Download attacks

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
Document related concepts

Buffer overflow wikipedia , lookup

Distributed firewall wikipedia , lookup

Unix security wikipedia , lookup

Information privacy law wikipedia , lookup

Security-focused operating system wikipedia , lookup

Wireless security wikipedia , lookup

Cyberwarfare wikipedia , lookup

Buffer overflow protection wikipedia , lookup

Password strength wikipedia , lookup

Cross-site scripting wikipedia , lookup

Information security wikipedia , lookup

Operation Payback wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Operation AntiSec wikipedia , lookup

Computer security wikipedia , lookup

Cyberattack wikipedia , lookup

Mobile security wikipedia , lookup

Social engineering (security) wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
The Need for Security
Principles of Information Security
Chapter 2
Chapter Objectives




Explain the business need for security.
Describe the responsibility of an organization's general
management and IT management for a successful information
security program.
Identify threats to information security and common attacks
associated with those threats.
Differentiate between threats to information systems and
attacks against the information systems.
2
Introduction

The primary mission of information
security is to ensure that systems and
their contents remain the same.
3
4 Important Functions of Information
Security
Protect the ability to function.
 Enable the safe operation of
applications.
 Protect data.
 Safeguard technology assets.

4
Protecting the Functionality of the
Organization

Shared responsibility between general
management and IT managment
◦ Set security policy in compliance with legal
requirements.
◦ Not really a technology issue

Address information security in terms of
◦ Business impact
◦ Cost of business interruption
5
Enabling Safe Operation

Organization requires integrated, efficient, and capable
applications.
◦ Technologically complex.
◦ Must protect critical applications
 Operating system platforms
 Electronic mail
 Instant messaging
◦ Infrastructure developed by
 outsourcing to a service provider
 develop internally
◦ Protection of the infrastructure must be overseen by
management.
6
Protecting Data

Data provides
◦ Record of transactions (e.g., banking)
◦ Ability to deliver value to customers
◦ Enable creation and movement of goods and
services.
 Data in motion (online transactions)
 Data at rest (not online transaction)

Information systems must support these
transactions.
7
Safeguarding Technology Assets

Must have secure infrastructure
services based on the size and scope of
the enterprise.
◦ Smaller businesses may require less
protection.
 Email and personal encryption.
◦ Additional services required for larger
businesses.
 Public Key Infrastructure (PKI) - more complex
◦ Needs change as network grows.
8
Threats

Requirements to protect information
◦ Be familiar with
 The information to be protected
 The systems that store, transport and process it
◦ Know the threats you face

An object, person, or entity that
represents a constant danger to an
asset.
9
12 General Categories of Threat
Acts of human error or failure – mistakes, sloppiness
Compromises to intellectual property - piracy, licensing
Deliberate acts of espionage or trespass
1.
2.
3.
◦
shoulder surfing, hacking, script kiddies, cracker, phreaker
Deliberate acts of information extortion - demanding a ransom
Deliberate acts of sabotage or vandalism
4.
5.
◦
damage reputation, cyberactivist, cyberterrorism
Deliberate acts of theft - difficult to detect
Deliberate software attacks
6.
7.
◦
malware, virus, worm, trojan horses, back door, hoaxes
Forces of nature - fire, flood, earthquake, lightning, storms, etc.
9.
Deviations in quality or service - service disruptions
10. Technical hardware failures or errors - hardware defects
11. Technical software failures or errors - accidental or intentional
flaws
12. Technological obsolescence - unreliable and untrustworthy
8.
10
The Endless Game of Cat and Mouse:
Meet the Cast
Hackers versus crackers
 White hats, black hats, all the shades of
gray, and mysterious color changing
 Conferences?
 Web sites?
 Drills?


http://www.safepatrolsolutions.com/paper
s/Crackers.pdf
11
Meet the Players
Top 10
 And the others

◦ From
http://www.pbs.org/wgbh/pages/frontline/sho
ws/hackers/

And where they congregate – do NOT go
there unless you want to risk catching something
http://phrack.com, ….
12
Attacks


At act or action that takes advantage of a vulnerability
to compromise a controlled system. Accomplished by a
threat agent that damages or steals information or
physical assets.
Vulnerability
◦ an identified weakness in a controlled system, where controls
are not present or no longer effective.

Attacks exist when a specific action occurs that may cause
a potential loss.

Question: how will the attacker “identify weakness”
and/or know what to attack?
13
Well-Known Types of Attack Against
Controlled Systems
Malicious Code
 Hoaxes
 Back Doors
 Password Crack
 Brute Force
 Dictionary
 Denial-of-Service (DoS)
 Distributed Denial-ofService (DDoS)

Spoofing
 Man-in-the-Middle
 Spam
 Mail Bombing
 Sniffers
 Social Engineering
 Buffer Overflow
 Timing Attack

Of course, any of these attacks can be distributed, and/or coming
from a botnet.
14
Malicious Code


Viruses, worms, Trojan horses, active web scripts.
State-of-the-art
◦ Polymorphic or multivector worm
◦ CERT, Symantec, etc. warnings

Known attack vectors
◦
◦
◦
◦
◦
◦
IP scan and attack
web browsing
Virus
unprotected shares
mass mail
SNMP
15
Hoaxes

Transmit a virus hoax with a real virus
attached.
◦ More readily transmitted by trusting users!
16
Back Doors

Use known or previously discovered
access mechanism to gain access to a
system or network resource.
◦ May be left by system designers or maintenance
staff.
◦ Referred to as trap doors.

Hard to detect --- may be exempt from
usual audit logging procedures.
17
Password Crack
Reverse calculate a password.
 Component of many dictionary attacks.
 Security Account Manager (SAM) file is
accessible

◦ contains hashed representation of the user's
password.
◦ a guessed password can be hashed using the
same algorithm and compared to the stored
hash version of the real password.
18
Brute Force Attack
AKA, password attack
 Try every possible combination of options for a
password.
 Easier, if passwords are easy to guess or default
passwords.
 Avoid using easy to guess passwords --- and don't use
default passwords.
 Rarely used, if basic security precautions have been
implemented (e.g., complex passwords)

19
Dictionary Attack



Use a list of commonly used passwords (i.e., a dictionary)
instead of random combinations.
Takes less time to crack than a brute force attack.
Use electronic dictionaries to enforce use of (more)
complex passwords.
20
Denial of Service (DoS)
Distributed Denial of Service (DDoS)


Overload target with requests
Many different flavors:
◦ TCP SYN flood attack: send many TCP connection requests.
◦ Send million emails or faxes and clog the server

DDoS
◦ Often uses compromised machines (called zombies, from a
botnet) to attack the target system.
◦ The most difficult to defend against.
◦ No controls that any single organization can apply.
◦ Some cooperative efforts among service providers.
◦ MyDoom worm attack.
21
Spoofing

Technique of sending messages to a computer using a
source IP address that indicates the messages are
coming from a trusted host.
◦ Must find an IP address for a trusted host.
◦ Must modify packet headers for the attack messages.

Routers and firewalls can protect against spoofing
attacks.
22
Man-in-the-Middle Attack


AKA, TCP hijacking attack
Attacker "sniffs" packets from the network, modifies
them, then inserts them back into the network.
◦ Uses IP spoofing to impersonate another entity on the network.

Allows the attacker to:
◦ eavesdrop, change, delete, reroute, add, forge, or divert data.

Spoofing involves the interception of an encryption key
exchange, which enables the hijacker to act as an
eavesdropper (transparent to the network).
23
Spam

Unsolicited commercial email.
◦ Has been used as a vector for malicious code attacks.
◦ Wastes computer and human resources i.e. it is a DOS attack

Methods to counteract spam
◦ Delete offending messages
◦ Use filtering technologies to stem the flow
24
Mail Bombing

Email denial-of-service attack.
◦ Send large emails with forged headers

Mechanisms
◦ Social engineering
◦ SMTP flaws
25
Sniffers
AKA, packet sniffers.
 A program or device that can monitor data
traveling over a network.

◦ Use for legitimate network management
functions or maliciously.

Unauthorized sniffers are dangerous to
security.
◦ Virtually impossible to detect.
◦ Can be inserted anywhere.
26
Social Engineering

The process of using social skills to persuade people to
reveal access credentials or other valuable information.
◦ Over the phone: “Hey, Joe, this is Andy from department C. Aaron
(the boss) told me to ask you to give me the XYZ plans, the
customers is demanding we fix the bugs by tomorrow. “
◦ Over the phone or in person, to the secretarial support: “…”

May involve impersonating someone higher in the
organizational hierarchy (requesting information).
◦ “Hey, Joe, this is Aaron (the boss). What was the …. “


Tailgating, shoulder surfing, etc.
May be a scam --- Nigerian banking, etc.
27
Physical (illegal) access

War Driving: driving around trying to
catch a signal
◦ Wireless without encryption
◦ Non-wireless el.magn. radiation
Garbage Diving: looking through disposed
documents
 Tapping: any cable that is not optical. Or,
at exposed locations (switches, control
panels, etc.)

28
Buffer Overflow
“Buffer” is a term for data storage, on logical level (often
called “queue” in networking)
 Buffers are used for many different reasons: for example,
to temporarily store networking data when waiting to be
processed, etc.
 Buffers are often implemented as “arrays” in code
 Arrays typically have fixed size
 A buffer overflow is a programming error that
occurs when more data is sent to a buffer than it can
handle AND the programmer did not specify what
happens in that special case

◦ Attacker can take advantage of this programming error to cause
unintended side effects.
29
Timing Attack
Something bad happens when a certain
time is reached
 Many different flavors. Examples:

◦ Explores web browser's cache.
 Allows web designer to develop malicious cookie to
be stored on user's system.
 Could allow designer to collect information on how
to access password-protected sites.
30
Port Scanning
http://www.pctopsecurity.com/types-ofattacks/port-scan-attack Port scan sees
which ports are available, which OS you
are using, …
 http://www.softpanorama.org/Security/ID
S/port_scan_detectors.shtml A view
from the trenches
 http://www.cipherdyne.org/psad/ A tool
to detect port scans

31

Review
http://www.scribd.com/doc/20138373/CC
NA-Security-Chapter-1-assessment

Challenge: go through the PCWeek Hack
on p.47 and try to understand each step
the attacker took.
32
Related documents
Security
Security
Chapter 2: Attackers and Their Attacks
Chapter 2: Attackers and Their Attacks
Forms of Network Attacks
Forms of Network Attacks
Intrusion Detection Systems
Intrusion Detection Systems
CS 195 Probability Models and Inference Spring 2013 Homework
CS 195 Probability Models and Inference Spring 2013 Homework
The Internet and Security
The Internet and Security
Distributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS)
Chapter 2 - Department of Accounting and Information Systems
Chapter 2 - Department of Accounting and Information Systems
Access Control Policies
Access Control Policies
Skating on Stilts
Skating on Stilts
Introduction to Information Security Chapter N
Introduction to Information Security Chapter N
Intimidation Attack
Intimidation Attack
Integrity - Andrew.cmu.edu
Integrity - Andrew.cmu.edu
Vulnerabilities - University of Wolverhampton
Vulnerabilities - University of Wolverhampton
Securing the Network - Austin Community College
Securing the Network - Austin Community College
Computer Security - University at Albany
Computer Security - University at Albany
1998-10-16-MAEDS-NetSecurity
1998-10-16-MAEDS-NetSecurity
Annex 1
Annex 1
Security+ Guide to Network Security Fundamentals
Security+ Guide to Network Security Fundamentals
Joshua White - Everis Inc.
Joshua White - Everis Inc.
How to Hack a Telecommunication Company And Stay Alive
How to Hack a Telecommunication Company And Stay Alive
Survey of online attacks on E-Commerce sites
Survey of online attacks on E-Commerce sites