1 / 43

Data and Computer Communications

Data and Computer Communications. Chapter 23 – Computer and Network Security Threats. Ninth Edition by William Stallings. Computer and Network Security Threats.

lixue
Download Presentation

Data and Computer Communications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data and Computer Communications Chapter 23 – Computer and Network Security Threats Ninth Edition by William Stallings Data and Computer Communications, Ninth Edition by William Stallings, (c) Pearson Education - Prentice Hall, 2011

  2. Computer and Network Security Threats The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the change of his not attacking, but rather on the fact that we have made our position unassailable. —The Art of War. Sun Tzu

  3. Computer Security • Key objectives: • confidentiality • integrity • availability

  4. Confidentiality • term covers two related concepts: • Data • assures that private or confidential information is not made available or disclosed to unauthorized individuals • Privacy • assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed

  5. Integrity • term covers two related concepts: • Data integrity • assures that information and programs are changed only in a specified and authorized manner • System integrity • assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system

  6. Availability

  7. Loss of Security • FIPS PUB 199 identifies the loss of security in each category: • Confidentiality • unauthorized disclosure of information • Integrity • unauthorized modification or destruction of information • Availability • disruption of access to or use of information or an information system

  8. Additional Security Objectives Some information security professionals feel that two more objectives need to be added:

  9. Threats and Attacks

  10. Computer and Network Assets, with Examples of Threats

  11. Scope of System Security

  12. Hardware • most vulnerable to attack • least susceptible to automated controls • threats • accidental damage • intentional damage • theft

  13. Software includes operating system, utilities and application programs key threats:

  14. Data • security concerns with respect to data are broad, encompassing: • availability • secrecy • integrity • major concerns with data have to do with:

  15. Communication Lines & Networks • Network Security attack classification:

  16. Active Attacks

  17. Classes of Intruders • Masquerader – usually outsider • penetrates a real users account by pretending to be them • Misfeasor – usually insider • legitimate user who accesses unauthorized areas • Clandestine User – outsider or insider • user who seizes supervisory control of a system in order to avoid prevention, access and detection controls

  18. Behavior Patterns of Intruders:Hackers and Criminals • Hackers • usually high level of competence • share their findings • look for targets of opportunity • Criminals • organized groups of hackers are a common modern threat • typically young • usually have specific targets

  19. Behavior Patterns of Intruders:Insiders

  20. Intrusion Techniques

  21. Malicious Software

  22. Categories of Malicious Software • parasitic • fragments of programs that cannot exist independently of some actual application program, utility, or system program • viruses, logic bombs, backdoors • independent • self-contained programs that can be scheduled and run by the operating system • worms, bots

  23. Terminology of Malicious Programs

  24. Backdoor trapdoor is a secret entry point into a program that can allow unauthorized access to the data backdoors are common among the programming community and are used for a variety of maintenance tasks (maintenance hook) it is important to not allow backdoors into production environments

  25. BOOM Logic Bomb BOOM • predates viruses and worms • code embedded in a legitimate program that will “explode” at a given time or when certain conditions are met • presence or absence of certain files • particular day of the week or date • particular user using the application

  26. Trojan Horse program that contains hidden code that, when invoked, causes harm to the system or system infrastructure it was launched from

  27. Mobile Code • script, macro, or other portable instruction that can be shipped unchanged to a collection of platforms • transmitted from a remote system to a local system and then executed on the local system without the user’s explicit instruction • mechanism for a virus, worm, or Trojan horse • vulnerabilities such as unauthorized data access

  28. Multiple Threat Malware • multipartite – capable of infecting multiple types of files • blended attack – uses multiple methods of infection or transmission to maximize infection speed • Nimda • erroneously referred to as simply a worm • uses a combination of items like email, web servers, web clients, etc. to propagate and infect

  29. Viruses • can do anything other programs can do • attaches itself to a program and executes secretly • once running it can perform any function allowed by the current users rights

  30. Virus Lifecycle

  31. Virus Classification by target by concealment strategy

  32. Target • boot sector infector • infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus • file infector • infects files that the operating system or shell consider to be executable • macro virus • infects files with macro code that is interpreted by an application

  33. Concealment Strategy

  34. E-Mail Viruses • a more recent development in malicious software • Melissa • E-mail virus sends itself to everyone on the mailing list in the user’s e-mail package • virus does local damage on the user’s system • another virus appeared that activates by merely opening the e-mail that contains the virus rather than the attachment

  35. Worms self replicating – usually very quickly usually performs some unwanted function actively seeks out more machines to infect

  36. Worms In the propagation phase the Worm will Phases

  37. Worm Technology Multiplatform – variety of platforms Multi-Exploit – variety of penetration schemes Ultrafast Spreading – accelerated distribution Polymorphic – evades set signatures Metamorphic – evades anomaly detectors Transport Vehicles – used to spread other distributed attack tools Zero Day – exploits a yet unknown vulnerability

  38. Worm Propagation

  39. Bots • AKA – Zombie or Drone • secretly takes over an internet connected computer • launches attacks from that computer that are hard to trace back to the creator • Botnet • collection of Bots that act in a coordinated manner • has 3 characteristics • bot functionality • remote control facility • spreading mechanism

  40. Bot Usage Distributed Denial of Service Attack Spamming Sniffing Traffic Keylogging Spreading of new malware Installing Ads (Adware and SpyWare) Attacking IRC Chat networks Manipulation of online polls / games

  41. Remote Control Facility • distinguishes a bot from a worm • worm propagates itself, bot is controlled from some central facility (initially) • IRC server • all bots join a specific channel on this server and treat incoming messages as commands • control module activates the bots

  42. Constructing the Attack Network • first step in a botnet attack is for the attacker to infect a number of machines with bot software that will be used to carry out the attack • essential ingredients • software that can carry out the attack • vulnerability in a large number of systems • strategy for locating and identifying vulnerable machines • scanning / fingerprinting

  43. Summary • computer security concepts • threats, attacks, and assets • hardware, software, data • intruders • hackers, criminals, insiders • malicious software • Trojan horse, malware • viruses, worms, and bots

More Related