SlideShare a Scribd company logo

Ch03 Network and Computer Attacks

Download as PPT, PDF
P
phanleson

This document discusses types of malicious software and network attacks. It describes viruses, worms, Trojan horses, and their goals of destroying, corrupting or shutting down data and systems. It also covers spyware, adware, denial of service attacks, and physical security vulnerabilities. The document emphasizes educating users to help protect against malware through training, antivirus software, firewalls, and intrusion detection systems.

EducationNews & Politics
1 of 45
Downloaded 136 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Hands-On EthicalHands-On Ethical Hacking and NetworkHacking and Network DefenseDefense Chapter 3Chapter 3 Network and Computer AttacksNetwork and Computer Attacks
2 ObjectivesObjectives Describe the different types of maliciousDescribe the different types of malicious softwaresoftware Describe methods of protecting againstDescribe methods of protecting against malware attacksmalware attacks Describe the types of network attacksDescribe the types of network attacks Identify physical security attacks andIdentify physical security attacks and vulnerabilitiesvulnerabilities
3 Malicious Software (Malware)Malicious Software (Malware) Network attacks prevent a business fromNetwork attacks prevent a business from operatingoperating Malicious software (Malware) includesMalicious software (Malware) includes  VirusVirus  WormsWorms  Trojan horsesTrojan horses GoalsGoals  Destroy dataDestroy data  Corrupt dataCorrupt data  Shutdown a network or systemShutdown a network or system
4 VirusesViruses Virus attaches itself to an executable fileVirus attaches itself to an executable file Can replicate itself through an executableCan replicate itself through an executable programprogram  Needs a host program to replicateNeeds a host program to replicate No foolproof method of preventing themNo foolproof method of preventing them
5 Antivirus SoftwareAntivirus Software Detects and removes virusesDetects and removes viruses Detection based on virus signaturesDetection based on virus signatures Must update signature database periodicallyMust update signature database periodically Use automatic update featureUse automatic update feature
6
7 Base 64 EncodingBase 64 Encoding Used to evade anti-spam tools, and toUsed to evade anti-spam tools, and to obscure passwordsobscure passwords Encodes six bits at a time (0 – 64) with aEncodes six bits at a time (0 – 64) with a single ASCII charactersingle ASCII character  A - Z:A - Z: 0 – 250 – 25  a – z:a – z: 26 – 5126 – 51  1 – 9:1 – 9: 52 – 6152 – 61  + and -+ and - 62 and 6362 and 63 See links Ch 3a, 3bSee links Ch 3a, 3b
8 Viruses (continued)Viruses (continued) Commercial base 64 decodersCommercial base 64 decoders ShellShell  Executable piece of programming codeExecutable piece of programming code  Should not appear in an e-mail attachmentShould not appear in an e-mail attachment
9 Macro VirusesMacro Viruses Virus encoded as a macroVirus encoded as a macro MacroMacro  Lists of commandsLists of commands  Can be used in destructive waysCan be used in destructive ways Example: MelissaExample: Melissa  Appeared in 1999Appeared in 1999  It is very simple – see link Ch 3c for sourceIt is very simple – see link Ch 3c for source codecode
10 Writing VirusesWriting Viruses Even nonprogrammersEven nonprogrammers can create macro virusescan create macro viruses  Instructions posted onInstructions posted on Web sitesWeb sites  Virus creation kits available forVirus creation kits available for download (see link Ch 3d)download (see link Ch 3d) Security professionals can learnSecurity professionals can learn from thinking like attackersfrom thinking like attackers  But don’t create and release a virus!But don’t create and release a virus! People get long prison terms for that.People get long prison terms for that.
11 WormsWorms WormWorm  Replicates and propagates without a hostReplicates and propagates without a host Infamous examplesInfamous examples  Code RedCode Red  NimdaNimda Can infect every computer in the world inCan infect every computer in the world in a short timea short time  At least in theoryAt least in theory
12 ATM Machine WormsATM Machine Worms  Cyberattacks against ATM machinesCyberattacks against ATM machines  Slammer and Nachi wormsSlammer and Nachi worms  Trend produces antivirus for ATM machinesTrend produces antivirus for ATM machines See links Ch 3g, 3h, 3iSee links Ch 3g, 3h, 3i  Nachi was written to clean up damage causedNachi was written to clean up damage caused by the Blaster worm, but it got out of controlby the Blaster worm, but it got out of control See link Ch 3jSee link Ch 3j  Diebold was criticized for using Windows forDiebold was criticized for using Windows for ATM machines, which they also use on votingATM machines, which they also use on voting machinesmachines
13
14
15 Trojan ProgramsTrojan Programs Insidious attack against networksInsidious attack against networks Disguise themselves as useful programsDisguise themselves as useful programs  Hide malicious content in programHide malicious content in program BackdoorsBackdoors RootkitsRootkits  Allow attackers remote accessAllow attackers remote access
16 FirewallsFirewalls Identify traffic on uncommon portsIdentify traffic on uncommon ports Can block this type of attack, if yourCan block this type of attack, if your firewall filters outgoing trafficfirewall filters outgoing traffic  Windows XP SP2’s firewall does not filterWindows XP SP2’s firewall does not filter outgoing trafficoutgoing traffic  Vista’s firewall doesn’t either (by default),Vista’s firewall doesn’t either (by default), according to link Ch 3l and 3maccording to link Ch 3l and 3m Trojan programs can use known ports toTrojan programs can use known ports to get through firewallsget through firewalls  HTTP (TCP 80) or DNS (UDP 53)HTTP (TCP 80) or DNS (UDP 53)
17
18 Trojan DemonstrationTrojan Demonstration Make a file withMake a file with command-line Windowscommand-line Windows commandscommands Save it asSave it as C:Documents and SettingsC:Documents and Settings usernameusernamecmd.batcmd.bat Start, Run, CMD will execute this fileStart, Run, CMD will execute this file instead ofinstead of C:WindowsSystem32Cmd.exeC:WindowsSystem32Cmd.exe
19 Improved TrojanImproved Trojan Resets the administrator passwordResets the administrator password Almost invisible to userAlmost invisible to user Works in Win XP, but not so easy in VistaWorks in Win XP, but not so easy in Vista
20 SpywareSpyware Sends information from the infected computer toSends information from the infected computer to the attackerthe attacker  Confidential financial dataConfidential financial data  PasswordsPasswords  PINsPINs  Any other stored dataAny other stored data Can register each keystroke entered (keylogger)Can register each keystroke entered (keylogger) Prevalent technologyPrevalent technology Educate users about spywareEducate users about spyware
21 Deceptive Dialog BoxDeceptive Dialog Box
22 AdwareAdware Similar to spywareSimilar to spyware  Can be installed without the user being awareCan be installed without the user being aware Sometimes displays a bannerSometimes displays a banner Main goalMain goal  Determine user’s online purchasing habitsDetermine user’s online purchasing habits  Tailored advertisementTailored advertisement Main problemMain problem  Slows down computersSlows down computers
23 Protecting Against MalwareProtecting Against Malware AttacksAttacks Difficult taskDifficult task New viruses, worms, Trojan programsNew viruses, worms, Trojan programs appear dailyappear daily Antivirus programs offer a lot of protectionAntivirus programs offer a lot of protection Educate your users about these types ofEducate your users about these types of attacksattacks
24
25
26 Educating Your UsersEducating Your Users Structural trainingStructural training  Most effective measureMost effective measure  Includes all employees and managementIncludes all employees and management E-mail monthly security updatesE-mail monthly security updates  Simple but effective training methodSimple but effective training method Update virus signature databaseUpdate virus signature database automaticallyautomatically
27 Educating Your UsersEducating Your Users SpyBot and Ad-AwareSpyBot and Ad-Aware  Help protect against spyware and adwareHelp protect against spyware and adware  Windows Defender is excellent tooWindows Defender is excellent too FirewallsFirewalls  Hardware (enterprise solution)Hardware (enterprise solution)  Software (personal solution)Software (personal solution)  Can be combinedCan be combined Intrusion Detection System (IDS)Intrusion Detection System (IDS)  Monitors your network 24/7Monitors your network 24/7
28 FUDFUD Fear, Uncertainty and DoubtFear, Uncertainty and Doubt  Avoid scaring users into complying with securityAvoid scaring users into complying with security measuresmeasures  Sometimes used by unethical security testersSometimes used by unethical security testers  Against the OSSTMM’s Rules of EngagementAgainst the OSSTMM’s Rules of Engagement Promote awareness rather than instillingPromote awareness rather than instilling fearfear  Users should be aware of potential threatsUsers should be aware of potential threats  Build on users’ knowledgeBuild on users’ knowledge
29 Intruder Attacks on NetworksIntruder Attacks on Networks and Computersand Computers AttackAttack  Any attempt by an unauthorized person to access orAny attempt by an unauthorized person to access or use network resourcesuse network resources Network securityNetwork security  Security of computers and other devices in a networkSecurity of computers and other devices in a network Computer securityComputer security  Securing a standalone computer--not part of a networkSecuring a standalone computer--not part of a network infrastructureinfrastructure Computer crimeComputer crime  Fastest growing type of crime worldwideFastest growing type of crime worldwide
30 Denial-of-Service AttacksDenial-of-Service Attacks Denial-of-Service (DoS) attackDenial-of-Service (DoS) attack  Prevents legitimate users from accessingPrevents legitimate users from accessing network resourcesnetwork resources  Some forms do not involve computers, likeSome forms do not involve computers, like feeding a paper loop through a fax machinefeeding a paper loop through a fax machine DoS attacks do not attempt to accessDoS attacks do not attempt to access informationinformation  Cripple the networkCripple the network  Make it vulnerable to other type of attacksMake it vulnerable to other type of attacks
31 Testing for DoS VulnerabilitiesTesting for DoS Vulnerabilities Performing an attack yourself is not wisePerforming an attack yourself is not wise  You only need to prove that an attack couldYou only need to prove that an attack could be carried outbe carried out
32 Distributed Denial-of-ServiceDistributed Denial-of-Service AttacksAttacks Attack on a host from multiple servers orAttack on a host from multiple servers or workstationsworkstations Network could be flooded with billions ofNetwork could be flooded with billions of requestsrequests  Loss of bandwidthLoss of bandwidth  Degradation or loss of speedDegradation or loss of speed Often participants are not aware they areOften participants are not aware they are part of the attackpart of the attack  Attacking computers could be controlled usingAttacking computers could be controlled using Trojan programsTrojan programs
33 Buffer Overflow AttacksBuffer Overflow Attacks Vulnerability in poorly written codeVulnerability in poorly written code  Code does not check predefined size of inputCode does not check predefined size of input fieldfield GoalGoal  Fill overflow buffer with executable codeFill overflow buffer with executable code  OS executes this codeOS executes this code  Can elevate attacker’s permission toCan elevate attacker’s permission to Administrator or even KernelAdministrator or even Kernel Programmers need special training toProgrammers need special training to write secure codewrite secure code
34
35
36 Ping of Death AttacksPing of Death Attacks Type of DoS attackType of DoS attack Not as common as during the late 1990sNot as common as during the late 1990s How it worksHow it works  Attacker creates a large ICMP packetAttacker creates a large ICMP packet More than 65,535 bytesMore than 65,535 bytes  Large packet is fragmented at source networkLarge packet is fragmented at source network  Destination network reassembles large packetDestination network reassembles large packet  Destination point cannot handle oversize packet andDestination point cannot handle oversize packet and crashescrashes  Modern systems are protected from this (Link Ch 3n)Modern systems are protected from this (Link Ch 3n)
37 Session HijackingSession Hijacking Enables attacker to join a TCP sessionEnables attacker to join a TCP session Attacker makes both parties think he orAttacker makes both parties think he or she is the other partyshe is the other party
38 Addressing Physical SecurityAddressing Physical Security Protecting a network also requiresProtecting a network also requires physical securityphysical security Inside attacks are more likely than attacksInside attacks are more likely than attacks from outside the companyfrom outside the company
39 KeyloggersKeyloggers Used to capture keystrokes on a computerUsed to capture keystrokes on a computer  HardwareHardware  SoftwareSoftware SoftwareSoftware  Behaves like Trojan programsBehaves like Trojan programs HardwareHardware  Easy to installEasy to install  Goes between the keyboard and the CPUGoes between the keyboard and the CPU  KeyKatcher and KeyGhostKeyKatcher and KeyGhost
40
41
42 Keyloggers (continued)Keyloggers (continued) ProtectionProtection  Software-basedSoftware-based AntivirusAntivirus  Hardware-basedHardware-based Random visual testsRandom visual tests Look for added hardwareLook for added hardware Superglue keyboard connectors inSuperglue keyboard connectors in
43 Behind Locked DoorsBehind Locked Doors Lock up your serversLock up your servers  Physical access means they can hack inPhysical access means they can hack in  Consider Ophcrack – booting to a CD-basedConsider Ophcrack – booting to a CD-based OS will bypass almost any securityOS will bypass almost any security
44 LockpickingLockpicking Average person can pick deadbolt locks inAverage person can pick deadbolt locks in less than five minutesless than five minutes  After only a week or two of practiceAfter only a week or two of practice Experienced hackers can pick deadboltExperienced hackers can pick deadbolt locks in under 30 secondslocks in under 30 seconds Bump keys are even easier (Link Ch 3o)Bump keys are even easier (Link Ch 3o)
45 Card Reader LocksCard Reader Locks Keep a log of whoKeep a log of who enters and leaves theenters and leaves the roomroom Security cards can beSecurity cards can be used instead of keysused instead of keys for better securityfor better security  Image from link Ch 3pImage from link Ch 3p

More Related Content

PPT
Network security and protocols
Online
 
PPTX
Web security
Padam Banthia
 
PPTX
Introduction to IDS & IPS - Part 1
whitehat 'People'
 
PPTX
Intrusion detection and prevention system
Nikhil Raj
 
PDF
Computer Security and Intrusion Detection(IDS/IPS)
LJ PROJECTS
 
PPTX
Network attacks
Manjushree Mashal
 
PDF
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
PPTX
Cyber security
Dr. Kishor Nikam
 
Network security and protocols
Online
 
Web security
Padam Banthia
 
Introduction to IDS & IPS - Part 1
whitehat 'People'
 
Intrusion detection and prevention system
Nikhil Raj
 
Computer Security and Intrusion Detection(IDS/IPS)
LJ PROJECTS
 
Network attacks
Manjushree Mashal
 
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
Cyber security
Dr. Kishor Nikam
 

What's hot (20)

PPT
Web security ppt sniper corporation
sharmaakash1881
 
PPTX
Introduction to Cloud Security
Legal Services National Technology Assistance Project (LSNTAP)
 
PPTX
Logging, monitoring and auditing
Piyush Jain
 
PPTX
CYBER SECURITY
Vaishak Chandran
 
PPTX
Cross Site Scripting ( XSS)
Amit Tyagi
 
PPTX
CYBER SECURITY
Mohammad Shakirul islam
 
PPS
Security testing
Tabăra de Testare
 
PPT
Introduction to Cyber Security
Stephen Lahanas
 
PDF
Access Control Presentation
Wajahat Rajab
 
PDF
Cyber Security and Cloud Computing
Keet Sugathadasa
 
PPTX
Man in The Middle Attack
Deepak Upadhyay
 
PPTX
DDoS - Distributed Denial of Service
Er. Shiva K. Shrestha
 
PPT
DDOS Attack
Ahmed Salama
 
PPTX
Malware Classification and Analysis
Prashant Chopra
 
PPTX
Introduction to Cyber Security
Priyanshu Ratnakar
 
PPT
Web Security
Bharath Manoharan
 
PPTX
Network security
Estiak Khan
 
PPTX
DDoS ATTACKS
Anil Antony
 
PPT
DDoS Attacks
Jignesh Patel
 
PPTX
Network security and viruses
Aamlan Saswat Mishra
 
Web security ppt sniper corporation
sharmaakash1881
 
Introduction to Cloud Security
Legal Services National Technology Assistance Project (LSNTAP)
 
Logging, monitoring and auditing
Piyush Jain
 
CYBER SECURITY
Vaishak Chandran
 
Cross Site Scripting ( XSS)
Amit Tyagi
 
CYBER SECURITY
Mohammad Shakirul islam
 
Security testing
Tabăra de Testare
 
Introduction to Cyber Security
Stephen Lahanas
 
Access Control Presentation
Wajahat Rajab
 
Cyber Security and Cloud Computing
Keet Sugathadasa
 
Man in The Middle Attack
Deepak Upadhyay
 
DDoS - Distributed Denial of Service
Er. Shiva K. Shrestha
 
DDOS Attack
Ahmed Salama
 
Malware Classification and Analysis
Prashant Chopra
 
Introduction to Cyber Security
Priyanshu Ratnakar
 
Web Security
Bharath Manoharan
 
Network security
Estiak Khan
 
DDoS ATTACKS
Anil Antony
 
DDoS Attacks
Jignesh Patel
 
Network security and viruses
Aamlan Saswat Mishra
 
Ad

Similar to Ch03 Network and Computer Attacks (20)

PPT
Network Attacks
SecurityTube.Net
 
PPT
a documentation of final year SRS for AI drons.ppt
NebiyuTeferaShite
 
PPTX
Lecture 1-2.pptx
RechieJohnRelator
 
PPTX
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Eric Vanderburg
 
PPT
list of Deception as well as detection techniques for maleware
AJAY VISHKARMA
 
PPTX
Basics of hacking
Ali Asghar Jafari Lari
 
PPT
virus
Vinod siragaon
 
PDF
Lecture #12,#13 : Program and OS Security -Part I
Dr. Ramchandra Mangrulkar
 
PPTX
Computer security threats & prevention
PriSim
 
PPTX
Malware
Anoushka Srivastava
 
PPTX
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
 
PDF
Form4 cd2
smktsj2
 
PPTX
Dickmaster
DickMaster1
 
PDF
Identifying, Monitoring, and Reporting Malware
Teodoro Cipresso
 
PPTX
Spyware presentation by mangesh wadibhasme
Mangesh wadibhasme
 
PPT
Lecture 5
Education
 
PDF
IJSRED-V2I3P69
IJSRED
 
PPTX
Data security
Soumen Mondal
 
PPT
easttom_ppt_05_final fundamentals (1).ppt
haasinivijay
 
PPT
fundamental of security.is there any security problems..2024.ppt
halosidiq1
 
Network Attacks
SecurityTube.Net
 
a documentation of final year SRS for AI drons.ppt
NebiyuTeferaShite
 
Lecture 1-2.pptx
RechieJohnRelator
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Eric Vanderburg
 
list of Deception as well as detection techniques for maleware
AJAY VISHKARMA
 
Basics of hacking
Ali Asghar Jafari Lari
 
virus
Vinod siragaon
 
Lecture #12,#13 : Program and OS Security -Part I
Dr. Ramchandra Mangrulkar
 
Computer security threats & prevention
PriSim
 
Malware
Anoushka Srivastava
 
(Training) Malware - To the Realm of Malicious Code
Satria Ady Pradana
 
Form4 cd2
smktsj2
 
Dickmaster
DickMaster1
 
Identifying, Monitoring, and Reporting Malware
Teodoro Cipresso
 
Spyware presentation by mangesh wadibhasme
Mangesh wadibhasme
 
Lecture 5
Education
 
IJSRED-V2I3P69
IJSRED
 
Data security
Soumen Mondal
 
easttom_ppt_05_final fundamentals (1).ppt
haasinivijay
 
fundamental of security.is there any security problems..2024.ppt
halosidiq1
 
Ad

More from phanleson (20)

PDF
Learning spark ch01 - Introduction to Data Analysis with Spark
phanleson
 
PPT
Firewall - Network Defense in Depth Firewalls
phanleson
 
PPT
Mobile Security - Wireless hacking
phanleson
 
PPT
Authentication in wireless - Security in Wireless Protocols
phanleson
 
PPT
E-Commerce Security - Application attacks - Server Attacks
phanleson
 
PPT
Hacking web applications
phanleson
 
PPTX
HBase In Action - Chapter 04: HBase table design
phanleson
 
PPT
HBase In Action - Chapter 10 - Operations
phanleson
 
PPT
Hbase in action - Chapter 09: Deploying HBase
phanleson
 
PPTX
Learning spark ch11 - Machine Learning with MLlib
phanleson
 
PPTX
Learning spark ch10 - Spark Streaming
phanleson
 
PPTX
Learning spark ch09 - Spark SQL
phanleson
 
PPT
Learning spark ch07 - Running on a Cluster
phanleson
 
PPTX
Learning spark ch06 - Advanced Spark Programming
phanleson
 
PPTX
Learning spark ch05 - Loading and Saving Your Data
phanleson
 
PPTX
Learning spark ch04 - Working with Key/Value Pairs
phanleson
 
PPTX
Learning spark ch01 - Introduction to Data Analysis with Spark
phanleson
 
PPT
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
phanleson
 
PPT
Lecture 1 - Getting to know XML
phanleson
 
PPTX
Lecture 4 - Adding XTHML for the Web
phanleson
 
Learning spark ch01 - Introduction to Data Analysis with Spark
phanleson
 
Firewall - Network Defense in Depth Firewalls
phanleson
 
Mobile Security - Wireless hacking
phanleson
 
Authentication in wireless - Security in Wireless Protocols
phanleson
 
E-Commerce Security - Application attacks - Server Attacks
phanleson
 
Hacking web applications
phanleson
 
HBase In Action - Chapter 04: HBase table design
phanleson
 
HBase In Action - Chapter 10 - Operations
phanleson
 
Hbase in action - Chapter 09: Deploying HBase
phanleson
 
Learning spark ch11 - Machine Learning with MLlib
phanleson
 
Learning spark ch10 - Spark Streaming
phanleson
 
Learning spark ch09 - Spark SQL
phanleson
 
Learning spark ch07 - Running on a Cluster
phanleson
 
Learning spark ch06 - Advanced Spark Programming
phanleson
 
Learning spark ch05 - Loading and Saving Your Data
phanleson
 
Learning spark ch04 - Working with Key/Value Pairs
phanleson
 
Learning spark ch01 - Introduction to Data Analysis with Spark
phanleson
 
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
phanleson
 
Lecture 1 - Getting to know XML
phanleson
 
Lecture 4 - Adding XTHML for the Web
phanleson
 

Recently uploaded (20)

PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PPTX
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 

Ch03 Network and Computer Attacks

  • 1. Hands-On EthicalHands-On Ethical Hacking and NetworkHacking and Network DefenseDefense Chapter 3Chapter 3 Network and Computer AttacksNetwork and Computer Attacks
  • 2. 2 ObjectivesObjectives Describe the different types of maliciousDescribe the different types of malicious softwaresoftware Describe methods of protecting againstDescribe methods of protecting against malware attacksmalware attacks Describe the types of network attacksDescribe the types of network attacks Identify physical security attacks andIdentify physical security attacks and vulnerabilitiesvulnerabilities
  • 3. 3 Malicious Software (Malware)Malicious Software (Malware) Network attacks prevent a business fromNetwork attacks prevent a business from operatingoperating Malicious software (Malware) includesMalicious software (Malware) includes  VirusVirus  WormsWorms  Trojan horsesTrojan horses GoalsGoals  Destroy dataDestroy data  Corrupt dataCorrupt data  Shutdown a network or systemShutdown a network or system
  • 4. 4 VirusesViruses Virus attaches itself to an executable fileVirus attaches itself to an executable file Can replicate itself through an executableCan replicate itself through an executable programprogram  Needs a host program to replicateNeeds a host program to replicate No foolproof method of preventing themNo foolproof method of preventing them
  • 5. 5 Antivirus SoftwareAntivirus Software Detects and removes virusesDetects and removes viruses Detection based on virus signaturesDetection based on virus signatures Must update signature database periodicallyMust update signature database periodically Use automatic update featureUse automatic update feature
  • 6. 6
  • 7. 7 Base 64 EncodingBase 64 Encoding Used to evade anti-spam tools, and toUsed to evade anti-spam tools, and to obscure passwordsobscure passwords Encodes six bits at a time (0 – 64) with aEncodes six bits at a time (0 – 64) with a single ASCII charactersingle ASCII character  A - Z:A - Z: 0 – 250 – 25  a – z:a – z: 26 – 5126 – 51  1 – 9:1 – 9: 52 – 6152 – 61  + and -+ and - 62 and 6362 and 63 See links Ch 3a, 3bSee links Ch 3a, 3b
  • 8. 8 Viruses (continued)Viruses (continued) Commercial base 64 decodersCommercial base 64 decoders ShellShell  Executable piece of programming codeExecutable piece of programming code  Should not appear in an e-mail attachmentShould not appear in an e-mail attachment
  • 9. 9 Macro VirusesMacro Viruses Virus encoded as a macroVirus encoded as a macro MacroMacro  Lists of commandsLists of commands  Can be used in destructive waysCan be used in destructive ways Example: MelissaExample: Melissa  Appeared in 1999Appeared in 1999  It is very simple – see link Ch 3c for sourceIt is very simple – see link Ch 3c for source codecode
  • 10. 10 Writing VirusesWriting Viruses Even nonprogrammersEven nonprogrammers can create macro virusescan create macro viruses  Instructions posted onInstructions posted on Web sitesWeb sites  Virus creation kits available forVirus creation kits available for download (see link Ch 3d)download (see link Ch 3d) Security professionals can learnSecurity professionals can learn from thinking like attackersfrom thinking like attackers  But don’t create and release a virus!But don’t create and release a virus! People get long prison terms for that.People get long prison terms for that.
  • 11. 11 WormsWorms WormWorm  Replicates and propagates without a hostReplicates and propagates without a host Infamous examplesInfamous examples  Code RedCode Red  NimdaNimda Can infect every computer in the world inCan infect every computer in the world in a short timea short time  At least in theoryAt least in theory
  • 12. 12 ATM Machine WormsATM Machine Worms  Cyberattacks against ATM machinesCyberattacks against ATM machines  Slammer and Nachi wormsSlammer and Nachi worms  Trend produces antivirus for ATM machinesTrend produces antivirus for ATM machines See links Ch 3g, 3h, 3iSee links Ch 3g, 3h, 3i  Nachi was written to clean up damage causedNachi was written to clean up damage caused by the Blaster worm, but it got out of controlby the Blaster worm, but it got out of control See link Ch 3jSee link Ch 3j  Diebold was criticized for using Windows forDiebold was criticized for using Windows for ATM machines, which they also use on votingATM machines, which they also use on voting machinesmachines
  • 13. 13
  • 14. 14
  • 15. 15 Trojan ProgramsTrojan Programs Insidious attack against networksInsidious attack against networks Disguise themselves as useful programsDisguise themselves as useful programs  Hide malicious content in programHide malicious content in program BackdoorsBackdoors RootkitsRootkits  Allow attackers remote accessAllow attackers remote access
  • 16. 16 FirewallsFirewalls Identify traffic on uncommon portsIdentify traffic on uncommon ports Can block this type of attack, if yourCan block this type of attack, if your firewall filters outgoing trafficfirewall filters outgoing traffic  Windows XP SP2’s firewall does not filterWindows XP SP2’s firewall does not filter outgoing trafficoutgoing traffic  Vista’s firewall doesn’t either (by default),Vista’s firewall doesn’t either (by default), according to link Ch 3l and 3maccording to link Ch 3l and 3m Trojan programs can use known ports toTrojan programs can use known ports to get through firewallsget through firewalls  HTTP (TCP 80) or DNS (UDP 53)HTTP (TCP 80) or DNS (UDP 53)
  • 17. 17
  • 18. 18 Trojan DemonstrationTrojan Demonstration Make a file withMake a file with command-line Windowscommand-line Windows commandscommands Save it asSave it as C:Documents and SettingsC:Documents and Settings usernameusernamecmd.batcmd.bat Start, Run, CMD will execute this fileStart, Run, CMD will execute this file instead ofinstead of C:WindowsSystem32Cmd.exeC:WindowsSystem32Cmd.exe
  • 19. 19 Improved TrojanImproved Trojan Resets the administrator passwordResets the administrator password Almost invisible to userAlmost invisible to user Works in Win XP, but not so easy in VistaWorks in Win XP, but not so easy in Vista
  • 20. 20 SpywareSpyware Sends information from the infected computer toSends information from the infected computer to the attackerthe attacker  Confidential financial dataConfidential financial data  PasswordsPasswords  PINsPINs  Any other stored dataAny other stored data Can register each keystroke entered (keylogger)Can register each keystroke entered (keylogger) Prevalent technologyPrevalent technology Educate users about spywareEducate users about spyware
  • 22. 22 AdwareAdware Similar to spywareSimilar to spyware  Can be installed without the user being awareCan be installed without the user being aware Sometimes displays a bannerSometimes displays a banner Main goalMain goal  Determine user’s online purchasing habitsDetermine user’s online purchasing habits  Tailored advertisementTailored advertisement Main problemMain problem  Slows down computersSlows down computers
  • 23. 23 Protecting Against MalwareProtecting Against Malware AttacksAttacks Difficult taskDifficult task New viruses, worms, Trojan programsNew viruses, worms, Trojan programs appear dailyappear daily Antivirus programs offer a lot of protectionAntivirus programs offer a lot of protection Educate your users about these types ofEducate your users about these types of attacksattacks
  • 24. 24
  • 25. 25
  • 26. 26 Educating Your UsersEducating Your Users Structural trainingStructural training  Most effective measureMost effective measure  Includes all employees and managementIncludes all employees and management E-mail monthly security updatesE-mail monthly security updates  Simple but effective training methodSimple but effective training method Update virus signature databaseUpdate virus signature database automaticallyautomatically
  • 27. 27 Educating Your UsersEducating Your Users SpyBot and Ad-AwareSpyBot and Ad-Aware  Help protect against spyware and adwareHelp protect against spyware and adware  Windows Defender is excellent tooWindows Defender is excellent too FirewallsFirewalls  Hardware (enterprise solution)Hardware (enterprise solution)  Software (personal solution)Software (personal solution)  Can be combinedCan be combined Intrusion Detection System (IDS)Intrusion Detection System (IDS)  Monitors your network 24/7Monitors your network 24/7
  • 28. 28 FUDFUD Fear, Uncertainty and DoubtFear, Uncertainty and Doubt  Avoid scaring users into complying with securityAvoid scaring users into complying with security measuresmeasures  Sometimes used by unethical security testersSometimes used by unethical security testers  Against the OSSTMM’s Rules of EngagementAgainst the OSSTMM’s Rules of Engagement Promote awareness rather than instillingPromote awareness rather than instilling fearfear  Users should be aware of potential threatsUsers should be aware of potential threats  Build on users’ knowledgeBuild on users’ knowledge
  • 29. 29 Intruder Attacks on NetworksIntruder Attacks on Networks and Computersand Computers AttackAttack  Any attempt by an unauthorized person to access orAny attempt by an unauthorized person to access or use network resourcesuse network resources Network securityNetwork security  Security of computers and other devices in a networkSecurity of computers and other devices in a network Computer securityComputer security  Securing a standalone computer--not part of a networkSecuring a standalone computer--not part of a network infrastructureinfrastructure Computer crimeComputer crime  Fastest growing type of crime worldwideFastest growing type of crime worldwide
  • 30. 30 Denial-of-Service AttacksDenial-of-Service Attacks Denial-of-Service (DoS) attackDenial-of-Service (DoS) attack  Prevents legitimate users from accessingPrevents legitimate users from accessing network resourcesnetwork resources  Some forms do not involve computers, likeSome forms do not involve computers, like feeding a paper loop through a fax machinefeeding a paper loop through a fax machine DoS attacks do not attempt to accessDoS attacks do not attempt to access informationinformation  Cripple the networkCripple the network  Make it vulnerable to other type of attacksMake it vulnerable to other type of attacks
  • 31. 31 Testing for DoS VulnerabilitiesTesting for DoS Vulnerabilities Performing an attack yourself is not wisePerforming an attack yourself is not wise  You only need to prove that an attack couldYou only need to prove that an attack could be carried outbe carried out
  • 32. 32 Distributed Denial-of-ServiceDistributed Denial-of-Service AttacksAttacks Attack on a host from multiple servers orAttack on a host from multiple servers or workstationsworkstations Network could be flooded with billions ofNetwork could be flooded with billions of requestsrequests  Loss of bandwidthLoss of bandwidth  Degradation or loss of speedDegradation or loss of speed Often participants are not aware they areOften participants are not aware they are part of the attackpart of the attack  Attacking computers could be controlled usingAttacking computers could be controlled using Trojan programsTrojan programs
  • 33. 33 Buffer Overflow AttacksBuffer Overflow Attacks Vulnerability in poorly written codeVulnerability in poorly written code  Code does not check predefined size of inputCode does not check predefined size of input fieldfield GoalGoal  Fill overflow buffer with executable codeFill overflow buffer with executable code  OS executes this codeOS executes this code  Can elevate attacker’s permission toCan elevate attacker’s permission to Administrator or even KernelAdministrator or even Kernel Programmers need special training toProgrammers need special training to write secure codewrite secure code
  • 34. 34
  • 35. 35
  • 36. 36 Ping of Death AttacksPing of Death Attacks Type of DoS attackType of DoS attack Not as common as during the late 1990sNot as common as during the late 1990s How it worksHow it works  Attacker creates a large ICMP packetAttacker creates a large ICMP packet More than 65,535 bytesMore than 65,535 bytes  Large packet is fragmented at source networkLarge packet is fragmented at source network  Destination network reassembles large packetDestination network reassembles large packet  Destination point cannot handle oversize packet andDestination point cannot handle oversize packet and crashescrashes  Modern systems are protected from this (Link Ch 3n)Modern systems are protected from this (Link Ch 3n)
  • 37. 37 Session HijackingSession Hijacking Enables attacker to join a TCP sessionEnables attacker to join a TCP session Attacker makes both parties think he orAttacker makes both parties think he or she is the other partyshe is the other party
  • 38. 38 Addressing Physical SecurityAddressing Physical Security Protecting a network also requiresProtecting a network also requires physical securityphysical security Inside attacks are more likely than attacksInside attacks are more likely than attacks from outside the companyfrom outside the company
  • 39. 39 KeyloggersKeyloggers Used to capture keystrokes on a computerUsed to capture keystrokes on a computer  HardwareHardware  SoftwareSoftware SoftwareSoftware  Behaves like Trojan programsBehaves like Trojan programs HardwareHardware  Easy to installEasy to install  Goes between the keyboard and the CPUGoes between the keyboard and the CPU  KeyKatcher and KeyGhostKeyKatcher and KeyGhost
  • 40. 40
  • 41. 41
  • 42. 42 Keyloggers (continued)Keyloggers (continued) ProtectionProtection  Software-basedSoftware-based AntivirusAntivirus  Hardware-basedHardware-based Random visual testsRandom visual tests Look for added hardwareLook for added hardware Superglue keyboard connectors inSuperglue keyboard connectors in
  • 43. 43 Behind Locked DoorsBehind Locked Doors Lock up your serversLock up your servers  Physical access means they can hack inPhysical access means they can hack in  Consider Ophcrack – booting to a CD-basedConsider Ophcrack – booting to a CD-based OS will bypass almost any securityOS will bypass almost any security
  • 44. 44 LockpickingLockpicking Average person can pick deadbolt locks inAverage person can pick deadbolt locks in less than five minutesless than five minutes  After only a week or two of practiceAfter only a week or two of practice Experienced hackers can pick deadboltExperienced hackers can pick deadbolt locks in under 30 secondslocks in under 30 seconds Bump keys are even easier (Link Ch 3o)Bump keys are even easier (Link Ch 3o)
  • 45. 45 Card Reader LocksCard Reader Locks Keep a log of whoKeep a log of who enters and leaves theenters and leaves the roomroom Security cards can beSecurity cards can be used instead of keysused instead of keys for better securityfor better security  Image from link Ch 3pImage from link Ch 3p