Presentation is loading. Please wait.

Presentation is loading. Please wait.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete."— Presentation transcript:

1 100% Security The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it …. Gene Spafford—Director, Computer Operations, Audit, and Security Technology (COAST), Purdue University

2 The Internet Challenge
E-Commerce Workforce Optimization Internet Business Value Customer Care Supply Chain Management E-Learning Internet Presence Expansion of E-Business!! E-Business Challenge is how to put mission critical applications & business functions on–line how to expand access beyond the enterprise To telecommuters To mobile workers To provide access in hotels, airports, & even here and to provide access beyond the enterprise to new constituencies to Customers,suppliers and partners In short - how to take advantage of the productivity and competitive advantages that e-business offers without being vulnerable to the increased security risks it involves Not getting easier as publicly available penetration tools can make anyone a sophisticated hacker Successful e-business requires heightened security Corporate Intranet Internet Access Expanded Access Heightened Network Security Risks

3 Threat Capabilities: More Dangerous & Easier To Use
Internet Worms Packet Forging/ Spoofing High Stealth Diagnostics Technical Knowledge Required DDOS Back Doors Sweepers Sophistication of Hacker Tools Exploiting Known Vulnerabilities Sniffers Disabling Audits Self Replicating Code Password Cracking When most people read about Internet hacking incidents, they get the impression that these are highly complex, technical attacks that takes a genius to create. Reality is that the really smart people first come up with these highly complex, technical attacks, but they share the information and the tools required to pull off the attack on the Internet. The “open sharing” of hacking information and tools allows individuals with minimal technical knowledge to duplicate the attack. Often, it is as easy as downloading the attack tool from the Internet and launching it against targets. You don’t need to know anything other than how to run the attack tool. The bottom line is that it doesn’t take a genius to successfully attack systems and networks, it just takes someone downloading attack tools. Password Guessing Low 1980 1990 2000

4 Examples

5 Distributed Denial of Service (DDoS)
First attack to consider is DDoS. February hit public consciousness when Yahoo, CNN, Amazon, Ebay all went down. Tools have been around longer than that. Many different names, including: Stacheldraht - “barbed wire” (spend some time on this one) Trinoo Tribe Flood Network (TFN) and TFN2000 Shaft DDoS is no different than DoS in that you send lots of traffic to a target, though you have 100s or 1000s of machines doing it at the same time. Ding Dong is akin to DoS with every kid in the neighborhood lined up to ring your door bell. Your dinner guests will never make it cause they’ll have to stand in line too. DDoS is like all the kids of the city getting their parents to drive them to your house to do Ding Dong. Not only will you have a long line, but you’ll wind up with clogged roads too. DDoS attacks are designed to saturate network links with spurious data. This data can overwhelm a business’ Internet link, causing legitimate traffic to be dropped. DDoS prevention hard cause already to late at the FW. Can try to prevent being a source of DDoS attacks. Stacheldraht - “barbed wire” Trinoo Tribe Flood Network (TFN) and TFN2000 Shaft

6 Attacks Keep Getting Easier
Connected to

7 l0PHT Crack Dumps All Passwords from the NT Registry Specify a Computer:

8 l0PHT Crack Dumps the Password Files

9 The Intruder Opens a Word Dictionary

10 and Runs the Crack

11

12 A new generation of attacks: The Internet Worms

13 The Code Red & NIMDA Worms What Happened??
- July 19-20/2001 ,104 Hosts in 13 hours - $2.6 Billion in Damages! Estimates from Computer Economics (Carlsbad, CA) NIMDA September 18, 2001 Fastest spreading virus 300K+ Hosts, 2.2M devices Damage still being assessed The Code Red worm was one of the most damaging and quickly spreading threats to the internet. Over the course of just 2 days over 300,000 hosts were infected – with damages totaling in the hundreds of millions of dollars.

14 July 19, Midnight – 159 hosts infected
Code Red Spreads July 19, Midnight – 159 hosts infected

15 July 19, 11:40 am – 4,920 hosts infected
Code Red Spreads July 19, 11:40 am – 4,920 hosts infected

16 July 20, Midnight – 341,015 hosts infected
Code Red Spreads July 20, Midnight – 341,015 hosts infected

17 The Code Red Worm How It Works
Conceals itself in HTTP Packets. Firewalls alone cannot safeguard against the virus The worm exploits vulnerabilities found in Microsoft’s Internet Information Server (IIS) v4&5 via a buffer overflow attack It then exploits arbitrary code and installs a copy of itself into the infected computer’s memory – which infects other hosts. Worms are self-propagating pieces of code that take advantage of flaws in computer software. In this case, the Code-Red worm took advantage of a remotely exploitable vulnerability in Microsoft’s Internet Information Server (IIS) Versions 4 and 5. The worm would send a Universal Resource Locator (URL) to a host that would overflow a buffer in Microsoft’s Index Server, a part of IIS. This buffer overflow allowed the worm to execute arbitrary code. Code-Red would install a copy of itself into memory on the infected computer, and attempt to infect additional hosts.

18 The NIMDA Worm How It Works
Hybrid of Worm & Virus Spread by: attachment (virus) - Network Shares (worm) - Javascript by browsing compromised web site (virus) - Infected hosts scanning for exploitable hosts (worm) - Infected hosts scanning for backdoors created by Code-Red and sadmind/IIS worms (worm) The Nimda worm is actually a hybrid, containing both worm characteristics and virus characteristics. Both worms and viruses spread and infect multiple systems. The differentiator between the two is that viruses require some form of human intervention to spread. Nimda spreads via the following mechanisms through: as an attachment (virus) Network shares (worm) JavaScript by browsing compromised web sites (virus) Infected hosts actively scanning for additional exploitable hosts (worm) Infected hosts actively scanning for backdoors created by the Code-Red and sadmind/IIS worms (worm)

19 Anatomy Of A Worm 1 - The Enabling Vulnerability
2 - Propagation Mechanism Three stages to how the worm operates and propagates itself. It’s important to understand that worms are self propagating. They are indiscriminate in who they attack and where they attack and when they attack. 3 - Payload

20 The Enabling Vulnerability
IIS 1 IIS Internet IIS The enabling vulnerability is an inherent weakness in unpatched versions of Microsoft’s IIS web server. IIS IIS Using the Index Server buffer overflow attack, the worm attempts to install itself on IIS Web servers.

21 Propagation GO IIS IIS IIS 2
The most dangerous aspect of the worm is it’s ability to self-replicate and automatically infect new targets in an indiscriminate manner. After gaining access to the servers, the worm replicates itself and selects new targets for infection.

22 Payload 3 STEAL DEFACE BACK DOOR ROOTKIT
Once infected, the server is vulnerable to a number of exploitations. The information contained on the server is open to the hacker, and the infected server can be used to exploit other devices on the network. 3 When the server is infected with a worm, the attacker has administrator-level access to the server. Not only can the attacker deface Web pages, but they also have the power to reformat the hard drive, install a rootkit, steal credit card numbers, etc.

23 Additional Information
Compulsory Reading "Hacking Exposed". Security Links (vulnerabilities, tips, exploits, tools)

Download ppt "100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete."

Similar presentations

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.

(Distributed) Denial of Service Nick Feamster CS 4251 Spring 2008.
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.

Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.

 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
2 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. Security Technologies.

2 3856_10_2001_c1_X © 2001, Cisco Systems, Inc. All rights reserved. Security Technologies.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
By Joshua T. I. Towers. 13.3 $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.

By Joshua T. I. Towers $13.3 billion was the direct cost of malware for business in 2006 “direct costs are defined as labor costs to analyze, repair.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Networking and Security: Connecting Computers and Keeping Them Safe from Hackers and Viruses Networking fundamentals Network architecture Network components.

1 Networking and Security: Connecting Computers and Keeping Them Safe from Hackers and Viruses Networking fundamentals Network architecture Network components.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
DDos Distributed Denial of Service Attacks by Mark Schuchter.

DDos Distributed Denial of Service Attacks by Mark Schuchter.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

Similar presentations

Ads by Google