Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data and Computer Communications Ninth Edition by William Stallings Chapter 23 – Computer and Network Security Threats Data and Computer Communications,

Similar presentations


Presentation on theme: "Data and Computer Communications Ninth Edition by William Stallings Chapter 23 – Computer and Network Security Threats Data and Computer Communications,"— Presentation transcript:

1 Data and Computer Communications Ninth Edition by William Stallings Chapter 23 – Computer and Network Security Threats Data and Computer Communications, Ninth Edition by William Stallings, (c) Pearson Education - Prentice Hall, 2011

2 Computer and Network Security Threats The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the change of his not attacking, but rather on the fact that we have made our position unassailable. —The Art of War. —The Art of War. Sun Tzu

3 Computer Security  Key objectives: confidentiality confidentiality integrity integrity availability availability

4 Confidentiality  term covers two related concepts: Data Data assures that private or confidential information is not made available or disclosed to unauthorized individualsassures that private or confidential information is not made available or disclosed to unauthorized individuals Privacy Privacy assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosedassures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed

5 Integrity  term covers two related concepts: Data integrity Data integrity assures that information and programs are changed only in a specified and authorized mannerassures that information and programs are changed only in a specified and authorized manner System integrity System integrity assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the systemassures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system

6 Availability assures that systems work promptly and service is not denied to authorized users

7 Loss of Security  FIPS PUB 199 identifies the loss of security in each category: Confidentiality Confidentiality unauthorized disclosure of informationunauthorized disclosure of information Integrity Integrity unauthorized modification or destruction of informationunauthorized modification or destruction of information Availability Availability disruption of access to or use of information or an information systemdisruption of access to or use of information or an information system

8 Additional Security Objectives  Some information security professionals feel that two more objectives need to be added: Authenticity being genuine and able to be verified and trusted Accountability actions of an entity can be traced uniquely to that entity non-repudiation

9 Threats and Attacks

10 Computer and Network Assets, with Examples of Threats

11 Scope of System Security

12 Hardware  most vulnerable to attack  least susceptible to automated controls  threats accidental damage accidental damage intentional damage intentional damage theft theft

13 Software  includes operating system, utilities and application programs  key threats: easy to delete can be altered or damaged can be modified license can be compromised or misused piracy

14 Data  security concerns with respect to data are broad, encompassing: availability availability secrecy secrecy integrity integrity  major concerns with data have to do with: destruction of files theft of files unauthorized reading of files incorrect but intentional analysis of data

15 Communication Lines & Networks  Network Security attack classification: Passive goal of attacker is to gather information without being noticed. does not affect system resources two types are: release of message contents and traffic analysis Active involves some modification of data stream attempts to alter system resources or affect their operation

16 Active Attacks passive capture of data for later retransmission – usually after being modified Replay pretending to be someone else – usually to obtain unauthorized access to data Masquerade some portion of legitimate message is altered Modification of Messages prevents or inhibits normal use of service Denial of Service (DoS)

17 Classes of Intruders  Masquerader – usually outsider penetrates a real users account by pretending to be them penetrates a real users account by pretending to be them  Misfeasor – usually insider legitimate user who accesses unauthorized areas legitimate user who accesses unauthorized areas  Clandestine User – outsider or insider user who seizes supervisory control of a system in order to avoid prevention, access and detection controls user who seizes supervisory control of a system in order to avoid prevention, access and detection controls

18 Behavior Patterns of Intruders: Hackers and Criminals  Hackers usually high level of competence usually high level of competence share their findings share their findings look for targets of opportunity look for targets of opportunity  Criminals organized groups of hackers are a common modern threat organized groups of hackers are a common modern threat typically young typically young usually have specific targets usually have specific targets

19 Behavior Patterns of Intruders: Insiders

20 Intrusion Techniques System or Software Vulnerabilities Back Doors Buffer Overflow Password Compromise Root Kits Social Engineering

21 Malicious Software Malware comes in many disguises: application programs utility programs (editors, compilers) attachments links

22 Categories of Malicious Software  parasitic fragments of programs that cannot exist independently of some actual application program, utility, or system program fragments of programs that cannot exist independently of some actual application program, utility, or system program viruses, logic bombs, backdoorsviruses, logic bombs, backdoors  independent self-contained programs that can be scheduled and run by the operating system self-contained programs that can be scheduled and run by the operating system worms, botsworms, bots

23 Terminology of Malicious Programs Terminology of Malicious Programs

24 Backdoor  trapdoor  is a secret entry point into a program that can allow unauthorized access to the data  backdoors are common among the programming community and are used for a variety of maintenance tasks (maintenance hook)  it is important to not allow backdoors into production environments

25 Logic Bomb  predates viruses and worms  code embedded in a legitimate program that will “explode” at a given time or when certain conditions are met presence or absence of certain files presence or absence of certain files particular day of the week or date particular day of the week or date particular user using the application particular user using the application BOOM

26 Trojan Horse  program that contains hidden code that, when invoked, causes harm to the system or system infrastructure it was launched from 3 models of Trojan horses are typical continuing original program functions while in parallel doing the malicious activity continuing original program functions but modifying it to perform malicious activity replacing original program functions with the malicious activity

27 Mobile Code  script, macro, or other portable instruction that can be shipped unchanged to a collection of platforms  transmitted from a remote system to a local system and then executed on the local system without the user’s explicit instruction mechanism for a virus, worm, or Trojan horse mechanism for a virus, worm, or Trojan horse vulnerabilities such as unauthorized data access vulnerabilities such as unauthorized data access

28 Multiple Threat Malware  multipartite – capable of infecting multiple types of files  blended attack – uses multiple methods of infection or transmission to maximize infection speed Nimda Nimda erroneously referred to as simply a wormerroneously referred to as simply a worm uses a combination of items like , web servers, web clients, etc. to propagate and infectuses a combination of items like , web servers, web clients, etc. to propagate and infect

29 Viruses  can do anything other programs can do attaches itself to a program and executes secretly attaches itself to a program and executes secretly once running it can perform any function allowed by the current users rights once running it can perform any function allowed by the current users rights has thre e parts infection mechanism trigger payload

30 Virus Lifecycle The virus is idle and waiting Dormant The virus places a copy of itself into other programs Propagation Virus is activated to perform function for which it was intended Trigger Virus function is performed Execution

31 Virus Classification  by target  by concealment strategy

32 Target Target  boot sector infector infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus  file infector infects files that the operating system or shell consider to be executable infects files that the operating system or shell consider to be executable  macro virus infects files with macro code that is interpreted by an application infects files with macro code that is interpreted by an application

33 Concealment Strategy Encrypted virus portion of the virus creates a random encryption key and encrypts the remainder of the virus and stores the key with the virus Stealth virus explicitly designed to hide itself from detection by antivirus software Polymorphic virus virus that mutates with every infection making detection by the “signature” of the virus impossible Metamorphic virus mutates with every infection and rewrites itself completely at each iteration

34 Viruses  a more recent development in malicious software Melissa Melissa virus sends itself to everyone on the mailing list in the user’s package virus sends itself to everyone on the mailing list in the user’s package virus does local damage on the user’s systemvirus does local damage on the user’s system  another virus appeared that activates by merely opening the that contains the virus rather than the attachment

35 Worms  self replicating – usually very quickly  usually performs some unwanted function  actively seeks out more machines to infect Self Replicating Vehicles Remote Execution Remote Login

36 Worms In the propagation phase the Worm will Phases Phases Dormant Propagation Trigger Execution search for other systems to infect establish remote connections copy itself to the remote system and cause the copy to run

37 Worm Technology  Multiplatform – variety of platforms  Multi-Exploit – variety of penetration schemes  Ultrafast Spreading – accelerated distribution  Polymorphic – evades set signatures  Metamorphic – evades anomaly detectors  Transport Vehicles – used to spread other distributed attack tools  Zero Day – exploits a yet unknown vulnerability

38 Worm Propagation

39 Bots  AKA – Zombie or Drone secretly takes over an internet connected computer secretly takes over an internet connected computer launches attacks from that computer that are hard to trace back to the creator launches attacks from that computer that are hard to trace back to the creator  Botnet collection of Bots that act in a coordinated manner collection of Bots that act in a coordinated manner has 3 characteristics has 3 characteristics bot functionalitybot functionality remote control facilityremote control facility spreading mechanismspreading mechanism

40 Bot Usage  Distributed Denial of Service Attack  Spamming  Sniffing Traffic  Keylogging  Spreading of new malware  Installing Ads (Adware and SpyWare)  Attacking IRC Chat networks  Manipulation of online polls / games

41 Remote Control Facility  distinguishes a bot from a worm worm propagates itself, bot is controlled from some central facility (initially) worm propagates itself, bot is controlled from some central facility (initially)  IRC server all bots join a specific channel on this server and treat incoming messages as commands all bots join a specific channel on this server and treat incoming messages as commands control module activates the bots control module activates the bots

42 Constructing the Attack Network  first step in a botnet attack is for the attacker to infect a number of machines with bot software that will be used to carry out the attack  essential ingredients software that can carry out the attack software that can carry out the attack vulnerability in a large number of systems vulnerability in a large number of systems strategy for locating and identifying vulnerable machines strategy for locating and identifying vulnerable machines scanning / fingerprintingscanning / fingerprinting

43 Summary  computer security concepts  threats, attacks, and assets hardware, software, data hardware, software, data  intruders hackers, criminals, insiders hackers, criminals, insiders  malicious software Trojan horse, malware Trojan horse, malware  viruses, worms, and bots


Download ppt "Data and Computer Communications Ninth Edition by William Stallings Chapter 23 – Computer and Network Security Threats Data and Computer Communications,"

Similar presentations


Ads by Google