(see also Quiz 1 and Quiz 2 Topics)

Slides:



Advertisements
Similar presentations
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Advertisements

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
How You Can Protect Yourself from Cyber-Attacks Ian G. Harris Department of Computer Science University of California Irvine Irvine, CA USA
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Hacking Web Server Defiana Arnaldy, M.Si
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Security for Seniors SeniorNet Help Desk
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
By, Anish Shanmugasundaram Yashwanth Sainath Jammi.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
ECE6612 Quiz 2 -> Exam Topics (see also Q1 and Q2 Topics) Spring 2015.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
CERN’s Computer Security Challenge
IT security By Tilly Gerlack.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Software Security Testing Vinay Srinivasan cell:
Lecture 2 Title: Computer Software By: Mr Hashem Alaidaros MIS 101.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
Security+ Guide to Network Security Fundamentals, Fourth Edition
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Malicious Software.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Application of the Internet 1998/12/09 KEIO University, JAPAN Mikiyo
Quiz 2 -> Exam Topics Fall Chapter 10a - Firewalls Simple Firewall - drops packets based on IP, port Stateful - Keeps track of connections, set.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Cyber security. Malicious Code Social Engineering Detect and prevent.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Chapter 40 Internet Security.
Botnets A collection of compromised machines
What they are and how to protect against them
Top 5 Open Source Firewall Software for Linux User
Chapter 7: Identifying Advanced Attacks
Chapter 6 Application Hardening
Common Methods Used to Commit Computer Crimes
IT Security  .
Instructor Materials Chapter 7 Network Security
Backdoor Attacks.
(see also Q1 and Q2 Topics)
Secure Software Confidentiality Integrity Data Security Authentication
Lecture 8. Cyber Security, Ethics and Trust
Hacking Unix/Linux.
Footprinting and Scanning
Botnets A collection of compromised machines
Chapter 27: System Security
Malware CJ
Information Security Awareness
Computer Security.
Malicious Software Network security Master:Mr jangjou
Faculty of Science IT Department By Raz Dara MA.
Internet Security by Alan S H Lam 2019/4/9.
WJEC GCSE Computer Science
Crisis and Aftermath Morris worm.
Designing IIS Security (IIS – Internet Information Service)
Test 3 review FTP & Cybersecurity
Introduction to Internet Worm
Presentation transcript:

(see also Quiz 1 and Quiz 2 Topics) ECE6612 Quiz 2 -> Exam Topics (see also Quiz 1 and Quiz 2 Topics) Spring 2016

(also covered in NetSecLab Wrapup – on Tsquare) Slide set 15 - Hidden Data (also covered in NetSecLab Wrapup – on Tsquare) Hidden Files (on UNIX, name starts with “.”) Startup scripts (great place to hide a Trojan Horse) Covert channels (hide in “Ping” packets, port 80 html, headers) Steganography (hiding data in an image file) Watch for new processes ( use 'ps aux'), new files (particularly “suid” files*), open Internet TCP and UDP ports ('netstat –nal -- programs' and 'lsof –t4tcp') * An “suid” file (chmod 4755) owned by root, always runs with root privileges. 2

Slide Set 16 - Safe Computing (also covered in NetSecLab Wrapup – on Tsquare) Eliminate unneeded daemons, “suid programs,” open ports, and user accounts (to "harden" the computer). Enforce long, mixed-character passwords. Explain “Once root, always root” (Copeland's 2nd rule*) (The 1st rule is "No security without physical security.") (The 3rd rule is "Layers of protection and detection are needed ... .") Use host OS firewall to limit connections as much as possible (MacOS: use /etc/hosts.allow to limit incoming ssh IPs, "Little Snitch" to limit by application and outgoing IP connections). Keep security patches up to date, from OS and application vendors. Do not be "root" except when necessary. Most compromises today come from email and Web accesses (no click needed). 3

Slide Set 17 – Shell Code "Shellcode" is binary code that will execute without being processed by a "Loader". 1. Must make kernel system calls directly (no standard lib.s) 2. Must use absolute or relative jumps (no relocatable jumps) 3. Must be written using assembly language, and with a limited set of commands (e.g., no labels). The original shelllcode opened a backdoor with a command shell (bash, cmd.exe, …). Now shellcode has been written that will open an internet connection, download and install malware (e.g., rootkit or bot), transfer files, … Buffer Overflow(what is it, what does it do) [ gets(buf) ] 1) Can change data, 2) can redirect program counter to execute shellcode. How to prevent a “Buffer Overflow” [use fgets(n, buf, stdin) vs. gets()] What’s a “sled”? Why should OS randomize stack memory addresses? What is “polymorphic” code? 4

Current Affairs Spear Phishing - used for government-level and GT attacks. BotNets - used by organized crime for spam email (fake drugs, stock pumping, phishing to steal identity info, links to Web sites with exploits). Distinguished by use of P2P networking. Dynamic DNS (fast-flux DNS) - used to direct hacker URL to various IP addresses. Modified DNS Server IP - site sometimes misdirects URLs. DNS Cache Poisoning - send phony responses to own query. Adware and Spyware - nuisance software that pops-up ads and reports Web usage, but could report more sensitive info. Insider Attacks - unauthorized access to steal government or corporate data, forge records, cover up embezzlement. There will be questions on something from the "Data Brokers" the NOVA "Cyber War" documentariy, and the Mandiant APT (Advanced Persistant Threat) whitepaper (Slides 0.9d). 5

What was learned from homework problems? Outside Reading HW What was learned from homework problems? Outside Reading Advanced Persistent Threat – who’s doing it, and why. X [MacAttack UDP-based Amplification Attack. Link.] Target – what when wrong (discussed in class). Three Rules for Organizations (not "Copeland's 3 Rules) 1, Have layers of Protection 2. Have layers of Detection 3. Have Response Plans 6

Malware - any malicious software. Terms to Know Malware - any malicious software. RAT - Remote Administration Tool (remote control of host). Hack-Back - reverse hacking of attacker - usually illegal (many attacking hosts are compromised, damage hurts innocents) Exploit code - can be in Microsoft Office documents, HTML mail or Web pages, database files, image files, data input (SQL poison, buffer overflow), text files (shell code and .bat files). Root Kit - installs special versions of OS utilities which hide the presence of an intruder (files, processes, sockets, accounts). Crypto Locker – encrypts all files. Ransom needed to get unlock key. Bitcoin – way to anonymously transfer and receive funds. Dark Web – Web servers where malware, spoils of hacking (IDs, passwords, corporate and government info) are sold. 7

(Copeland's) Three Rules for People Without Physical Security, there is no security. Once "root", always "root" (or "Administrator"). Multiple layers of prevention and monitoring are necessary (to achieve the optimum degree of protection for a given budget). Complete prevention is impossible. ---- Many layers in the following three categories: Protection (physical, firewall, updates,...) Detection (IDS, Tripwire, ... ) Reaction (have plans prepared) 8

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.