Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9 Intruders.

Published byHjørdis Carlsson Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 9 Intruders."— Presentation transcript:

1 Chapter 9 Intruders

2 Outline Intruders Summary Intrusion Techniques Password Protection
Password Selection Strategies Intrusion Detection Statistical detection Rule-Based detection Summary

3 Intruders Three classes of intruders (hackers or crackers):
Masquerader: no account but to have an account Misfeasor: try to access unauthorized resources (a legitimate user) Clandestine user: take a root account or control without any evidence.

4 Intrusion Techniques System maintains a file that associates a password with each authorized user. Password file can be protected with: One-way encryption: performing one-way transformation (not reversable) Access Control : limitation to password file

5 Intrusion Techniques Techniques for guessing passwords:
Try default passwords. Try all short words, 1 to 3 characters long. Try all the words in an electronic dictionary(60,000). Collect information about the user’s hobbies, family names, birthday, etc. Try user’s phone number, social security number, street address, etc. Try all license plate numbers. Use a Trojan horse Tap the line between a remote user and the host system. Prevention: Enforce good password selection (Ij4Gf4Se%f#)

6 UNIX Password Scheme I crypt(3) : based on DES Loading a new password

7 UNIX Password Scheme II
Verifying a password file

8 Storing UNIX Passwords
UNIX passwords were kept in in a publicly readable file, etc/passwords. Now they are kept in a “shadow” directory and only visible by “root”.

9 ”Salt” Salt is a ”value” related with the time pw assigned
The salt serves three purposes: Prevents duplicate passwords. Effectively increases the length of the password. Prevents the use of hardware implementations of DES

10 Password Selecting Strategies
User education Computer-generated passwords; Reactive password checking: cracker estimates and notify to change Proactive password checking: user selection but system test if allowable

11 Markov Model

12 The Stages of a Network Intrusion
1. Scan the network to: • locate which IP addresses are in use, • what operating system is in use, • what TCP or UDP ports are “open” (being listened to by Servers). 2. Run “Exploit” scripts against open ports 3. Get access to Shell program which is “suid” (has “root” privileges). 4. Download from Hacker Web site special versions of systems files that will let Cracker have free access in the future without his cpu time or disk storage space being noticed by auditing programs. 5. Use IRC (Internet Relay Chat) to invite friends to the feast.

13 Intusion Detection The intruder can be identified and ejected from the system. An effective intrusion detection can prevent intrusions. Intrusion detection enables the collection of information about intrusion techniques that can be used to strengthen the intrusion prevention facility.

14 Profiles of Behavior of Intruders and Authorized Users(1)

15 Profiles of Behavior of Intruders and Authorized Users (2)
False Positive : authorized users identified as intruders False Negative : intruders not identified as intruders

16 Intrusion Detection Statistical anomaly detection Rule based detection
Threshold detection: # of events Profile based: keep user’s activity Counter Gauge Interval timer Resource utilization Detection: Mean/STD, TIME series, Markov process Rule based detection Anomaly detection: different from previous pattern Penetration identidication: expert system detecting abnormal use

17 Measures used for Intrusion Detection
Login frequency by day and time. Frequency of login at different locations. Time since last login. Password failures at login. Execution frequency. Execution denials. Read, write, create, delete frequency. Failure count for read, write, create and delete.

18 Distributed Intrusion Detection
Developed at University of California at Davis

19 Distributed Intrusion Detection
Agent Architecture

20 Honeypots Decoy system (유인시스템)
Divert an attacker from accessing critical systems Collect information about the attacker’s activity Make the attacker stay on the system

21 Summary Unauthorized intrusion into a computer system or network is one of the most serious threat to computer security IDSs have been developed to provide early warning of an intrusion Intrusion detection involves detecting unusual pattern of activity One important element of intrusion is password management

Download ppt "Chapter 9 Intruders."

Similar presentations

30/04/2015Tim S Roberts 20081 COIT13152 Operating Systems T1, 2008 Tim S Roberts.

30/04/2015Tim S Roberts COIT13152 Operating Systems T1, 2008 Tim S Roberts.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Lecture 13 Intrusion Detection modified from slides of Lawrie Brown.

Lecture 13 Intrusion Detection modified from slides of Lawrie Brown.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 Intruders.

1 Ola Flygt Växjö University, Sweden Intruders.
Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.

Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Cryptography and Network Security Chapter 18 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 18 Fourth Edition by William Stallings.
1 Network Intruders Masquerader: A person who is not authorized to use a computer, but gains access appearing to be someone with authorization (steals.

1 Network Intruders Masquerader: A person who is not authorized to use a computer, but gains access appearing to be someone with authorization (steals.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Henric Johnson1 Intruders and Viruses Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Intruders and Viruses Henric Johnson Blekinge Institute of Technology, Sweden
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
CSCE 815 Network Security Lecture 20 Intruders / Intrusion Detection April 3, 2003.

CSCE 815 Network Security Lecture 20 Intruders / Intrusion Detection April 3, 2003.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Similar presentations

Ads by Google