1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

Lesson 3-Hacker Techniques
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Types of Attacks, Hackers Motivations and Methods
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Introduction to Security Computer Networks Computer Networks Term B10.
Threats To A Computer Network
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Chapter 10: Electronic Commerce Security
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Attacks and Malicious Code Chapter 3. Learning Objectives Explain denial-of-service (DoS) attacks Explain and discuss ping-of-death attacks Identify major.
Securing Information Systems
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Cyber crime & Security Prepared by : Rughani Zarana.
BUSINESS B1 Information Security.
Internet Security facilities for secure communication.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
C8- Securing Information Systems
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
بسم الله الرحمن الرحيم Islamic University of Gaza Electrical & Computer Engineering Department Prepared By : Eman Khaled El-mashharawi Miriam Mofeed El-Mukhallalati.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Trojan Horses on the Web. Definition: A Trojan horse a piece of software that allows the user think that it does a certain task, while actually does an.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Return to the PC Security web page Lesson 5: Dealing with Malware.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
Information Security in Distributed Systems Distributed Systems1.
Computer virus Speaker : 蔡尚倫.  Introduction  Infection target  Infection techniques Outline.
Chapter 10: Electronic Commerce Security Electronic Commerce, Sixth Edition.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Information Systems Design and Development Security Risks Computing Science.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.
Comparison of Network Attacks COSC 356 Kyler Rhoades.
IT Security  .
Chap 10 Malicious Software.
Chap 10 Malicious Software.
Crisis and Aftermath Morris worm.
Presentation transcript:

1 Topic 1 – Lesson 3 Network Attacks Summary

2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate? ► How does spoofing work? How to mitigate? ► A step by step description of DoS attacks; How to mitigate? ► Compare virus, worms, and Trojan Horses  How to mitigate? ► How do malicious applets work? How to mitigate? ► How do war dialers work? How to mitigate? ► How do logic bombs work? How to mitigate? ► How do buffer overflow attacks work? How to mitigate? ► How can hackers use social engineering tactic? How to mitigate? ► How does dumpster diving work? How to mitigate?

3 Compare passive attacks and active attacks ► Passive attacks eavesdrop ► Active attacks change data ► Defeating passive attacks should focus on detection ► Active attacks are malicious and will directly cause damage ► 4 example active attacks: masquerade, replay, denial of service, modification ► Active attacks generally are preceded by passive attacks

4 How do packet sniffers work? How to mitigate? ► Packet sniffers are discovering information by listening in ► Packet sniffers are passive attacks & do not alter data ► How to mitigate  Use encryption to prevent sniffing  Use one time passwords to help defeat  Packet sniffers are hard to detect because they do not alter network traffic

5 How does spoofing work? How to mitigate? ► Spoofing is a camouflage technique ► Three common types of spoofing attacks  IP spoofing  address spoofing: fake an address  Web page spoofing: fake a web page ► How to mitigate?  Sender-side access control: Filters can stop people from sending out spoofed IP packets or s  Receiver-side access control: need to know whether an arriving packet is spoofed  Cryptography and authentication may help  IP address-based authentication is limited: why?  Mitigation difficult if you have trusted systems outside your network; You should use firewalls

6 A step by step description of DDoS attacks; How to mitigate? ► Step 1: the attacker breaks into 1001 computers ► Step 2: the attacker installs the master program on one computer and the daemon software on the other 1000 computers ► Step 3: the attacker picks a victim ► Step 4: when the attacker launches the DDoS attack, the attacker will instruct the master program to launch the attack; then the master program will instruct the 1000 daemons to send a lot packets to the victim ► How to mitigate?  Ways to stop server from crashing are limiting nonessential traffic  Hard to defend because they look like normal traffic  Harder to defend because they spoof IP addresses

7 Compare virus, worms, and Trojan Horses. How to mitigate? ► In Lesson 2, we clarified the differences between virus and worms ► Trojan horses are a special type of virus ► A Trojan horse refers to a computer program that does things more than it claims. ► One possible purpose of Trojan horses is to get passwords and info and send back ► How to mitigate?  Use antivirus software  Only downloading from trusted web sites  Do not execute unknown applications/tools

8 On Trojan Horses A clean program, e.g., a tool A clean program, e.g., a tool Being attacked Malicious code A Trojan Horse

9 How do malicious applets work? How to mitigate? ► Java applets are embedded in web pages ► When you open a web page or click a hyperlink, a malicious applet could be executed on your computer ► Applets compromise privacy and security by stealing passwords and modifying files, and spoofing ► How to mitigate?  Disable java to avoid

10 How do war dialers work? How to mitigate? ► Dial numerous numbers and try to establish an illegal connection ► Break into a computer via its dial-up connection ► How to mitigate?  Change passwords and do not use dialup. Use strong passwords.  Do not use dictionary words.  Less vulnerability using Ethernet connection.

11 How do logic bombs work? How to mitigate? ► Logic bombs can be viewed as a special type of Trojan horses ► A typical Trojan horse will be activated whenever the infected software program is executed; however, logic bombs typically stay dormant until certain conditions are satisfied. ► Can be deployed by worm or viruses? -- Yes ► Can be internal attacks from employees. ► How to mitigate?  Can be detected and removed by virus scanning  Tripwire: a tool to check if a program is modified by the attacker ► Hash the original program: a hash is a unique value based on content of the program file, and if content changes then hash value changes

12 How can hackers use social engineering tactic? How to mitigate? ► Take advantage of human characteristics ► Talk unsuspecting employees out of sensitive info. ► Comprehensive security policies will help ► Employees should be educated about this threat

13 How does dumpster diving work? How to mitigate? ► Sift through a company’s garbage to find information to help break into the computers ► Sensitive documents should be shredded

14 How do buffer overflow attacks work? How to mitigate? ► When a web server is executed, its stack contains the return address ► The hacker sends a carefully crafted URL request message to the web server  The request contains a piece of code ► The request text overwrites the stack and the return address is changed ► The changed return address will mislead the CPU to execute the code contained in the attacking message ► More than 90% percent of real world hacking is via buffer overflow

15 Buffer overflow in depth code Input buffer stack other data Step 1. The hacker sends a malicious URL request Return address code other data New Return addr Malicious code The message A Web Server Inside RAM com/a/b/c/x.html A normal URL request

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.