Download presentation
Presentation is loading. Please wait.
Published byAdam White Modified over 9 years ago
1
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Types of Attacks and Malicious Software Chapter 15
2
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionObjectives Describe various types of computer and network attacks, including denial-of-service, spoofing, hijacking, and password guessing. Identify the different types of malicious software that exist, including viruses, worms, Trojan horses, logic bombs, time bombs, and rootkits. Explain how social engineering can be used as a means to gain access to computers and networks. Describe the importance of auditing and what should be audited.
3
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms Backdoor Birthday attack Botnet Buffer overflow Denial-of-service (DoS) attack Distributed denial-of- service (DDoS) attack DNS kiting Drive-by download attack Header manipulation Injection attack Man-in-the-middle attack Null session Pharming Phishing Ping sweep Port scan
4
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms (continued) Replay attack Sequence number Smurf attack Sniffing Spear phishing Spoofing Spyware SYN flood Transitive attack
5
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Avenues of Attack Specific targets –Chosen based on attacker’s motivation –Not reliant on target system’s hardware and software Targets of opportunity –Systems with hardware or software vulnerable to a specific exploit –Often lacking current security patches
6
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition The Steps in an Attack 1.Conducting reconnaissance 2.Scanning 3.Researching vulnerabilities 4.Performing the attack 5.Creating a backdoor 6.Covering tracks
7
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Conducting Reconnaissance Gather as much information as possible about the target system and organization. –Use the Internet. –Explore government records. –Use tools such as Whois.Net. Don’t worry yet whether the information being gathered is relevant or not.
8
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionScanning Identify target systems that are active and accessible. –Ping sweep –Port scan Identify the operating system and other specific application programs running on system. –Analyzing packet response
9
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Researching Vulnerabilities Wealth of information available through the World Wide Web –Lists of vulnerabilities in specified OS and application programs –Tools created to exploit vulnerabilities
10
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Performing the Attack Matching an attack to an indentified vulnerability
11
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Creating a Backdoor Provides future access to the attacker –May create “authorization” for themselves –Could install an agent
12
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Covering Their Tracks In an effort to remain undetected, attackers endeavor to cover their tracks: –Erase pertinent log files from the system. –Change file time stamps to appear unaltered.
13
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Minimizing Possible Avenues of Attack Ensure all patches are installed and current. Limit the services being run on the system. –Limits possible avenues of attack –Reduces number of services the administrator must continually patch Limit the amount of publicly available data about the system and organization.
14
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Attacking Computer Systems and Networks An attack is an attempt by an unauthorized person to: –Gain access to or modify information –Assume control of an authorized session –Disrupt the availability of service to authorized users
15
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Attacking Computer Systems and Networks (continued) Variety of methods used to carry out attacks Attacks on specific software –Rely on code flaws or software bugs –Indicates lack of thorough code testing Attacks on a specific protocol or service –Take advantage of or use a service or protocol in an unintended manner
16
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Types of Attacks Denial-of-service Backdoors/Trapdoors Null sessions Sniffing Spoofing Man-in-the-middle Replay TCP/IP hijacking Drive-by downloads Phishing/pharming Attacks on encryption Address system attacks Password guessing Hybrid attack Birthday attack Injection attack
17
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Denial-of-Service Attack Exploit known identified vulnerabilities Purpose is to prevent normal system operations for authorized users Can be accomplished in multiple ways –Take the system offline –Overwhelm the system with requests
18
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition SYN Flood Attack An example of a DoS attack targeting a specific protocol or service –Illustrates basic principles of most DoS attacks Exploit a weakness inherent to the function of the TCP/IP protocol –Uses TCP three-way handshake to flood a system with faked connection requests
19
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition TCP Three-Way Handshake System 1 sends SYN packet to System 2. System 2 responds with SYN/ACK packet. System 1 sends ACK packet to System 2 and communications can then proceed.
20
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Steps of a SYN Flood Attack 1.Communication request sent to target system. 2.Target responds to faked IP address. 3.Target waits for non-existent system response. 4.Request eventually times out. 5.If the attacks outpace the requests timing-out, then systems resources will be exhausted.
21
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition SYN Flood Attack
22
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Distributed Denial-of-Service Attack (DDoS) Goal is to deny access or service to authorized users –Uses resources of many systems combined into an attack network –Overwhelms target system or network –With enough attack agents, even simple web traffic can quickly affect a large website
23
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Denial-of-Service Attack
24
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Ping of Death (POD) Another example of a DoS attack. –Illustrates an attack targeting a specific application. Attacker sends ICMP ping packet > 64KB. –This ping packet size should not occur naturally. ICMP packet will crash certain systems unable to handle it.
25
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Preventing DoS & DDoS Attacks Ensure necessary patches and upgrades remain current. Change time-out period for TCP connections. Distribute workload across several systems. Block external ICMP packets at border.
26
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Trapdoors and Backdoors Trapdoor –Hard-coded access built into the program –Ensures access should normal access methods fail –Creates vulnerability in systems using the software Backdoor –Ensures continued unrestricted access in the future –Attackers implant them in compromised systems –Can be installed inadvertently with a Trojan horse
27
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Null Sessions A connection to a Windows inter-process communication share (IPC$) –Systems prior to XP and Server 2003 are vulnerable. –Used by a variety of exploit tools and malware. –No patch is available. Options to counter the vulnerability –Upgrade systems to Windows XP or newer version –Only allow trusted users access to TCP ports 139 and 445
28
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionSniffing Attacker observes all network traffic. –Software, hardware, or combination of the two –Ability to target specific protocol, service, string of characters, etc. –May be able to modify some or all traffic in route Network administrators can use to monitor and troubleshoot network performance.
29
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Sniffing (continued) Physical security is key in preventing introduction of sniffers on the internal network.
30
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionSpoofing True source of data is disguised: –Commonly accomplished by altering packet header information with false information –Can be used for a variety of purposes Spoofing e-mail: –From address differs from sending system –Recipients rarely question authenticity of the e-mail
31
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition IP Address Spoofing
32
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Spoofing and Trusted Relationships
33
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Sequence Numbers SYN packets include an original sequence number. Sequence numbers are incremented by 1 and sent back with ACK packets.
34
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Spoofing and Sequence Numbers Attacker must use correct sequence number: –TCP packet sequence numbers are 32-bit. –Sequence numbers are incremented by 1. –Very difficult to guess. Insider attacks vs. external attacks
35
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Man-in-the-Middle Attack Attacker is positioned between two target hosts: –Typically accomplished through router manipulation –Traffic redirected to attacker, then forwarded on Benefits: –Attacker can intercept, modify, and/or block traffic –Communication appears normal to target hosts Limitation: – Useful data collection reduced if traffic is encrypted
36
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Man-in-the-Middle Attack (continued)
37
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Replay Attack Attacker intercepts part of an exchange between two hosts and retransmits message later. –Often used to bypass authentication mechanisms Prevented by encrypting traffic, cryptographic authentication, and time-stamping messages.
38
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition TCP/IP Hijacking Assume control of an already existing session: –Attacker circumvents authentication. –Can be disguised with a DoS attack. –Typically used against web and Telnet sessions.
39
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Drive-by Download Attack Unsolicited malware downloads –May be hidden in legitimate ads or hosted from web sites that prey on unaware users
40
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Phishing and Pharming Phishing –Fraudulent e-mails designed to trick users into divulging confidential information Pharming –Fake web sites created to elicit authentic user credentials
41
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Attacks on Encryption Cryptanalysis attempts to crack encryption Common methods –Weak keys –Exhaustive search of key space –Indirect attacks
42
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Password Attacks Most common user authentication is combination of user ID and password. A compromised password typically indicates a failure to adhere to good password procedures.
43
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Password Attacks (continued) Password attack methods –Guess –Dictionary –Brute force –Hybrid –Birthday
44
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Injection Attacks SQL injection Command injection LDAP injection XML injection
45
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Software Exploitation Take advantage of software bugs/weaknesses –Results from poor design, inadequate testing, or inferior code practices. Buffer overflow attack –Most common example of software exploitation –Program receives more input than it can handle. –Program may abort, crash the entire system, or allow attacker to execute malicious commands
46
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Malicious Code Viruses Trojan horses Spyware Logic bombs Rootkits Worms Zombies and botnets
47
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionViruses Replicate and attach to executable code –Best-known malicious code Common types: –Boot Sector virus –Program virus –Macro virus –Stealth virus –Polymorphic virus
48
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Trojan Horses Software that appears to do one thing but contains hidden functionality –Standalone program that must be installed by user –Disguised well enough to entice user –Delivers payload without user’s knowledge Prevention –Never run software of unknown origin or integrity. –Keep virus-checking program running continuously.
49
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionSpyware Software capable of recording and reporting a users actions: –Typically installed unbeknownst to users –Monitors software and system use –Can steal information through keylogging Many states have banned spyware and other unauthorized software: –Organizations circumvent with complex EULAs
50
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Logic Bombs Malicious code dormant until triggered by a specified future event: –Usually installed by authorized user –Reinforces need for backups A time bomb is similar to the logic bomb, but delivers payload at a predetermined time/date.
51
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionRootkits Modifies OS kernel or other process on system –Originally designed to grant root access –Designed to avoid being detected and deleted –Support a variety of malware –Often operating unbeknownst to user –Found in OS kernel, application level, firmware, etc.
52
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Types of Rootkits Firmware Virtual Kernel Library Application level
53
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionWorms Code that penetrates and replicates on systems –Doesn’t need to attach to other files or code –Spread by a variety of methods such as e-mail, infected web sites, and P2P sharing networks Examples –Morris worm, Love Bug, Code Red, and Samy worm
54
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Worms (continued) Key steps in preventing worms: –Install all patches. –Use firewalls. –Implement an intrusion detection system. –Eliminate unnecessary services. –Use extreme caution with e-mail attachments.
55
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Zombies and Botnets Malware installed on machines creates zombies under the control of the attacker. Large networks of zombies are called botnets. –Some attacker’s botnets have 1,000,000+ zombies. –Botnets are responsible for millions of spam messages daily.
56
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Malware Defense Attacks typically exploit multiple vulnerabilities –Network, OS, application, and user level Steps to prevent malware –Use an antivirus program. –Ensure all software is up-to-date.
57
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition War-dialing and War-driving War-dialing attempts to find unprotected modem connections to a system over phone lines. –New telephone firewalls restrict access. War-driving involves traveling around an area in search of vulnerable wireless networks.
58
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Social Engineering Manipulating authorized users into providing access to an attacker Applies to both virtual and physical access
59
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Security Auditing Should be conducted on a regular basis May be mandated depending on the industry Can be contracted out to a another party Focus on –Security perimeter –Policies, procedures, and guidelines governing security –Employee training
60
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Describe various types of computer and network attacks, including denial-of-service, spoofing, hijacking, and password guessing. Identify the different types of malicious software that exist, including viruses, worms, Trojan horses, logic bombs, time bombs, and rootkits. Explain how social engineering can be used to gain access to computers and networks. Describe the importance of auditing and what should be audited.
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.