13Computer Intrusions Dr. John P. Abraham Professor UTPA.

Slides:

Advertisements

Similar presentations

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

Advertisements

Lesson 3-Hacker Techniques

2 Language of Computer Crime Investigation

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

Network Security Testing Techniques Presented By:- Sachin Vador.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Threats and Attacks Principles of Information Security, 2nd Edition

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

1 Operating Systems Security. 2 Where Malware hides ? Autoexec.bat or autoexec.nt can start malware before windows start Config.sys, config.nt Autorun.inf.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Introduction of Internet security Sui Wang IS300.

CIS 450 – Network Security Chapter 3 – Information Gathering.

Security+ Guide to Network Security Fundamentals, Fourth Edition

CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.

COEN 250 Computer Forensics Windows Life Analysis.

Topic 5: Basic Security.

1 Chapter 9 Intruders. 2 Outline Intruders –Intrusion Techniques –Password Protection –Password Selection Strategies –Intrusion Detection Statistical.

Introduction to Security Dr. John P. Abraham Professor UTPA.

Computer Security By Duncan Hall.

Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA Search.

Understand Malware LESSON Security Fundamentals.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

Chapter 1 Real World Incidents Spring Incident Response & Computer Forensics.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Information Systems CS-507 Lecture 32. Physical Intrusion The intruder could physically enter an organization to steal information system assets or carry.

Powerpoint presentation on Drive-by download attack -By Yogita Goyal.

General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.

Computer Security Keeping you and your computer safe in the digital world.

18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Botnets A collection of compromised machines

Chapter 9 Intruders.

Seminar On Ethical Hacking Submitted To: Submitted By:

Chapter 7: Identifying Advanced Attacks

Common Methods Used to Commit Computer Crimes

Security Fundamentals

Botnets A collection of compromised machines

Chap 10 Malicious Software.

Chapter 9 Intruders.

Lecture 2 - SQL Injection

Computer Security.

Chap 10 Malicious Software.

How hackers do it Ron Woerner Security Administrator CSG Systems, Inc.

WJEC GCSE Computer Science

Operating System Concepts

Test 3 review FTP & Cybersecurity

6. Application Software Security

Presentation transcript:

13Computer Intrusions Dr. John P. Abraham Professor UTPA

Why computer intrusions? Businesses and individuals are very dependent on computers today They place financial data on it Private data also is kept on computers Criminals benefit financially Extortion

Illegal activities Steal valuable information Eavesdrop on communication Harassing those who have control over the systems Launching attacks against other systems Storing toolkits and stolen or illegal data Defacing websites

Computer intrusions can be deadly Gaining access to electric grid Pharmacy database – change drugs Tempering with emergency civil service systems

Who are the criminals Do not fit the stereotype - teenagers with behavior problems Rather committed by organized criminal organizations State-sponsored groups

Exploits All operating systems and application programs have weaknesses. Manufacturers continually modify code to protect systems These vulnerabilities are taken advantage by criminals and called exploits. Vulnerabilities are published on the internet, even programs are available to launch attack.

How computer intruders operate Reconnaissance – process of gathering information about the target computer. Probe the computer for vulnerabilities and attempt to exploit them. Attack – gain unauthorized access or start a denial of service attack. Escalate from an unprivileged account to privileged. Entrenchment: Ensuring continued access. Hide tracks and instantiate a persistent re- entry. Allow others access the system. Abuse: conducting illegal activities such as stealing information.

Intrusion techniques Reconnaissance: Nslookup of a domain name to determine the IP address. Scan target computer for open ports (use a port scanner), service or applications with vulnerabilities. Attack: Launch exploit against a specific application. Entrenchment: A backdoor is uploaded through the remote shell. Registry entries are altered to start backdoor at boot. A rootkit is uploaded to hide all malicious processes, network connections and files. Clean and delete log entries related to attack. Abuse: Sensitive documents are placed into password protected archives and moved off the compromised system to the attacker’s computer.

Social Engineering When intruders can’t access through known security holes, they us social engineering. May even dig through garbage cans. Social engineering refers to any attempt to contact legitimate users of the target system and tricking them to give passwords (such as I am a new employee, or I am the tech). Reverse social engineering. Ticking the user to contact the intruder. Send an about support desk, etc.

Current intrusion tactics Direct attacks are becoming difficult due to security measures. Attack though or web browsers that visit a compromised webserver. Phishing. Sending mass s that appear to have come from your friend or family. Replying these s and giving requested info can lead to fraud. Some s promise large sums of money. Spear phishing. More targeted phishing. is personalized. Downloads – appear as useful free downloads that contain cross site scripting (XSS). SQL injection. Placement of sql control characters.

Investigating intrusions Act of uncovering the facts with regard to a potential intrusion. Was there an actual intrusion? Containment, eradication and remediation steps Determine what harm was done (stolen or destroyed) Apprehend the intruders Where there is one, there is often more.

Investigative Methodologies Analysis of memory can reveal ports and IP addresses associated with malicious activities. System logs may contain info about user accounts and IP addresses. Investigate network log files. System forensics, memory foresnsics, network forensics and malware forensics.

Leaving compromised systems vulnerable It is a challenge. If you protect the system immediately, you may not catch the culprit. Should the system be shutdown immediately? It may be important to observe intruder progress

Volatile data Information in the CPU cache, CPU registers, video RAM, other RAM or buffer. Will disappear as state change or shut down. Network packets Check for unusual processes running Acquire full memory dumps

Volatile data preservation Initially check for any windows that are open Use a clean forensic tool kit (DVD) and launch the shell executable from the CD (not computer’s) and change default directory to the CD. Insert a clean (new) thumb drive to save volatile data. Send date and time to the thumb drive and execute a script that will collect a memory dump, list of running processes, list of loaded drivers or modules and libraries, list of open sockets and active network connections, current users logged in and authorized users, and finally create hash values for the files. Remote acquisition of volatile data: for this you need to use enCase or Access Data or other such programs. Collect network traffic by using a sniffer.

Post-Mortem investigation File system analysis Collect file date-time metadata sorted and or filtered. Collect file names sorted and or filtered Collect configuration files and startup locations from the registry. Collect system and security logs and application logs. Do keyword searching for malicious executables, and IP addresses

Malicious code examination What is purpose of the code? Does it create, delete or alter any specific files? Does it create new processes or inject itself to running processes? Does it accept remote network connections, or initiate new connections? How the hosts are identified?