Presentation is loading. Please wait.

Presentation is loading. Please wait.

Attacks and Ilya Chalyt Nicholas Egebo Vulnerabilities March 7 2005.

Similar presentations


Presentation on theme: "Attacks and Ilya Chalyt Nicholas Egebo Vulnerabilities March 7 2005."— Presentation transcript:

1 Attacks and Ilya Chalyt Nicholas Egebo Vulnerabilities March

2 Topics of Discussion Reconnaissance Gain information about a system Vulnerabilities Attributes of a system that can be maliciously exploited Attacks Procedures to exploit vulnerabilities Reference 1

3 Topics of Discussion Reconnaissance War Dialing War Dialing War Driving War Driving Port Scanning Port Scanning Probing Probing Packet Sniffing Packet Sniffing

4 War Dialing (Reconnaissance) Method Dial a range of phone numbers searching for modem Motivation Locate potential targets Detection Detection impossible outside of the telephony infrastructureDefense Disconnect unessential modems from outgoing phone lines Reference 2

5 War Driving (Reconnaissance) Method Surveillance of wireless signals in a region Motivation Find wireless traffic Detection Can only be detected by physical surveillanceDefense Limit geographic access to wireless signal Reference 3

6 Port Scanning (Reconnaissance) Method Send out a SYN packet, check for response Motivation Find potential targets Detection Traffic analysisDefense Close/silence ports Reference 4

7 Probing (Reconnaissance) Method Send packets to ports Motivation Find specific port information Detection Traffic analysisDefense Close/silence ports

8 Packet Sniffing (Reconnaissance) Method Capture and analyze packets traveling across a network interface Motivation Gain access to information traveling on the network Detection NoneDefense Use encryption to minimize cleartext on the network Reference 5

9 Topics of Discussion Vulnerabilities Backdoors Backdoors Code Exploits Code Exploits Eavesdropping Eavesdropping Indirect Attacks Indirect Attacks Social Engineering Social Engineering

10 Backdoors (Vulnerabilities) Bypass normal means of authentication Hidden from casual inspection Installed separately or integrated into software Reference 6

11 Code Exploits (Vulnerabilities) Use of poor coding practices left uncaught by testing Defense: In depth unit and integration testing

12 Eavesdropping (Vulnerability) Data transmitted without encryption can be captured and read by parties other than the sender and receiver Defense: Use of strong cryptography to minimize cleartext on the network

13 Indirect Attacks (Vulnerabilities) Internet users’ machines can be infected with zombies and made to perform attacks The puppet master is left undetected Defense: Train internet users to prevent zombies and penalize zombie owners

14 Social Engineering (Vulnerability) Manipulate the weakest link of cybersecurity – the user – to gain access to otherwise prohibited resources Defense: Train personnel to resist the tactics of software engineering Reference 7

15 Topics of Discussion Attacks Password Cracks Password Cracks Web Attacks Web Attacks Physical Attacks Physical Attacks Worms & Viruses Worms & Viruses Logic Bomb Logic Bomb Buffer Overflow Buffer Overflow Phishing Phishing Bots, and Zombies Bots, and Zombies Spyware, Adware, and Malware Spyware, Adware, and Malware Hardware Keyloggers Hardware Keyloggers Eavesdropping & Playback attacks Eavesdropping & Playback attacks DDoS DDoS

16 Password Cracks: Brute Force Method Trying all combinations of legal symbols as username/password pairs Motivation Gain access to system Detection Frequent attempts to authenticateDefense Lockouts – temporary and permanent Reference 8

17 Password Cracks: Dictionary Attack Method Trying all entries in a collection of strings Motivation Gain access to system, faster than brute force Detection Frequent attempts to authenticateDefense Lockouts – temporary and permanent Complex passwords Reference 8

18 Password Cracks: Hybrid Attack Method Trying all entries in a collection of strings adding numbers and symbols concatenating them with each other and or numbers Motivation Gain access to system, faster than brute force, more likely than just dictionary attack Detection Frequent attempts to authenticateDefense Lockouts – temporary and permanent Reference 8

19 Password Cracks: l0phtcrack Method Gain access to operating system’s hash table and perform cracking remotely Motivation Gain access to system, cracking elsewhere – no lockouts Detection Detecting reading of hash tableDefense Limit access to system Reference 8

20 Web Attacks: Source Viewing Method Read source code for valuable information Motivation Find passwords or commented out URL Detection NoneDefense

21 Web Attacks: URL Modification Method Manipulating URL to find pages not normally accessible Motivation Gain access to normally private directories or pages Detection Check website URL logsDefense Add access requirements

22 Web Attacks: Post Data Method Change post data to get desired results Motivation Change information being sent in your favor Detection NoneDefense Verify post data on receiving end

23 Web Attacks: Database Attack Method Sending dangerous queries to database Motivation Denial of service Detection Check database for strange recordsDefense Filter database queries Reference 9

24 Web Attacks: Database Insertion Method Form multiple queries to a database through forms Motivation Insert information into a table that might be unsafe Detection Check database logsDefense Filter database queries, make them quotesafe Reference 9

25 Web Attacks: Meta Data Method Use meta characters to make malicious input Motivation Possibly reveal script or other useful information Detection Website logsDefense Filter input of meta characters Reference 10

26 Physical Attack: Damage Method Attack the computer with an axe Motivation Disable the computer Detection Video CameraDefense Locked doors and placed security guards

27 Physical Attack: Disconnect Method Interrupt connection between two elements of the network Motivation Disable the network Detection PingsDefense Locked doors and placed security guards

28 Physical Attack: Reroute Method Pass network signal through additional devices Motivation Monitor traffic or spoof a portion of the network Detection CameraDefense Locked doors and placed security guards

29 Physical Attack: Spoof MAC & IP Method Identify MAC address of target and replicate Motivation Deny target from receiving traffic Detection Monitoring ARP requests and checking logsDefense None as of now

30 Worms & Virus: File Infectors Method Infects executables by inserting itself into them Motivation Damage files and spread Detection Virus scan or strange computer behaviorDefense Antivirus, being cautious on the internet Reference 10

31 Worms & Virus: Partition-sector Infectors Method Moves partition sector Moves partition sector Replaces with self Replaces with self On boot executes and calls original information On boot executes and calls original informationMotivation Damage files and spread Detection Virus scan or strange computer behaviorDefense Antivirus, being cautious on the internet Reference 10

32 Worms & Virus: Boot-sector virus Method Replaces boot loader, and spreads to hard drive and floppies Motivation Damage files and spread Detection Virus scan or strange computer behaviorDefense Antivirus, being cautious on the internet Reference 10

33 Worms & Virus: Companion Virus Method Locates executables and mimics names, changing the extensions Motivation Damage files and spread Detection Virus scan or strange computer behaviorDefense Antivirus, being cautious on the internet Reference 10

34 Worms & Virus: Macro Virus Method Infects documents, when document is accessed, macro executes in application Motivation Damage files and spread Detection Virus scan or strange computer behaviorDefense Antivirus, being cautious on the internet Reference 10

35 Worms & Virus: Worms MethodReplicatesMotivation Variable motivations Detection Virus scan or strange computer behaviorDefense Antivirus, being cautious on the internet Reference 11

36 Logic Bomb Method Discreetly install “time bomb” and prevent detonation if necessary Motivation Revenge, synchronized attack, securing get away Detection Strange computer behaviorDefense Keep and monitor logs Monitor computer systems closely

37 Buffer Overflow Method Pass too much information to the buffer with poor checking Motivation Modify to information and/or execute arbitrary code Detection LogsDefense Check input size before copying to buffer Guard return address against overwrite Invalidate stack to execute instructions Reference 12 & 13

38 Phishing Method Request information from a mass audience, collect response from the gullible Motivation Gain important information Detection Careful examination of requests for informationDefense Distribute on a need to know basis

39 Bots & Zombies Method Installed by virus or worm, allow remote unreserved access to the system Motivation Gain access to additional resources, hiding your identity Detection Network analysis Virus scans Notice unusual behaviorDefense Install security patches and be careful what you download

40 Spyware, Adware, and Malware Method Installed either willingly by the user via ActiveX or as part of a virus package Motivation Gain information about the user Gain information about the user Serve users advertisements Serve users advertisementsDetection Network analysis Abnormal computer behaviorDefense Virus / adware / spyware / malware scans

41 Hardware Keyloggers Method Attach it to a computer Motivation Record user names, passwords, and other private information Detection Check physical connectionsDefense Cameras and guards

42 Eavesdropping Method Record packets to the network Record packets to the network Attempt to decrypt encrypted packets Attempt to decrypt encrypted packetsMotivation Gain access to user data Detection NoneDefense Strong cryptography

43 Playback Attack Method Record packets to the network Record packets to the network Resend packets without decryption Resend packets without decryptionMotivation Mimic legitimate commands Detection Network analysisDefense Time stamps

44 DDoS: CPU attack Method Send data that requires cryptography to process Motivation Occupy the CPU preventing normal operations Detection Network analysisDefense None Reference 14

45 DDoS: Memory attack Method Send data that requires the allocation of memory Motivation Take up resources, crashing the server when they are exhausted Detection Network analysisDefense None Reference 14

46 References 1.Amoroso, Edward. Intrusion Detection. Sparta, New Jersey: AT&T Laboratories, Gunn, Michael. War Dialing. SANS Institute, Schwarau, Winn. “War-driving lessons,” Network World, 02 September Bradley, Tony. Introduction to Port Scanning (04 March 2005). 5.Bradley, Tony. Introduction to Packet Sniffing (05 March 2005). 6.Thompson, Ken. “Reflections on Trusting Trust.” Communications of the ACM, Vol. 27, No. 8, August Mitnick, Kevin. The Art of Deception. Indianapolis, Indiana, Coyne, Sean. Password Crackers: Types, Process and Tools. ITS Research Labs, Friel, Steve. SQL Injection Attacks by Example (05 March 2005) 10.Lucas, Julie. The Effective Incident Response Team. Chapter Worms versus Viruses (06 March 2005) 12.Grove, Sandeep. “Buffer Overflow Attacks and Their Countermeasures.” Linux Journal. 10 March Levy, Elias. “Smashing the Stack for Fun and Profit”. Phrack Magazine Issue 49, Fall Distributed Denial of Service (05 March 2005)


Download ppt "Attacks and Ilya Chalyt Nicholas Egebo Vulnerabilities March 7 2005."

Similar presentations


Ads by Google