Attacks and
This presentation is the property of its rightful owner.
Sponsored Links
1 / 46

Attacks and PowerPoint PPT Presentation


  • 84 Views
  • Uploaded on
  • Presentation posted in: General

Attacks and. Vulnerabilities. Ilya Chalyt Nicholas Egebo. March 7 2005. Topics of Discussion. Reconnaissance Gain information about a system Vulnerabilities Attributes of a system that can be maliciously exploited Attacks Procedures to exploit vulnerabilities. Reference 1.

Download Presentation

Attacks and

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Attacks and

Attacks and

Vulnerabilities

Ilya Chalyt

Nicholas Egebo

March 7 2005


Topics of discussion

Topics of Discussion

  • Reconnaissance

    Gain information about a system

  • Vulnerabilities

    Attributes of a system that can be maliciously exploited

  • Attacks

    Procedures to exploit vulnerabilities

Reference 1


Topics of discussion1

Topics of Discussion

Reconnaissance

  • War Dialing

  • War Driving

  • Port Scanning

  • Probing

  • Packet Sniffing


War dialing reconnaissance

Method

Dial a range of phone numbers searching for modem

Motivation

Locate potential targets

Detection

Detection impossible outside of the telephony infrastructure

Defense

Disconnect unessential modems from outgoing phone lines

War Dialing (Reconnaissance)

Reference 2


War driving reconnaissance

Method

Surveillance of wireless signals in a region

Motivation

Find wireless traffic

Detection

Can only be detected by physical surveillance

Defense

Limit geographic access to wireless signal

War Driving (Reconnaissance)

Reference 3


Port scanning reconnaissance

Method

Send out a SYN packet, check for response

Motivation

Find potential targets

Detection

Traffic analysis

Defense

Close/silence ports

Port Scanning (Reconnaissance)

Reference 4


Probing reconnaissance

Method

Send packets to ports

Motivation

Find specific port information

Detection

Traffic analysis

Defense

Close/silence ports

Probing (Reconnaissance)


Packet sniffing reconnaissance

Method

Capture and analyze packets traveling across a network interface

Motivation

Gain access to information traveling on the network

Detection

None

Defense

Use encryption to minimize cleartext on the network

Packet Sniffing (Reconnaissance)

Reference 5


Topics of discussion2

Topics of Discussion

Vulnerabilities

  • Backdoors

  • Code Exploits

  • Eavesdropping

  • Indirect Attacks

  • Social Engineering


Backdoors vulnerabilities

Backdoors (Vulnerabilities)

  • Bypass normal means of authentication

  • Hidden from casual inspection

  • Installed separately or integrated into software

Reference 6


Code exploits vulnerabilities

Code Exploits (Vulnerabilities)

  • Use of poor coding practices left uncaught by testing

  • Defense: In depth unit and integration testing


Eavesdropping vulnerability

Eavesdropping (Vulnerability)

  • Data transmitted without encryption can be captured and read by parties other than the sender and receiver

  • Defense: Use of strong cryptography to minimize cleartext on the network


Indirect attacks vulnerabilities

Indirect Attacks (Vulnerabilities)

  • Internet users’ machines can be infected with zombies and made to perform attacks

  • The puppet master is left undetected

  • Defense: Train internet users to prevent zombies and penalize zombie owners


Social engineering vulnerability

Social Engineering (Vulnerability)

  • Manipulate the weakest link of cybersecurity – the user – to gain access to otherwise prohibited resources

  • Defense: Train personnel to resist the tactics of software engineering

Reference 7


Topics of discussion3

Topics of Discussion

Attacks

  • Password Cracks

  • Web Attacks

  • Physical Attacks

  • Worms & Viruses

  • Logic Bomb

  • Buffer Overflow

  • Phishing

  • Bots, and Zombies

  • Spyware, Adware, and Malware

  • Hardware Keyloggers

  • Eavesdropping & Playback attacks

  • DDoS


Password cracks brute force

Method

Trying all combinations of legal symbols as username/password pairs

Motivation

Gain access to system

Detection

Frequent attempts to authenticate

Defense

Lockouts – temporary and permanent

Password Cracks: Brute Force

Reference 8


Password cracks dictionary attack

Method

Trying all entries in a collection of strings

Motivation

Gain access to system, faster than brute force

Detection

Frequent attempts to authenticate

Defense

Lockouts – temporary and permanent

Complex passwords

Password Cracks: Dictionary Attack

Reference 8


Password cracks hybrid attack

Method

Trying all entries in a collection of strings adding numbers and symbols concatenating them with each other and or numbers

Motivation

Gain access to system, faster than brute force, more likely than just dictionary attack

Detection

Frequent attempts to authenticate

Defense

Lockouts – temporary and permanent

Password Cracks: Hybrid Attack

Reference 8


Password cracks l0phtcrack

Method

Gain access to operating system’s hash table and perform cracking remotely

Motivation

Gain access to system, cracking elsewhere – no lockouts

Detection

Detecting reading of hash table

Defense

Limit access to system

Password Cracks: l0phtcrack

Reference 8


Web attacks source viewing

Method

Read source code for valuable information

Motivation

Find passwords or commented out URL

Detection

None

Defense

None

Web Attacks: Source Viewing


Web attacks url modification

Method

Manipulating URL to find pages not normally accessible

Motivation

Gain access to normally private directories or pages

Detection

Check website URL logs

Defense

Add access requirements

Web Attacks: URL Modification


Web attacks post data

Method

Change post data to get desired results

Motivation

Change information being sent in your favor

Detection

None

Defense

Verify post data on receiving end

Web Attacks: Post Data


Web attacks database attack

Method

Sending dangerous queries to database

Motivation

Denial of service

Detection

Check database for strange records

Defense

Filter database queries

Web Attacks: Database Attack

Reference 9


Web attacks database insertion

Method

Form multiple queries to a database through forms

Motivation

Insert information into a table that might be unsafe

Detection

Check database logs

Defense

Filter database queries, make them quotesafe

Web Attacks: Database Insertion

Reference 9


Web attacks meta data

Method

Use meta characters to make malicious input

Motivation

Possibly reveal script or other useful information

Detection

Website logs

Defense

Filter input of meta characters

Web Attacks: Meta Data

Reference 10


Physical attack damage

Method

Attack the computer with an axe

Motivation

Disable the computer

Detection

Video Camera

Defense

Locked doors and placed security guards

Physical Attack: Damage


Physical attack disconnect

Method

Interrupt connection between two elements of the network

Motivation

Disable the network

Detection

Pings

Defense

Locked doors and placed security guards

Physical Attack: Disconnect


Physical attack reroute

Method

Pass network signal through additional devices

Motivation

Monitor traffic or spoof a portion of the network

Detection

Camera

Defense

Locked doors and placed security guards

Physical Attack: Reroute


Physical attack spoof mac ip

Method

Identify MAC address of target and replicate

Motivation

Deny target from receiving traffic

Detection

Monitoring ARP requests and checking logs

Defense

None as of now

Physical Attack: Spoof MAC & IP


Worms virus file infectors

Method

Infects executables by inserting itself into them

Motivation

Damage files and spread

Detection

Virus scan or strange computer behavior

Defense

Antivirus, being cautious on the internet

Worms & Virus: File Infectors

Reference 10


Worms virus partition sector infectors

Method

Moves partition sector

Replaces with self

On boot executes and calls original information

Motivation

Damage files and spread

Detection

Virus scan or strange computer behavior

Defense

Antivirus, being cautious on the internet

Worms & Virus: Partition-sector Infectors

Reference 10


Worms virus boot sector virus

Method

Replaces boot loader, and spreads to hard drive and floppies

Motivation

Damage files and spread

Detection

Virus scan or strange computer behavior

Defense

Antivirus, being cautious on the internet

Worms & Virus: Boot-sector virus

Reference 10


Worms virus companion virus

Method

Locates executables and mimics names, changing the extensions

Motivation

Damage files and spread

Detection

Virus scan or strange computer behavior

Defense

Antivirus, being cautious on the internet

Worms & Virus: Companion Virus

Reference 10


Worms virus macro virus

Method

Infects documents, when document is accessed, macro executes in application

Motivation

Damage files and spread

Detection

Virus scan or strange computer behavior

Defense

Antivirus, being cautious on the internet

Worms & Virus: Macro Virus

Reference 10


Worms virus worms

Method

Replicates

Motivation

Variable motivations

Detection

Virus scan or strange computer behavior

Defense

Antivirus, being cautious on the internet

Worms & Virus: Worms

Reference 11


Logic bomb

Method

Discreetly install “time bomb” and prevent detonation if necessary

Motivation

Revenge, synchronized attack, securing get away

Detection

Strange computer behavior

Defense

Keep and monitor logs

Monitor computer systems closely

Logic Bomb


Buffer overflow

Method

Pass too much information to the buffer with poor checking

Motivation

Modify to information and/or execute arbitrary code

Detection

Logs

Defense

Check input size before copying to buffer

Guard return address against overwrite

Invalidate stack to execute instructions

Buffer Overflow

Reference 12 & 13


Phishing

Method

Request information from a mass audience, collect response from the gullible

Motivation

Gain important information

Detection

Careful examination of requests for information

Defense

Distribute on a need to know basis

Phishing


Bots zombies

Method

Installed by virus or worm, allow remote unreserved access to the system

Motivation

Gain access to additional resources, hiding your identity

Detection

Network analysis

Virus scans

Notice unusual behavior

Defense

Install security patches and be careful what you download

Bots & Zombies


Spyware adware and malware

Method

Installed either willingly by the user via ActiveX or as part of a virus package

Motivation

Gain information about the user

Serve users advertisements

Detection

Network analysis

Abnormal computer behavior

Defense

Virus / adware / spyware / malware scans

Spyware, Adware, and Malware


Hardware keyloggers

Method

Attach it to a computer

Motivation

Record user names, passwords, and other private information

Detection

Check physical connections

Defense

Cameras and guards

Hardware Keyloggers


Eavesdropping

Method

Record packets to the network

Attempt to decrypt encrypted packets

Motivation

Gain access to user data

Detection

None

Defense

Strong cryptography

Eavesdropping


Playback attack

Method

Record packets to the network

Resend packets without decryption

Motivation

Mimic legitimate commands

Detection

Network analysis

Defense

Time stamps

Playback Attack


Ddos cpu attack

Method

Send data that requires cryptography to process

Motivation

Occupy the CPU preventing normal operations

Detection

Network analysis

Defense

None

DDoS: CPU attack

Reference 14


Ddos memory attack

Method

Send data that requires the allocation of memory

Motivation

Take up resources, crashing the server when they are exhausted

Detection

Network analysis

Defense

None

DDoS: Memory attack

Reference 14


References

References

  • Amoroso, Edward. Intrusion Detection. Sparta, New Jersey: AT&T Laboratories, 1999.

  • Gunn, Michael. War Dialing. SANS Institute, 2002.

  • Schwarau, Winn. “War-driving lessons,” Network World, 02 September 2002.

  • Bradley, Tony. Introduction to Port Scanning. 2005. <http://netsecurity.about.com/cs/hackertools/a/aa121303.htm> (04 March 2005).

  • Bradley, Tony. Introduction to Packet Sniffing. 2005. <http://netsecurity.about.com/cs/hackertools/a/aa121403.htm> (05 March 2005).

  • Thompson, Ken. “Reflections on Trusting Trust.” Communications of the ACM, Vol. 27, No. 8, August 1985.

  • Mitnick, Kevin. The Art of Deception. Indianapolis, Indiana, 2002.

  • Coyne, Sean. Password Crackers: Types, Process and Tools. ITS Research Labs, 2004

  • Friel, Steve. SQL Injection Attacks by Example. 2005 <http://www.unixwiz.net/techtips/sql-injection.html> (05 March 2005)

  • Lucas, Julie. The Effective Incident Response Team. Chapter 4. 2003

  • Worms versus Viruses. 2004. <http://viruses.surferbeware.com/worms-vs-viruses.htm> (06 March 2005)

  • Grove, Sandeep. “Buffer Overflow Attacks and Their Countermeasures.” Linux Journal. 10 March 2003

  • Levy, Elias. “Smashing the Stack for Fun and Profit”. Phrack Magazine Issue49, Fall 1997.

  • Distributed Denial of Service. 2002 <http://www.tla.org/talks/ddos-ntua.pdf> (05 March 2005)


  • Login