Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks.

Published byAron Whitehead Modified over 8 years ago

Similar presentations

Presentation on theme: "Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks."— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks

2 Hands-On Ethical Hacking and Network Defense2 Objectives Describe the different types of malicious software Describe methods of protecting against malware attacks Describe the types of network attacks Identify physical security attacks and vulnerabilities

3 Hands-On Ethical Hacking and Network Defense3 Malicious Software (Malware) Network attacks prevent a business from operating Malicious software (Malware) includes Virus Worms Trojan horses Goals Destroy data Corrupt data Shutdown a network or system

4 Hands-On Ethical Hacking and Network Defense4 Viruses Virus attaches itself to an executable file Can replicate itself through an executable program Does not stand on its own Needs a host program No foolproof method of preventing them Use antivirus programs for detection Detection based on virus signatures Must update signature database periodically Use automatic update feature if available

5 Hands-On Ethical Hacking and Network Defense5

6 6

7 7 Viruses (continued) Encoding base 64 used to reduce size of e- mail attachments Represents 0 to 63 using six bits A is 000000 … Z is 011001 Converting base 64 strings to decimal equivalent Create groups of 4 characters, for each group Convert decimal value of each letter to binary Rewrite as three groups of eight bits Convert the binary into decimal

8 Hands-On Ethical Hacking and Network Defense8

9 9 Viruses (continued) Commercial base 64 decoders Shell Executable piece of programming code Should not appear in an e-mail attachment

10 Hands-On Ethical Hacking and Network Defense10 Macro Viruses Virus encoded as a macro Macro Lists of commands Can be used in destructive ways Example: Melissa Appeared in 1999 Even nonprogrammers can create macro viruses Instructions posted on Web sites Security professionals can learn from thinking like attackers

11 Hands-On Ethical Hacking and Network Defense11 Worms Worm Replicates and propagates without a host Infamous examples Code Red Nimda Can infect every computer in the world in a short time At least in theory Actual examples Cyberattacks against ATM machines Slammer and Nachi worms

12 Hands-On Ethical Hacking and Network Defense12

13 Hands-On Ethical Hacking and Network Defense13

14 Hands-On Ethical Hacking and Network Defense14

15 Hands-On Ethical Hacking and Network Defense15 Trojan Programs Insidious attack against networks Disguise themselves as useful programs Hide malicious content in program Backdoors Rootkits Allow attackers remote access Firewalls Identify traffic on uncommon ports Can block this type of attack Trojan programs can use known ports HTTP (TCP 80) or DNS (UDP 53)

16 Hands-On Ethical Hacking and Network Defense16

17 Hands-On Ethical Hacking and Network Defense17 Spyware Sends information from the infected computer to the attacker Confidential financial data Passwords PINs Any other stored data Can registered each keystroke entered Prevalent technology Educate users about spyware

18 Hands-On Ethical Hacking and Network Defense18

19 Hands-On Ethical Hacking and Network Defense19 Adware Similar to spyware Can be installed without the user being aware Sometimes displays a banner Main goal Determine user’s online purchasing habits Tailored advertisement Main problem Slows down computers

20 Hands-On Ethical Hacking and Network Defense20 Protecting Against Malware Attacks Difficult task New viruses, worms, Trojan programs appear daily Malware detected using antivirus solutions Educate your users about these types of attacks

21 Hands-On Ethical Hacking and Network Defense21

22 Hands-On Ethical Hacking and Network Defense22

23 Hands-On Ethical Hacking and Network Defense23 Educating Your Users Structural training Most effective measure Includes all employees and management E-mail monthly security updates Simple but effective training method Recommend that users update virus signature database Activate automatic updates

24 Hands-On Ethical Hacking and Network Defense24 Educating Your Users SpyBot and Ad-Aware Help protect against spyware and adware Firewalls Hardware (enterprise solution) Software (personal solution) Can be combined Intrusion Detection System (IDS) Monitors your network 24/7

25 Hands-On Ethical Hacking and Network Defense25 Avoiding Fearing Tactics Avoid scaring users into complying with security measures Sometimes used by unethical security testers Against the OSSTMM’s Rules of Engagement Promote awareness rather than instilling fear Users should be aware of potential threats During training Build on users’ knowledge Make training easier

26 Hands-On Ethical Hacking and Network Defense26 Intruder Attacks on Networks and Computers Attack Any attempt by an unauthorized person to access or use network resources Network security Concern with security of network resources Computer security Concerned with the security of a computer not part of a network infrastructure Computer crime Fastest growing type of crime worldwide

27 Hands-On Ethical Hacking and Network Defense27 Denial-of-Service Attacks Denial-of-Service (DoS) attack Prevents legitimate users from accessing network resources Some forms do not involve computers Attacks do not attempt to access information Cripple the network Make it vulnerable to other type of attacks Performing an attack yourself is not wise Only need to prove attack could be carried out

28 Hands-On Ethical Hacking and Network Defense28 Distributed Denial-of-Service Attacks Attack on a host from multiple servers or workstations Network could be flooded with billions of requests Loss of bandwidth Degradation or loss of speed Often participants are not aware they are part of the attack Attacking computers could be controlled using Trojan programs

29 Hands-On Ethical Hacking and Network Defense29 Buffer Overflow Attacks Vulnerability in poorly written code Code does not check predefined size of input field Goal Fill overflow buffer with executable code OS executes this code Code elevates attacker’s permission Administrator Owner of running application Train your programmer in developing applications with security in mind

30 Hands-On Ethical Hacking and Network Defense30

31 Hands-On Ethical Hacking and Network Defense31

32 Hands-On Ethical Hacking and Network Defense32 Ping of Death Attacks Type of DoS attack Not as common as during the late 1990s How it works Attacker creates a large ICMP packet More than 65,535 bytes Large packet is fragmented at source network Destination network reassembles large packet Destination point cannot handle oversize packet and crashes

33 Hands-On Ethical Hacking and Network Defense33 Session Hijacking Enables attacker to join a TCP session Attacker makes both parties think he or she is the other party

34 Hands-On Ethical Hacking and Network Defense34 Addressing Physical Security Protecting a network also requires physical security Inside attacks are more likely than attacks from outside the company

35 Hands-On Ethical Hacking and Network Defense35 Keyloggers Used to capture keystrokes on a computer Hardware Software Behaves like Trojan programs Hardware Easy to install Goes between the keyboard and the CPU KeyKatcher and KeyGhost

36 Hands-On Ethical Hacking and Network Defense36

37 Hands-On Ethical Hacking and Network Defense37

38 Hands-On Ethical Hacking and Network Defense38 Keyloggers (continued) Protection Software-based Antivirus Hardware-based Random visual tests

39 Hands-On Ethical Hacking and Network Defense39 Behind Locked Doors Lock up your servers Average person can pick deadbolt locks in less than five minutes After only a week or two of practice Experienced hackers can pick deadbolt locks in under 30 seconds Rotary locks are harder to pick Keep a log of who enters and leaves the room Security cards can be used instead of keys for better security

40 Hands-On Ethical Hacking and Network Defense40 Summary Be aware of attacks on network infrastructures and standalone computers Attacks can be perpetrated by insiders or remote attackers Malicious software Virus Worm Trojan programs Spyware Adware

41 Hands-On Ethical Hacking and Network Defense41 Summary (continued) Attacks Denial-of-Service (DoS) Distributed Denial-of-Service (DDoS) Buffer overflow Ping of Death Session hijacking

42 Hands-On Ethical Hacking and Network Defense42 Summary (continued) Physical security As important as network or computer security Keyloggers Software-based Hardware-based Locks Choose hard-to-pick locks Security cards

Download ppt "Hands-On Ethical Hacking and Network Defense Chapter 3 Network and Computer Attacks."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.

Lecture: Malicious Code CIS 3360 Ratan K. Guha. Malicious Code2 Overview and Reading Assignments Defining malicious logic Types Action by Viruses Reading.
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Threats To A Computer Network

Threats To A Computer Network
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
COMPUTER TERMS PART 2. NETWORK When you have two or more computers connected to each other, you have a network. The purpose of a network is to enable.

COMPUTER TERMS PART 2. NETWORK When you have two or more computers connected to each other, you have a network. The purpose of a network is to enable.
Firewall Slides by John Rouda

Firewall Slides by John Rouda
Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Video Following is a video of what can happen if you don’t update your security settings! security.

Video Following is a video of what can happen if you don’t update your security settings! security.

Similar presentations

Ads by Google