* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Intrusion Detection Systems
Survey
Document related concepts
Cyber-security regulation wikipedia , lookup
Cross-site scripting wikipedia , lookup
Cryptography wikipedia , lookup
Address space layout randomization wikipedia , lookup
Distributed firewall wikipedia , lookup
Cyberwarfare wikipedia , lookup
Wireless security wikipedia , lookup
Computer security wikipedia , lookup
Cryptanalysis wikipedia , lookup
Cyberattack wikipedia , lookup
Operation Payback wikipedia , lookup
Mobile security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
Methods of Attack NJ-CISSP Attack An assault on system security that derives from an intelligent threat, i.e., an intelligent act that is a deliberate attempt (especially in the sense of a method or technique) to evade security services and violate the security policy of a system. RFC 2828, May 2000 Attacks Target Secure Computing Properties Confidentiality The property that information is not made available or disclosed to unauthorized individuals, entities, or processes. Integrity The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner. Availability The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system; i.e., a system is available if it provides services according to the system design whenever users request them. Attack Phases PHASE 1 - INFORMATION GATHERING First phase tools (Ping sweeps, Port scans, Social Engineering) PHASE 2 - GAINING ACCESS Second phase techniques (exploit of software bugs, buffer overflow exploit, FTP bugs) PHASE 3 - DENYING SERVICES Third phase attacks (Syn Flood, Ping of death, Teardrop Attack) PHASE 4 - EVADE DETECTION Brute Force A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one. For example, for ciphertext where the analyst already knows the decryption algorithm, a brute force technique to finding the original plaintext is to decrypt the message with every possible key. Brute Force Passwords More successful against weak passwords Encryption - DES Obtain sample plaintext-ciphertext pair Test each possible key in turn Would take thousands of years, unless done in parallel. (20 hours by 1990) Pop service (110) success Did not have their login failures logged The key to a successful brute force attack is to select a target that has a high degree of success and a small chance of being logged. Dictionary An attack that uses a brute-force technique of successively trying all the words in some large, exhaustive list. For example, an attack on an authentication service by trying all possible passwords; or an attack on encryption by encrypting some known plaintext phrase with all possible keys so that the key for any given encrypted message containing that phrase may be obtained by lookup. RFC 2828, May 2000 Denial of Service Denial Of Service (DOS) attacks attempt to slow or shut down targeted network systems or services. There are two main types of DOS attacks: flaw exploitation and flooding. Denial of Service Flaw exploitation DOS Attacks Flaw exploitation attacks exploit a flaw in the target system’s software in order to cause a processing failure or to cause it to exhaust system resources. Flooding DOS Attacks Flooding attacks simply send a system or system component more information than it can handle. In cases where the attacker cannot send a system sufficient information to overwhelm its processing capacity, the attacker may nonetheless be able to monopolize the network connection to the target, thereby denying anyone else use of the resource. Distributed Denial of Service DDOS attacks are a subset of DOS DDOS attacks are simply flooding DOS attacks where the hacker uses multiple computers to launch the attack. These attacking computers are centrally controlled by the hacker’s computer and thus act as a single immense attack system. Spamming Attacks are a subset of DOS A spammer uses your email system as a spam relay. Your system becomes the host and then tries to deliver all messages. While your email server is spending time processing the spam mail, it is prevented from handling legitimate mail for your domain. Spoofing In a spoofing attack, the intruder sends messages to a computer indicating that the message has come from a trusted system. To be successful, the intruder must first determine the IP address of a trusted system, and then modify the packet headers to that it appears that the packets are coming from the trusted system http://www.sans.org/infosecFAQ/threats/intro_spoofing.htm Spoofing IP spoofing - IP spoofing involves forging one's source IP address. It is the act of using one machine to impersonate another. Many applications and tools in UNIX systems rely on source IP address authentication. ARP spoofing - ARP spoofing involves forging packet source hardware address (MAC address) to the address of the host you pretend to be. Man-in-the-middle The "Man In The Middle" or "TCP Hijacking" attack is a well known attack where an attacker sniffs packets from network, modifies them and inserts them back into the network. There are few programs/source codes available for doing a TCP hijack. Juggernaut, T-Sight and Hunt are some these programs. http://www.sans.org/infosecFAQ/threats/middle.htm Sniffers Packet sniffers A software application that uses a network adapter card in promiscuous mode to capture all network packets that are sent across a LAN. Captures plain text user account names, passwords, etc. Can also interject new information or change existing information. Crackers Someone who tries to break the security of, and gain access to, someone else's system without being invited to do so. Countermeasures Adequate Security Controls Documentation Policy, Standards, Processes Equipment IDS, Firewall, Network Map Personnel Auditing, Monitoring, Configuring, etc Education CISSP Certified Staff Questions? Ask Jeanette!