* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Presentation
Survey
Document related concepts
Access control wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Denial-of-service attack wikipedia , lookup
Deep packet inspection wikipedia , lookup
Security-focused operating system wikipedia , lookup
Network tap wikipedia , lookup
Wireless security wikipedia , lookup
Mobile security wikipedia , lookup
Unix security wikipedia , lookup
Cyberattack wikipedia , lookup
Distributed firewall wikipedia , lookup
Social engineering (security) wikipedia , lookup
Computer security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Transcript
Secure Communication and Intrusion Detection James Hidahl, Josh McCandless, Kyle Ray Focused Topics Secure Communications Intrusion Detection Methods Used by Intruders Secure Communications What is security? Access Codes Strong Passwords S/Key Challenge Response Smart Cards What is Security? Security in the computer industry, refers to technique for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization. Access Codes Access code is just another word used to describe a password. Passwords are a secret series of characters that enables a user to access a computer, certain files, and programs. Strong Passwords A strong password that is difficult to detect by both humans and computer programs, protecting data from unauthorized access. Usually a combination of both numbers and letters, exceeding 6 characters. S/ Key Developed by Bellecore, S/Key is used to eliminate the need for the same password to be processed over a network each time a password is needed for access. It is also a wellknown challenge response password scheme. Challenge Response A commonly used technique that prompts the user to provide private information. Most security systems that rely on smart cards are based on challenge-response. A user is given a code which he or she enters into the smart card. The smart card then displays a new code that the user can present to log in. Smart Cards A small electronic device about the size of a credit card that contains electronic memory, and possibly an embedded integrated circuit (IC). Smart cards containing an IC are sometimes called Integrated Circuit Cards(ICC’s) Intrusion Detection Firewalls Virus Scanners Intrusion Detectors Firewalls System designed to prevent unauthorized access to or from a private network or single computer Virus Scanners You should know what that means. Basically scans your computer for known viruses. The effectiveness depends on the database. Here are examples. Norton Housecall AVG Intrusion Detectors An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. There are several ways to categorize an IDS: Misuse Detection vs. Anomaly Detection In misuse detection, the IDS analyzes the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS looks for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network’s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies. Network-Based vs. HostBased Systems in a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall’s simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host. Passive System vs. Reactive System In a passive system, the IDS detects a potential security breach, logs the information and signals an alert. In a reactive system, the IDS responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source. Though they both relate to network security, an IDS differs from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. An IDS evaluates a suspected intrusion once it has taken place and signals an alarm. An IDS also watches for attacks that originate from within a system. Intrusion Methods Hacker vs. Cracker Backdoor Port Scanning Sniffer Smurf Hacker vs. Cracker Hacker- A slang term for a computer enthusiast, i.e., a person who enjoys learning programming languages and computer systems and can often be considered an expert on the subject(s). Among professional programmers, depending on how it used, the term can be either complimentary or derogatory, although it is developing an increasingly derogatory connotation. The pejorative sense of hacker is becoming more prominent largely because the popular press has co opted the term to refer to individuals who gain unauthorized access to computer systems for the purpose of stealing and corrupting data. Hackers, themselves, maintain that the proper term for such individuals is cracker. Hacker vs. Cracker (cont) Crack- (1) To break into a computer system. The term was coined in the mid-80s by hackers who wanted to differentiate themselves from individuals whose sole purpose is to sneak through security systems. Whereas crackers sole aim is to break into secure systems, hackers are more interested in gaining knowledge about computer systems and possibly using this knowledge for playful pranks. Although hackers still argue that there's a big difference between what they do and what crackers do, the mass media has failed to understand the distinction, so the two terms -hack and crack -- are often used interchangeably. (2) To copy commercial software illegally by breaking (cracking) the various copy-protection and registration techniques being used. Backdoor Also called a trapdoor. An undocumented way of gaining access to a program, online service or an entire computer system. The backdoor is written by the programmer who creates the code for the program. It is often only known by the programmer. A backdoor is a potential security risk. Port Scanning The act of systematically scanning a computer's ports. Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks, but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer. Port Scanning (cont) Types of port scans: vanilla: the scanner attempts to connect to all 65,535 ports strobe: a more focused scan looking only for known services to exploit fragmented packets: the scanner sends packet fragments that get through simple packet filters in a firewall UDP: the scanner looks for open UDP ports sweep: the scanner connects to the same port on more than one machine FTP bounce: the scanner goes through an FTP server in order to disguise the source of the scan stealth scan: the scanner blocks the scanned computer from recording the port scan activities. Sniffer A program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal. On TCP/IP networks, where they sniff packets, they're often called packet sniffers. Smurfing A type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet broadcast address. These are special addresses that broadcast all received messages to the hosts connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the attacker's victim. All the hosts receiving the PING request reply to this victim's address instead of the real sender's address. A single attacker sending hundreds or thousands of these PING messages per second can fill the victim's T-1 (or even T-3) line with ping replies, bring the entire Internet service to its knees. Smurfing falls under the general category of Denial of Service attacks -- security attacks that don't try to steal information, but instead attempt to disable a computer or network. The End