Download Attack and Malicious Code

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
Document related concepts
no text concepts found
Transcript 
Attack and Malicious
Code
Andrew Anaruk
•
•
•
•
•
Security Threats
Denial of Service (DoS) Attacks
Spoofing
Social Engineering
Attacks on Encrypted Data
Software Exploitation
Denial of Service
•
•
•
•
SYN Floods
Smurf
Ping of Death
DDoS
Spoofing
• IP Address Spoofing
• ARP poisoning
• Web Spoofing
• Man in the middle attacks
• Social Engineering
• DNS Spoofing
•
“Thwart”
Spoofing
Filter packets entering your network that
have a source address of the local network
• MAC Binding – Switches store the first MAC
Address that appears on a port and it cannot
be changed without authentication.
• Educate users about Web Spoofing. Set
home pages to secure sites.
• DNS spoofing is prevented via securing DNS
servers.
Social Engineering
• Occurs in the “World of People”
• Try to by-pass the “what you know” aspect
of authentication.
• Dumpster Diving
• Online Attacks
• Web spoofing
• E-mails prompting authentication information
Social Engineering
Countermeasures
• Take Care of Trash
– Paper Shredders or Locked Recycle Bins.
– Bulk erase Magnetic Media before discarding.
– Keep dumpsters in secure areas.
• Train system users periodically
– Educate users about Social Engineering Scams
– Inform about the password policy.
– Yada yada yada . . . User’s will still mess up.
Attacks on Encrypted
Data
•
•
•
•
•
Weak Keys
Mathematical Attacks
Password Guessing
Brute Force
Dictionary
Software Exploitation
• Malicious Software or Malware.
– Almost an anagram for Walmart?????
–
–
–
–
–
Viruses
Backdoors
Trojan Horse
Logic Bombs
Worms
Related documents