Hofstra University – Network Security Course, CSC290A

Slides:



Advertisements
Similar presentations
Computer Security Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Chapters 14 and 15 Operating Systems: Internals and Design Principles,
Advertisements

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
Cryptography and Network Security Chapter 19 Fourth Edition by William Stallings.
Chapter 14 Computer Security Threats
Cryptography and Network Security Malicious Software Third Edition by William Stallings Lecturer: Dr. Saleem Alzoubi.
Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Chapter 14 Computer Security Threats Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles,
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Chapter 15. Computer and Network Security Requirements Confidentiality –Requires information in a computer system only be accessible for reading.
Henric Johnson1 Intruders and Viruses Henric Johnson Blekinge Institute of Technology, Sweden
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
After this session, you should be able to:
1 Computer Viruses (and other “Malicious Programs) Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden
CSCE 815 Network Security Lecture 20 Intruders / Intrusion Detection April 3, 2003.
Video Following is a video of what can happen if you don’t update your security settings! security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 7 – Malicious Software.
1 Ola Flygt Växjö University, Sweden Malicious Software.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Network and Internet Security SYSTEM SECURITY. Virus Countermeasures Antivirus approach ◦Ideal solution: Prevention ◦Not allowing the virus to infect.
1. 2 What is security? Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a computer.
CSCE 201 Attacks on Desktop Computers: Malicious Code Hardware attacks.
BY ANDREA ALMEIDA T.E COMP DON BOSCO COLLEGE OF ENGINEERING.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
Lecture 14 Overview. Program Flaws Taxonomy of flaws: – how (genesis) – when (time) – where (location) the flaw was introduced into the system 2 CS 450/650.
Fundamentals of The Internet Learning outcomes After this session, you should be able to: Identify the threat of intruders in systems and networks and.
VIRUSES - Janhavi Naik. Overview Structure Classification Categories.
Structure Classifications &
1 Chapter 19: Malicious Software Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal, U of Kentucky)
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
CSCE 522 Lecture 12 Program Security Malicious Code.
29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
Administrative: Objective: –Tutorial on Risks –Phoenix recovery Outline for today.
Chapter 11 Malicious Software
Viruses and Related Threats. 2 Summary  have considered:  various malicious programs  trapdoor, logic bomb, trojan horse, zombie  viruses  worms.
Fourth Edition by William Stallings Adapted form lecture slides by Lawrie Brown.
Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.
30.1 Lecture 30 Security II Based on Silberschatz & Galvin’s slides And Stallings’ slides.
For any query mail to or BITS Pilani Lecture # 1.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
Malicious Software.
VIRUS.
Chapter 19 – Malicious Software What is the concept of defense: The parrying of a blow. What is its characteristic feature: Awaiting the blow. —On War,
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
Computer Security Threats CLICKTECHSOLUTION.COM. Computer Security Confidentiality –Data confidentiality –Privacy Integrity –Data integrity –System integrity.
MALICIOUS SOFTWARE Rishu sihotra TE Computer
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Malicious Programs (1) Viruses have the ability to replicate themselves Other Malicious programs may be installed by hand on a single machine. They may.
1 Security Chapter Information Assurance and Security Confidentiality  Not available or visible to unauthorized parties Integrity  Only modifiable.
Attack Methods  Attacks  DoS (Denial of Service)  Malware.
Detected by, M.Nitin kumar ( ) Sagar kumar sahu ( )
Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.
Malicious Software.
Viruses and Other Malicious Content
WHAT IS A VIRUS? A Computer Virus is a computer program that can copy itself and infect a computer A Computer Virus is a computer program that can copy.
Chap 10 Malicious Software.
Security.
Chap 10 Malicious Software.
Operating System Concepts
Malicious Program and Protection
Chapter 9 Intruders and Viruses.
Presentation transcript:

Hofstra University – Network Security Course, CSC290A Intruders and Viruses 05/01/06 Hofstra University – Network Security Course, CSC290A

Password Management Part Two - Cracking 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Intrusion Techniques Objective: Gain access to a system Frequent Goal: Acquiring a user password Most systems have a file that maps a password to each user Password file protection: one-way encryption access control 05/01/06 Hofstra University – Network Security Course, CSC290A

Password Learning Techniques Try default passwords used with standard accounts shipped with the system Exhaustive try of all short passwords Try words in system’s dictionary or list of likely passwords (hacker bulletin boards) Collect information about users (full names, names of spouses and children, pictures and books in their office, related hobbies) Try users’ phone numbers, social security numbers, room numbers Try all legitimate license plate numbers Use a trojan horse Tap the line between a remote user and the system g u e s a t c k 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Password Protection Unix password scheme threats: Gain access through a guest account and run a password cracker Obtain a copy of the password file and run a password cracker Goal: Run a password cracker Rely on people choosing easily guessable passwords! 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Password Cracking 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Password Cracking Unix Password File (/etc/passwd): daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: nobody:x:60001:60001:Nobody:/: eric:GmTFg0AavFA0U:1001:10:Eric Schwartz:/export/home/eric:/bin/ksh temp:kRWegG5iTZP5o:1002:10:IP Administration:/export/home/ipadmin:/bin/ksh jfr:kyzKROryhFDE2:506:506::/home/jfr:/bin/csh Results of the password cracker: $ john passwd Loaded 3 passwords with 3 different salts (Standard DES [24/32 4K]) temp (temp) jenny (eric) solaris1 (jfr) 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Password Crackers 05/01/06 Hofstra University – Network Security Course, CSC290A

Virus and Related Threats 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Malicious Programs Two categories: Those that need a host program – fragments of programs - parasitic Those that are independent – self contained Some replicate – used as a differentiator 05/01/06 Hofstra University – Network Security Course, CSC290A

Taxonomy of Malicious Programs 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Malicious Programs Logic Bombs: logic embedded in a program that checks for a set of conditions to arise and executes some function resulting in unauthorized actions Trapdoors: secret undocumented entry point into a program, used to grant access without normal methods of access authentication (e.g.,War Games) 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Trojan Horse 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Malicious Programs Trojan Horse: secret undocumented routine embedded within a useful program, execution of the program results in execution of the routine Common motivation is data destruction 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Malicious Programs Zombie: a program that secretly takes over an Internet attached computer and then uses it to launch an untraceable attack Very common in Distributed Denial-Of- Service attacks 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Viruses 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Viruses A virus is a submicroscopic parasitic particle that infects cells in biological organisms. Viruses are non-living particles that can only replicate when an organism reproduces the viral RNA or DNA. Viruses are considered non-living by the majority of virologists www.virology.net 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Viruses Viruses: code embedded within a program that causes a copy of itself to be inserted in other programs and performs some unwanted function Infects other programs Code is the DNA of the virus 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Worms 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Worms Worms: program that can replicate itself and send copies to computers across the network and performs some unwanted function Uses network connections to spread from system to system 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Bacteria Bacteria: consume resources by replicating themselves Do not explicitly damage any files Sole purpose is to replicate themselves Reproduce exponentially Eventually taking up all processors, memory or disk space 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Nature of Viruses Four stages of virus lifetime Dormant phase: virus idle Propagation phase: cloning of virus Triggering phase: virus activation Execution phase: unwanted function performed 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Virus Structure program V:= {goto main: 1234567; subroutine infect-executable := {loop: file:= get-random-executable-file; if (first-line-of-file = 1234567) then goto loop else prepend V to file;} subroutine do–damage := {whatever damage is to be done} subroutine trigger-pulled := {return true if some condition holds} main: main-program := {infect-executable; if trigger-pulled then do-damage; goto next;} next: } special marker determines if infected transfer control to the original program 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Avoiding Detection Infected version of program is longer than the corresponding uninfected one Solution: compress the executable file so infected and uninfected versions are identical in length 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Avoiding Detection 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Compression Program infected uninfected 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Types of Viruses Parasitic Virus: attached to executables, replicates when program is executed Memory-resident virus: part of a resident system program, affects every program executed Boot sector virus: infects a master boot record and spreads when system is booted from infected disk 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Types of Viruses Stealth virus: virus designed to hide itself from detection by antivirus software (compression, interception of I/O logic) Polymorphic virus: mutates with every infection making detection by “signature” impossible (mutation engine) Macro virus: infects Microsoft Word docs; 2/3’s of all viruses 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Macro Viruses 2/3s of all viruses Mainly Microsoft products – platform independent Affect documents not executables Easily spread by e-mail Autoexecuting macro is the culprit 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Worms Uses network connections to spread from system to system Similar to a virus – has same phases: dormant, propagation, trigger and execution Morris Worm – most famous Recent: OSX.Leap.A, Kama Sutra,Code Red 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Buffer Overflow Program attempts to write more data into buffer than that buffer can hold… …Starts overwriting area of stack memory Can be used maliciously to cause a program to execute code of attackers choose Overwrites stack point 05/01/06 Hofstra University – Network Security Course, CSC290A

Mechanics of stack-based buffer overflow Stack is like a pile of plates When a function is called, the return address is pushed on the stack In a function, local variables are written on the stack Memory is written on stack char username[4] reserved 4 bytes of space on stack 0X0692 0X0691 return function 0X0123 0X0690 \0 0X0689 s 0X0688 local stack memory y 0X0687 s 0X0686 0X0685 0X0684 05/01/06 Hofstra University – Network Security Course, CSC290A

Mechanics of stack-based buffer overflow When function copies too much on the stack... ...the return pointer is overwritten Execution path of function changed when function ends Local stack memory has malicious code 0X0692 0X0691 return function 0X0123 0X0689 0X0690 X 0X0689 X 0X0688 local stack memory X 0X0687 X 0X0686 0X0685 0X0684 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Antivirus Approaches Detection – determine that it has occurred and locate the virus Identification – identify the specific virus Removal – remove all traces and restore the program to its original state 05/01/06 Hofstra University – Network Security Course, CSC290A

Generations of Antivirus Software First: simple scanners (record of program lengths) Second: heuristic scanners (integrity checking with checksums) Third: activity traps (memory resident, detect infected actions) Fourth: full-featured protection (suite of antivirus techniques, access control capability) 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Advanced Techniques Generic Decryption Digital Immune System Behavior-Blocking Software 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Generic Decryption Easily detects even most complex polymorphic virus No damage to the personal computer Contains following elements: CPU emulator – software based virtual computer Virus signature scanner – scans target code for known signatures Emulation control module – control execution of target code 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Digital Immune System Pioneered by IBM Response to rate of virus propagation Integrated mail systems - Outlook Mobile program systems – ActiveX, Java Expands the use of program emulation Depends on a central virus analysis machines 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Digital Immune System 05/01/06 Hofstra University – Network Security Course, CSC290A

Behavior-Blocking Software Monitors program behavior in real-time for malicious actions – part of OS Look for well defined requests to the OS: modifications to files, disk formats, mods to scripts or macros, changes in config settings, open network connections, etc. IPS – Intrusion Prevention Systems 05/01/06 Hofstra University – Network Security Course, CSC290A

Malicious Code Protection Types of Products Scanners - identify known malicious code - search for signature strings Integrity Checkers – determine if code has been altered or changed – checksum based Vulnerability Monitors - prevent modification or access to particularly sensitive parts of the system – user defined Behavior Blockers - list of rules that a legitimate program must follow – sandbox concept 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Important URLs http://www.cert.org/ Originally DARPA’s computer emergency response team. An essential security site http://www.research.ibm.com/antivirus/ IBM’s site on virus information. Very good papers – a little outdated http://www.afsa.org/fsj/sept00/Denning.cfmHacktivism: An Emerging Threat to Diplomacy, another Denning term along with Information Warfare http://csrc.nist.gov/virus/Computer Security Resources Center – Virus information and alerts 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A Important URLs http://www.ciac.org/ciac/ Computer Incident Advisory Capability -another bookmark-able site to visit regularly http://csrc.nist.gov/publications/nistpubs/800-42/NIST- SP800-42.pdf Guideline on Network Security Testing – covers password cracking http://www.openwall.com/john/ Very good password cracker, “John the Ripper” http://csrc.nist.gov/publications/nistpubs/800-36/NIST- SP800-36.pdf Guide to Selecting Information Security Products http://www.xensource.com/ Xen Source - Hottest Area In Virtualization 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A … enough! 05/01/06 Hofstra University – Network Security Course, CSC290A

Hofstra University – Network Security Course, CSC290A ...coming to the end! Take Home Final Exam – On Website Due Next Class Return Papers Any Problems, Please Email Or Call Good Luck 05/01/06 Hofstra University – Network Security Course, CSC290A

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.