Computer Security and Penetration Testing

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Trojan Horse Program Presented by : Lori Agrawal.
Computer Viruses.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Computer Security and Penetration Testing
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
1 Computer Security: Protect your PC and Protect Yourself.
Quiz Review.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Done By:Salha Mohammed Obaid AL-kaabi ID:
Video Following is a video of what can happen if you don’t update your security settings! security.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Protecting Your Computer & Your Information
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
Understanding and Troubleshooting Your PC. Chapter 12: Maintenance and Troubleshooting Fundamentals2 Chapter Objectives  In this chapter, you will learn:
Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Virus and Antivirus Team members: - Muzaffar Malik - Kiran Karki.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Viruses, Trojans and Worms The commonest computer threats are viruses. Virus A virus is a computer program which changes the way in which the computer.
 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
Here is a list of viruses Adware- or advertising-supported software-, is any software package which automatically plays, displays, or downloads advertisements.
Types of Electronic Infection
信息处理技术 Technology of Information Processing 潘晟旻 Instructor: Pan Shengmin 潘晟旻 Computer Center. Kun Ming University of Science & Technology.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Internet Safety Piotr Hasior Introduction Internet Safety Internet safety, or online safety, is the knowledge of maximizing the user's personal safety.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Backdoors and Rootkits.
Malicious Software.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Computer Skills and Applications Computer Security.
n Just as a human virus is passed from person from person, a computer virus is passed from computer to computer. n A virus can be attached to any file.
Trojans Daniel Bartsch CPSC 420 April 19,2007. What is a Trojan? Trojans are malware Named after Odysseus’s mythical trick Embedded in a program Cause.
CHAPTER 2 Laws of Security. Introduction Laws of security enable user make the judgment about the security of a system. Some of the “laws” are not really.
Candidates should be able to:  describe the purpose and use of common utility programs for:  computer security (antivirus, spyware protection and firewalls)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
GCSE Computing: A451 Computer Systems & Programming Topic 3 Software System Software (2) Utility Software.
Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.
MUHAMMAD GHAZI AIMAN BIN MOHD AIDI. DEFINITION  A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Chapter 40 Internet Security.
Chap 10 Malicious Software.
Chap 10 Malicious Software.
Test 3 review FTP & Cybersecurity
Presentation transcript:

Computer Security and Penetration Testing Chapter 10 Trojan Horses

Objectives Outline the evolution of the Trojan horse Name ways in which Trojans are deployed Identify risks associated with Trojans Computer Security and Penetration Testing

Objectives (continued) Name some well-known Trojans List Trojan attack prevention measures List Trojan detection tools Computer Security and Penetration Testing

Trojan Horses Trojan horse Application that uses trickery to get a user to install it Circumvents safety measures inherent in an operating system That might make it difficult for a covert installation to operate Computer Security and Penetration Testing

Computer Security and Penetration Testing

Trojan Horses (continued) Typical functions for a Trojan might include Logging keystrokes, taking screen captures, accessing files on local and shared drives, or acting as a server where the client is the hacker Trojan horse applications are usually masqueraded as games, utilities, or other useful applications At this time, Trojans are not able to reproduce themselves like viruses or worms Computer Security and Penetration Testing

Workings of Trojans For Trojans to be a threat They must be installed by the user and activated Computer Security and Penetration Testing

Installation Distribution vectors: E-mail attachments Scripts in HTML e-mails Files on FTP servers Scripts on spoofed Web sites Scripts on hacked legitimate Web sites Download opportunities on Web sites Files offered on bulletin boards and forums Social engineering Computer Security and Penetration Testing

Installation (continued) Recent Trojan attacks have come disguised as a patch or package Always validate the checksum that legitimate download sites provide Computer Security and Penetration Testing

Functions of a Trojan BO2K is a Trojan horse designed and used to make a horde of zombies To do the hacker’s bidding Zombies are machines that have been unobtrusively “owned” by a hacker When a machine is 0wned, the hacker can back door into it at any time And perform actions from that machine as if she were sitting at its keyboard Computer Security and Penetration Testing

Functions of a Trojan (continued) Tasks performed by Trojans include: Sending and receiving files Viewing cached passwords Restarting the system Launching processes Modifying files Sharing files Modifying the registry keys Computer Security and Penetration Testing

Famous Trojans This section describes the following Trojans: PC-Write AIDS Back Orifice Pretty Park NetBus, SubSeven BO2K Computer Security and Penetration Testing

PC-Write (1986) First known Trojan horse Masqueraded as version 2.72 of the shareware word processor PC-Write by Quicksoft Wiped out the user’s FAT (file allocation table) and formatted the hard drive Was really a simple batch-file command, encoded as a binary .exe file Computer Security and Penetration Testing

AIDS.exe/PC Cyborg (1989) Distributed through the postal mail in 1989 Allegedly contained information about AIDS and HIV Actual payload was aids.exe, which would encrypt the hard drive Prompted the user to pay a fee for the password needed to decrypt the hard drive Computer Security and Penetration Testing

Back Orifice (1998) A remote administration server Allows system administrators to control a computer from a remote location Designed by a group called the Cult of the Dead Cow Once installed, the server is intentionally difficult to detect And it allows almost complete control over your computer by the remote attacker Computer Security and Penetration Testing

Pretty Park (1999) The first Trojan to use a worm to propagate itself Once installed, this application would attempt to mail itself to anyone in your address book When PrettyPark.exe is executed, it may display the 3D pipe screen saver And tries to connect to an IRC server and join a specific IRC channel Computer Security and Penetration Testing

Pretty Park (1999) (continued) Pretty Park sends information to a pre-specified IRC every 30 seconds Author or distributor of the worm can access information on your system Computer Security and Penetration Testing

NetBus (2001) Written by Carl-Frederik Neikter Allows anyone running the client portion (the attacker) to connect And control the server portion of the target computer Using the same rights and privileges of the current user Computer Security and Penetration Testing

NetBus (2001) (continued) Computer Security and Penetration Testing

SubSeven (1999) Enables unauthorized people to access your computer over the Internet without your knowledge Used a forged e-mail from Symantec to propagate itself Computer Security and Penetration Testing

BO2K Possibly “gone legitimate” as an open source project Back Orifice 2000 is an interesting combination of fair and foul And is appealing as a concept for a network administrator with at-risk remote users BO2K software allows you to use infected machines like a string of proxy servers Lets you set notifiers on the infected machines Any client that wants to can log into your infected box Computer Security and Penetration Testing

Detection and Prevention of Trojans The best way to deal with Trojans is to never get one Never open an unverified executable file Never accept attachments that are not expected Never allow anybody on your network to operate with root or administrator privileges Make sure the standard user does not have permission to load or install programs Install a software firewall Computer Security and Penetration Testing

Detection and Prevention of Trojans (continued) Object reconciliation A widely used method that detects Trojans Means “verification that things are the same” Can perform any or all of the following checks Date and time Size Checksum Computer Security and Penetration Testing

Detection and Prevention of Trojans (continued) Other methods for detecting Trojans Compare your system binaries to the original install files from your installation media Check the backup files for Trojan programs Use the Message-Digest algorithm 5 (MD5), Tripwire, and other cryptographic checksum tools Check for unauthorized services Check and examine legitimate services that you have commented out with # in /etc/inetd.conf or /etc/xinetd.conf Computer Security and Penetration Testing

Computer Security and Penetration Testing

Detection and Prevention of Trojans (continued) Detecting Trojan Horses Tripwire Enterprise MDS Spybot Search & Destroy VirusBlokAda GMER MetaSploit Trojan Remover McAfee, Norton, Symantec Distributing Trojans Computer Security and Penetration Testing

Summary Trojan horses use trickery to entice the user to install them To be a threat, Trojans must be installed by the user and activated Trojans act as remote administrative tools, and can be written to perform almost any task that a legitimate user can perform There are several distribution vectors in common use, including e-mail attachments Computer Security and Penetration Testing

Summary (continued) Trojans can have many functions, such as logging keystrokes, taking screen captures, accessing files on local and shared drives, acting as a server, sending and receiving files, viewing cached passwords, restarting the system, launching processes, modifying and sharing files, and modifying registry keys The first known Trojan horse was a fake version of PC-Write, developed in 1986 Computer Security and Penetration Testing

Summary (continued) Famous Trojans include PC-Write, AIDS, Back Orifice, Pretty Park, NetBus, SubSeven, and BO2K To prevent receiving a Trojan, never open an executable file that you have not verified Or open unexpected attachments Trojans can be detected by various means, including software firewalls, IDS systems, some antivirus software, commercial programs, object reconciliation, and registry checkers Computer Security and Penetration Testing