Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3 Network and Computer Attacks. Objectives After reading this chapter and completing the exercises, you will be able to: Describe the different.

Published byKarin Harrell Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 3 Network and Computer Attacks. Objectives After reading this chapter and completing the exercises, you will be able to: Describe the different."— Presentation transcript:

1 Chapter 3 Network and Computer Attacks

2 Objectives After reading this chapter and completing the exercises, you will be able to: Describe the different types of malicious software and what damage they can do Describe methods of protecting against malware attacks Describe the types of network attacks Identify physical security attacks and vulnerabilities 2

3 Introduction As an IT security professional, you need to be aware of attacks an intruder can make on your network. Attacks include unauthorized attempts to access network resources or systems, attempts to destroy or corrupt information, and attempts to prevent authorized users from accessing resources. You must have a good understanding of both network security and computer security. Hands-On Ethical Hacking and Network Defense, Second Edition3

4 Malicious Software (Malware) Network attacks prevent a business from operating Malicious software (malware) Virus Worm Trojan program Goals Destroy data Corrupt data Shutdown a network or system Make money 4

5 Viruses Virus attaches itself to a file or program Needs host to replicate Does not stand on its own No foolproof prevention method Antivirus programs Detection based on virus signatures Signatures are kept in virus signature file Must update periodically Some offer automatic update feature 5

6 6 Table 3-1 Common computer viruses

7 Macro Viruses Virus encoded as a macro (a single instruction that expands automatically into a set of instructions to perform a particular task. ) Programs that support a macro programming language (e.g., Visual Basic for Applications) Lists of commands Can be used in destructive ways Example: Melissa Appeared in 1999 Even nonprogrammers can create macro viruses Instructions posted on Web sites Security professionals learn from thinking like attackers 7

8 Worms Replicates and propagates without a host Infamous examples: Code Red Nimda Theoretically can infect every computer in the world over a short period Cyber attacks against ATMs are a serious concern for the banking industry and law enforcement agencies worldwide Examples: Slammer and Nachi ATM worm attacks 8

9 9 Table 3-2 Common computer worms

10 10 Table 3-2 Common computer worms (cont’d.)

11 Trojan Programs Insidious attack against networks and computers Disguise themselves as useful programs Allow attackers remote access Can install backdoors and rootkits Backdoors or rootkits are programs that give attackers a means of regaining access to the attacked computer later. A rootkit is a type of malicious software that is activated each time your system boots up. Rootkits are difficult to detect because they are activated before your system's Operating System has completely booted up. A rootkit often allows the installation of hidden files, processes, hidden user accounts, and more in the systems OS. 11

12 Trojan Programs Back Orifice is one of the most common Trojan programs used today. It allows attackers to take full control of the attacked computer, like Windows XP Remote Desktop functions, except that Back Orifice works without the user’s knowledge. A good software or hardware firewall would most likely identify traffic that’s using unfamiliar ports. But Trojan programs that use common ports, such as TCP port 80 (HTTP) or UDP port 53 (DNS), are more difficult to detect. Also, many home users and small businesses don’t use software or hardware firewalls. 12

13 13 Table 3-3 Trojan programs and ports

14 Spyware Sends information from infected computer to attacker Confidential financial data Passwords PINs Any other stored data Can register each keystroke entered Prevalent technology Educate users about spyware 14

15 15 Figure 3-2 A spyware initiation program

16 Adware Similar to spyware Installed without users being aware Sometimes displays a banner Main purpose Determine user’s purchasing habits so that Web browsers can display advertisements tailored to this user Main problem Slows down computers 16

17 Protecting Against Malware Attacks Difficult task New viruses, worms, and Trojan programs appear daily Antivirus programs Detected many malware programs Educate users about these attacks Users who aren’t trained thoroughly can open holes into a network that no technology can protect against 17

18 18 Figure 3-3 Detecting a virus

19 Educating Your Users Structural training Includes all employees and management E-mail monthly security updates Recommend virus signature database updating Activate automatic updates SpyBot and Ad-Aware Two most popular spyware and adware removal programs Help protect against spyware and adware Firewalls Software (personal) and hardware (enterprise) 19

20 Avoiding Fear Tactics Avoid scaring users into complying with security measures Sometimes used by unethical security testers Against the OSSTMM’s Rules of Engagement Promote awareness rather than instilling fear Users should be aware of potential threats Build on users’ knowledge Makes training easier 20

21 Intruder Attacks on Networks and Computers Attack Any attempt by an unauthorized person to access, damage, or use network resources Network security Concern with security of network infrastructure Computer security Concerned with security of a stand alone computer Not part of a network infrastructure Computer crime Fastest growing type of crime worldwide 21

22 Denial-of-Service Attacks Denial-of-service (DoS) attack Prevents legitimate users from accessing network resources Some forms do not involve computers  For example, intentionally looping a document on a fax machine by taping two pages together can use up reams of paper on the destination fax machine, thus preventing others from using it 22

23 Denial-of-Service Attacks DoS Do not attempt to access information, but: Cripples (disturbs) the network Makes it vulnerable to other attacks Installing an attack yourself is not wise Only explain how the attack could happen 23

24 Distributed Denial-of-Service Attacks Distributed denial-of-service (DDoS) attack Attack on host from multiple servers or workstations Network could be flooded with billions of packets Loss of bandwidth Degradation or loss of speed Often participants are not aware they are part of the attack They, too, have been attacked 24

25 Distributed Denial-of-Service Attacks 25

26 Distributed Denial-of-Service Attacks 26 DDoS attacks are difficult to stop because owners of the compromised computers, referred to as zombies, are unaware that their systems are sending malicious packets to a victim thousands of miles away. These compromised computers are usually part of a botnet (a network of “robot” computers) following instructions from a central location or system. For more information, do a search on “Estonia DDoS.”

27 Buffer Overflow Attacks Vulnerability in poorly written code Doesn’t check for amount of memory space use For example, if a program defines a buffer size of 100 MB (the total amount of memory the program is supposed to use), and the program writes data over the 100 MB mark without triggering an error or preventing this occurrence, you have a buffer overflow. 27

28 Buffer Overflow Attacks Attacker writes code that overflows buffer The trick is to not fill the overflow buffer with meaningless data, but fill it with executable program code. That way, the OS runs the code, and the attacker’s program does something harmful. Usually, the code elevates the attacker’s permissions to an administrator’s level or gives the attacker the same privileges as the program’s owner or creator Train programmer in developing applications with security in mind 28

29 Buffer Overflow Attacks 29

30 30 Table 3-4 Buffer overflow vulnerabilities

31 Ping of Death Attacks Type of DoS attack Not as common as during the late 1990s How it works Attacker creates a large ICMP packet More than allowed 65,535 bytes Large packet is fragmented into small packets Reassembled at destination Destination point cannot handle reassembled oversize packet Causes it to crash or freeze 31

32 Session Hijacking Enables attacker to join a TCP session Attacker makes both parties think he or she is the other party Complex attack Beyond the scope of this book 32

33 Addressing Physical Security Protecting a network from attacks is not always a software issue. You should have some basic skills in protecting a network from physical attacks as well. Inside attacks More likely than outside attacks 33

34 Keyloggers Used to capture keystrokes on a computer Software Loaded on to computer Behaves like Trojan programs Hardware Small and easy to install device Goes between keyboard and computer Examples: KeyKatcher and KeyGhost Available as software (spyware) Transfers information 34

35 35 Figure 3-4 An e-mail message captured by KeyKatcher

36 36 Figure 3-5 The KeyGhost menu

37 Behind Locked Doors As a security professional, you should be aware of the types of locks used to secure a company’s assets. If an intruder gets physical access to a server, whether it’s running Linux or Windows, it doesn’t matter how good your firewall or IDS is. Encryption or public key infrastructure (PKI) enforcements don’t help in this situation, either. If intruders can sit in front of your server, they can hack it. Simply put, lock up your server. 37

38 Behind Locked Doors (Solution) Lock up servers Average person Can pick deadbolt lock in less than five minutes After only a week or two of practice Experienced hackers Can pick deadbolt lock in under 30 seconds Rotary locks are harder to pick Require pushing in a sequence of numbered bars Keep a record of who enters and leaves the room Security cards can be used for better security 38

39 Summary Be aware of attacks Network infrastructures and standalone computers Can be perpetrated by insiders or outside attackers Malicious software Viruses Worms Trojan programs Spyware Adware 39

40 Summary (cont’d.) Attacks Denial-of-Service (DoS) Distributed Denial-of-Service (DDoS) Buffer overflow Ping of Death Session hijacking Keyloggers Monitor computer system Physical security Everyone’s responsibility 40

Download ppt "Chapter 3 Network and Computer Attacks. Objectives After reading this chapter and completing the exercises, you will be able to: Describe the different."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Computer Viruses.

Computer Viruses.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Threats To A Computer Network

Threats To A Computer Network
Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Network & Computer Attacks (Part 2) February 11, 2010 MIS 4600 – MBA © Abdou Illia.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.

Network Security Peter Behrens Seth Elschlager. Computer Security Preventing unauthorized use of your network and information within that network. Preventing.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
COMPUTER TERMS PART 2. NETWORK When you have two or more computers connected to each other, you have a network. The purpose of a network is to enable.

COMPUTER TERMS PART 2. NETWORK When you have two or more computers connected to each other, you have a network. The purpose of a network is to enable.

Similar presentations

Ads by Google