Suraj
September 14, 2013
The Genius Hour: Day 1/2
Hackers:

















a hacker is someone who looks for weaknesses in a computer system or computer network and
takes advantage of them
hackers hack for many reasons including protests, challenges, or profits
hackers have really good understanding about computers and computer networks
another name for hackers are crackers
White hat hacker: someone who breaks security not necessarily for bad reasons maybe to test
their own security system or while working for a security company to figure out the weaknesses
of security systems
Black hat hacker: these hackers break through security for malicious reasons and their personal
gain. They are illegal and break into secure networks to destroy data and make the network
unusable for people who are authorized to use the networks
Grey hat hacker: the grey hat hacker is the combination of a black hat and white hat hacker.
These hackers may surf the net and find ways to break into systems and notify the administrator
and ask for a fee to correct the defect. Knowledgeable
Elite hackers: are the most skilled hackers who find the newest tricks to hack amongst their
groups.
Script Kiddies: are not experts who break into computer systems by pre-packaged automated
tools written by others, don’t have much understanding and experience; they are immature
Neophyte: is a newbie or someone who has no experience in hacking he doesn’t know much
about the technology.
Blue hat: is someone outside the computer security consulting firms who is used to bug test a
system prior to its launch looking for exploits so they can be closed
Hacktivist: is someone who utilizes technology to announce a social, political, ideological or
religious message
Nation State: Intelligence agencies and cyber warfare operatives of nation states
Organized Criminal Gangs: criminal activity carried on for their own profit.
Bots: Bots are automated software tools, some freeware, that are available for the use of any
type of hacker
A typical approach on an internet-connected system is:
1) Network enumeration-Discovering information of an intended target
2) Venerability analysis- Identifying ways of attack
3) Exploitation- Attempting to compromise the system by employing the vulnerabilities found
through the venerability analysis
Security Exploits: a prepared application that takes advantage of a known weakness. Examples
of security exploitations are, SQL Injection, Cross site scripting, Cross Site Request Forgery or
abusing security holes.









Venerability Scanner: is a tool used to quick check computers on a network for known
weaknesses.
Port Scanners: these check to see which ports on a specified computer are open or available to
access on the computer and sometimes will detect what program is still listening on that port
and version number.
Password Cracking: password cracking is the process of recovering passwords from data that
has been stored in or transmitted by a computer system. A common approach is to repeatedly
try guesses for the password.
Packet sniffer: is an application that captures data packets, whi0.ch can be used to capture
passwords and other data in transit over the network.
Spoofing Attack: a spoofing attack involves one program, system, or website successfully
masquerading as another by falsifying data and thereby being treated as a trusted system by a
user or another program. The purpose of this is usually to fool programs, systems, or users into
revealing confidential information, such as user names and passwords, to the attacker.
Rootkit: designed to conceal or compromise a computers security and can represent any set of
programs that can subvert control of an operating system from its true operators. It will secure
its installation and prevent its removal through a subversion of standard security. Rootkits may
include replacements for system binaries so that it becomes impossible for the legitimate user
to detect the presence of the intruder on the system by looking at process tables.
Social Engineering: typically a black hat hacker in his second stage of targeting uses this
technique. In this technique the hacker tries to get as much information as he can in order to
access the network. Hackers usually contact the administrator and say that they can’t access
their system or act like an angry supervisor I order to get as much information as they can. They
know that the desk operators will pick up the phone and are easy to trick so no matter how
good the security there will always be a way to get through it.
Social Engineering can be broken down to 4 subgroups:
1) Intimidation: the hacker attacks the person answering the phone as an angry supervisor or
anyone else and threatens with person’s job in order to get information out of them.
2) Helpfulness: Opposite to intimidation, helpfulness is taking advantage of a person's natural
instinct to help someone with a problem. The hacker will not get angry and instead act very
distressed and concerned. The help desk is the most vulnerable to this type of social
engineering, because it generally has the authority to change or reset passwords, which is
exactly what the hacker needs.
3) Name-Dropping: The hacker simply uses advanced names of users as key words to get the
information he wants from the person who answers the phone. Use famous peoples name and
their authority in order to get information.
4) Technical: Uses technology and emails or sends a fax to the user hoping to get important
data. Many times hacker acts like he is involved with the law enforcement in order to get data.
Trojan Horses: A program that seems to be doing one thing but is actually doing another. Have
been used to set up backdoors in a computer system so another intruder can gain access later.



Computer virus: It is a self-replicating virus that spreads itself by inserting copies of it into other
documents or codes. While some are harmless they are considered very dangerous.
Computer worm: Like a virus it is self-replicating but doesn’t need to attach itself to a existing
program instead it propagates through computer networks without user intervention.
Key Loggers: is a tool designed to log everything that was done on the machine. By using this
hackers can get confidential information such as passwords or other private data. May be
hidden using Trojan, root kit, or virus like methods or may be legitimate ways that may enhance
the computer security.
Genius Hour – Day 3
Firewalls:












A firewall is software or hardware-based network security system that controls the incoming
and outgoing network traffic by analyzing the data packets and determining whether they
should be allowed through or not, based on a rule set.
A firewall establishes a barrier between a trusted and secure network that is not secure or
trusted
Although firewalls stop some bad data packages to come in the computer they are not
impenetrable
Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in
terms of its global use and connectivity. The predecessors to firewalls for network security were
the routers used in the late 1980s
The Morris worm was the first attack made on early computer which was very unexpected and
humans were unprepared to deal with it
First firewall technology was built in 1988 and was known as filter system firewalls (first
generation)
Packet filters act by inspecting the "packets" which transfer between computers on the
Internet. If a packet matches the packet filter's set of rules, the packet filter will drop (silently
discard) the packet, or reject it (discard it, and send "error responses" to the source)
Packet filtering firewalls work mainly on the first three layers of the OSI reference model, which
means most of the work is done between the network and physical layers, with a little bit of
peeking into the transport layer to figure out source and destination port numbers.
When a packet originates from the sender and filters through a firewall, the device checks for
matches to any of the packet filtering rules that are configured in the firewall and drops or
rejects the packet accordingly.
From 1989-1990 the second generation firewalls were invented
In the third and fourth generation firewalls had a fourth layer was added and retained packets
until there is enough information to judge if the package is safe for the computer or not
Known as stateful packet inspection it records all connections passing through it and determines
whether a packet is the start of a new connection, a part of an existing connection or not part of
any connection








Some kinds of denial of services attack the firewall by overwhelming it with fake connections to
fill up its memory and causes the firewall to stop from its services
The third generation firewall was known as the application firewall in which an application layer
was added
The key benefit of application layer filtering is that it can understand certain applications and
protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext
Transfer Protocol (HTTP)). This is useful as it is able to detect if an unwanted protocol is
attempting to bypass the firewall on an allowed port, or detect if a protocol is being abused in
any harmful way
As of now they have just made the firewall stronger so it can check things more deeply and
more easily recognize bad things
There are many different types of firewalls depending on where the communications is taking
place or where it is intercepted
Network Layer Firewalls/ Packet filters - allow packets to only go through if it meets it meets
the established rule set. The firewall administrator may default or define the rules himself.
Network layer firewalls generally fall into two sub-categories: stateful or stateless. Stateful
firewalls maintain context about active sessions, and use that "state information" to speed
packet processing. Any existing network connection can be described by several properties,
including source and destination IP address, UDP or TCP ports, and the current stage of the
connection's lifetime. If a packet does not match an existing connection, it will be evaluated
according to the rule set for new connections. If a packet matches an existing connection based
on comparison with the firewall's state table, it will be allowed to pass without further
processing. Stateless firewalls require less memory, and can be faster for simple filters that
require less time to filter than to look up a session. They may also be necessary for filtering
stateless network protocols that have no concept of a session. Cannot make complex decisions.
Application Layer - works on application level can intercept packages going to or from an
application. Prevents Trojans and computer worms from entering. Application firewalls
accomplish their function by hooking into socket calls to filter the connections between the
application layer and the lower layers. Also examines ID of data packets.
Proxies – responds to input packages. Make it very had for exploitation from an external
network if properly configured. Hacker can still pass this if they try.
Genius Hour: Day 4-5
Malware:




Malware is a malicious software that is used to disrupt computer operations and gather
sensitive information in order to gain access to private computers
Can appear in the form of code, scripts, active content and other software
Malware includes computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers,
dialers, spyware, adware, malicious, rogue security software and other malicious programs
The majority of active malware threats are usually worms or trojans rather than viruses.

















Malware is different from defective software which is a legit software but with harmful bugs in it
although some malware can be disguised as software from a legit website with malware
embedded into it or has other tracking programs in order to gather information
Software such as anti-virus, anti-malware, and firewalls are relied upon by users at home, small
and large organizations around the globe to safeguard against malware attacks which helps in
identifying and preventing the further spread of malware in the network
First malware and computer worms were started as a prank but now they are used by black hat
hackers in order to steal information.
Malware is used commonly against the government and even against normal people to steal
their personal information’s but some programs that help prevent that are firewall, antimalware and network hardware
Malicious software is now commonly used for profit; and now a new program called spyware
spies on what the user is doing. Spyware programs are installed by exploiting security holes.
Malware is increasing really fast and statistics show that 1:14 ratio of downloaded content may
have malware
A computer virus is a program that infects running software and when it is runned it causes the
virus to spread to other executables.
A worm is a program that actively transports itself over a network to other computers in order
to infect them
A virus requires a user in order to spread where as a worm can spread automatically by itself
A Trojan horse is a program that invites its user to run it, hiding the harmful malicious code. The
malicious code may take effect immediately by deleting the users files or downloading other
harmful software. Spyware is commonly spread by Trojan horses.
Rootkit- are software packages that hide a malicious program that is installed on the system.
Rootkits hide the process of malicious software in order to prevent it from getting deleted or
read. Some malicious programs may have programs to defend themselves from getting deleted
therefore making it very hard to delete.
Backdoors- is a method of avoiding normal authentication procedures. Once a system has been
compromised with one or more backdoors may be installed in it in order to allow easier access
to that computer in the future.
Malware explores security defects in a computer. Most systems contain bugs and loopholes that
may be exploited by malware.
Over-privileged users- some systems allow all users to modify their internal structures. When
someone is allowed to modify their own setting (usually in the older computers) they usually
make them weaker so they become less immune to malicious programs.
Over-privileged users- some systems allow code executed by a user to access all rights of the
user. Therefore making the computer protection weaker and less immune to viruses, etc.
There needs to be a diversity of computers and protection systems because if all protection
systems are the same by exploiting one the hacker can easily exploit all
Anti-virus/ anti-malware systems- any time the operating system accessing a file on access the
anti-malware system checks if the file is legitimate or not and if the file is a malware the user is



notified and the malware is get rid of. The goal is to stop any operations of malware including
harmful reactions.
Anti-malware (real time) - provides protection from installing malware software on a computer.
Scans all incoming network data for malware and blocks any threats that it comes across.
Anti-malware 2- Anti-malware software programs can be used solely for detection and removal
of malware software that has already been installed onto a computer.
Grayware- is a general term that refers to applications or files that are not directly classified as
malware (like worms or trojan horses) but can still negatively affect the performance of
computers and affect the security of the computer. Included spyware, adware, dialers, joke
programs, and remote access tools. (except viruses)
Genius Hour: Day 6-7
How to make your own Firewall:
Today I read about making your own firewall. This is a fairly complicated process with many steps but
with the given link you can read about this and make your own firewall. You can use the following URL
to read about creating your own firewall http://www.engadget.com/2006/05/30/how-to-build-yourown-network-firewall/
Genius Hour: Day 8-9
Norton Security:







Is a malware preventing program developed by Symantec Corporation.
It provides personal firewalls, email spam protection and protection while surfing the
internet.
Norton security can be downloaded, bought as a box copy, or as OEM software.
Is available for download on Symantec’s websites or can buy a physical version on a disk for
a higher price or even on a USB flash drive.
In August 1990 Symantec bought Peter Norton computing from Peter Norton and started to
develop exponentially and together they created some anti-viruses
The first version of Norton Security was launched January 10, 2000. This version included a
firewall, traffic filter, cookie removal, banner add blocking, parental control and you were
able to adjust the settings but was a pretty complicated process.
Norton security version 2 was launched September 18, 2001 which included further
protection from malicious viruses and script viruses. They developed their firewalls to help
you make choices to accept or get rid of cookies, java applets and many more. A new
function in this launch was Intrusion detection with Auto block which can detect port scans
and prevent further intrusion attempts. Parental control automatically started to block sites
that were not safe and updated them.




In the version 3 of 2002 you could configure your own settings and they improved the
firewall and automatically blocked access attempts and also introduced the productivity
settings that allowed you to block certain newsgroups and or advertisements.
The version 4 of 2003 added Norton Spam alert which was created to reduce the amount of
email spam although it was known to mistaken real emails as spam and delete them.
Another thing added to this version was the block traffic button which blocks all incoming
and outgoing internet traffic. In addition to the Block Traffic button another feature was
added named the visual tracker which attempted to track down and map the attacks to
their origins. Another feature included in the professional edition of this version was the
ability to recover deleted or malware damaged files.
The version 5 of 2004 added adware, spyware and keylogger protection and added another
feature called Antispam which correctly managed to identify 94% of spam messages.
The Norton version of 2005 added better more detailed detection and reduced spyware
effectively. It is known as the turning point for Norton as it was one of the best security
programs for a while. Another new feature included was the Internet Worm Protection
which blocked worms and scanned IP addresses for open ports. Outbreak Alert feature was
added which notified the users when it found a major threat and privacy control notified
user when sending away confidential information. AntiSpam started to check emails for
spoofed URLs and such.
Genius Hour Day 10
Final Product started:

The research has been completed, and today I have started my Prezi and tried to figure out how
to use it and fooled around with it.
Genius Hour Day 11-12

Continued work on Prezi added more information and edited path.
Genius Hour Day 13-14

Continued with my prezi presentation.
Genius Hour Day 15 – 16

Finished my Prezi presentation .
*Note- Many Genius Hours were used to catch up with work in InfoTech class.