1 / 9

Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM

Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM adli@kict.iiu.edu.my http://kict.iiu.edu.my/adli. The Plan. Network Based Attacks Client-based Applications Attacks Potential Solutions Conclusion. Network Based Attacks.

phuoc
Download Presentation

Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM adli@kict.iiu.edu.my http://kict.iiu.edu.my/adli

  2. The Plan • Network Based Attacks • Client-based Applications Attacks • Potential Solutions • Conclusion

  3. Network Based Attacks • Attacks that are carried out 'remotely' • Internet or another machine on the LAN • Most literature cover attacking applications that are server based • Always listening on specific port numbers • i.e. Web, mail, ftp, etc • Attacks are essentially in the form of buffer overflows or (that can trigger) DoS

  4. Network Based Attacks (2) • Clients-based applications attacks are increasingly popular • Exploit • Web Browsers • Instant Messengers • Mail Clients

  5. Examples in 2005 • Yahoo! Messenger ymsgr URI Arbitrary Command Execution • Yahoo! Messenger Offline Mode Status Remote Overflow • Gaim Away Message Processing Remote Overflow • Mozilla Firefox IFRAME Width Overflow • Opera Command Line URL Shell Command Injection • Microsoft Windows Shimgvw.dll SETABORTPROC Function Crafted WMF Arbitrary Code Execution

  6. Typical Scenario • User use vulnerable browser to surf net • Firewall allows this • User clicks on site with malicious code • Browser execute code and (maybe) payload • Payload may contain worm that leads to other problems, cause DoS etc

  7. The Issues (1) • Attack techniques are more or less the same – buffer overflow, just different target • Typically use • Some form of social engineering • User click on the URL • Need more than basic perimeter protection • Firewall and IDS • Policy enforcement • How do you make sure that all of the 5000 Pcs in your network uses the updated version of Browser XYZ

  8. Potential Solutions • IDS / IPS • What if malicious attacker is on the same LAN ? • Patch management • Large user base? • Different types of software , tied to policy • OS level • Stack protection in the case of buffer overflow based attacks • What if network is open to all (hotspot) • Antivirus

  9. Conclusion • Attacks don't just target server based programs • Client-based applications are just as vulnerable and targeted by attackers • Complexity in defending the user en-masse • Multiple approaches need to be used to defend the network successfully.

More Related