Download

Types of Attacks and Malicious Software






Advertisement
/ 59 []
Download Presentation
Comments
blythe
From:
|  
(873) |   (0) |   (0)
Views: 56 | Added: 22-10-2013
Rate Presentation: 0 0
Description:
Types of Attacks and Malicious Software. Chapter 15. Objectives. Describe various types of computer and network attacks, including denial-of-service, spoofing, hijacking, and password guessing.
Types of Attacks and Malicious Software

An Image/Link below is provided (as is) to

Download Policy: Content on the Website is provided to you AS IS for your information and personal use only and may not be sold or licensed nor shared on other sites. SlideServe reserves the right to change this policy at anytime. While downloading, If for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.











- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -




Slide 1

Types of Attacks and Malicious Software

Chapter 15

Slide 2

Objectives

  • Describe various types of computer and network attacks, including denial-of-service, spoofing, hijacking, and password guessing.

  • Identify the different types of malicious software that exist, including viruses, worms, Trojan horses, logic bombs, time bombs, and rootkits.

  • Explain how social engineering can be used as a means to gain access to computers and networks.

  • Describe the importance of auditing and what should be audited.

Slide 3

Key Terms

  • Drive-by download attack

  • Man-in-the-middle attack

  • Null session

  • Pharming

  • Phishing

  • Ping sweep

  • Port scan

  • Backdoor

  • Birthday attack

  • Botnet

  • Buffer overflow

  • Denial-of-service (DoS) attack

  • Distributed denial-of-service (DDoS) attack

  • DNS kiting

Slide 4

Key Terms (continued)

  • Replay attack

  • Sequence number

  • Smurf attack

  • Sniffing

  • Spear phishing

  • Spoofing

  • Spyware

  • SYN flood

Slide 5

Avenues of Attack

Specific targets

Chosen based on attacker’s motivation

Not reliant on target system’s hardware and software

Targets of opportunity

Systems with hardware or software vulnerable to a specific exploit

Often lacking current security patches

Slide 6

The Steps in an Attack

Conducting reconnaissance

Scanning

Researching vulnerabilities

Performing the attack

Creating a backdoor

Covering tracks

Slide 7

Conducting Reconnaissance

Gather as much information as possible about the target system and organization.

Use the Internet.

Explore government records.

Use tools such as Whois.Net.

Don’t worry yet whether the information being gathered is relevant or not.

Slide 8

Scanning

Identify target systems that are active and accessible.

Ping sweep

Port scan

Identify the operating system and other specific application programs running on system.

Analyzing packet response

Slide 9

Researching Vulnerabilities

Wealth of information available through the World Wide Web

Lists of vulnerabilities in specified OS and application programs

Tools created to exploit vulnerabilities

Slide 10

Performing the Attack

Matching an attack to an indentified vulnerability

Slide 11

Creating a Backdoor

Provides future access to the attacker

May create “authorization” for themselves

Could install an agent

Slide 12

Covering Their Tracks

In an effort to remain undetected, attackers endeavor to cover their tracks:

Erase pertinent log files from the system.

Change file time stamps to appear unaltered.

Slide 13

Minimizing Possible Avenues of Attack

Ensure all patches are installed and current.

Limit the services being run on the system.

Limits possible avenues of attack

Reduces number of services the administrator must continually patch

Limit the amount of publicly available data about the system and organization.

Slide 14

Attacking Computer Systems and Networks

An attack is an attempt by an unauthorized person to:

Gain access to or modify information

Assume control of an authorized session

Disrupt the availability of service to authorized users

Slide 15

Attacking Computer Systems and Networks (continued)

Variety of methods used to carry out attacks

Attacks on specific software

Rely on code flaws or software bugs

Indicates lack of thorough code testing

Attacks on a specific protocol or service

Take advantage of or use a service or protocol in an unintended manner

Slide 16

Types of Attacks

Denial-of-service

Backdoors/Trapdoors

Null sessions

Sniffing

Spoofing

Man-in-the-middle

Replay

TCP/IP hijacking

  • Drive-by downloads

  • Phishing/pharming

  • Attacks on encryption

  • Address system attacks

  • Password guessing

  • Hybrid attack

  • Birthday attack

Slide 17

Denial-of-Service Attack

Exploit known identified vulnerabilities

Purpose is to prevent normal system operations for authorized users

Can be accomplished in multiple ways

Take the system offline

Overwhelm the system with requests

Slide 18

SYN Flood Attack

An example of a DoS attack targeting a specific protocol or service

Illustrates basic principles of most DoS attacks

Exploit a weakness inherent to the function of the TCP/IP protocol

Uses TCP three-way handshake to flood a system with faked connection requests

Slide 19

TCP Three-Way Handshake

System 1 sends SYN packet to System 2.

System 2 responds with SYN/ACK packet.

System 1 sends ACK packet to System 2 and communications can then proceed.

Slide 20

Steps of a SYN Flood Attack

Communication request sent to target system.

Target responds to faked IP address.

Target waits for non-existent system response.

Request eventually times out.

If the attacks outpace the requests timing-out, then systems resources will be exhausted.

Slide 21

SYN Flood Attack

Slide 22

Distributed Denial-of-Service Attack (DDoS)

Goal is to deny access or service to authorized users

Uses resources of many systems combined into an attack network

Overwhelms target system or network

With enough attack agents, even simple web traffic can quickly affect a large website

Slide 23

Denial-of-Service Attack

Slide 24

Ping of Death (POD)

Another example of a DoS attack.

Illustrates an attack targeting a specific application.

Attacker sends ICMP ping packet > 64KB.

This ping packet size should not occur naturally.

ICMP packet will crash certain systems unable to handle it.

Slide 25

Preventing DoS & DDoS Attacks

Ensure necessary patches and upgrades remain current.

Change time-out period for TCP connections.

Distribute workload across several systems.

Block external ICMP packets at border.

Slide 26

Trapdoors and Backdoors

Trapdoor

Hard-coded access built into the program

Ensures access should normal access methods fail

Creates vulnerability in systems using the software

Backdoor

Ensures continued unrestricted access in the future

Attackers implant them in compromised systems

Can be installed inadvertently with a Trojan horse

Slide 27

Null Sessions

A connection to a Windows inter-process communication share (IPC$)

Systems prior to XP and Server 2003 are vulnerable.

Used by a variety of exploit tools and malware.

No patch is available.

Options to counter the vulnerability

Upgrade systems to Windows XP or newer version

Only allow trusted users access to TCP ports 139 and 445

Slide 28

Sniffing

Attacker observes all network traffic.

Software, hardware, or combination of the two

Ability to target specific protocol, service, string of characters, etc.

May be able to modify some or all traffic in route

Network administrators can use to monitor and troubleshoot network performance.

Slide 29

Sniffing (continued)

  • Physical security is key in preventing introduction of sniffers on the internal network.

Slide 30

Spoofing

True source of data is disguised:

Commonly accomplished by altering packet header information with false information

Can be used for a variety of purposes

Spoofing e-mail:

From address differs from sending system

Recipients rarely question authenticity of the e-mail

Slide 31

IP Address Spoofing

Slide 32

Spoofing and Trusted Relationships

Slide 33

Sequence Numbers

SYN packets include an original sequence number.

Sequence numbers are incremented by 1 and sent back with ACK packets.

Slide 34

Spoofing and Sequence Numbers

  • Attacker must use correct sequence number:

  • TCP packet sequence numbers are 32-bit.

  • Sequence numbers are incremented by 1.

  • Very difficult to guess.

  • Insider attacks vs. external attacks

Slide 35

Man-in-the-Middle Attack

Attacker is positioned between two target hosts:

Typically accomplished through router manipulation

Traffic redirected to attacker, then forwarded on

Benefits:

Attacker can intercept, modify, and/or block traffic

Communication appears normal to target hosts

Limitation:

Useful data collection reduced if traffic is encrypted

Slide 36

Man-in-the-Middle Attack (continued)

Slide 37

Replay Attack

Attacker intercepts part of an exchange between two hosts and retransmits message later.

Often used to bypass authentication mechanisms

Prevented by encrypting traffic, cryptographic authentication, and time-stamping messages.

Slide 38

TCP/IP Hijacking

Assume control of an already existing session:

Attacker circumvents authentication.

Can be disguised with a DoS attack.

Typically used against web and Telnet sessions.

Slide 39

Drive-by Download Attack

Unsolicited malware downloads

May be hidden in legitimate ads or hosted from web sites that prey on unaware users

Slide 40

Phishing and Pharming

Phishing

Fraudulent e-mails designed to trick users into divulging confidential information

Pharming

Fake web sites created to elicit authentic user credentials

Slide 41

Attacks on Encryption

Cryptanalysis attempts to crack encryption

Common methods

Weak keys

Exhaustive search of key space

Indirect attacks

Slide 42

Password Attacks

Most common user authentication is combination of user ID and password.

A compromised password typically indicates a failure to adhere to good password procedures.

Slide 43

Password Attacks (continued)

Password attack methods

Guess

Dictionary

Brute force

Hybrid

Birthday

Slide 44

Software Exploitation

Take advantage of software bugs/weaknesses

Results from poor design, inadequate testing, or inferior code practices.

Buffer overflow attack

Most common example of software exploitation

Program receives more input than it can handle.

Program may abort, crash the entire system, or allow attacker to execute malicious commands

Slide 45

Malicious Code

Viruses

Trojan horses

Spyware

Logic bombs

Rootkits

Worms

Zombies and botnets

Slide 46

Viruses

Replicate and attach to executable code

Best-known malicious code

Common types:

Boot Sector virus

Program virus

Macro virus

Stealth virus

Polymorphic virus

Slide 47

Trojan Horses

Software that appears to do one thing but contains hidden functionality

Standalone program that must be installed by user

Disguised well enough to entice user

Delivers payload without user’s knowledge

Prevention

Never run software of unknown origin or integrity.

Keep virus-checking program running continuously.

Slide 48

Spyware

Software capable of recording and reporting a users actions:

Typically installed unbeknownst to users

Monitors software and system use

Can steal information through keylogging

Many states have banned spyware and other unauthorized software:

Organizations circumvent with complex EULAs

Slide 49

Logic Bombs

Malicious code dormant until triggered by a specified future event:

Usually installed by authorized user

Reinforces need for backups

A time bomb is similar to the logic bomb, but delivers payload at a predetermined time/date.

Slide 50

Rootkits

Modifies OS kernel or other process on system

Originally designed to grant root access

Designed to avoid being detected and deleted

Support a variety of malware

Often operating unbeknownst to user

Found in OS kernel, application level, firmware, etc.

Slide 51

Types of Rootkits

Firmware

Virtual

Kernel

Library

Application level

Slide 52

Worms

Code that penetrates and replicates on systems

Doesn’t need to attach to other files or code

Spread by a variety of methods such as e-mail, infected web sites, and P2P sharing networks

Examples

Morris worm, Love Bug, Code Red, and Samy worm

Slide 53

Worms (continued)

Key steps in preventing worms:

Install all patches.

Use firewalls.

Implement an intrusion detection system.

Eliminate unnecessary services.

Use extreme caution with e-mail attachments.

Slide 54

Zombies and Botnets

Malware installed on machines creates zombies under the control of the attacker.

Large networks of zombies are called botnets.

Some attacker’s botnets have 1,000,000+ zombies.

Botnets are responsible for millions of spam messages daily.

Slide 55

Malware Defense

Attacks typically exploit multiple vulnerabilities

Network, OS, application, and user level

Steps to prevent malware

Use an antivirus program.

Ensure all software is up-to-date.

Slide 56

War-dialing and War-driving

War-dialing attempts to find unprotected modem connections to a system over phone lines.

New telephone firewalls restrict access.

War-driving involves traveling around an area in search of vulnerable wireless networks.

Slide 57

Social Engineering

Manipulating authorized users into providing access to an attacker

Applies to both virtual and physical access

Slide 58

Security Auditing

Should be conducted on a regular basis

May be mandated depending on the industry

Can be contracted out to a another party

Focus on

Security perimeter

Policies, procedures, and guidelines governing security

Employee training

Slide 59

Chapter Summary

  • Describe various types of computer and network attacks, including denial-of-service, spoofing, hijacking, and password guessing.

  • Identify the different types of malicious software that exist, including viruses, worms, Trojan horses, logic bombs, time bombs, and rootkits.

  • Explain how social engineering can be used to gain access to computers and networks.

  • Describe the importance of auditing and what should be audited.


Copyright © 2014 SlideServe. All rights reserved | Powered By DigitalOfficePro