Intrusion.

Slides:



Advertisements
Similar presentations
Chapter 18: Computer and Network Security Threats
Advertisements

Understand Database Security Concepts
Ethical Hacking Pratheeba Murugesan. HACKER AENDA  What is Ethical Hacking?  Who are ethical hackers?  Every Website-A Target  Get out of jail free.
OV 2- 1 Copyright © 2005 Element K Content LLC. All rights reserved. Security Threats  Social Engineering  Software-based Threats  Hardware-based Threats.
Lecture 13 Intrusion Detection modified from slides of Lawrie Brown.
Cryptography and Network Security Chapter 20 Intruders
Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
1 Ola Flygt Växjö University, Sweden Intruders.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Intrusion Detection. Intruders Classes (from [ANDE80]: Classes (from [ANDE80]: two most publicized threats to security are malware and intruders two most.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.
The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.
Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.
Chapter 18 Intruders.
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Chapter 18. Intruders. 2 Intruders  Three classes of intruders  Masquerader  likely to be an outsider  penetrates a system’s access controls to exploit.
Software Security Testing Vinay Srinivasan cell:
Computer Security and Penetration Testing Chapter 16 Windows Vulnerabilities.
Protection and Security CS 519: Operating System Theory Computer Science, Rutgers University Instructor: Thu D. Nguyen TA: Xiaoyan Li Spring 2002.
Operating system Security By Murtaza K. Madraswala.
NS-H /11041 Intruder. NS-H /11042 Intruders Three classes of intruders (hackers or crackers): –Masquerader –Misfeasor –Clandestine user.
INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.
Name:Neha Madgaonkar Roll no:  What are intruders?  Types  Behavior  Techniques.
Kittiphan Techakittiroj (25/10/58 12:06 น. 25/10/58 12:06 น. 25/10/58 12:06 น.) Intrusion Detection System Kittiphan Techakittiroj
APPLICATION PENETRATION TESTING Author: Herbert H. Thompson Presentation by: Nancy Cohen.
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.
TCOM Information Assurance Management System Hacking.
TCOM Information Assurance Management Software Hacking.
Chapter 9 Intruders.
"Using An Enhanced Dictionary to Facilitate Auditing Techniques Related to Brute Force SSH and FTP Attacks" Ryan McDougall St. Cloud State University
CSCE 201 Identification and Authentication Fall 2015.
Module 7: Designing Security for Accounts and Services.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Computer Security Intrusion Detection. Intruders  A significant security problem for networked systems is hostile/unwanted, trespass by users or software.
Understanding Security Policies Lesson 3. Objectives.
 Computer Network Attack  “… actions taken through the use of computer networks to disrupt, deny, degrade, or destroy information resident in computers.
Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Understanding Security Policies
Chapter 9 Intruders.
Network Security Presented by: JAISURYA BANERJEA MBA, 2ND Semester.
Network Security Essentials
Information Systems Security
Secure Software Confidentiality Integrity Data Security Authentication
Operating system Security
Answer the questions to reveal the blocks and guess the picture.
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
12: Security The Security Problem Authentication Program Threats
NET 412 Network Security protocols
NET 412 Network Security protocols
Lesson 16-Windows NT Security Issues
Security.
Chapter 9 Intruders.
Operating System 3 PROCESS DESCRIPTION AND CONTROL
Networking for Home and Small Businesses – Chapter 8
Security.
Ethical Hacking.
Lecture 8: Intrusion Detection
Cryptography and Network Security Chapter 20 Intruders
Operating System Concepts
Lecture 7: Intrusion Detection
Presentation transcript:

Intrusion

Intruders Intruders may be human attackers who manage to gain unauthorized access to computer resources or computer programs that seem to be useful, but secretly invade a system or a resource. In general, three types of intruders can be distinguished. Misfeasor Masquerader Clandestine User

Types of Intruders Misfeasor : A legitimate user who accesses the data, programs, or resources for which such access is not authorized, or who is authorized for access but misuse privileges. The user is mostly an insider. Masquerader: An unauthorized individual user who penetrates a system’s access controls to exploit a legitimate user’s account.

Types of Intruders The user is more likely to be an outsider. Clandestine User : An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls, or to surpass audit collection. The user can be an outsider or an insider.

Types of attacks Backdoor DOS Spoofing TCP/IP Hijacking Exploits

Types of attacks Password guessing Brute Force Social Engineering Eavesdropping Buffer Overflow

Intrusion Techniques Physical Intrusion : This type of intrusion assumes that an attacker has physical access to a machine. System Intrusion : This type of hacking assumes that the attacker already has a low-privilege user account on the system. If the system does not have the latest security patches, there is good chance for the attacker to gain additional administrative privileges.

Intrusion Techniques Remote Intrusion : This type of hacking involves those attackers who do not have any special privilege and still attempt to break through a system remotely across the network.

Protecting Against Intruders Password Protection The simplest way of protecting user passwords is by keeping them encrypted on the disk so that nobody can attack the system by decrypting the password file. This file should be hidden. To break the password file, the attacker essentially has to guess the password of a user, hash it , and then compare it with entry in password file.

Protecting Against Intruders The Vulnerability of Passwords Exploitation of Weak Passwords Exploitation of User Behaviour Capture of Credentials in Transit.

Protecting Against Intruders Strong Passwords Make it Lengthy Combine letters, symbols and symbols Do not reveal them to others Change passwords regularly