Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc."— Presentation transcript:

1 Security: Attacks

2 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc The program has to get to the computer somehow –Cracker hides it as a new game, e-card, windows update site, etc. When run, Trojan Horse executes with user’s privileges Examples: –Hide program in path directory as a common typo: la for ls –Malicious user puts malicious ls in directory, and attracts superuser Malicious ls could make user the superuser Denning’s paper 1999

3 3 Login Spoofing Specialized case of Trojan Horse –Attacker displays a custom screen that user thinks belong to the system –User responds by typing in user name and password –Can be circumvented by key sequence that user programs cannot catch: e.g. CTRL+ALT+DEL in Windows

4 4 Logic Bombs Piece of code, in the OS or app, which is dormant until a certain time has elapsed or event has occurred –Event could be missing employee record from payroll Could act as a Trojan Horse/virus once triggered Also called “slag code” or “time bomb” Recovery options for a firm include: –Calling the police –Rehiring the programmer

5 5 Trap Doors Code in system inserted by programmer to bypass normal check Ken Thompson “Reflections on Trusting Trust” –Hole in UNIX system utility; enforced by C compiler

6 6 Buffer Overflow C compiler does no array bounds checking –A number of programs a written in C –Cracker can force his routine to run by violating array bounds

7 7 Viruses and Worms Virus is a program that reproduces itself by attaching its code to another program –They require human intervention to spread –Melissa, I LOVE YOU spread by e-mail Worms actively replicate without a helper program –Is a subclass of virus, but does not require user intervention –Sasser and Blaster targeted machines with out of date software

8 8 Denial of Service Client sends a legitimate-looking request for service to a service provider Service provider commits the necessary resources to provide the service –Ports, buffer space, bandwidth The resources are wasted, legitimate users get diminished service –Usually launched from many computers controlled by attackers Possible whenever the cost to ask for service is far cheaper than the cost of providing it –Challenge-response mechanism, selective packet tagging

9 9 Other Network Attacks Protocol attacks: –E.g. IEEE 802.11 WEP Brute force attacks Use Network Firewalls to reduce security risk

Download ppt "Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc."

Similar presentations

Presented by: Melissa Dark CERIAS, Purdue University.

Presented by: Melissa Dark CERIAS, Purdue University.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Unit 18 Data Security 1.

Unit 18 Data Security 1.
Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.

Exploits Dalia Solomon. Categories Trojan Horse Attacks Trojan Horse Attacks Smurf Attack Smurf Attack Port Scan Port Scan Buffer Overflow Buffer Overflow.
Trojan Horse Program Presented by : Lori Agrawal.

Trojan Horse Program Presented by : Lori Agrawal.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.

James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Malicious Attacks Angela Ku Adeline Li Jiyoung You Selena Yuen.

Malicious Attacks Angela Ku Adeline Li Jiyoung You Selena Yuen.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.

1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.
Nasca 2007 100 200 300 400 500 Internet Networking and Security viruses.

Nasca Internet Networking and Security viruses.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Similar presentations

Ads by Google