This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
System hacking means to hack system password and to maintain some criterias to resolve the problems within the operating system. Ample of hacking attempts only start with attempting to crack or guess passwords. Therefore, passwords are the main part of information needed to access a system. Users, while creating a password, often select password that are prone to being cracked. Passwords may be cracked manually or with automated tools such as dictionary or brute-force method, each of which are discussed in this paper and there is also some information for protecting your system from attacks.
1. INTRODUCTION TO SYSTEM HACKING
Scanning and enumeration is the first part of ethical hacking and contains the hacker target systems. Enumeration is the follow-on step once scanning is complete and is used to identify computer names, usernames, and shares. Scanning and enumeration are discussed together because many hacking tools perform both.
The system hacking cycle consists of six steps:- a. Enumeration
b. Cracking Passwords c. Escalating Privileges
d. Executing Applications
e. Hiding files
f. Covering tracks
Enumeration occurs after making the IPv4 protocol independent of the physical network, the designers decided to make the maximum length of the IPv4 datagram equal to 65,535 bytes. This makes transmission more efficient if we use a protocol with an MTU of this size. How ever, for other physical networks, we must divide the datagram to make it possible to pass through these networks. This is called fragmentation. The source usually does not fragment the IPv4 packet. The transport layer will instead segment the data into a size that can be accommodated by IPv4 and the data link layer in use. When a datagram is fragmented, each fragment has its own header with most of the fields repeated, but with some changed. A fragmented datagram may itself be fragmented if it encounters a network with an even smaller MTU. In other words, a datagram can be fragmented several times before it reaches the final destination. In IPv4, a datagram can be fragmented by the source host or any router in the path although there is a tendency to limit fragmentation only at the source. The reassembly of the datagram, however, is done only by the destination host because each fragment becomes an independent datagram. Whereas the fragmented datagram can travel through different routes, and we can never control or guarantee which route a fragmented data gram may take, all the information is provided by other means such as the hop-by-hop options or other protocols. In its simplest form, a flow label can be used to speed up the processing of a packet by a router. When a router receives a packet, instead of consulting the routing table and going through a routing algorithm to define the address of the next hop, it can easily look in a flow label table for the next hop. In its more sophisticated form, a flow lab
We used to store all the passwords in SAM File for and its different for Linux and MAC operating System
Manual Password cracking involves attempting to log on with different passwords. The hacker follows these steps:
1. Find a valid user account for password test.
2. You can create list of possible passwords.
3. Arrange the passwords according to possibility
4. Try each password.
5. Try and try for correct password.
In its simplest form, a flow label can be used to speed up the processing of a packet by a router. When a router receives a packet, instead of consulting the routing table and going through a routing algorithm to define the address of the next hop, it can easily look in a flow label table for the next hop.
2. PROTECT FROM ATTACKS
Both internet and computer are most important part of life. Nowadays, it's not possible to start a day without using computer and internet. We can use computer for ample of purposes like online shopping, playing games, social networking, etc.
The main thing is to protect the system from viruses and worms. The attacks can come from internet and it will harm your system which can lead to system crash. Therefore, we can misplace huge amount important and personal information which is not god for our life. However, the personal information includes financial information, medical information, etc.
Different ways for System Protection
They are so many ways to protect the system from outdoor hackers. It includes:-
You can install an anti-virus in your system but regular updating of the anti-virus is required.
You can activate the firewall in your operating system. Firewall is really helpful because you can protect your system from all type of attacks
You can also install anti-spyware in your computer
You have to use a very good and complex password for your login account. You have to change your password regularly.
Avoid to use unwanted software and emails
Always try to stop and disable pop-up windows and ads.
3. SECURITY EVALUATION
There are some ethical hackers play important roles for security purposes. They have to make an evaluation for the security of the system. It can be done with the help of three phases:-
Conduct Security Evaluation
In preparation and planning, first of all there is a contact between ethical hacker and organization. However, the organization has to disclose the key points for protection. Furthermore, it should include the scope of the test for security and they have identify testing types: White, Black or Grey Box
After this the ethical hackers conduct a general security test for organization and finally a report is generated with bad and good points about the security. It comes in conduct security evaluation.
However, conclusion includes the steps to improve security in any organization from attacks.
4. SYSTEM ATTACKS
The ethical hackers can use some methods to fissure security of any system during a penetration test. The have to some key points for password cracking or guessing. However, the can make a list of possible passwords and arrange the list from high to low for password guessing. There are some methods which can be used to steal important information from the system. It follows:-
Physical Entry: An ethical hacker can use this method form the premises of the organization. It is required a full access to the system for using this method. However, the hacker can place virus, Trojans, spyware in the main system to harm the backbone of physical device. This method is very intelligent method and used by some hackers.
Local Network: In this method hacker need authentication to the LAN network for using the main system. A hacker can connect his own system to the LAN and can harm the main system by using some techniques like sniffing and scanning.
Stolen Equipment: In this attack if a hacker find some equipment of a worker of the organization. It includes flash drive, Laptop. With the help of laptop a hacker can find usernames, passwords, security settings, encryption level.
Remote Network: This attack is done over the internet. The hacker tries to breakdown or find the vulnerabilities in the outside network to perform the attack.
Social Engineering: In this method a hacker can check the integrity of the system with help of employees working in the organization by a phone call or face to face communication. The hacker tries his or her best to gather more and more information to crack passwords, username or any other security issue.
5. SCANNING AND SWEEP TECHNIQUES
In the process of scanning the hacker tries to gather a lot of information of the system. It includes IP Address, Wireless Network, installed applications, security types, usernames, passwords, etc.
To find the open ports
To find the IP Address and Wireless Network
To check the weakness
To gather information
The main purpose of scanning is to find weather he system is available on the network or not. There are so many scanning tools available in the market to scan the network and to find out the target system.
Port Scanning: In this we can find out the open and closed ports in the target system. If the port 80 is open on the system it means web server is running. It is necessary to know most of the port numbers to gather information. The hackers used to memorize the port number to perform attacks.
Network Scanning: It is used to identify the active hosts on the network for attack or may be for security assessment.
If you want to use a lot of internet and computer then you has to maintain some security rules which are really important for the safety of your personal system .However, you can use some software like anti-virus, anti-spyware, firewall to protect your system. Although you are using only one computer for internet but security maintenance is really important. We have to use very strong passwords and user names for the protections of user accounts.
Internet Security Techniques by Bremen Tata Mcgrill 2005 2nd edition.