1 / 71

Identifying Potential Risks

Identifying Potential Risks. Contents. Differentiate among various systems’ security threats: Privilege escalation Virus Worm Trojan Spyware Spam Adware Rootkits Botnets Logic bomb. Contents. Implement security applications .

fferguson
Download Presentation

Identifying Potential Risks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identifying Potential Risks

  2. Contents • Differentiate among various systems’ security threats: • Privilege escalation • Virus • Worm • Trojan • Spyware • Spam • Adware • Rootkits • Botnets • Logic bomb

  3. Contents • Implement security applications. • Differentiate between the different ports and protocols, their respective threats and mitigation techniques. • Antiquated protocols • TCP/IP hijacking • Null sessions • Spoofing • Man-in-the-middle • Replay • DoS • DDoS • Domain Name Kiting • DNS poisoning

  4. Contents • Explain the vulnerabilities and mitigations associated with network devices. • Privilege escalation • Weak passwords • Back doors • DoS • Carry out vulnerability assessments using common tools. • Vulnerability scanners • Password crackers

  5. Index • Attack Strategies • Recognizing Common Attacks • Identifying TCP/IP Security Concerns • Understanding Software Exploitation • Surviving Malicious Code • Other Attacks and Frauds

  6. Attack Strategies • Access attack, someone who should not be able to wants to access your resources. Its purpose is to gain access to information that the attacker isn’t authorized to have • Modification and repudiation attack, someone wants to modify information in your systems • Denial-of-service (DoS) attack

  7. Access Attack Types • Eavesdropping • Eavesdropping is the process of listening in on or overhearing parts of a conversation, including listening in on your network traffic • This type of attack is generally passive • Snooping • Occurs when someone looks through your files hoping to find something interesting • The files may be either electronic or on paper

  8. Access Attack Types • Interception can be either an active or a passive process • Intercept (v): to stop something or someone that is going from one place to another before they get there • In a networked environment, a passive interception would involve someone who routinely monitors network traffic. • Active interception might include putting a computer system between the sender and receiver to capture information as it’s sent. The process is usually covert. • Intercept missions can occur for years without the knowledge of the parties being monitored.

  9. Modification & Repudiation Attacks • Modification attacks involve the deletion, insertion, or alteration of information in an unauthorized manner that is intended to appear genuine to the user • They’re similar to access attacks in that the attacker must first get to the data on the servers, but they differ from that point on. • The motivation for this type of attack may be to plant information, change grades in a class, fraudulently alter credit card records, or something similar. • Website defacements are a common form of modification attack.

  10. Modification & Repudiation Attacks • Repudiation attack is a variation of modification attacks • repudiate / rɪpjudieɪt / • to refuse to accept or continue with something • to state or show that something is not true or correct • Repudiation attacks make data or information appear to be invalid or misleading. • Repudiation attacks are fairly easy to accomplish because most e-mail systems don’t check outbound mail for validity. • Repudiation attacks, like modification attacks, usually begin as access attacks.

  11. DoSAttacks • Denial-of-Service • DoS attacks prevent access to resources by users authorized to use those resources • Most simple DoS attacks occur from a single system • Types of DoS attacks: • ping of death • buffer overflow

  12. DoSAttacks

  13. Wireless DoS • Requires a powerful transmitter

  14. An Easier Wireless DoS

  15. DDoS Attacks • Distributed Denial-of-Service Attacks • Multiple computer systems used to conduct the attack • Zombies • Botnet: the malicious software running on a zombie

  16. DDoS Attacks

  17. DDoS Attacks • How to face with Denial attacks?

  18. Index • Attack Strategies • Recognizing Common Attacks • Identifying TCP/IP Security Concerns • Understanding Software Exploitation • Surviving Malicious Code • Other Attacks and Frauds

  19. Back Door Attacks • Back doors?

  20. Spoofing Attacks • A spoofing attack is an attempt by someone or something to masquerade as someone else. • IP spoofing and DNS spoofing

  21. Man-in-the-Middle Attacks • This type of attack is also an access attack, but it can be used as the starting point for a modification attack • Places a piece of software between a server and the user.

  22. Replay Attacks • The attacker captures the information and replay it later. • The information can be username, passwords, certificates from authentication systems such as Kerboros.

  23. Wall of Sheep Captured passwords projected on the wall at DEFCON

  24. Replay Attacks • Solutions: Certificates usually contain a unique session identifier and a time stamp.

  25. Sidejacking • Records cookies and replays them • This technique breaks into Gmail accounts • Technical name: Cross Site Request Forgery • Almost all social networking sites are vulnerable to this attack • Facebook, MySpace, Yahoo, etc.

  26. Password-Guessing Attacks • Brute-force attack. • Dictionary attack • Hybrids: mixing the two above techniques

  27. Privilege Escalation • Privilege escalation can be the result of an error on an administrator’s part in assigning too high a permission set to a user, but it’s more often associated with bugs left in software. • Cheat codes in video games.

  28. Index • Attack Strategies • Recognizing Common Attacks • Identifying TCP/IP Security Concerns • Understanding Software Exploitation • Surviving Malicious Code • Other Attacks and Frauds

  29. OSI vs TCP/IP

  30. TCP/IP model • Network Access = OSI layers 1 & 2, defines LAN communication, what do I mean by that? • Network = OSI layer 3 – defines addressing and routing • Transport/Host to Host = OSI layer 4, 5 – defines a communication session between two applications on one or two hosts • Application = OSI layers 6,7 the application data that is being sent across a network

  31. Network Access Layer • Maps to Layer 1 and 2 of the OSI model • The Level that a Network Interface Card Works on • Source and Destination MAC addresses are used defining communications endpoints • Protocols include • Ethernet • Token Ring • FDDI

  32. Network Layer • Routing, IP addressing, and packaging • Internet Protocol (IP) is a routable protocol, and it’s responsible for: • IP addressing. • fragments and reassembles message packets • only routes information; doesn’t verify it for accuracy(Accuracy checking is the responsibility of TCP)

  33. Host-to-Host or Transport Layer • Maps to layer 4 and 5 of the OSI model • Concerned with establishing sessions between two applications • Source and destination endpoints are defined by port numbers • The two transport protocols in TCP/IP are TCP and UDP

  34. TCP – Transmission Control Protocol • Connection oriented “guaranteed” delivery. • Advantages • Easier to program with • Truly implements a “session” • Adds security • Disadvantages • More overhead / slower

  35. UDP - User Datagram Protocol • Connectionless, non-guaranteed delivery (best effort) • Advantages • Fast / low overhead • Disadvantages • Harder to program with • No true sessions • Less security • A pain to firewall (due to no connections)

  36. Application Layer • Most programs, such as web browsers, interface with TCP/IP at this level • Protocols: • Hypertext Transfer Protocol (HTTP) • File Transfer Protocol (FTP) • Simple Mail Transfer Protocol (SMTP) • Telnet • Domain Name Service (DNS) • Routing Information Protocol (RIP) • Post Office Protocol (POP3)

  37. Encapsulation • Encapsulate • to express or show something in a short way • to completely cover something with something else, especially in order to prevent a substance getting out

  38. Modulation – Điều chế • To change data from a form to another • AM (Amplitude Modulation) • FM (Frequency Modulation) • PM (Phase Modulation) • Keying methods • Current State Keying • ASK • FSK • State Transition Keying • Phase Shift Keying (PSK) • Modulation and Demodulation • Used in modems and in transfering data units among OSI layers

  39. Recognizing TCP/IP Attacks • Port Mirroring • Sniffing the Network • TCP Attacks

  40. Port Mirroring

  41. Sniffers • A device that captures and displays network traffic

  42. TCP SYN or TCP ACK Flood Attack • The client and server exchange information in TCP packets • The TCP client sends an ACK packet to the server • ACK packets tell the server that a connection is requested • Server responds with an ACK packet • The TCP Client sends another packet to open the connection • Instead of opening the connection, the TCP client continues to send ACK packet to the server.

  43. TCP SYN or TCP ACK Flood Attack

  44. TCP Sequence Number Attack • TCP sequence number attacks occur when an attacker takes control of one end of a TCP session • Each time a TCP message is sent, either the client or the server generates a sequence number • The attacker intercepts and then responds with a sequence number similar to the one used in the original session • Disrupt or hijack a valid session

  45. Wireless Attacks • Rogue access points • Rogue: not behaving in the usual or accepted way and often causing trouble • Employees often set up home wireless routers for convenience at work • This allows attackers to bypass all of the network security and opens the entire network and all users to direct attacks • An attacker who can access the network through a rogue access point is behind the company's firewall • Can directly attack all devices on the network

  46. Wireless Attacks

  47. Wireless Attacks • War driving • Beaconing • At regular intervals, a wireless AP sends a beacon frame to announce its presence and to provide the necessary information for devices that want to join the network • Scanning • Each wireless device looks for those beacon frames • Unapproved wireless devices can likewise pick up the beaconing RF transmission • Formally known as wireless location mapping

  48. Wireless Attacks • Bluetooth • A wireless technology that uses short-range RF transmissions • Provides for rapid “on the fly” and ad hoc connections between devices • Bluesnarfing • Stealing data through a Bluetooth connection • E-mails, calendars, contact lists, and cell phone pictures and videos, …

  49. Index • Attack Strategies • Recognizing Common Attacks • Identifying TCP/IP Security Concerns • Understanding Software Exploitation • Surviving Malicious Code • Other Attacks and Frauds

  50. Software Exploitations • Database exploitation • If a client session can be hijacked or spoofed, the attacker can formulate queries against the database that disclose unauthorized information. • Application exploitation • E-mail exploitation • Spyware • Rather than self-replicating, like viruses and worms, spyware is spread to machines by users who inadvertently ask for it • Rootkits • Enables continued privileged access to a computer, while actively hiding its presence from administrators by subverting standard operating system functionality or other applications

More Related