Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks.

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Threats To A Computer Network
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
COMPUTER TERMS PART 2. NETWORK When you have two or more computers connected to each other, you have a network. The purpose of a network is to enable.
Firewall Slides by John Rouda
Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Video Following is a video of what can happen if you don’t update your security settings! security.
Attacks and Malicious Code Chapter 3. Learning Objectives Explain denial-of-service (DoS) attacks Explain and discuss ping-of-death attacks Identify major.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Hacker Zombie Computer Reflectors Target.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Chapter 3 Network and Computer Attacks. Objectives After reading this chapter and completing the exercises, you will be able to: Describe the different.
 a crime committed on a computer network, esp. the Internet.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
JEnterprise Suite For Network Monitoring and Security Dr. Sureswaran Ramadass, Dr. Rahmat Budiarto, Mr. Ahmad Manasrah, Mr. M. F. Pasha.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Here is a list of viruses Adware- or advertising-supported software-, is any software package which automatically plays, displays, or downloads advertisements.
Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Internet Safety Piotr Hasior Introduction Internet Safety Internet safety, or online safety, is the knowledge of maximizing the user's personal safety.
Malicious Software.
NetTech Solutions Protecting the Computer Lesson 10.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks Last modified
Understand Malware LESSON Security Fundamentals.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Any criminal action perpetrated primarily through the use of a computer.
Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks Last modified
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Information Systems Design and Development Security Risks Computing Science.
CIW Lesson 8 Part B. Malicious Software application that installs hidden services on systems term for software whose specific intent is to harm computer.
The Need for Information Security(2) Lecture 3. Slide 2 Information Extortion  Information extortion is an attacker or formerly trusted insider stealing.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Chapter 40 Internet Security.
3.6 Fundamentals of cyber security
Instructor Materials Chapter 7 Network Security
Firewalls.
Hands-On Ethical Hacking and Network Defense
NET 311 Information Security
Information Security Session October 24, 2005
Chapter # 3 COMPUTER AND INTERNET CRIME
Introduction to Internet Worm
Presentation transcript:

Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks

Hands-On Ethical Hacking and Network Defense2 Objectives Describe the different types of malicious software Describe methods of protecting against malware attacks Describe the types of network attacks Identify physical security attacks and vulnerabilities

Hands-On Ethical Hacking and Network Defense3 Malicious Software (Malware) Network attacks prevent a business from operating Malicious software (Malware) includes Virus Worms Trojan horses Goals Destroy data Corrupt data Shutdown a network or system

Hands-On Ethical Hacking and Network Defense4 Viruses Virus attaches itself to an executable file Can replicate itself through an executable program Does not stand on its own Needs a host program No foolproof method of preventing them Use antivirus programs for detection Detection based on virus signatures Must update signature database periodically Use automatic update feature if available

Hands-On Ethical Hacking and Network Defense5

6

7 Viruses (continued) Encoding base 64 used to reduce size of e- mail attachments Represents 0 to 63 using six bits A is … Z is Converting base 64 strings to decimal equivalent Create groups of 4 characters, for each group Convert decimal value of each letter to binary Rewrite as three groups of eight bits Convert the binary into decimal

Hands-On Ethical Hacking and Network Defense8

9 Viruses (continued) Commercial base 64 decoders Shell Executable piece of programming code Should not appear in an attachment

Hands-On Ethical Hacking and Network Defense10 Macro Viruses Virus encoded as a macro Macro Lists of commands Can be used in destructive ways Example: Melissa Appeared in 1999 Even nonprogrammers can create macro viruses Instructions posted on Web sites Security professionals can learn from thinking like attackers

Hands-On Ethical Hacking and Network Defense11 Worms Worm Replicates and propagates without a host Infamous examples Code Red Nimda Can infect every computer in the world in a short time At least in theory Actual examples Cyberattacks against ATM machines Slammer and Nachi worms

Hands-On Ethical Hacking and Network Defense12

Hands-On Ethical Hacking and Network Defense13

Hands-On Ethical Hacking and Network Defense14

Hands-On Ethical Hacking and Network Defense15 Trojan Programs Insidious attack against networks Disguise themselves as useful programs Hide malicious content in program Backdoors Rootkits Allow attackers remote access Firewalls Identify traffic on uncommon ports Can block this type of attack Trojan programs can use known ports HTTP (TCP 80) or DNS (UDP 53)

Hands-On Ethical Hacking and Network Defense16

Hands-On Ethical Hacking and Network Defense17 Spyware Sends information from the infected computer to the attacker Confidential financial data Passwords PINs Any other stored data Can registered each keystroke entered Prevalent technology Educate users about spyware

Hands-On Ethical Hacking and Network Defense18

Hands-On Ethical Hacking and Network Defense19 Adware Similar to spyware Can be installed without the user being aware Sometimes displays a banner Main goal Determine user’s online purchasing habits Tailored advertisement Main problem Slows down computers

Hands-On Ethical Hacking and Network Defense20 Protecting Against Malware Attacks Difficult task New viruses, worms, Trojan programs appear daily Malware detected using antivirus solutions Educate your users about these types of attacks

Hands-On Ethical Hacking and Network Defense21

Hands-On Ethical Hacking and Network Defense22

Hands-On Ethical Hacking and Network Defense23 Educating Your Users Structural training Most effective measure Includes all employees and management monthly security updates Simple but effective training method Recommend that users update virus signature database Activate automatic updates

Hands-On Ethical Hacking and Network Defense24 Educating Your Users SpyBot and Ad-Aware Help protect against spyware and adware Firewalls Hardware (enterprise solution) Software (personal solution) Can be combined Intrusion Detection System (IDS) Monitors your network 24/7

Hands-On Ethical Hacking and Network Defense25 Avoiding Fearing Tactics Avoid scaring users into complying with security measures Sometimes used by unethical security testers Against the OSSTMM’s Rules of Engagement Promote awareness rather than instilling fear Users should be aware of potential threats During training Build on users’ knowledge Make training easier

Hands-On Ethical Hacking and Network Defense26 Intruder Attacks on Networks and Computers Attack Any attempt by an unauthorized person to access or use network resources Network security Concern with security of network resources Computer security Concerned with the security of a computer not part of a network infrastructure Computer crime Fastest growing type of crime worldwide

Hands-On Ethical Hacking and Network Defense27 Denial-of-Service Attacks Denial-of-Service (DoS) attack Prevents legitimate users from accessing network resources Some forms do not involve computers Attacks do not attempt to access information Cripple the network Make it vulnerable to other type of attacks Performing an attack yourself is not wise Only need to prove attack could be carried out

Hands-On Ethical Hacking and Network Defense28 Distributed Denial-of-Service Attacks Attack on a host from multiple servers or workstations Network could be flooded with billions of requests Loss of bandwidth Degradation or loss of speed Often participants are not aware they are part of the attack Attacking computers could be controlled using Trojan programs

Hands-On Ethical Hacking and Network Defense29 Buffer Overflow Attacks Vulnerability in poorly written code Code does not check predefined size of input field Goal Fill overflow buffer with executable code OS executes this code Code elevates attacker’s permission Administrator Owner of running application Train your programmer in developing applications with security in mind

Hands-On Ethical Hacking and Network Defense30

Hands-On Ethical Hacking and Network Defense31

Hands-On Ethical Hacking and Network Defense32 Ping of Death Attacks Type of DoS attack Not as common as during the late 1990s How it works Attacker creates a large ICMP packet More than 65,535 bytes Large packet is fragmented at source network Destination network reassembles large packet Destination point cannot handle oversize packet and crashes

Hands-On Ethical Hacking and Network Defense33 Session Hijacking Enables attacker to join a TCP session Attacker makes both parties think he or she is the other party

Hands-On Ethical Hacking and Network Defense34 Addressing Physical Security Protecting a network also requires physical security Inside attacks are more likely than attacks from outside the company

Hands-On Ethical Hacking and Network Defense35 Keyloggers Used to capture keystrokes on a computer Hardware Software Behaves like Trojan programs Hardware Easy to install Goes between the keyboard and the CPU KeyKatcher and KeyGhost

Hands-On Ethical Hacking and Network Defense36

Hands-On Ethical Hacking and Network Defense37

Hands-On Ethical Hacking and Network Defense38 Keyloggers (continued) Protection Software-based Antivirus Hardware-based Random visual tests

Hands-On Ethical Hacking and Network Defense39 Behind Locked Doors Lock up your servers Average person can pick deadbolt locks in less than five minutes After only a week or two of practice Experienced hackers can pick deadbolt locks in under 30 seconds Rotary locks are harder to pick Keep a log of who enters and leaves the room Security cards can be used instead of keys for better security

Hands-On Ethical Hacking and Network Defense40 Summary Be aware of attacks on network infrastructures and standalone computers Attacks can be perpetrated by insiders or remote attackers Malicious software Virus Worm Trojan programs Spyware Adware

Hands-On Ethical Hacking and Network Defense41 Summary (continued) Attacks Denial-of-Service (DoS) Distributed Denial-of-Service (DDoS) Buffer overflow Ping of Death Session hijacking

Hands-On Ethical Hacking and Network Defense42 Summary (continued) Physical security As important as network or computer security Keyloggers Software-based Hardware-based Locks Choose hard-to-pick locks Security cards

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.