Attacks and Ilya Chalyt Nicholas Egebo Vulnerabilities March 7 2005.

Slides:



Advertisements
Similar presentations
Lesson 3-Hacker Techniques
Advertisements

By Hiranmayi Pai Neeraj Jain
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Introduction to Security Computer Networks Computer Networks Term B10.
Handling Security Incidents
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Quiz Review.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
Viruses & Destructive Programs
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Software Security Testing Vinay Srinivasan cell:
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
Computer viruses are small software programs that are made to spread from one computer to another and to interfere with computer operations. There are.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
For any query mail to or BITS Pilani Lecture # 1.
Recent Internet Viruses & Worms By Doppalapudi Raghu.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computer Systems Security Part I ET4085 Keamanan Jaringan Telekomunikasi Tutun Juhana School of Electrical Engineering and Informatics Institut Teknologi.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.
1 Introduction to Malcode, DoS Attack, Traceback, RFID Security Cliff C. Zou 03/02/06.
Topic 5: Basic Security.
Malicious Software.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Protection.
W elcome to our Presentation. Presentation Topic Virus.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 3 Network Security Threats Chapter 4.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Information Systems Design and Development Security Risks Computing Science.
DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.
Forms of Network Attacks Gabriel Owens COSC 352 February 24, 2011.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
Network security Vlasov Illia
Mark Ryan Professor of Computer Security 25 November 2009
Chapter 7: Identifying Advanced Attacks
Instructor Materials Chapter 7 Network Security
Security Fundamentals
Chap 10 Malicious Software.
Security.
Chap 10 Malicious Software.
G061 - Network Security.
Presentation transcript:

Attacks and Ilya Chalyt Nicholas Egebo Vulnerabilities March

Topics of Discussion Reconnaissance Gain information about a system Vulnerabilities Attributes of a system that can be maliciously exploited Attacks Procedures to exploit vulnerabilities Reference 1

Topics of Discussion Reconnaissance War Dialing War Dialing War Driving War Driving Port Scanning Port Scanning Probing Probing Packet Sniffing Packet Sniffing

War Dialing (Reconnaissance) Method Dial a range of phone numbers searching for modem Motivation Locate potential targets Detection Detection impossible outside of the telephony infrastructureDefense Disconnect unessential modems from outgoing phone lines Reference 2

War Driving (Reconnaissance) Method Surveillance of wireless signals in a region Motivation Find wireless traffic Detection Can only be detected by physical surveillanceDefense Limit geographic access to wireless signal Reference 3

Port Scanning (Reconnaissance) Method Send out a SYN packet, check for response Motivation Find potential targets Detection Traffic analysisDefense Close/silence ports Reference 4

Probing (Reconnaissance) Method Send packets to ports Motivation Find specific port information Detection Traffic analysisDefense Close/silence ports

Packet Sniffing (Reconnaissance) Method Capture and analyze packets traveling across a network interface Motivation Gain access to information traveling on the network Detection NoneDefense Use encryption to minimize cleartext on the network Reference 5

Topics of Discussion Vulnerabilities Backdoors Backdoors Code Exploits Code Exploits Eavesdropping Eavesdropping Indirect Attacks Indirect Attacks Social Engineering Social Engineering

Backdoors (Vulnerabilities) Bypass normal means of authentication Hidden from casual inspection Installed separately or integrated into software Reference 6

Code Exploits (Vulnerabilities) Use of poor coding practices left uncaught by testing Defense: In depth unit and integration testing

Eavesdropping (Vulnerability) Data transmitted without encryption can be captured and read by parties other than the sender and receiver Defense: Use of strong cryptography to minimize cleartext on the network

Indirect Attacks (Vulnerabilities) Internet users’ machines can be infected with zombies and made to perform attacks The puppet master is left undetected Defense: Train internet users to prevent zombies and penalize zombie owners

Social Engineering (Vulnerability) Manipulate the weakest link of cybersecurity – the user – to gain access to otherwise prohibited resources Defense: Train personnel to resist the tactics of software engineering Reference 7

Topics of Discussion Attacks Password Cracks Password Cracks Web Attacks Web Attacks Physical Attacks Physical Attacks Worms & Viruses Worms & Viruses Logic Bomb Logic Bomb Buffer Overflow Buffer Overflow Phishing Phishing Bots, and Zombies Bots, and Zombies Spyware, Adware, and Malware Spyware, Adware, and Malware Hardware Keyloggers Hardware Keyloggers Eavesdropping & Playback attacks Eavesdropping & Playback attacks DDoS DDoS

Password Cracks: Brute Force Method Trying all combinations of legal symbols as username/password pairs Motivation Gain access to system Detection Frequent attempts to authenticateDefense Lockouts – temporary and permanent Reference 8

Password Cracks: Dictionary Attack Method Trying all entries in a collection of strings Motivation Gain access to system, faster than brute force Detection Frequent attempts to authenticateDefense Lockouts – temporary and permanent Complex passwords Reference 8

Password Cracks: Hybrid Attack Method Trying all entries in a collection of strings adding numbers and symbols concatenating them with each other and or numbers Motivation Gain access to system, faster than brute force, more likely than just dictionary attack Detection Frequent attempts to authenticateDefense Lockouts – temporary and permanent Reference 8

Password Cracks: l0phtcrack Method Gain access to operating system’s hash table and perform cracking remotely Motivation Gain access to system, cracking elsewhere – no lockouts Detection Detecting reading of hash tableDefense Limit access to system Reference 8

Web Attacks: Source Viewing Method Read source code for valuable information Motivation Find passwords or commented out URL Detection NoneDefense

Web Attacks: URL Modification Method Manipulating URL to find pages not normally accessible Motivation Gain access to normally private directories or pages Detection Check website URL logsDefense Add access requirements

Web Attacks: Post Data Method Change post data to get desired results Motivation Change information being sent in your favor Detection NoneDefense Verify post data on receiving end

Web Attacks: Database Attack Method Sending dangerous queries to database Motivation Denial of service Detection Check database for strange recordsDefense Filter database queries Reference 9

Web Attacks: Database Insertion Method Form multiple queries to a database through forms Motivation Insert information into a table that might be unsafe Detection Check database logsDefense Filter database queries, make them quotesafe Reference 9

Web Attacks: Meta Data Method Use meta characters to make malicious input Motivation Possibly reveal script or other useful information Detection Website logsDefense Filter input of meta characters Reference 10

Physical Attack: Damage Method Attack the computer with an axe Motivation Disable the computer Detection Video CameraDefense Locked doors and placed security guards

Physical Attack: Disconnect Method Interrupt connection between two elements of the network Motivation Disable the network Detection PingsDefense Locked doors and placed security guards

Physical Attack: Reroute Method Pass network signal through additional devices Motivation Monitor traffic or spoof a portion of the network Detection CameraDefense Locked doors and placed security guards

Physical Attack: Spoof MAC & IP Method Identify MAC address of target and replicate Motivation Deny target from receiving traffic Detection Monitoring ARP requests and checking logsDefense None as of now

Worms & Virus: File Infectors Method Infects executables by inserting itself into them Motivation Damage files and spread Detection Virus scan or strange computer behaviorDefense Antivirus, being cautious on the internet Reference 10

Worms & Virus: Partition-sector Infectors Method Moves partition sector Moves partition sector Replaces with self Replaces with self On boot executes and calls original information On boot executes and calls original informationMotivation Damage files and spread Detection Virus scan or strange computer behaviorDefense Antivirus, being cautious on the internet Reference 10

Worms & Virus: Boot-sector virus Method Replaces boot loader, and spreads to hard drive and floppies Motivation Damage files and spread Detection Virus scan or strange computer behaviorDefense Antivirus, being cautious on the internet Reference 10

Worms & Virus: Companion Virus Method Locates executables and mimics names, changing the extensions Motivation Damage files and spread Detection Virus scan or strange computer behaviorDefense Antivirus, being cautious on the internet Reference 10

Worms & Virus: Macro Virus Method Infects documents, when document is accessed, macro executes in application Motivation Damage files and spread Detection Virus scan or strange computer behaviorDefense Antivirus, being cautious on the internet Reference 10

Worms & Virus: Worms MethodReplicatesMotivation Variable motivations Detection Virus scan or strange computer behaviorDefense Antivirus, being cautious on the internet Reference 11

Logic Bomb Method Discreetly install “time bomb” and prevent detonation if necessary Motivation Revenge, synchronized attack, securing get away Detection Strange computer behaviorDefense Keep and monitor logs Monitor computer systems closely

Buffer Overflow Method Pass too much information to the buffer with poor checking Motivation Modify to information and/or execute arbitrary code Detection LogsDefense Check input size before copying to buffer Guard return address against overwrite Invalidate stack to execute instructions Reference 12 & 13

Phishing Method Request information from a mass audience, collect response from the gullible Motivation Gain important information Detection Careful examination of requests for informationDefense Distribute on a need to know basis

Bots & Zombies Method Installed by virus or worm, allow remote unreserved access to the system Motivation Gain access to additional resources, hiding your identity Detection Network analysis Virus scans Notice unusual behaviorDefense Install security patches and be careful what you download

Spyware, Adware, and Malware Method Installed either willingly by the user via ActiveX or as part of a virus package Motivation Gain information about the user Gain information about the user Serve users advertisements Serve users advertisementsDetection Network analysis Abnormal computer behaviorDefense Virus / adware / spyware / malware scans

Hardware Keyloggers Method Attach it to a computer Motivation Record user names, passwords, and other private information Detection Check physical connectionsDefense Cameras and guards

Eavesdropping Method Record packets to the network Record packets to the network Attempt to decrypt encrypted packets Attempt to decrypt encrypted packetsMotivation Gain access to user data Detection NoneDefense Strong cryptography

Playback Attack Method Record packets to the network Record packets to the network Resend packets without decryption Resend packets without decryptionMotivation Mimic legitimate commands Detection Network analysisDefense Time stamps

DDoS: CPU attack Method Send data that requires cryptography to process Motivation Occupy the CPU preventing normal operations Detection Network analysisDefense None Reference 14

DDoS: Memory attack Method Send data that requires the allocation of memory Motivation Take up resources, crashing the server when they are exhausted Detection Network analysisDefense None Reference 14

References 1.Amoroso, Edward. Intrusion Detection. Sparta, New Jersey: AT&T Laboratories, Gunn, Michael. War Dialing. SANS Institute, Schwarau, Winn. “War-driving lessons,” Network World, 02 September Bradley, Tony. Introduction to Port Scanning (04 March 2005). 5.Bradley, Tony. Introduction to Packet Sniffing (05 March 2005). 6.Thompson, Ken. “Reflections on Trusting Trust.” Communications of the ACM, Vol. 27, No. 8, August Mitnick, Kevin. The Art of Deception. Indianapolis, Indiana, Coyne, Sean. Password Crackers: Types, Process and Tools. ITS Research Labs, Friel, Steve. SQL Injection Attacks by Example (05 March 2005) 10.Lucas, Julie. The Effective Incident Response Team. Chapter Worms versus Viruses (06 March 2005) 12.Grove, Sandeep. “Buffer Overflow Attacks and Their Countermeasures.” Linux Journal. 10 March Levy, Elias. “Smashing the Stack for Fun and Profit”. Phrack Magazine Issue 49, Fall Distributed Denial of Service (05 March 2005)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.