Presentation is loading. Please wait.

Presentation is loading. Please wait.

COS 413 Day 20. Agenda Assignment 6 is posted –Due Nov 7 (Chap 11 & 12) LAB 7 write-up due tomorrow Lab 8 in OMS tomorrow –Hands-on project 11-1 through.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "COS 413 Day 20. Agenda Assignment 6 is posted –Due Nov 7 (Chap 11 & 12) LAB 7 write-up due tomorrow Lab 8 in OMS tomorrow –Hands-on project 11-1 through."— Presentation transcript:

1 COS 413 Day 20

2 Agenda Assignment 6 is posted –Due Nov 7 (Chap 11 & 12) LAB 7 write-up due tomorrow Lab 8 in OMS tomorrow –Hands-on project 11-1 through 11-4 –We will be working in teams Capstone proposals VERY OVER Due –I have received only 7 proposals Only five have been accepted –Martin, Mitchell, Demers, Southern and Marquis –1 st progress report over due You must have an accepted proposal to send a progress report –proposal and progress reports (on time) are 10% of the grade. Finish Discussion on network forensics Chap 11 We will be doing the Chaps 13, 14, 15 & 16 to finish out this class –Yes that includes mobile devices.

3 Rest of Semester Lectures –Nov 7 Chap 13 Assignment 6 Due –Nov 11 Veteran’s Day – No class –Nov 14 Quiz 3 Chap 12, 12 & 13 Assignment 7 Due –Nov 18 Chap 14 –Nov 21 Chap 14 Assignment 8 Due –Nov 25 Chap 15 –Dec 2 Chap 15 Assignment 9 Due –Dec 5 Chap 16 –Dec 9 Chap 16 Assignment 10 Due –Dec 12 Quiz 4 Chap 13, 14 & 15 Labs –Nov 5 - LAB 8 network forensics LAB 7 due –Nov 12 – No lab Lab 8 due –Nov 19 – Final lab part 1 – Kidnapping case –Nov 28 – thanksgiving break –Dec 3 – Final lab part 2 – Kidnapping case –Dec 10 – Final lab part 3 – Kidnapping case Final lab will count as two labs (lab 9 &10) Write-up will be due Dec 12 Capstone presentations –Dec 19 @ 1 PM

4 Guide to Computer Forensics and Investigations Third Edition Chapter 11 Network Forensics

5 How Hackers Hack  Many Techniques Social Engineering  Get someone to give you their password Cracking  Guessing passwords  A six letter password (no caps) > 300 million possibilities  Merriam-Webster's citation files, which were begun in the 1880s, now contain 15.7 million examples of words used in context and cover all aspects of the English vocabulary. http://www.m-w.com/help/faq/words_in.htm Buffer Overflows  Getting code to run on other PCs Load a Trojan or BackDoor Snoop and Sniff  Steal data Denial of Service (DOS)  Crash or cripple a Computer from another computer Distributed Denial of Service (DDOS)  Crash or cripple a Computer from multiple distributed computers

6 DOS attacks  Kill the PC with one packet Exploits problem in O/S  Teardrop  WinNuke  Kill the PC with lots of packets Smurf Frag Tribal Flood Network

7 SMURF Attack Image from www.circlemudd.org

8 Attacks Requiring Protection  Denial-of-Service (DoS) Attacks Make the system unavailable (crash it or make it run very slowly) by sending one message or a stream of messages. Loss of availability Single Message DOS Attack (Crashes the Victim) ServerAttacker

9 Attacks Requiring Protection  Denial-of-Service (DoS) Attacks Make the system unusable (crash it or make it run very slowly) by sending one message or a stream of messages. Loss of availability. Message Stream DOS Attack (Overloads the Victim) ServerAttacker

10 Distributed Denial-of-Service Attacks Distributed DOS (DDoS) Attack: Messages Come from Many Sources Server DoS Attack Packets Computer with Zombie Computer with Zombie Attacker Attack Command Attack Command

11 Attacks Requiring Protection  Malicious Content Viruses  Infect files propagate by executing infected program  Payloads may be destructive Worms  propagate by themselves Trojan horses  appear to be one thing, such as a game, but actually are malicious Snakes:  combine worm with virus, Trojan horses, and other attacks

12 Trojan’s and BackDoors  The trick is get the a backdoor (unauthorized entry) on a machine Easy way  Get the user to load it himself  Cracked Software (WAREZ)  Free Software (KAZAA) Hard Way  Get a password  Create a buffer overflow Microsoft can teach you how  Most Common Trojans and backdoors SubSeven ServU Netbus Back Orifice  If have download cracked software (illegal) or have loaded KAZAA or downloaded movies (adult or mainstream) chances are that you have been hacked!

13 I get at least one of these a day.

14 SubSeven Control

15 Snoop and Sniff

16 Dangers of Wireless Networking  Wi-Fi was designed as an OPEN technology which provides EASE of ACCESS It’s the hacker’s dream environment See wireless_insecurity.pdfwireless_insecurity.pdf Also http://www.cs.wright.edu/~pmateti/InternetSecurit y/Lectures/WirelessHacks/Mateti- WirelessHacks.htm http://www.cs.wright.edu/~pmateti/InternetSecurit y/Lectures/WirelessHacks/Mateti- WirelessHacks.htm  Common hacks Wardriving Evil twin Cloning Snooping

17 802.11 (in)Security  Attackers can lurk outside your premises In “war driving,” drive around sniffing out unprotected wireless LANs In “drive by hacking,” eavesdrop on conversations or mount active attacks. Site with 802.11 WLAN Outside Attacker Doonesbury July 21, 2002

18 Evil twin hack  Masquerade as a legitimate WiFi access point  Classic man in the middle attack

19 WiFi (& Cell) Cloning  Since all wireless technologies require broadcasting of some sort all you need to do is listen in Scanner  For any device to “connect” it must Indentify, Validate, verify, provide a code or some mechanism Ex, MAC’s, EISN’s, SSN, WEP secrets, etc  Since you can “listen” you can also record Record the first part of any connection Replay it You have just “cloned” the original device

20 Web Bugs  Web Bugs are used to gather information about a users From “bugging” a room  Down by embedding a piece of code monitoring software in a image link Works on WebPages and HTML e-mail Often called Clear gifs  Small 1X1 pixels  Transparent  Made so that uses don’t see them  Every Time the Web Bugs is loaded it gathers info about the user that activated the web bug and sends it off to a remote server

21 DoubleClick Clear GIFs

22 How Phishing Works  Phishing is “fishing for suckers!”  Send a e-mail that mimics the real thing and get the recipient to give their password

23

24 Echelon  Global Electronic Spy network  http://www.hermetic.ch/crypto/echelon/echelon.ht m http://www.hermetic.ch/crypto/echelon/echelon.ht m  It exists but little is known on exactly how it works  The basics Collect all electronic conversations Crack all encrypted stuff Search all conversations for “key words”  Find the “speakers”

25 Guide to Computer Forensics and Investigations25 Using UNIX/Linux Tools (continued) Knoppix-STD tools (continued) –john –chntpw resets passwords on a Windows PC –tcpdump and ethereal are packet sniffers With the Knoppix STD tools on a portable CD –You can examine almost any network system Cheat codes –http://www.knoppix.net/wiki/Cheat_Codeshttp://www.knoppix.net/wiki/Cheat_Codes –knoppix vga=788 ; forces 800x600 FrameBuffer for older monitors

26 Guide to Computer Forensics and Investigations26 Using UNIX/Linux Tools (continued)

27 Guide to Computer Forensics and Investigations27 Using UNIX/Linux Tools (continued) The Auditor –Robust security tool whose logo is a Trojan warrior –Based on Knoppix and contains more than 300 tools for network scanning, brute-force attacks, Bluetooth and wireless networks, and more –Includes forensics tools, such as Autopsy and Sleuth –Easy to use and frequently updated

28 Guide to Computer Forensics and Investigations28 Using Packet Sniffers Packet sniffers –Devices or software that monitor network traffic –Most work at layer 2 or 3 of the OSI model Most tools follow the PCAP format Some packets can be identified by examining the flags in their TCP headers Tools –Tcpdump –Tethereal

29 Packet sniffers Guide to Computer Forensics and Investigations29 IP header

30 Guide to Computer Forensics and Investigations30 Using Packet Sniffers (continued)

31 Guide to Computer Forensics and Investigations31

32 Guide to Computer Forensics and Investigations32 Using Packet Sniffers (continued) Tools (continued) –Snort –Tcpslice –Tcpreplay –Tcpdstat –Ngrep –Etherape –Netdude –Argus –Ethereal –WireShark

33 Guide to Computer Forensics and Investigations33 Using Packet Sniffers (continued)

34 Guide to Computer Forensics and Investigations34 Using Packet Sniffers (continued)

35 Guide to Computer Forensics and Investigations35 Using Packet Sniffers (continued)

36 Guide to Computer Forensics and Investigations36 Examining the Honeynet Project Attempt to thwart Internet and network hackers –Provides information about attacks methods Objectives are awareness, information, and tools Distributed denial-of-service (DDoS) attacks –A recent major threat –Hundreds or even thousands of machines (zombies) can be used http://www.honeynet.org/

37 Guide to Computer Forensics and Investigations37 Examining the Honeynet Project (continued)

38 Guide to Computer Forensics and Investigations38 Examining the Honeynet Project (continued) Zero day attacks –Another major threat –Attackers look for holes in networks and OSs and exploit these weaknesses before patches are available Honeypot –Normal looking computer that lures attackers to it Honeywalls –Monitor what’s happening to honeypots on your network and record what attackers are doing

39 Guide to Computer Forensics and Investigations39 Examining the Honeynet Project (continued) Its legality has been questioned –Cannot be used in court –Can be used to learn about attacks Manuka Project –Used the Honeynet Project’s principles To create a usable database for students to examine compromised honeypots Honeynet Challenges –http://www.honeynet.org/misc/chall.htmlhttp://www.honeynet.org/misc/chall.html –You can try to ascertain what an attacker did and then post your results online

40 Guide to Computer Forensics and Investigations40 Examining the Honeynet Project (continued)

41 Guide to Computer Forensics and Investigations41 Summary Network forensics tracks down internal and external network intrusions Networks must be hardened by applying layered defense strategies to the network architecture Live acquisitions are necessary to retrieve volatile items Standard procedures need to be established for how to proceed after a network security event has occurred

42 Guide to Computer Forensics and Investigations42 Summary (continued) By tracking network logs, you can become familiar with the normal traffic pattern on your network Network tools can monitor traffic on your network, but they can also be used by intruders Bootable Linux CDs, such as Knoppix STD and Helix, can be used to examine Linux and Windows systems The Honeynet Project is designed to help people learn the latest intrusion techniques that attackers are using

Download ppt "COS 413 Day 20. Agenda Assignment 6 is posted –Due Nov 7 (Chap 11 & 12) LAB 7 write-up due tomorrow Lab 8 in OMS tomorrow –Hands-on project 11-1 through."

Similar presentations

Guide to Computer Forensics and Investigations Third Edition

Guide to Computer Forensics and Investigations Third Edition
Guide to Computer Forensics and Investigations Fourth Edition Chapter 11 Virtual Machines, Network Forensics, and Live Acquisitions.

Guide to Computer Forensics and Investigations Fourth Edition Chapter 11 Virtual Machines, Network Forensics, and Live Acquisitions.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 11 Virtual Machines, Network Forensics, and Live Acquisitions.

Guide to Computer Forensics and Investigations Fourth Edition Chapter 11 Virtual Machines, Network Forensics, and Live Acquisitions.
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
Packets and Protocols Chapter Seven Real World Packet Captures.

Packets and Protocols Chapter Seven Real World Packet Captures.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Silberschatz, Galvin and Gagne  2002 19.1 Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.

Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
CSA 223 network and web security Chapter one

CSA 223 network and web security Chapter one
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Distributed Denial of Service Attacks CMPT 471 1 Distributed Denial of Service Attacks Darius Law.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.
COS 125 DAY 9. Agenda  Capstone Projects Proposals (over) Due Timing of deliverables is 10% of Grade Missing 6 proposals 1 st progress report due March.

COS 125 DAY 9. Agenda  Capstone Projects Proposals (over) Due Timing of deliverables is 10% of Grade Missing 6 proposals 1 st progress report due March.

Similar presentations

Ads by Google