Presentation is loading. Please wait.

Presentation is loading. Please wait.

.  Differentiate among various systems’ security threats:  Privilege escalation  Virus  Worm  Trojan  Spyware  Spam  Adware  Rootkits  Botnets.

Published byEdmund Bradford Modified over 8 years ago

Similar presentations

Presentation on theme: ".  Differentiate among various systems’ security threats:  Privilege escalation  Virus  Worm  Trojan  Spyware  Spam  Adware  Rootkits  Botnets."— Presentation transcript:

1

2  Differentiate among various systems’ security threats:  Privilege escalation  Virus  Worm  Trojan  Spyware  Spam  Adware  Rootkits  Botnets  Logic bomb

3  Implement security applications.  Differentiate between the different ports and protocols, their respective threats and mitigation techniques.  Antiquated protocols  TCP/IP hijacking  Null sessions  Spoofing  Man-in-the-middle  Replay  DoS  DDoS  Domain Name Kiting  DNS poisoning

4  Explain the vulnerabilities and mitigations associated with network devices.  Privilege escalation  Weak passwords  Back doors  DoS  Carry out vulnerability assessments using common tools.  Vulnerability scanners  Password crackers

5  Attack Strategies  Recognizing Common Attacks  Identifying TCP/IP Security Concerns  Understanding Software Exploitation  Surviving Malicious Code  Other Attacks and Frauds

6  Access attack, someone who should not be able to wants to access your resources. Its purpose is to gain access to information that the attacker isn’t authorized to have  Modification and repudiation attack, someone wants to modify information in your systems  Denial-of-service (DoS) attack

7  Eavesdropping  Eavesdropping is the process of listening in on or overhearing parts of a conversation, including listening in on your network traffic  This type of attack is generally passive  Snooping  Occurs when someone looks through your files hoping to find something interesting  The files may be either electronic or on paper

8  Interception can be either an active or a passive process  Intercept (v): to stop something or someone that is going from one place to another before they get there  In a networked environment, a passive interception would involve someone who routinely monitors network traffic.  Active interception might include putting a computer system between the sender and receiver to capture information as it’s sent. The process is usually covert.  Intercept missions can occur for years without the knowledge of the parties being monitored.

9  Modification attacks involve the deletion, insertion, or alteration of information in an unauthorized manner that is intended to appear genuine to the user  They’re similar to access attacks in that the attacker must first get to the data on the servers, but they differ from that point on.  The motivation for this type of attack may be to plant information, change grades in a class, fraudulently alter credit card records, or something similar.  Website defacements are a common form of modification attack.

10  Repudiation attack is a variation of modification attacks  repudiate / r ɪ pjudie ɪ t /  to refuse to accept or continue with something  to state or show that something is not true or correct  Repudiation attacks make data or information appear to be invalid or misleading.  Repudiation attacks are fairly easy to accomplish because most e-mail systems don’t check outbound mail for validity.  Repudiation attacks, like modification attacks, usually begin as access attacks.

11  Denial-of-Service  DoS attacks prevent access to resources by users authorized to use those resources  Most simple DoS attacks occur from a single system  Types of DoS attacks:  ping of death  buffer overflow

12

13  Requires a powerful transmitter

14

15  Distributed Denial-of-Service Attacks  Multiple computer systems used to conduct the attack  Zombies  Botnet: the malicious software running on a zombie

16

17  How to face with Denial attacks?

18  Attack Strategies  Recognizing Common Attacks  Identifying TCP/IP Security Concerns  Understanding Software Exploitation  Surviving Malicious Code  Other Attacks and Frauds

19  Back doors?

20  A spoofing attack is an attempt by someone or something to masquerade as someone else.  IP spoofing and DNS spoofing

21  This type of attack is also an access attack, but it can be used as the starting point for a modification attack  Places a piece of software between a server and the user.

22  The attacker captures the information and replay it later.  The information can be username, passwords, certificates from authentication systems such as Kerboros.

23 Captured passwords projected on the wall at DEFCON

24  Solutions: Certificates usually contain a unique session identifier and a time stamp.

25  Records cookies and replays them  This technique breaks into Gmail accounts  Technical name: Cross Site Request Forgery  Almost all social networking sites are vulnerable to this attack  Facebook, MySpace, Yahoo, etc.

26  Brute-force attack.  Dictionary attack  Hybrids: mixing the two above techniques

27  Privilege escalation can be the result of an error on an administrator’s part in assigning too high a permission set to a user, but it’s more often associated with bugs left in software.  Cheat codes in video games.

28  Attack Strategies  Recognizing Common Attacks  Identifying TCP/IP Security Concerns  Understanding Software Exploitation  Surviving Malicious Code  Other Attacks and Frauds

29

30  Network Access = OSI layers 1 & 2, defines LAN communication, what do I mean by that?  Network = OSI layer 3 – defines addressing and routing  Transport/Host to Host = OSI layer 4, 5 – defines a communication session between two applications on one or two hosts  Application = OSI layers 6,7 the application data that is being sent across a network

31  Maps to Layer 1 and 2 of the OSI model  The Level that a Network Interface Card Works on  Source and Destination MAC addresses are used defining communications endpoints  Protocols include  Ethernet  Token Ring  FDDI

32  Routing, IP addressing, and packaging  Internet Protocol (IP) is a routable protocol, and it’s responsible for:  IP addressing.  fragments and reassembles message packets  only routes information; doesn’t verify it for accuracy(Accuracy checking is the responsibility of TCP)

33  Maps to layer 4 and 5 of the OSI model  Concerned with establishing sessions between two applications  Source and destination endpoints are defined by port numbers  The two transport protocols in TCP/IP are TCP and UDP

34  Connection oriented “guaranteed” delivery.  Advantages  Easier to program with  Truly implements a “session”  Adds security  Disadvantages  More overhead / slower

35  Connectionless, non-guaranteed delivery (best effort)  Advantages  Fast / low overhead  Disadvantages  Harder to program with  No true sessions  Less security  A pain to firewall (due to no connections)

36  Most programs, such as web browsers, interface with TCP/IP at this level  Protocols:  Hypertext Transfer Protocol (HTTP)  File Transfer Protocol (FTP)  Simple Mail Transfer Protocol (SMTP)  Telnet  Domain Name Service (DNS)  Routing Information Protocol (RIP)  Post Office Protocol (POP3)

37  Encapsulate  to express or show something in a short way  to completely cover something with something else, especially in order to prevent a substance getting out

38  To change data from a form to another  AM (Amplitude Modulation)  FM (Frequency Modulation)  PM (Phase Modulation)  Keying methods  Current State Keying  ASK  FSK  State Transition Keying  Phase Shift Keying (PSK)  Modulation and Demodulation  Used in modems and in transfering data units among OSI layers

39  Port Mirroring  Sniffing the Network  TCP Attacks

40

41  A device that captures and displays network traffic

42  The client and server exchange information in TCP packets  The TCP client sends an ACK packet to the server  ACK packets tell the server that a connection is requested  Server responds with an ACK packet  The TCP Client sends another packet to open the connection  Instead of opening the connection, the TCP client continues to send ACK packet to the server.

43

44  TCP sequence number attacks occur when an attacker takes control of one end of a TCP session  Each time a TCP message is sent, either the client or the server generates a sequence number  The attacker intercepts and then responds with a sequence number similar to the one used in the original session  Disrupt or hijack a valid session

45  Rogue access points  Rogue: not behaving in the usual or accepted way and often causing trouble  Employees often set up home wireless routers for convenience at work  This allows attackers to bypass all of the network security and opens the entire network and all users to direct attacks  An attacker who can access the network through a rogue access point is behind the company's firewall  Can directly attack all devices on the network

46

47  War driving  Beaconing  At regular intervals, a wireless AP sends a beacon frame to announce its presence and to provide the necessary information for devices that want to join the network  Scanning  Each wireless device looks for those beacon frames  Unapproved wireless devices can likewise pick up the beaconing RF transmission  Formally known as wireless location mapping

48  Bluetooth  A wireless technology that uses short-range RF transmissions  Provides for rapid “on the fly” and ad hoc connections between devices  Bluesnarfing  Stealing data through a Bluetooth connection  E-mails, calendars, contact lists, and cell phone pictures and videos, …

49  Attack Strategies  Recognizing Common Attacks  Identifying TCP/IP Security Concerns  Understanding Software Exploitation  Surviving Malicious Code  Other Attacks and Frauds

50  Database exploitation  If a client session can be hijacked or spoofed, the attacker can formulate queries against the database that disclose unauthorized information.  Application exploitation  E-mail exploitation  Spyware  Rather than self-replicating, like viruses and worms, spyware is spread to machines by users who inadvertently ask for it  Rootkits  Enables continued privileged access to a computer, while actively hiding its presence from administrators by subverting standard operating system functionality or other applications

51  Attack Strategies  Recognizing Common Attacks  Identifying TCP/IP Security Concerns  Understanding Software Exploitation  Surviving Malicious Code  Other Attacks and Frauds

52  Armored Virus  designed to make itself difficult to detect or analyze  Companion Virus  A companion virus attaches itself to legitimate programs and then creates a program with a different filename extension  Macro Virus  a set of programming instructions in a language such as VBScript that commands an application to perform illicit actions

53  Multipartite Virus: attacks the system in multiple ways

54  Phage Virus  Modifies and alters other programs and database  The only way to remove this virus is to reinstall the programs that are infected  Polymorphic Virus  Change form in order to avoid detection  Frequently, the virus will encrypt parts of itself to avoid detection

55  Stealth Virus  Attempts to avoid detection by masking itself from applications

56  Logic bombs are programs or snippets of code that execute when a certain predefined event occurs.

57  Attack Strategies  Recognizing Common Attacks  Identifying TCP/IP Security Concerns  Understanding Software Exploitation  Surviving Malicious Code  Other Attacks and Frauds

58  Connections to a Microsoft Windows 2000 or Windows NT computer with a blank username and password  Attacker can collect a lot of data from a vulnerable system  Cannot be fixed by patches to the operating systems  Much less of a problem with modern Windows versions, Win XP SP2, Vista, or Windows 7

59  Check kiting  A type of fraud that involves the unlawful use of checking accounts to gain additional time before the fraud is detected  Domain Name Kiting  Registrars are organizations that are approved by ICANN to sell and register Internet domain names  A five-day Add Grade Period (AGP) permits registrars to delete any newly registered Internet domain names and receive a full refund of the registration fee

60  Unscrupulous registrars register thousands of Internet domain names and then delete them  Recently expired domain names are indexed by search engines  Visitors are directed to a re-registered site  Which is usually a single page Web with paid advertisement links  Visitors who click on these links generate money for the registrar

61  Used to manage switches, routers, and other network devices  Early versions did not encrypt passwords, and had other security flaws  But the old versions are still commonly used

62  DNS is used to resolve domain names like www.ccsf.edu to IP addresses like 147.144.1.254  DNS has many vulnerabilities  It was never designed to be secure

63

64  Put false entries into the Hosts file  C:\Windows\System32\Drivers\etc\hosts

65  Attacker sends many spoofed DNS responses  Target just accepts the first one it gets

66

67  Intended to let a new DNS server copy the records from an existing one  Can be used by attackers to get a list of all the machines in a company, like a network diagram  Usually blocked by modern DNS servers

68  Antispyware software will warn you when the hosts file is modified  Using updated versions of DNS server software prevents older DNS attacks against the server  But many DNS flaws cannot be patched  Eventually: Switch to DNSSEC (Domain Name System Security Extensions)  But DNSSEC is not widely deployed yet, and it has its own problems

69  ARP is used to convert IP addresses like 147.144.1.254 into MAC addresses like 00-30-48-82-11-34

70  Attacker sends many spoofed ARP responses  Target just accepts the first one it gets

71

Download ppt ".  Differentiate among various systems’ security threats:  Privilege escalation  Virus  Worm  Trojan  Spyware  Spam  Adware  Rootkits  Botnets."

Similar presentations

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.

Network Vulnerabilities and Attacks Dr. John Abraham UTPA.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Network Layer and Transport Layer.

Network Layer and Transport Layer.
Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.

Content  Overview of Computer Networks (Wireless and Wired)  IP Address, MAC Address and Workgroups  LAN Setup and Creating Workgroup  Concept on.
Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.

Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
JMU GenCyber Boot Camp Summer, 2015. Network Sniffing Sometimes it is possible observe/record traffic traveling on a network Network traffic may contain.

JMU GenCyber Boot Camp Summer, Network Sniffing Sometimes it is possible observe/record traffic traveling on a network Network traffic may contain.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.

Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.

Similar presentations

Ads by Google