Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Unix security wikipedia , lookup
Cyberwarfare wikipedia , lookup
Deep packet inspection wikipedia , lookup
Computer virus wikipedia , lookup
Denial-of-service attack wikipedia , lookup
Computer security wikipedia , lookup
Antivirus software wikipedia , lookup
Mobile security wikipedia , lookup
Cyberattack wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Attacks and Vulnerabilities Ilya Chalyt Nicholas Egebo March 7 2005 Topics of Discussion Reconnaissance Gain information about a system Vulnerabilities Attributes of a system that can be maliciously exploited Attacks Procedures to exploit vulnerabilities Reference 1 Topics of Discussion Reconnaissance War Dialing War Driving Port Scanning Probing Packet Sniffing War Dialing (Reconnaissance) Method Dial a range of phone numbers searching for modem Motivation Locate potential targets Detection Detection impossible outside of the telephony infrastructure Defense Disconnect unessential modems from outgoing phone lines Reference 2 War Driving (Reconnaissance) Method Surveillance of wireless signals in a region Detection Can only be detected by physical surveillance Motivation Find wireless traffic Defense Limit geographic access to wireless signal Reference 3 Port Scanning (Reconnaissance) Method Send out a SYN packet, check for response Motivation Find potential targets Detection Traffic analysis Defense Close/silence ports Reference 4 Probing (Reconnaissance) Method Send packets to ports Detection Traffic analysis Motivation Find specific port information Defense Close/silence ports Packet Sniffing (Reconnaissance) Method Capture and analyze packets traveling across a network interface Motivation Gain access to information traveling on the network Detection None Defense Use encryption to minimize cleartext on the network Reference 5 Topics of Discussion Vulnerabilities Backdoors Code Exploits Eavesdropping Indirect Attacks Social Engineering Backdoors (Vulnerabilities) Bypass normal means of authentication Hidden from casual inspection Installed separately or integrated into software Reference 6 Code Exploits (Vulnerabilities) Use of poor coding practices left uncaught by testing Defense: In depth unit and integration testing Eavesdropping (Vulnerability) Data transmitted without encryption can be captured and read by parties other than the sender and receiver Defense: Use of strong cryptography to minimize cleartext on the network Indirect Attacks (Vulnerabilities) Internet users’ machines can be infected with zombies and made to perform attacks The puppet master is left undetected Defense: Train internet users to prevent zombies and penalize zombie owners Social Engineering (Vulnerability) Manipulate the weakest link of cybersecurity – the user – to gain access to otherwise prohibited resources Defense: Train personnel to resist the tactics of software engineering Reference 7 Topics of Discussion Attacks Password Cracks Web Attacks Physical Attacks Worms & Viruses Logic Bomb Buffer Overflow Phishing Bots, and Zombies Spyware, Adware, and Malware Hardware Keyloggers Eavesdropping & Playback attacks DDoS Password Cracks: Brute Force Method Trying all combinations of legal symbols as username/password pairs Motivation Gain access to system Detection Frequent attempts to authenticate Defense Lockouts – temporary and permanent Reference 8 Password Cracks: Dictionary Attack Method Trying all entries in a collection of strings Motivation Gain access to system, faster than brute force Detection Frequent attempts to authenticate Defense Lockouts – temporary and permanent Complex passwords Reference 8 Password Cracks: Hybrid Attack Method Trying all entries in a collection of strings adding numbers and symbols concatenating them with each other and or numbers Motivation Gain access to system, faster than brute force, more likely than just dictionary attack Detection Frequent attempts to authenticate Defense Lockouts – temporary and permanent Reference 8 Password Cracks: l0phtcrack Method Gain access to operating system’s hash table and perform cracking remotely Motivation Detection Detecting reading of hash table Defense Limit access to system Gain access to system, cracking elsewhere – no lockouts Reference 8 Web Attacks: Source Viewing Method Read source code for valuable information Motivation Find passwords or commented out URL Detection None Defense None Web Attacks: URL Modification Method Manipulating URL to find pages not normally accessible Motivation Gain access to normally private directories or pages Detection Check website URL logs Defense Add access requirements Web Attacks: Post Data Method Change post data to get desired results Motivation Change information being sent in your favor Detection None Defense Verify post data on receiving end Web Attacks: Database Attack Method Sending dangerous queries to database Motivation Denial of service Detection Check database for strange records Defense Filter database queries Reference 9 Web Attacks: Database Insertion Method Form multiple queries to a database through forms Motivation Insert information into a table that might be unsafe Detection Check database logs Defense Filter database queries, make them quotesafe Reference 9 Web Attacks: Meta Data Method Use meta characters to make malicious input Motivation Possibly reveal script or other useful information Detection Website logs Defense Filter input of meta characters Reference 10 Physical Attack: Damage Method Attack the computer with an axe Motivation Disable the computer Detection Video Camera Defense Locked doors and placed security guards Physical Attack: Disconnect Method Interrupt connection between two elements of the network Motivation Disable the network Detection Pings Defense Locked doors and placed security guards Physical Attack: Reroute Method Pass network signal through additional devices Motivation Monitor traffic or spoof a portion of the network Detection Camera Defense Locked doors and placed security guards Physical Attack: Spoof MAC & IP Method Identify MAC address of target and replicate Detection Monitoring ARP requests and checking logs Motivation Deny target from receiving traffic Defense None as of now Worms & Virus: File Infectors Method Infects executables by inserting itself into them Motivation Damage files and spread Detection Virus scan or strange computer behavior Defense Antivirus, being cautious on the internet Reference 10 Worms & Virus: Partition-sector Infectors Method Moves partition sector Replaces with self On boot executes and calls original information Detection Virus scan or strange computer behavior Defense Motivation Damage files and spread Antivirus, being cautious on the internet Reference 10 Worms & Virus: Boot-sector virus Method Replaces boot loader, and spreads to hard drive and floppies Motivation Damage files and spread Detection Virus scan or strange computer behavior Defense Antivirus, being cautious on the internet Reference 10 Worms & Virus: Companion Virus Method Locates executables and mimics names, changing the extensions Motivation Damage files and spread Detection Virus scan or strange computer behavior Defense Antivirus, being cautious on the internet Reference 10 Worms & Virus: Macro Virus Method Infects documents, when document is accessed, macro executes in application Motivation Damage files and spread Detection Virus scan or strange computer behavior Defense Antivirus, being cautious on the internet Reference 10 Worms & Virus: Worms Method Replicates Motivation Variable motivations Detection Virus scan or strange computer behavior Defense Antivirus, being cautious on the internet Reference 11 Logic Bomb Method Discreetly install “time bomb” and prevent detonation if necessary Motivation Revenge, synchronized attack, securing get away Detection Strange computer behavior Defense Keep and monitor logs Monitor computer systems closely Buffer Overflow Method Pass too much information to the buffer with poor checking Motivation Modify to information and/or execute arbitrary code Detection Logs Defense Check input size before copying to buffer Guard return address against overwrite Invalidate stack to execute instructions Reference 12 & 13 Phishing Method Request information from a mass audience, collect response from the gullible Motivation Gain important information Detection Careful examination of requests for information Defense Distribute on a need to know basis Bots & Zombies Method Installed by virus or worm, allow remote unreserved access to the system Motivation Gain access to additional resources, hiding your identity Detection Network analysis Virus scans Notice unusual behavior Defense Install security patches and be careful what you download Spyware, Adware, and Malware Method Installed either willingly by the user via ActiveX or as part of a virus package Motivation Gain information about the user Serve users advertisements Detection Network analysis Abnormal computer behavior Defense Virus / adware / spyware / malware scans Hardware Keyloggers Method Attach it to a computer Motivation Record user names, passwords, and other private information Detection Check physical connections Defense Cameras and guards Eavesdropping Method Record packets to the network Attempt to decrypt encrypted packets Motivation Gain access to user data Detection None Defense Strong cryptography Playback Attack Method Record packets to the network Resend packets without decryption Motivation Mimic legitimate commands Detection Network analysis Defense Time stamps DDoS: CPU attack Method Send data that requires cryptography to process Motivation Occupy the CPU preventing normal operations Detection Network analysis Defense None Reference 14 DDoS: Memory attack Method Send data that requires the allocation of memory Motivation Take up resources, crashing the server when they are exhausted Detection Network analysis Defense None Reference 14 References 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. Amoroso, Edward. Intrusion Detection. Sparta, New Jersey: AT&T Laboratories, 1999. Gunn, Michael. War Dialing. SANS Institute, 2002. Schwarau, Winn. “War-driving lessons,” Network World, 02 September 2002. Bradley, Tony. Introduction to Port Scanning. 2005. <http://netsecurity.about.com/cs/hackertools/a/aa121303.htm> (04 March 2005). Bradley, Tony. Introduction to Packet Sniffing. 2005. <http://netsecurity.about.com/cs/hackertools/a/aa121403.htm> (05 March 2005). Thompson, Ken. “Reflections on Trusting Trust.” Communications of the ACM, Vol. 27, No. 8, August 1985. Mitnick, Kevin. The Art of Deception. Indianapolis, Indiana, 2002. Coyne, Sean. Password Crackers: Types, Process and Tools. ITS Research Labs, 2004 Friel, Steve. SQL Injection Attacks by Example. 2005 <http://www.unixwiz.net/techtips/sqlinjection.html> (05 March 2005) Lucas, Julie. The Effective Incident Response Team. Chapter 4. 2003 Worms versus Viruses. 2004. <http://viruses.surferbeware.com/worms-vs-viruses.htm> (06 March 2005) Grove, Sandeep. “Buffer Overflow Attacks and Their Countermeasures.” Linux Journal. 10 March 2003 Levy, Elias. “Smashing the Stack for Fun and Profit”. Phrack Magazine Issue 49, Fall 1997. Distributed Denial of Service. 2002 <http://www.tla.org/talks/ddos-ntua.pdf> (05 March 2005)