Chapter 9 Intruders.

Slides:

Advertisements

Similar presentations

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.

Advertisements

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

Lecture 13 Intrusion Detection modified from slides of Lawrie Brown.

Cryptography and Network Security Chapter 20 Intruders

1 Ola Flygt Växjö University, Sweden Intruders.

Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Cryptography and Network Security Chapter 18 Fourth Edition by William Stallings.

1 Network Intruders Masquerader: A person who is not authorized to use a computer, but gains access appearing to be someone with authorization (steals.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Security Chapter 15. Computer and Network Security Requirements Confidentiality –Requires information in a computer system only be accessible for reading.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Henric Johnson1 Intruders and Viruses Henric Johnson Blekinge Institute of Technology, Sweden

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Information System Security, Intruders and password protection Presented by: Yanal Kilani Presented to: Dr. Lo’ai Tawalbeh Summer 2006.

Lecture 11 Intrusion Detection (cont)

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Intruders significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders: –masquerader.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

CSCE 815 Network Security Lecture 20 Intruders / Intrusion Detection April 3, 2003.

1 Pertemuan 10 Understanding Computers Security Matakuliah: J0282 / Pengantar Teknologi Informasi Tahun: 2005 Versi: 02/02.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Password Management. Password Protection Virtually all multiuser systems require that a user provide not only a name or identifier (ID) but also a password.

Cryptography and Network Security Chapter 18 Fourth Edition by William Stallings.

1 Chapter 9 Intruders. 2 Chapter 9 - Intruders significant issue for networked systems is hostile or unwanted access either via network or local can identify.

Chapter 18 Intruders.

Chapter 9 INTRUDERS MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

CSCE 815 Network Security Lecture 19 Intruders April 1, 2003.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Chapter 18. Intruders. 2 Intruders  Three classes of intruders  Masquerader  likely to be an outsider  penetrates a system’s access controls to exploit.

Protection & Security Introduction to Operating Systems: Module 16.

29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides.

Types of Electronic Infection

NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.

ECE-8843 Fall Prof. John A. Copeland fax Office:

INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

Name:Neha Madgaonkar Roll no:  What are intruders?  Types  Behavior  Techniques.

Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj

CSCE 815 Network Security Lecture 18 SNMP Simple Network Management Protocol March 25, 2003.

1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.

Network Security & Accounting

Lecture 5 User Authentication modified from slides of Lawrie Brown.

Approaches to Intrusion Detection statistical anomaly detection – threshold – profile based rule-based detection – anomaly – penetration identification.

CIS 450 – Network Security Chapter 10 – UNIX Password Crackers.

Intruders and Viruses.

Chapter 9 Intruders.

ECE Spring also see Prof. John A. Copeland fax Office: Klaus 3362

Working at a Small-to-Medium Business or ISP – Chapter 8

Network Security Essentials

Secure Software Confidentiality Integrity Data Security Authentication

NET 412 Network Security protocols

Chapter 9 Intruders.

Lecture 8: Intrusion Detection

Operating System Concepts

Network Security 4/21/2019 Raj Rajarajan.

Operating System Concepts

Lecture 7: Intrusion Detection

Chapter 9 Intruders and Viruses.

Presentation transcript:

Chapter 9 Intruders

Outline Intruders Intrusion Techniques Password Protection Password Selection Strategies Intrusion Detection Statistical detection Rule-Based detection

Intruders Three classes of intruders (hackers or crackers): Masquerader: no account but to have an account Misfeasor: try to access unauthorized resources (a legitimate user) Clandestine user: take a root account or control without any evidence.

Intrusion Techniques System maintains a file that associates a password with each authorized user. Password file can be protected with: One-way encryption: 역방향 연산 불가 Access Control : 제한 접근 권한 to password file

Intrusion Techniques Techniques for guessing passwords: Try default passwords. Try all short words, 1 to 3 characters long. Try all the words in an electronic dictionary(60,000). Collect information about the user’s hobbies, family names, birthday, etc. Try user’s phone number, social security number, street address, etc. Try all license plate numbers. Use a Trojan horse Tap the line between a remote user and the host system. Prevention: Enforce good password selection (Ij4Gf4Se%f#)

UNIX Password Scheme I crypt(3) : based on DES Loading a new password

UNIX Password Scheme II Verifying a password file

Storing UNIX Passwords UNIX passwords were kept in in a publicly readable file, etc/passwords. Now they are kept in a “shadow” directory and only visible by “root”.

”Salt” Salt is a ”value” related with the time pw assigned The salt serves three purposes: Prevents duplicate passwords. Effectively increases the length of the password. Prevents the use of hardware implementations of DES (공격자의 빠른 해독 불가)

Password Selecting Strategies User education Computer-generated passwords; 인식 어려움 Reactive password checking: cracker estimates and notify to change Proactive password checking: user selection but system test if allowable

Markov Model

The Stages of a Network Intrusion 1. Scan the network to: • locate which IP addresses are in use, • what operating system is in use, • what TCP or UDP ports are “open” (being listened to by Servers). 2. Run “Exploit” scripts against open ports 3. Get access to Shell program which is “suid” (has “root” privileges). 4. Download from Hacker Web site special versions of systems files that will let Cracker have free access in the future without his cpu time or disk storage space being noticed by auditing programs. 5. Use IRC (Internet Relay Chat) to invite friends to the feast.

Intusion Detection The intruder can be identified and ejected from the system. An effective intrusion detection can prevent intrusions. Intrusion detection enables the collection of information about intrusion techniques that can be used to strengthen the intrusion prevention facility.

Profiles of Behavior of Intruders and Authorized Users(1)

Profiles of Behavior of Intruders and Authorized Users (2) False Positive : authorized users identified as intruders False Negative : intruders not identified as intruders

Intrusion Detection Statistical anomaly detection Rule based detection Threshold detection: # of events Profile based: keep user’s activity Counter Gauge Interval timer Resource utilization Detection: Mean/STD, TIME series, Markov process Rule based detection Anomaly detection: different from previous pattern Penetration identidication: expert system detecting abnormal use

Measures used for Intrusion Detection Login frequency by day and time. Frequency of login at different locations. Time since last login. Password failures at login. Execution frequency. Execution denials. Read, write, create, delete frequency. Failure count for read, write, create and delete.

Distributed Intrusion Detection Developed at University of California at Davis

Distributed Intrusion Detection Agent Architecture

Honeypots Decoy system (유인시스템) Divert an attacker from accessing critical systems Collect information about the attacker’s activity Make the attacker stay on the system

Recommended Reading and WEB Sites Denning, P. Computers Under Attack: Intruders, Worms, and Viruses. Addison-Wesley, 1990 CERT Coordination Center (WEB Site) AntiVirus Online (IBM’s site)