Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.

Published byLora Daniel Modified over 9 years ago

Similar presentations

Presentation on theme: "Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC."— Presentation transcript:

1

2 Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC

3 Security+ Chapter 6 – Predicting and Mitigating Threats Brian E. Brzezicki

4 Malware (291) malware – mal (bad) ware (software) Software you would NEVER intentionally install or execute on your computer. Type of malware we will discuss Viruses Worms Trojans Logic Bombs Rootkits Spyware

5 Virus

6 Virus Characteristics (291) Code that attaches itself to other VALID software Harmful code gets run when you run the valid application When run viri generally replicates into other software on the system, infecting it with the virus. Virus usually also takes some unwanted actions when the host application is executed. Viruses have signatures (the bad code) that can be searched for and detected.

7 Virus replication Methods (292) Email Infected removable media – Floppies – USB drives – Even some published software on CDROM Downloaded software Network Shares

8 Virus Hoaxes What is a hoax? How can a hoax cause damage? What is the best countermeasure for hoaxes?

9 Worms (295) Worms – work differently than viruses Self-propagate Do damage Counter measures Remove un-necessary services Patch OS and applications Beware of code sent in email

10 Trojan Horses

11 Trojan (296) Like the Trojan Horse of greek Mythology a Trojan program seems like a “gift”. Disguised as a useful program. It might even might do something useful to keep up the disguise. But will cause you harm. Countermeasures User Education Don’t run software that you are not familiar with and that you don’t have “real distribution” media for. Software Digital Signing Anti-virus software to detect known Trojans

12 Logic Bombs (296) Logic Bomb – Code or applications embedded into a system that waits for a specific time or event then goes off doing some type of damage. Countermeasures Inventory all software and keep checksums. Tripwire is a popular program that provides file integrity verification.

13 Rootkits (297) Software installed on a system to hide the presence of an attacker. Can consist of Replaced system software Loadable kernel modules

14 Adware and Spyware (298) Adware - Software put on a system that tracks a users usage, may cause pop ups to occur. Spyware – Dangerous software that is install on a system to have much more malicious impact. keystroke loggers are a very dangerous type of spyware.

15 Protection against Malware User Education File Integrity Verification Software Signing Anti-Virus software – Signature Based – Heuristic Anti Spyware software – Lavasoft’s Ad-aware – Windows Defender – Spybot – Spybot Search and Destroy

16 Attacks

17 Privilege Escalation (n/b) Once you have “user” access to a system trying to use system tools and programs in ways that allow you to raise your privileges beyond your normal access levels. Buffer Overflows

18 Denial of Service Attacks

19 Ping of Death (n/b) Old bug in Microsoft TCP/IP stack that caused a computer to “blue screen” / crash when an oversized ping packet was received. Even though the bug was fixed in re-appeared on later versions of Windows.

20 SYN Flood

21 SYN Flood (302) Attack – Forge IP SYN packet from downed system – Server responds to fake downed address, which never responds – Connections are “half-open” and use up limited listen queue slots – Stops real new connections from establishing

22 SYN Flood (302) Countermeasures Stop forged packets at ingress/egress routers Patch OS Decrease 3 way handshake timeout values Increase 3 way handshake max connections Use a firewall as a middleman Set registry settings \HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TCPIP\SynAttack Protect = 1 \HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TCPIP\TcpMaxCo nnectResponseRetransmissions >= 2 Mor information regarding SYN flood registry settings at http://technet.microsoft.com/en-us/library/cc938202.aspx

23 Smurf Attack (303)

24 How would a Smurf attack someone? (see next slide) 1.Find site to attack, say www.ebay.comwww.ebay.com 2.Forge Ping packet from www.ebay.com to a BROADCAST network addresswww.ebay.com 3.Watch as the computers on the network all start pinging back www.ebay.comwww.ebay.com Countermeasures Drop forged packets at routers Drop directed broadcasts Drop pings to broadcast addresses

25 Smurf Attack (303)

26 Tear Drop (n/b)

27 Distributed Denial of Service

28 DDoS (304) Distributed Denial of Service – Overwhelm the victim by sheer numbers. Take over computers (bots/zombies) Build a command and control network using masters and slaves. – Often using IRC or other pubic services Control hundreds or thousands of computers and attack another.

29 DDoS (304)

30 Spoofing (304) One entity pretends to be another IP spoofing Email spoofing

31 Man in the Middle (307)

32 Replay Attacks (308) Capturing authentication or session credentials and resending them to gain access. Countermeasures Do not allow credentials to be reused – Time stamps – Counters

33 TCP/IP Hijacking (309) When you cannot steal someone elses passwords or break into a system, steal someone elses connection. 1.Wait for a user to authenticate 2.Determine sequence numbers 3.Knock valid user off network 4.Steal their authenticated connection

34 ARP poisoning (309) ARP poisoning is an attack against a network, where one computer sends a fake ARP reply, in the attempt to trick another computer on the same network to communicate with it instead of the real machine. This can be used as a man in the middle attack, or a straight hijacking attack.

35 DNS Poisoning (n/b) Faking DNS responses in order to trick a computer into going to an attackers site rather than a real site. Example. If I can “poison” your DNS cache and redirect www.bankofamerica.com to my IP address, I could put up a fake site and steal your banking information! (or setup a MiM attack)www.bankofamerica.com

36 Reconnaissance (310) Learning as much as you can about your target you plan on attacking. This is the first step in the hacking process. IP address identification DNS probing PING scanning OS fingerprinting Port Scanning Vulnerability identification

37 Null Sessions (311) In early versions of Windows, un-authenticated users could “browse” the network to see what resources existed on the network. This browsing made use of “Null Sessions” which are network connections allowed without any type of authentication. Hackers can use Null Sessions and browsing to learn about the network and Null sessions should be disabled or limited in their functionality. To fight NULL sessions on windows HKLM\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous = 1 See http://support.microsoft.com/?kbid=246261http://support.microsoft.com/?kbid=246261

38 Domain Name Tasting and Kiting Tasting – registering a domain for 5 days for “free” Kiting – deleting the domain in the 5 day grace period then re-registering it

39 Social Engineering (314 – 318) Trying to trick people into giving you access to a system. Phishing Piggybacking/tailgating Impersonation Dumpster Diving Shoulder Surfing

40 Importance of User Education (318) No security program can be successful if the users are not properly trained on security issues and procedures. Some attacks such as social engineering attacks are best defended by education rather than technical means. Some methods of user education are Training Classes Login banners Centralized email/information dispersal Policies and procedures

Download ppt "Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC."

Similar presentations

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.

Viruses,Hacking and Backups By Grace Mackay 8K Viruses Hacking and Hackers Backups.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.
Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.

Internet Safety for Students Malicious Programs By: Mr. Bradshaw Scott City R-1 Schools.
Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.

Viruses, Hacking, and AntiVirus. What is a Virus? A type of Malware – Malware is short for malicious software A virus – a computer program – Can replicate.
Security+ All-In-One Edition Chapter 13 – Specific Attacks Brian E. Brzezicki.

Security+ All-In-One Edition Chapter 13 – Specific Attacks Brian E. Brzezicki.

Similar presentations

Ads by Google