Presentation is loading. Please wait.

Presentation is loading. Please wait.

Threats By Dr. Shadi Masadeh.

Published byKerry Greene Modified over 6 years ago

Similar presentations

Presentation on theme: "Threats By Dr. Shadi Masadeh."— Presentation transcript:

1 Threats By Dr. Shadi Masadeh

2 Security Threats and Attacks
A threat is a potential violation of security. Flaws in design, implementation, and operation. An attack is any action that violates security. Active adversary.

3 Types of Security Threats and Attacks Eavesdropping - Message Interception (Attack on Confidentiality) Unauthorized access to information Packet sniffers and wiretappers Illicit copying of files and programs R S Eavesdropper

4 Types of Security Threats and Attacks Integrity Attack - Tampering With Messages
Stop the flow of the message Delay and optionally modify the message Release the message again Interruption an asset becomes lost, unavailable, or unusable R S Perpetrator

5 Types of Security Threats and Attacks Authenticity Attack - Fabrication
Unauthorized assumption of other’s identity Generate and distribute objects under this identity R S Masquerader: from S

6 Types of Security Threats and Attacks Attack on Availability
Destroy hardware (cutting fiber) or software Modify software in a subtle way (alias commands) Corrupt packets in transit Blatant denial of service (DoS): Crashing the server Overwhelm the server (use up its resource) S R

7 Who are the Attackers 1. Elite Hackers White hat hackers
This is still illegal Break into system but notify firm or vendor of vulnerability Black hat hackers Do not hack to find and report vulnerabilities Gray hat hackers go back and forth between the two ways of hacking Hack but with code of ethics Codes of conduct are often amoral “Do not harm,” but delete log files, destroy security settings, etc. Distrust of evil businesses and government Still illegal

8 Who are the Attackers (Cont.)
2. Virus Writers and Releasers Virus writers versus virus releasers Only releasing viruses is punishable

9 Who are the Attackers (Cont.)
3. Script Kiddies Use prewritten attack scripts (kiddie scripts) Viewed as alamers and script kiddies Large numbers make dangerous Noise of kiddie script attacks makes more sophisticated attacks

10 Who are the Attackers (Cont.)
4. Criminals Many attackers are ordinary garden-variety criminals Credit card and identity theft Side note on threat to Credit Card #. How do attacker capture credit card information? Via “Sniffing” traffic? How many of the audience have worries when shopping online? How many of the audience ever used a credit card to pay for a restaurant meal? Stealing trade secrets (intellectual property) Extortion

11 Who are the Attackers (Cont.)
5. Corporate Employees Have access and knowledge Financial theft Theft of trade secrets (intellectual property) Sabotage Consultants and contractors IT and security staff are biggest danger

12 Who are the Attackers (Cont.)
6. Cyberterrorism and Cyberwar New level of danger Infrastructure destruction Attacks on IT infrastructure Use IT to establish physical infrastructure (energy, banks, etc.) Simultaneous multi-pronged attacks Cyberterrorists by terrorist groups versus cyberwar by national governments Amateur information warfare

13 Framework for Attacks Attacks Physical Access Attacks -- Wiretapping
Server Hacking Vandalism Social Engineering -- Opening Attachments Password Theft Information Theft Dialog Attacks -- Eavesdropping Impersonation Message Alteration Penetration Attacks Malware -- Viruses Worms Denial of Service Scanning (Probing) Break-in

14 Methods of Defense Encryption (DES and RSA)
Software Controls (access limitations in a data base, in operating system protect each user from other users) Hardware Controls (smartcard) Policies (frequent changes of passwords) Physical Controls (key lockers)

Download ppt "Threats By Dr. Shadi Masadeh."

Similar presentations

Security Presented by: Mark Davis & Shahein Moussavi.

Security Presented by: Mark Davis & Shahein Moussavi.
Attacks Framework Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism Dialog Attacks -- Eavesdropping Impersonation Message Alteration.

Attacks Framework Attacks Physical Access Attacks -- Wiretapping Server Hacking Vandalism Dialog Attacks -- Eavesdropping Impersonation Message Alteration.
Security and Systems. Three tenets of security Confidentiality Integrity Availability.

Security and Systems. Three tenets of security Confidentiality Integrity Availability.
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.

ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.
NS-H0503-02/11041 Attacks. NS-H0503-02/11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.

NS-H /11041 Attacks. NS-H /11042 The Definition Security is a state of well-being of information and infrastructures in which the possibility.
Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.

Chapter 1.  Security Problem  Virus and Worms  Intruders  Types of Attack  Avenues of Attack 2 Prepared by Mohammed Saher Hasan.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.

6/9/2015Madhumita. Chatterjee1 Overview of Computer Security.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Introduction & Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Revised by Huei Lee.

Introduction & Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Revised by Huei Lee.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Securing Information Systems

Securing Information Systems
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Similar presentations

Ads by Google