Security attacks
Download
1 / 37

Security Attacks - PowerPoint PPT Presentation


  • 94 Views
  • Uploaded on

Security Attacks. Objectives. Identify attacker profiles Describe basic attacks Describe identity attacks Identify denial of service attacks Define malicious code (malware). Attacker Profiles. Understanding Basic Attacks.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Security Attacks' - wayne-norman


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Objectives
Objectives

  • Identify attacker profiles

  • Describe basic attacks

  • Describe identity attacks

  • Identify denial of service attacks

  • Define malicious code (malware)



Understanding basic attacks
Understanding Basic Attacks

  • Today, the global computing infrastructure is most likely target of attacks

  • Basic Attacks

    • Physical Attacks

    • Social Engineering

    • Password Attacks

    • Weak Cryptographic Keys

    • Mathematical Attacks

    • Birthday Attacks


Environmental attacks
Environmental Attacks

Electricity. Computing equipment requires electricity to function; hence, it is vital that such equipment has a steady uninterrupted power supply.

Temperature. Computer chips have a natural operating temperature and exceeding that temperature significantly can severely damage them.

Limited conductance. Because computing equipment is electronic, it relies on there being limited conductance in its environment. If random parts of a computer are connected electronically, then that equipment could be damaged by a short circuit (e.g., in a flood).

5


Eavesdropping
Eavesdropping

  • Eavesdropping is the process of secretly listening in on another person’s conversation.

  • Protection of sensitive information must go beyond computer security and extend to the environment in which this information is entered and read.

  • Simple eavesdropping techniques include

    • Using social engineering to allow the attacker to read information over the victim’s shoulder

    • Installing small cameras to capture the information as it is being read

    • Using binoculars to view a victim’s monitor through an open window.

  • These direct observation techniques are commonly referred to as shoulder surfing.

6


Wiretapping
Wiretapping

Many communication networks employ the use of inexpensive coaxial copper cables, where information is transmitted via electrical impulses that travel through the cables.

Relatively inexpensive means exist that measure these impulses and can reconstruct the data being transferred through a tapped cable, allowing an attacker to eavesdrop on network traffic.

These wiretapping attacks are passive, in that there is no alteration of the signal being transferred, making them extremely difficult to detect.

7


Signal eminations
Signal Eminations

Computer screens emit radio frequencies that can be used to detect what is being displayed.

Visible light reflections can also be used to reconstruct a display from its reflection on a wall, coffee mug, or eyeglasses.

Both of these require the attacker to have a receiver close enough to detect the signal.

8


Acoustic emissions
Acoustic Emissions

sound recording

device

microphone to

capture keystroke

sounds

Dmitri Asonov and Rakesh Agrawal published a paper in 2004 detailing how an attacker could use an audio recording of a user typing on a keyboard to reconstruct what was typed.

  • Each keystroke has minute differences in the sound it produces, and certain keys are known to be pressed more often than others.

  • After training an advanced neural network to recognize individual keys, their software recognized an average 79% of all keystrokes.

9


Hardware keyloggers
Hardware Keyloggers

USB Keylogger

A keylogger is any means of recording a victim’s keystrokes, typically used to eavesdrop passwords or other sensitive information.

Hardware keyloggers are typically small connectors that are installed between a keyboard and a computer.

For example, a USB keylogger is a device containing male and female USB connectors, which allow it to be placed between a USB port on a computer and a USB cable coming from a keyboard.

10


Tempest
TEMPEST

  • TEMPEST is a U.S. government code word for a set of standards for limiting information-carrying electromagnetic emanations from computing equipment.

  • TEMPEST establishes three zones or levels of protection:

    • An attacker has almost direct contact with the equipment, such as in an adjacent room or within a meter of the device in the same room.

    • An attacker can get no closer than 20 meters to the equipment or is blocked by a building to have an equivalent amount of attenuation.

    • An attacker can get no closer than 100 meters to the equipment or is blocked by a building to have an equivalent amount of attenuation.

11


Emanation blockage
Emanation Blockage

To block visible light emanations, we can enclose sensitive equipment in a windowless room.

To block acoustic emanations, we can enclose sensitive equipment in a room lined with sound-dampening materials.

To block electromagnetic emanations in the electrical cords and cables, we can make sure every such cord and cable is well grounded and insulated.

12


Faraday cages
Faraday Cages

To block electromagnetic emanations in the air, we can surround sensitive equipment with metallic conductive shielding or a mesh of such material, where the holes in the mesh are smaller than the wavelengths of the electromagnetic radiation we wish to block.

Such an enclosure is known as a Faraday cage.

13


Social engineering
Social Engineering

  • Not limited to telephone calls or dated credentials

  • Dumpster diving: digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away

  • Phishing: sending people electronic requests for information that appear to come from a valid source. Now includes social networking sites (Facebook, Twitter, etc.)

    • Often generated by organized attackers. In 2009, ¼ of all phishing believed to be done by “Avalanche”.


Social engineering1
Social Engineering

  • Unauthorized access to offices

    • Proper preparation.

    • Fake credentials

    • “Tailgating”

    • Build Relationships (cookies & chocolate)

    • USB Drops

    • Reflections off of nearby objects


Social engineering soln
Social Engineering (soln.)

  • Develop strong instructions or company policies regarding:

    • When passwords are given out

    • Who can enter the premises

    • What to do when asked questions by another employee that may reveal protected information

  • Educate all employees about the policies and ensure that these policies are followed


How a password is stored?

User

Password file

Dog124

Butch:ASDSA

21QW3R50E

ERWWER323

hash function


Strong Passwords

  • What is a strong password

    • UPPER/lower case characters

    • Special characters

    • Numbers

  • When is a password strong?

    • Seattle1

    • M1ke03

    • P@$$w0rd

    • TD2k5secV

18


Password Complexity

  • A fixed 6 symbols password:

    • Numbers 106 = 1,000,000

    • UPPER or lower case characters 266 = 308,915,776

    • UPPER and lower case characters 526 = 19,770,609,664

    • 32 special characters (&, %, $, @, “, |, ^, }, etc.)326 = 1,073,741,824

  • 94 practical symbols available

    • 946 = 689,869,781,056

  • ASCII standard 7 bit 27 =128 symbols

    • 1286 = 4,398,046,511,104

Odd characters make passwords safer

19


Password Length

  • 26 UPPER/lower case characters = 52 characters

  • 10 numbers

  • 32 special characters

  • => 94 characters available

  • 5 characters: 945 = 7,339,040,224

  • 6 characters: 946 = 689,869,781,056

  • 7 characters: 947 = 64,847,759,419,264

  • 8 characters: 948 = 6,095,689,385,410,816

  • 9 characters: 949 = 572,994,802,228,616,704

Longer passwords are better

20


Password Validity: Brute Force Test

  • Password does not change for 60 days

  • how many passwords should I try for each second?

    • 5 characters: 1,415 PW /sec

    • 6 characters: 133,076 PW /sec

    • 7 characters: 12,509,214 PW /sec

    • 8 characters: 1,175,866,008 PW /sec

    • 9 characters: 110,531,404,750 PW /sec

21


Secure Passwords

  • A strong password includes characters from at least three of the following groups:

  • Use pass phrases eg. "I re@lly want to buy 11 Dogs!"

22


Bypass password
Bypass Password

  • Software exploitation: takes advantage of any weakness in software to bypass security requiring a password

    • Buffer overflow: occurs when a computer program attempts to stuff more data into a temporary storage area than it can hold


Cryptography
Cryptography

  • Science of transforming information so it is secure while being transmitted or stored

  • Does not attempt to hide existence of data; “scrambles” data so it cannot be viewed by unauthorized users

  • Encryption: changing the original text to a secret message using cryptography

  • Success of cryptography depends on the process used to encrypt and decrypt messages

  • Process is based on algorithms


Weak keys
Weak Keys

  • Algorithm is given a key that it uses to encrypt the message

  • Any mathematical key that creates a detectable pattern or structure (weak keys) provides an attacker with valuable information to break the encryption


Mathematical attacks
Mathematical Attacks

  • Cryptanalysis: process of attempting to break an encrypted message

  • Mathematical attack: analyzes characters in an encrypted text to discover the keys and decrypt the data


Birthday attacks
Birthday Attacks

  • Birthday paradox:

    • When you meet someone for the first time, you have a 1 in 365 chance (0.027%) that he has the same birthday as you

    • If you meet 60 people, the probability leaps to over 99% that you will share the same birthday with one of these people

  • Birthday attack: attack on a cryptographical system that exploits the mathematics underlying the birthday paradox


Examining identity attacks
Examining Identity Attacks

  • Category of attacks in which the attacker attempts to assume the identity of a valid user

    • Man-in-the-middle

    • Replay


Man in the middle attacks
Man-in-the-Middle Attacks

  • Make it seem that two computers are communicating with each other, when actually they are sending and receiving data with a computer between them

  • Can be active or passive:

    • Passive attack: attacker captures sensitive data being transmitted and sends it to the original recipient without his presence being detected

    • Active attack: contents of the message are intercepted and altered before being sent on


Replay
Replay

  • Similar to an active man-in-the-middle attack

  • Whereas an active man-in-the-middle attack changes the contents of a message before sending it on, a replay attack only captures the message and then sends it again later

  • Takes advantage of communications between a network device and a file server


Tcp ip hijacking
TCP/IP Hijacking

  • With wired networks, TCP/IP hijacking uses spoofing, which is the act of pretending to be the legitimate owner

  • One particular type of spoofing is Address Resolution Protocol (ARP) spoofing

  • Computers on a network keep a table that links an IP address with the corresponding MAC address

  • In ARP spoofing, a hacker changes the table so packets are redirected to his computer


Identifying denial of service attacks
Identifying Denial of Service Attacks

  • Denial of service (DoS) attack attempts to make a server or other network device unavailable by flooding it with requests

  • After a short time, the server runs out of resources and can no longer function

  • SYN attack

    • Exploits the SYN/ACK “handshake”


Identifying denial of service attacks cont
Identifying Denial of Service Attacks (cont)

  • Another DoS attack tricks computers into responding to a false request

  • An attacker can send a request to all computers on the network making it appear a server is asking for a response

  • Each computer then responds to the server, overwhelming it, and causing the server to crash or be unavailable to legitimate users



Identifying denial of service attacks cont2
Identifying Denial of Service Attacks (cont)

  • Distributed denial-of-service (DDoS) attack:

    • Instead of using one computer, a DDoS may use hundreds or thousands of computers

    • DDoS works in stages


Understanding malicious code malware
Understanding Malicious Code (Malware)

  • Consists of computer programs designed to break into computers or to create havoc on computers

  • Most common types:

    • Viruses

    • Worms

    • Logic bombs

    • Trojan horses

    • Back doors


Summary

Attackers

Hacker

Cracker

Script Kiddie

Spy

Employee

Cyberterrorist

Attacks

Physical Attacks

Password Guessing

Cryptography

Identity Attacks

DoS Attacks

Malware

Summary


ad