Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © Center for Systems Security and Information Assurance

Published byEileen Christal Barrett Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © Center for Systems Security and Information Assurance"— Presentation transcript:

1 Copyright © Center for Systems Security and Information Assurance
Lesson Five Threats and Attacks Copyright © Center for Systems Security and Information Assurance

2 Copyright © Center for Systems Security and Information Assurance
Lesson Objectives Identify the different types of information system attacks. Describe the effect and countermeasures for each attack. Match the type of Denial-of-service attack with the correct description. Explain the process of spoofing. Match the type of spoofing with its correct description. Copyright © Center for Systems Security and Information Assurance

3 Information System Security Threats
Passive Attack Listen to system passwords Release of message content Traffic analysis Data capturing Active Attack Attempt to log into someone else’s account Wire taps Denial of services Masquerading Message modifications Copyright © Center for Systems Security and Information Assurance

4 Information System Security Threats
Impersonation Eavesdropping Denial-of-Service Packet Replay Packet Modification Copyright © Center for Systems Security and Information Assurance

5 Copyright © Center for Systems Security and Information Assurance
Specific Attacks ARP Attack Brute Force Attack Worms Flooding Sniffers Spoofing Redirected Attacks Tunneling Attack Spoofing includes Address Spoofing Sequence Number Attack Session Hijacking Web, DNS, URL Spoofing Copyright © Center for Systems Security and Information Assurance

6 Denial-of-Service Attacks
An incident in which a user or organization is deprived of the services of a resource that they would normally expect to have The loss of service is related to a specific network service, such as or DNS Attacks against DNS can force the loss of all services since names cannot be resolved Copyright © Center for Systems Security and Information Assurance

7 Denial-of-Service Facts
Common methods of attacks against information stores like web sites Simple and usually quite effective Does not pose a direct threat to sensitive data The attacker usually tries to prevent a service from being used, not actually compromises it Attackers typically go for high visibility targets such as the web server, or for infrastructure targets like routers and network links Copyright © Center for Systems Security and Information Assurance

8 Denial-of-Service Example
For example, if a mail server is capable of receiving and delivering 10 messages a second, an attacker simply sends 20 messages per second. The legitimate traffic (as well as a lot of the malicious traffic) will get dropped, or the mail server might stop responding entirely. This type of an attack may be used as a diversion while another attack is made to actually compromise systems In addition, administrators are likely to make mistakes during an attack and possibly change a setting that creates a vulnerability that can be exploited Copyright © Center for Systems Security and Information Assurance

9 Types of Denial-of-Service Attacks
Buffer Overflow Attacks SYN Flood Attack Teardrop Attacks Smurf Attack DNS Attacks Attacks Physical Infrastructure Attacks Viruses/Worms Copyright © Center for Systems Security and Information Assurance

10 DoS - Buffer Overflow Attacks
The most common DoS attack is simply to send more traffic to a device than the program anticipates that someone might send. Copyright © Center for Systems Security and Information Assurance

11 Copyright © Center for Systems Security and Information Assurance
DoS - SYN Flood Attack When connection sessions are initiated between a client and server in a network, a very small space exists to handle the usually rapid "hand-shaking" exchange of messages that sets up a session. The session-establishing packets include a SYN field that identifies the sequence order. To cause this kind of attack, an attacker can send many packets, usually from a spoofed address, thus ensuring that no response is sent. Copyright © Center for Systems Security and Information Assurance

12 Copyright © Center for Systems Security and Information Assurance
DoS - Teardrop Attack Exploit the way that the Internet Protocol (IP) requires a packet that is too large for the next router to handle be divided into fragments. The fragmented packet identifies an offset to the beginning of the first packet that enables the entire packet to be reassembled by the receiving system. In the teardrop attack, an attacker's IP puts a confusing value in the second or later fragment. If the receiving operating system cannot cope with such fragmentation, then it can cause the system to crash. Copyright © Center for Systems Security and Information Assurance

13 Copyright © Center for Systems Security and Information Assurance
DoS - Smurf Attack In a Smurf Attack, the attacker sends an IP ping request to a network site. The ping packet requests that it be broadcast to a number of hosts within that local network. The packet also indicates that the request is from a different site, i.e. the victim site that is to receive the denial of service. This is called IP Spoofing--the victim site becomes the address of the originating packet. The result is that lots of ping replies flood back to the victim host. If the flood is big enough then the victim host will no longer be able to receive or process "real" traffic. Copyright © Center for Systems Security and Information Assurance

14 Copyright © Center for Systems Security and Information Assurance
DoS - DNS Attacks A famous DNS attack was a DDoS "ping" attack. The attackers broke into machines on the Internet (popularly called "zombies") and programmed them to send streams of forged packets at the 13 DNS root servers via intermediary legitimate machines. The goal was to clog the servers, and communication links on the way to the servers, so that useful traffic was gridlocked. The assault is not DNS-specific--the same attack has been used against several popular Web servers in the last few years. The domain name system--the global directory that maps names to Internet Protocol addresses. Copyright © Center for Systems Security and Information Assurance

15 Copyright © Center for Systems Security and Information Assurance
DoS - Attacks If you’re using Microsoft Outlook the script reads your address book and sends a copy of itself to everyone listed there, thus propagating itself around the Internet.  The script then modifies your computer’s registry so that the script runs itself again when you restart.  The ILOVEYOU virus is an example of an attack. The text portion of the message asks you to open the attachment. Copyright © Center for Systems Security and Information Assurance

16 DoS - Physical Infrastructure Attacks
Someone can just simply snip your cables! Fortunately this can be quickly noticed and dealt with. Other physical infrastructure attacks can include recycling systems, affecting power to systems and actual destruction of computers of storage devices. Copyright © Center for Systems Security and Information Assurance

17 Copyright © Center for Systems Security and Information Assurance
DoS - Viruses/Worms Viruses or worms, which replicate across a network in various ways, can be viewed as denial-of-service attacks where the victim is not usually specifically targeted but simply a host unlucky enough to get the virus. Available bandwidth can become saturated as the virus/worm attempts to replicate itself and find new victims. This type of DoS attack can range from not noticeable to show-stopper depending on the characteristics of the virus/worm. Copyright © Center for Systems Security and Information Assurance

18 Malicious Code Attacks
Refers to viruses, worms, Trojan horses, logic bombs, and other uninvited software Damage personal computers, but also attacks systems that are more sophisticated Actual costs attributed to the presence of malicious code have resulted primarily from system outages and staff time involved in repairing the systems Costs can be significant Copyright © Center for Systems Security and Information Assurance

19 Packet Sniffing Attacks
Most organization LANs are Ethernet networks On Ethernet-based networks, any machine on the network can see the traffic for every machine on that network Sniffer programs exploit this characteristic, monitoring all traffic and capturing the first 128 bytes or so of every unencrypted FTP or Telnet session (the part that contains user passwords) It is estimated that in the last year more than 100,000 systems were victims of packet sniffers Copyright © Center for Systems Security and Information Assurance

20 Information Leakage Attacks
Attackers can sometimes get data without having to directly use your computers Exploit Internet services that are intended to give out information Induce these services to reveal extra information or to give it out to unauthorized people Many services designed for use on local area networks do not have the security needed for safe use across the Internet Thus these services become the means for important information leakage Copyright © Center for Systems Security and Information Assurance

21 Social Engineering Attacks
Hacker-speak for tricking a person into revealing some confidential information An attack based on deceiving users or administrators at the target site Done to gain illicit access to systems or useful information The goals of social engineering are fraud, network intrusion, industrial espionage, identity theft, etc. Typically carried out by telephoning users or operators and pretending to be an authorized user or an administrator Copyright © Center for Systems Security and Information Assurance

22 Information Security Threat Agents
Internal Employees Various studies indicate that internal employees are responsible for more than half the attacks. Hackers A real danger to most organizational computer systems linked by networks. From outside the organization, sometimes from another continent, hackers break into computer systems and compromise the privacy and integrity of data before the unauthorized access is even detected. Black-hat Hackers Gray-hat Hackers Hacktivists Copyright © Center for Systems Security and Information Assurance

23 Information Security Threat Agents
Script Kiddies use existing and easy-to-find techniques, programs or scripts to search for and exploit weaknesses in other computers on the Internet. Competitors organizations can try to hack into your network or system to gain that extra edge in their business. The types of information they usually look for are related to manufacturing and product development, sales and cost data, client lists, technology, research and planning. Copyright © Center for Systems Security and Information Assurance

24 Top Vulnerabilities to Windows Systems
Internet Information Services (IIS) Microsoft SQL Server (MSSQL) Windows Authentication Internet Explorer (IE) Windows Remote Access Services Microsoft Data Access Components (MDAC) Windows Scripting Host (WSH) Microsoft Outlook and Outlook Express Windows Peer to Peer File Sharing (P2P) Simple Network Management Protocol (SNMP) Copyright © Center for Systems Security and Information Assurance

25 Top Vulnerabilities to Unix/Linux Systems
BIND Domain Name System Remote Procedure Calls (RPC) Apache Web Server General UNIX Authentication Accounts with No Passwords or Weak Passwords Clear Text Services Sendmail Simple Network Management Protocol (SNMP) Secure Shell (SSH) Misconfiguration of Enterprise Services NIS/NFS Open Secure Sockets Layer (SSL) Copyright © Center for Systems Security and Information Assurance

Download ppt "Copyright © Center for Systems Security and Information Assurance"

Similar presentations

IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 376 NOVEMBER 5, DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.
NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.

NETWORK SECURITY ADD ON NOTES MMD © Oct2012. IMPLEMENTATION Enable Passwords On Cisco Routers Via Enable Password And Enable Secret Access Control Lists.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Lesson 3-Hacker Techniques

Lesson 3-Hacker Techniques
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Types of Attacks, Hackers Motivations and Methods

Types of Attacks, Hackers Motivations and Methods
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Similar presentations

Ads by Google