Web Security Mike O'Leary Towson University. Talk Outline Malware Viruses, Worms, Trojan Horses Phishing Spoofing IP Address, , Web Web Attacks Session.

Slides:



Advertisements
Similar presentations
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Advertisements

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Thank you to IT Training at Indiana University Computer Malware.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Computer Viruses.
Introduction to Security Computer Networks Computer Networks Term B10.
Threats To A Computer Network
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Computer Viruses and Worms Dragan Lojpur Zhu Fang.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Unit 2 - Hardware Computer Security.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
IT internet security. The Internet The Internet - a physical collection of many networks worldwide which is referred to in two ways: The internet (lowercase.
Types of Electronic Infection
Web Spoofing Steve Newell Mike Falcon Computer Security CIS 4360.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.
Topic 5: Basic Security.
Malicious Software.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Understand Malware LESSON Security Fundamentals.
Types of Computer Malware. The first macro virus was written for Microsoft Word and was discovered in August Today, there are thousands of macro.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
DEVICE MANAGEMENT AND SECURITY NTM 1700/1702. LEARNING OUTCOMES 1. Students will manipulate multiple platforms and troubleshoot problems when they arise.
Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
Protecting Servers and Clients
Chapter 40 Internet Security.
Viruses & Destructive Programs
What they are and how to protect against them
Malware and Computer Maintenance
IT Security  .
Instructor Materials Chapter 7 Network Security
ISYM 540 Current Topics in Information System Management
Various Types of Malware
computer virus infection & symptoms
Protect Your Computer Against Harmful Attacks!
Chapter 12: Social Implications of IT
Computer Technology Notes 5
Protecting Servers and Clients
Chap 10 Malicious Software.
UNIT 18 Data Security 1.
CHAPTER 2: OPERATING SYSTEMS (Part 2) COMPUTER SKILLS.
Malware CJ
HOW DO I KEEP MY COMPUTER SAFE?
Lecture 3: Secure Network Architecture
Chap 10 Malicious Software.
How to keep the bad guys out and your data safe
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems
Test 3 review FTP & Cybersecurity
Presentation transcript:

Web Security Mike O'Leary Towson University

Talk Outline Malware Viruses, Worms, Trojan Horses Phishing Spoofing IP Address, , Web Web Attacks Session attacks, Cross Site Scripting

Malware Virus A program that attaches itself to the operating system, a program, or a file that enables it to move from one computer to another. Worm A program that travels from one machine to another without human interaction.

Malware Trojan Horse A program that purports to do one thing, but in fact does another. Adware, spyware Sony-BMG rootkit

Computer Viruses Three main types of viruses: Boot Sector Executable Macro

Computer Viruses Boot Sector Viruses The boot sector is the first sector of a hard disk or a floppy disk. When the computer is powered on, it looks at the boot sector, then loads and executes the code found there. Boot sector viruses use the boot sector to ensure that they are run before the operating system even loads. Formerly common; few new ones have been made.

Computer Viruses Executable viruses An executable virus inserts itself into a program so that it will be run when the program runs. Different viruses insert their code in different locations; some at the beginning, some in the middle, and some at the end of the infected program. When the virus runs, it will try to infect other programs. Formerly common; now very rare.

Example The Chernobyl Virus First struck in April Virus infects executable files, locating itself in unused portions of the file. On April 26, the virus would attempt to overwrite the victim's hard drive (including the boot sector). In South Korea, as many as 1,000,000 machines were infected; total losses exceeded $250 million. Numerous variants were subsequently released, with various payload dates. It accounted for ~5% of virus infections for It was still the 16 th most common virus infection in 2002.

Example MBP.Kynel Attacks MapInfo tables. MapInfo is a Geographic Information System. The virus is written in the MapBasic language and will start every time MapInfo starts. First found in Not a common virus.

Computer Viruses Macro Viruses These are written in a macro language for an application. The most common macro viruses are for Microsoft Word. First macro viruses were created in These were more common in the late 1990's than currently

Example The Melissa Virus Initially spread via a usenet posting in March First confirmed report- Friday March 26, 1999 By Monday March 29 over 100,000 machines were infected. One site received 32,000 copies of mail messages with the Melissa virus within 45 minutes. Microsoft closed down their systems to contain the virus.

Example Melissa (ctd.) Melissa is a Microsoft Word macro virus. It is activated whenever the document is opened or closed. The macro would copies of itself in Microsoft Word documents to fifty users from the victim's address book. A large number of variants were subsequently created.

Computer Worms Unlike viruses, worms can replicate themselves without human interaction. Types: worms Instant Messaging Worms Internet worms

Computer Worms worms These spread from machine to machine via . Some worms use existing programs to spread; others carry their own program as part of the payload. Some also forge the source of the message, making tracking the virus more difficult. These have become much more common over the past few years.

Example The Sobig worms Sobig.F was the most common. Sobig.F used its own mail server to send out copies of itself to addresses found on the victim. First found on August 18, 2003; the worm disabled itself on September 10, Damage from Sobig.F exceeded $7 billion. One one day during the Sobig.F outbreak, America Online received 31 million messages; of these 11.5 million contained Sobig.F

Example MyDoom First identified in January Spreads via as well as peer-to-peer sharing networks. At its peak, up to 20% of s were infected. Opens a back door to the machine that allows for remote control of the victim's machine. MyDoom.A launched a distributed denial of service attack against SCO. A second variant, called MyDoom.B attacked Microsoft.

Computer Worms Instant Messaging worms. These use features of various instant messaging services (e.g. AOL, Yahoo, MSN) to spread. Comparatively rare, but remain a serious threat.

Computer Worms Network worms These worms spread without messages of any sort.

Computer Worms Blaster Microsoft Windows operating systems use a system of Remote Procedure Calls (RPC). These are programs that listen for network connections on various ports. They are not designed to be disabled. A flaw was discovered in one of these programs. Microsoft issued a patch to fix the flaw, but not all machines were patched before the worm struck.

Computer Worms Blaster (ctd.) Blaster searched for computers still running the flawed program. When the flawed program was found, Blaster would copy itself to the new host. Blaster would then search for additional hosts to attack. Blaster also opened up a back door to the machine, allowing for its remote control. Blaster also began a Denial of Service attack on windowsupdate.com Microsoft changed the name of Windows Update to defend against this attack.

Computer Worms Slammer Targeted machines that were running Microsoft SQL Server. Some other Microsoft software included MS SQL server. The worm only needs to send one packet to a vulnerable host to infect it. Released in January The number of attacks doubled every 8½ seconds. Within 3 minutes, it was scanning 55,000,000 hosts per second. The flood of traffic knocked out 5 of the 13 root name servers for the Internet.

Trojan Horses A Trojan horse is a program that purports to do one thing, but in fact does another. Keyloggers Back doors Adware Spyware

Example I Love You Trojan Horse A Visual Basic Script When the message is opened, the script runs. It sends itself to everyone in the victim's address book. It overwrites VB scripts on local and network drives with copies of itself. It deletes.jpg and.mp3 files, and replaces them with copies of itself. Released in May 2000 At its peak it infected 45,000,000 computers It is estimated it caused more than $10 billion in damage

Example The Sony-BMG rootkit In October 2005, Mark Russinovich discovered a rootkit on his system. This was installed by an audio CD's sold by Sony [Get Right With the Man, by Van Zant.] The rootkit: Hides its presence from the user / owner of the machine. Sends information about the machine back to Sony. Could not be removed [Until Sony provided a tool to do so.] Makes the machine susceptible to a virus written specifically to attack the rootkit.

Example Trojan.PPDropper.B July 2006 Exploits a flaw in Microsoft PowerPoint to place a a back door on the system. Not commonly seen in the wild. It seemed to be a targeted attack on unknown Asian companies. It was released the day after a group of Microsoft patches, probably to take advantage of the longest possible window of vulnerability.

Phishing Phishing is an attack where the attacker sends an message purporting to be from a legitimate business, asking for information of value. Account numbers, PINs, Social Security Numbers, Identity Theft. An example:

Phishing Phishing attacks have become more sophisticated. There are methods to obfuscate / hide / modify the URL, in both the link and in the browser. Spear-Phishing Some attackers will concentrate on particular people or particular pieces of information.

Spoofing Spoofing is pretending to be someone that you are not. Types of spoofing IP address address Web spoofing

IP Spoofing What is your IP address? How do you spoof your IP address?

IP Spoofing You can send packets out, but the return traffic is not sent to you. Packet Sniffing Hubs Switch dsniff Do you need to see the return traffic? Denial of service attack. Can the traffic be predicted?

Spoofing The address of the sender is provided by the sender. This makes this trivial to modify. You can not trust the source address of an message!

Web Spoofing Typo-squatting URL modification Where does the following link point?

Web Spoofing You can not trust a hyperlink that is under the control of an attacker! There are even more sophisticated ways of hiding the destination of a hyperlink- e.g. with JavaScript Browser flaws may also allow the value in the browser's address bar to be modified as well.

Web Sessions Web pages use HTTP as their protocol. HTTP was designed to be stateless. All connections to a web site are considered to be new connections. This became a problem when user's behavior across a sequence of web pages needed to be tracked. e.g. While shopping. To address this shortcoming, we can use a session ID. The client presents this number with each subsequent connection. The server stores this number locally.

Web Session Attacks An attacker who gains access to a session ID can impersonate the victim. The session ID needs to be protected! The session ID needs to be returned to the web site with each request. Cookie POST parameter GET parameter

Web Session Attacks Sniffing Exposure Man in the middle Session fixation

Web Session Attacks Sniffing If the attacker can see the traffic between the web site and the victim, and if the connection is not well encrypted, then the attacker can read the session ID as it passes between the attacker and victim. This can be prevented by using SSL.

Web Session Attacks Exposure Sometimes session ID's are stored as GET parameters. A GET parameter is included as a part of the URL- e.g. A user who bookmarks this link, or s this link to a third party has exposed their session ID.

Web Session Attacks Man in the middle A victim clicks on a link that they think goes to a commerce site. Instead, it first goes to an attacker's computer, then it is forwarded to the commerce site. The attacker then sees the victim's session ID; moreover the attacker can terminate the connection at any time- e.g. after the billing information has been entered. SSL is no protection here- the attacker is between the victim and the destination.

Web Session Attacks Man in the middle These attacks can also occur when connecting to insecure access points- e.g. Wi-Fi.

Web Session Attacks Session Fixation Because session ID's are often stored as GET parameters, an attacker can try to convince a user to log in with a particular session ID. Consider the following link: This is perfectly valid. An attacker may try to convince victims to click on the link. The attacker then knows the session ID of any victim who uses this link.

Cross Site Scripting Many web sites allow users to post information Slashdot Blogs Comment pages on e-commerce shopping sites.

Cross Site Scripting What happens if the user's comment is not just a comment, but rather a piece of code? HTML- the attacker can modify the content of the visited page. Javascript- the attacker can obtain information about the victim- including session information. This is called a cross site scripting attack. Web pages that solicit user comments must implement strong filters.

Questions? Contact Information: Mike O'Leary Department of Mathematics Towson University Towson, MD

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.