Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend.

Published byChrystal Cunningham Modified over 8 years ago

Similar presentations

Presentation on theme: "Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend."— Presentation transcript:

1 Lesson 5 Knowing the Threat

2 Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend

3 Frequency Point of Attack 2000 CSI/FBI Survey Trend

4 Foreign Corporations U.S. Corporations Likely Sources of Attack 2000 CSI/FBI Survey

5 E-Commerce Security Example Breaking an E-Business

6 WEB Server DBA Server Router Investment App servers Network User Clients Email Server Consider this Network How Can A Hacker Attack?

7 ATTACKER WEB Server DBA Server Router Investment App servers Network User Clients Email Server Step 1: Attacker exploits weakness in CGI script to break through firewall and gain shell privileges on host

8 ATTACKER WEB Server DBA Server Router Investment App servers Network User Clients Email Server Step 1: Attacker exploits weakness in CGI script to break through firewall and gain shell privileges on host Step 2: Attacker finds dBase PW in CGI Script and downloads all account numbers and PWs

9 ATTACKER WEB Server DBA Server Router Investment App servers Network User Clients Email Server Step 1: Attacker exploits weakness in CGI script to break through firewall and gain shell privileges on host Step 2: Attacker finds dBase PW in CGI Script and downloads all account numbers and PWs Step 3: Attacker installs NetBus and controls manager’s terminal

10 Going for the Kill! Customer Enters account ID and PW Customer is Authenticated and access is granted Customer Checks portfolio performance Customer updates portfolio tracking preferences Customer buys/sells shares Step 4: Attacker credits account under their control Investment bank debits/credits customer’s cash account and updates portfolios Investment bank notifies customer with confirmation of transaction

11 So What Happens When Computer Security Fails? Incident Response--A Six Step Process –Preparation: Proactive Computer Security –Identification –Containment –Eradication –Recovery –Hot Wash

12 History Lesson The Art of War, Sun Tzu Lesson for you Know the enemy Know yourself…and in a 100 battles you will never be defeated If ignorant both of your enemy and of yourself you are certain in every battle to be in peril

13 History Lesson The Art of War, Sun Tzu Lesson for the Hacker Probe him and learn where his strength is abundant and where deficient To subdue the enemy without fighting is the acme of skill One able to gain victory by modifying his tactics IAW with enemy situation may be said to be divine

14 Hacker Attacks Intent is for you to know your enemy Not intended to make you a hacker Need to know defensive techniques Need to know where to start recovery process Need to assess extent of investigative environment

15 Anatomy of a Hack FOOTPRINTINGSCANNINGENUMERATION GAINING ACCESS ESCALATING PRIVILEGE PILFERING COVERING TRACKS CREATING BACKDOORS DENIAL OF SERVICE Source: Hacking Exposed, McClure, Sacmbray, and Kurtz

16 Anatomy of The Hack FOOTPRINTINGSCANNINGENUMERATION GAINING ACCESS ESCALATING PRIVILEGE PILFERING COVERING TRACKS CREATING BACKDOORS DENIAL OF SERVICE Source: Hacking Exposed, McClure, Sacmbray, and Kurtz

17 Footprinting Objective Target Address Range Acquire Namespace Information Gathering Surgical Attack Don’t Miss Details Technique Open Source Search whois Web Interface to whois ARIN whois DNS Zone Transfer Source: Hacking Exposed, McClure, Sacmbray, and Kurtz

18 Scanning Objective Bulk target assessment Determine Listening Services Focus attack vector Technique Ping Sweep TCP/UDP Scan OS Detection Source: Hacking Exposed, McClure, Sacmbray, and Kurtz

19 Enumeration Objective Intrusive Probing Commences Identify valid accounts Identify poorly protected shares Technique List user accounts List file shares Identify applications Source: Hacking Exposed, McClure, Sacmbray, and Kurtz

20 Gaining Access Objective Informed attempt to access target Typically User level access Technique Password sniffing File share brute forcing File share brute forcing Password file grab Buffer overflows Source: Hacking Exposed, McClure, Sacmbray, and Kurtz

21 Escalating Privilege Objective Gain Root level access Technique Password cracking Known exploits Source: Hacking Exposed, McClure, Sacmbray, and Kurtz

22 Pilfering Objective Info gathering to access trusted systems Technique Evaluate trusts Search for cleartext passwords Source: Hacking Exposed, McClure, Sacmbray, and Kurtz

23 Cover Tracks Objective Ensure highest access Hide access from system administrator or owner Technique Clear logs Hide tools Source: Hacking Exposed, McClure, Sacmbray, and Kurtz

24 Creating Back Doors Objective Deploy trap doors Ensure easy return access Technique Create rogue user accounts Schedule batch jobs Infect startup files Plant remote control services Install monitors Trojanize Source: Hacking Exposed, McClure, Sacmbray, and Kurtz

25 Denial of Service Objective If unable to escalate privilege then kill Build DDOS network Technique SYN Flood ICMP Attacks Identical src/dst SYN requests Out of bounds TCP options DDOS Source: Hacking Exposed, McClure, Sacmbray, and Kurtz

26 Hacker Exploits per SANS RECONNAISSANCESCANNING EXPLOIT SYSTEMS KEEPING ACCESS COVER TRACKS Source: SANs Institute

27 Hacking Summary Hacking on the rise Hacktivism New crime vector Loose international laws Tools automated and readily available Blended Threats Multi-axis attacks Automated Zombies

Download ppt "Lesson 5 Knowing the Threat. Unauthorized use of Computer Systems 2000 CSI/FBI Survey Trend."

Similar presentations

Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.

Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Forces that Have Brought the world to it’s knees over the centuries.

Forces that Have Brought the world to it’s knees over the centuries.
Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.

Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Similar presentations

Ads by Google