Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Similar presentations


Presentation on theme: "1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?"— Presentation transcript:

1 1 Topic 1 – Lesson 3 Network Attacks Summary

2 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate? ► How does spoofing work? How to mitigate? ► A step by step description of DoS attacks; How to mitigate? ► Compare virus, worms, and Trojan Horses  How to mitigate? ► How do malicious applets work? How to mitigate? ► How do war dialers work? How to mitigate? ► How do logic bombs work? How to mitigate? ► How do buffer overflow attacks work? How to mitigate? ► How can hackers use social engineering tactic? How to mitigate? ► How does dumpster diving work? How to mitigate?

3 3 Compare passive attacks and active attacks ► Passive attacks eavesdrop ► Active attacks change data ► Defeating passive attacks should focus on detection ► Active attacks are malicious and will directly cause damage ► 4 example active attacks: masquerade, replay, denial of service, modification ► Active attacks generally are preceded by passive attacks

4 4 How do packet sniffers work? How to mitigate? ► Packet sniffers are discovering information by listening in ► Packet sniffers are passive attacks & do not alter data ► How to mitigate  Use encryption to prevent sniffing  Use one time passwords to help defeat  Packet sniffers are hard to detect because they do not alter network traffic

5 5 How does spoofing work? How to mitigate? ► Spoofing is a camouflage technique ► Three common types of spoofing attacks  IP spoofing  Email address spoofing: fake an email address  Web page spoofing: fake a web page ► How to mitigate?  Sender-side access control: Filters can stop people from sending out spoofed IP packets or emails  Receiver-side access control: need to know whether an arriving packet is spoofed  Cryptography and authentication may help  IP address-based authentication is limited: why?  Mitigation difficult if you have trusted systems outside your network; You should use firewalls

6 6 A step by step description of DDoS attacks; How to mitigate? ► Step 1: the attacker breaks into 1001 computers ► Step 2: the attacker installs the master program on one computer and the daemon software on the other 1000 computers ► Step 3: the attacker picks a victim ► Step 4: when the attacker launches the DDoS attack, the attacker will instruct the master program to launch the attack; then the master program will instruct the 1000 daemons to send a lot packets to the victim ► How to mitigate?  Ways to stop server from crashing are limiting nonessential traffic  Hard to defend because they look like normal traffic  Harder to defend because they spoof IP addresses

7 7 Compare virus, worms, and Trojan Horses. How to mitigate? ► In Lesson 2, we clarified the differences between virus and worms ► Trojan horses are a special type of virus ► A Trojan horse refers to a computer program that does things more than it claims. ► One possible purpose of Trojan horses is to get passwords and info and send back ► How to mitigate?  Use antivirus software  Only downloading from trusted web sites  Do not execute unknown applications/tools

8 8 On Trojan Horses A clean program, e.g., a tool A clean program, e.g., a tool Being attacked Malicious code A Trojan Horse

9 9 How do malicious applets work? How to mitigate? ► Java applets are embedded in web pages ► When you open a web page or click a hyperlink, a malicious applet could be executed on your computer ► Applets compromise privacy and security by stealing passwords and modifying files, and spoofing email ► How to mitigate?  Disable java to avoid

10 10 How do war dialers work? How to mitigate? ► Dial numerous numbers and try to establish an illegal connection ► Break into a computer via its dial-up connection ► How to mitigate?  Change passwords and do not use dialup. Use strong passwords.  Do not use dictionary words.  Less vulnerability using Ethernet connection.

11 11 How do logic bombs work? How to mitigate? ► Logic bombs can be viewed as a special type of Trojan horses ► A typical Trojan horse will be activated whenever the infected software program is executed; however, logic bombs typically stay dormant until certain conditions are satisfied. ► Can be deployed by worm or viruses? -- Yes ► Can be internal attacks from employees. ► How to mitigate?  Can be detected and removed by virus scanning  Tripwire: a tool to check if a program is modified by the attacker ► Hash the original program: a hash is a unique value based on content of the program file, and if content changes then hash value changes

12 12 How can hackers use social engineering tactic? How to mitigate? ► Take advantage of human characteristics ► Talk unsuspecting employees out of sensitive info. ► Comprehensive security policies will help ► Employees should be educated about this threat

13 13 How does dumpster diving work? How to mitigate? ► Sift through a company’s garbage to find information to help break into the computers ► Sensitive documents should be shredded

14 14 How do buffer overflow attacks work? How to mitigate? ► When a web server is executed, its stack contains the return address ► The hacker sends a carefully crafted URL request message to the web server  The request contains a piece of code ► The request text overwrites the stack and the return address is changed ► The changed return address will mislead the CPU to execute the code contained in the attacking message ► More than 90% percent of real world hacking is via buffer overflow

15 15 Buffer overflow in depth code Input buffer stack other data Step 1. The hacker sends a malicious URL request Return address code other data New Return addr Malicious code The message A Web Server Inside RAM http://www.cnn. com/a/b/c/x.html A normal URL request http://www.x.y


Download ppt "1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?"

Similar presentations


Ads by Google