conviction that really showed some flair I'd personally grab him/her as fast as I could and never allow his/her feet to touch the ground.

I did this many years ago with a 15 year old kid who cracked a Defense Department secure area with a monitored line on of all things a Commode 64 which was even then a play toy but he managed to without attracting any notice break into a place over 16.000 times to download one file. When I heard about this I asked could I look up the records and it was expected that I would just pick up the hand out and read the half page spiel. Well I downloaded the whole court transcripts and all the investigation reports and then made immediate arraignments to see this kid with his play toy in a secure office. I got him to attempt to crack my system and find a specific file which was encrypted download it and open it. Well besides the kid being scared witless it only took him 10 minutes to get in through 5 layers of protection that no one had been able to do previously then find the file download it and read it. I had my immediate boos with me at the time and I spirited both the kid and his family out of America to a "Safe Place" where he learned Languages and now I believe works for a much more clandestine organization that what I recruited him for.

So in answer to your question if I was offered a so called "Hacker" depending on exactly what he/she was accused of doing and how they went about it if they where into breaking in andf extracting a copy of data and leave without any sign of being in I'd grab them as fast as possible because they understand just how the system works unlike others who are taught and only half understand what exactly is going on if even that. It is people like this who have a gift that I would not hesitate for one nanosecond to grab and have work for me as the best way of preventing intrusions is to hire people who specialize in this type of thing and that by the very nature of the business means "Hackers" but you really want one that didn't leave tracks to follow. The particular kid that I grabbed was only found out because he published what he stole in his school newspaper otherwise no one would have been any the wiser.

Col

Back to Security Forum
29 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next

Related Discussions

Related Forums