se 441 information systems security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
SE 441 Information Systems Security PowerPoint Presentation
Download Presentation
SE 441 Information Systems Security

Loading in 2 Seconds...

play fullscreen
1 / 95

SE 441 Information Systems Security - PowerPoint PPT Presentation


  • 200 Views
  • Uploaded on

SE 441 Information Systems Security. Malicious Attacks, Threats, and Vulnerabilities. What Are You Trying to Protect?. In a word, you are trying to protect assets . An asset is any item that has value.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SE 441 Information Systems Security' - trent


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
se 441 information systems security

SE 441Information Systems Security

Malicious Attacks, Threats, and Vulnerabilities

what are you trying to protect
What Are You Trying to Protect?
  • In a word, you are trying to protect assets.
  • An asset is any item that has value.
  • Although all items in an organization have some value, the term asset generally applies to those items that have substantial value.
what are you trying to protect1
What Are You Trying to Protect?
  • An organization’s assets can include the following:
    • IT and network infrastructure—Hardware, software, and services
    • Intellectual property—Sensitive data like patents, source code, formulas, or engineering plans
    • Finances and financial data—Bank accounts, credit card data, and financial transaction data
    • Service availability and productivity—The ability of computing services and software to support productivity for humans and machinery
    • Reputation—Corporate compliance and brand image
it and network infrastructure
IT and Network Infrastructure
  • Hardware and software are key pieces of any organization’s infrastructure.
  • Recall the seven domains of the IT infrastructure; Components in each domain may connect to a network or to the Internet, and can be vulnerable to malicious attacks.
  • Hardware and software damaged by malicious attacks such as Trojan horses or worms cost corporations time and money to lix or replace.
it and network infrastructure1
IT and Network Infrastructure
  • Malicious attacks on hardware and software can also lead to more widespread problems.
  • These problems can include loss of critical data or theft of financial information or intellectual property.
  • Unprotected IT and network infrastructure assets can offer attackers and cybercriminals the widest opening to access sensitive resources.
intellectual property
Intellectual Property
  • IP is the unique knowledge a business possesses that gives it a competitive advantage over similar companies in similar industries.
  • Examples of IP include such things as patents, drug formulas, engineeringplans, scientific formulas, and recipes.
  • In some cases, you can also consider business practices and processes to be intellectual property.
intellectual property1
Intellectual Property
  • Suppose a restaurant chain has a unique process for quickly preparing and delivering food.
  • If the rest of the industry knew about that process, it would remove the restaurant’s competitive advantage.
  • The core issue from an IT security perspective is protecting the theft of intellectual property and preventing its release to competitors or to the public.
intellectual property2
Intellectual Property
  • The theft of intellectual property can nullify an organization’s competitive advantage.
finances and financial data
Finances and Financial Data
  • Financial assets are among the highest-profile assets in any organization.
  • These assets can take various forms.
  • They can be real financial assets, such as bank accounts, trading accounts, purchasing accounts, corporate credit cards, and other direct sources of money or credit.
finances and financial data1
Finances and Financial Data
  • Alternatively, they can be data that allows access to real financial assets.
  • Financial data can include customer credit card numbers, personal financial information, or usernames and passwords for banking or investment accounts.
  • Loss of financial assets due to malicious attacks is a worst-case scenario for all organi­zations.
service availability and productivity
Service Availability and Productivity
  • Computer applications provide specific services that help organizations conduct business operations.
  • It is important that critical services be available for use when organizations need them.
  • Availability; Uptimeanddowntimeissues, considered in previouschapter
  • Unintentional downtime is usually the result of technical failure, human error, or attack.
reputation
Reputation
  • One of the most important things that information security professionals try to protect is their organization's reputation and brand image.
  • For example, a security breach that allows attackers to steal customer credit card data and distribute them internationally would do significant harm to that company’s reputation and brand image.
hackers
Hackers
  • Black-hat hackerstryto break IT security for the challenge and to prove technical prowess.
  • Black-hat hackers generally use special software tools to exploit vulnerabilities.
  • Black-hat hackers generally poke holes in systems, but do not attempt to disclose vulnerabilities they find to the administrators of those systems.
hackers1
Hackers
  • White-hat hackers, or ethical hackers, areinformation security or network professionalswho use various penetration-test tools to uncover vulner­abilities so they can be fixed.7
  • The difference between white-hat hackers and black-hat hackers is that white-hat hackers are mainly concerned with finding weaknesses,for the purpose of fixing them,
  • Andblack-hat hackers want to find weaknesses just for the fun of it or to exploit them.
hackers2
Hackers
  • Gray-hat hacker—Also called a wannabe, is a hacker with average abilities who may one day become a black-hat hacker, but could also opt to become a white-hat hacker.
attack tools
Attack Tools
  • Protecting an organization’s computing resources requires that you have some idea what tools your enemy will be using.
  • Knowing how attackers work makes it possible to defend against their attacks.
  • In fact, many organizations use the same tools that attackers use to help identify weaknesses they need to address.
attack tools1
Attack Tools
  • Computer criminals and malicious individuals use a number of hardware and software tools to help carry out attacks.
    • Vulnerability scanners
    • Port scanners
    • Sniffers
    • Wardialers
    • Keyloggers
attack tools2
Attack Tools
  • Vulnerability scanners
  • Collectsinformation about any known weaknesses on a target computer or network.
  • The scanner works by sending specially crafted messages to select computers.
  • How a computer responds indicates whether a specific weakness exists.
  • Attackers use the results of these scans to decide what types of attacks would work best.
attack tools3
Attack Tools
  • Port Scanners
  • Attackers also use port scanners to help identify weaknesses. Port scanners connect to a computer to determine which ports are open, or available to access the computer.
  • Port scanning enables attackers to see which ports are active on a computer, which helps them figure out which applications are running.
attack tools4
Attack Tools
  • Port Scanners
  • Attackers can then use this infor­mation to design an attack for that computer.
  • For example. HTTP traffic commonly uses port 80.
  • If a port scanner determines that port 80 is open on a particular computer and that there is a service monitoring that port, then an attacker might deduce that a Web server is likely running on the computer and develop an attack accordingly.
attack tools5
Attack Tools
  • Sniffers
  • Itis a software program that captures traffic as it travels across a network.
  • For attackers, passwords and private data are the most valuable information.
  • Sniffers come in hardware versions, software versions, or versions that are a combination or both.
  • Because a sniffer operates in an open mode, it is usually invisible to the user.
attack tools6
Attack Tools
  • Wardialers
  • Before launching an attack, an attacker must identify the target. One way to do so is use a war dialer.
  • It is a computer program that dials telephone numbers, looking for a computer on the other end.
  • The program works by automatically dialing a defined range of phone numbers.
attack tools7
Attack Tools
  • Wardialers
  • It then logs and enters into a database those numbers that successfully connect to the modem.
  • Some wardialers can also identify the operating system running on a computer, as well as conduct automated penetration testing.
  • In such cases, the wardialer runs through a predetermined list of common usernames and passwords in an attempt to gain access to the system.
attack tools8
Attack Tools
  • Wardialers
  • Although wardialing is a rather old attack method, it is still useful for finding access points to computers. Many computer networks and voice systems have modems attached to phone lines.
  • These modems are often attached either for direct access for support purposes or by people attempting to bypass network-access restrictions.
  • Successfully connecting to a computer using a modem makes it possible to access the rest of the organization’s network.
attack tools9
Attack Tools
  • Keyloggers
  • Itis a type of surveillance software that can record every keystroke a user makes with a keyboard to a log file.
  • The keylogger can then send the log file to a specified receiver or retrieve it mechanically.
  • Employers might use keyloggers to ensure that employees use work computers for business purposes only.
attack tools10
Attack Tools
  • Keyloggers
  • However, spyware can also embed keylogger software, enabling it to transmit information to an unknown third party.
what is a security breach
What Is a Security Breach?
  • In spite of the most aggressive steps to protect computers from attacks, attackers sometimes get through.
  • Any event that results in a violation of any of the A-I-C security tenets is a security breach.
  • Some security breaches disrupt system services on purpose.
  • Others are accidental, and may result from hardware or software failures.
what is a security breach1
What Is a Security Breach?
  • Regardless of whether a security breach is accidental or malicious, it can affect an organization’s ability to conduct business as well as the organization’s credibility.
what is a security breach2
What Is a Security Breach?
  • Activities that can cause a security breach include the following:
    • Denial of service (DoS) attacks
    • Distributed denial of service (DDoS) attacks
    • Unacceptable Web-browsing behavior
    • Wiretapping
    • Use of a backdoor to access resources
    • Accidental data modifications
security breach denial of service dos
Security Breach: Denial of Service (DoS)
  • (DoS) attacks result in legitimate users not having access to a system resource.
  • A DoS attack is a coordinated attempt to deny service by causing a computer to perform an unproductive task.
  • This excessive activity makes the system unavailable to perform legitimate operations.
  • When a disk fills up, the system locks an account out. a computer crashes, or a CPU slows down, the result is denial of service
security breach denial of service dos1
Security Breach: Denial of Service (DoS)
  • DoS attacks generally originate from a single computer.
  • Two common types of DoS attacks are as follows:
    • Logic attacks—Logic attacks use software flaws to crash or seriously hinder the performance of remote servers. You can prevent many of these attacks by installing the latest patches to keep your software up to date.
    • Flooding attacks—Flooding attacks overwhelm the victim computer’s CPU, memory, or network resources by sending large numbers of useless requests to the machine.
security breach denial of service dos2
Security Breach: Denial of Service (DoS)
  • One of the best defenses against DoS attacks is to use intrusion prevention system (IPS) software or devices to detect and stop the attack.
  • Without a defense against DoS attacks, they can quickly overwhelm servers, desktops, and network hardware, slowing computing in your organization to a grinding halt.
  • In some cases, these attacks can cripple an entire infrastructure.
security breach denial of service dos3
Security Breach: Denial of Service (DoS)
  • Most DoS attacks target weaknesses in the overall system architecture rather than a software bug or security flaw.
  • Attackers can launch DoS attacks using common Internet protocols such as TCP and Internet Control Message Protocol (ICMP).
  • A DoS attack launched through one of these protocols can bring down one or more network servers or devices by flooding it with useless packets and providing false information about the status of network services.
security breach denial of service dos4
Security Breach: Denial of Service (DoS)
  • One of the popular techniques for launching a packet flood is a SYN flood. SYN is a TCP control bit used to synchronize sequence numbers.
  • In a SYN flood, the attacker sends a large number of packets requesting connections to the victim computer.
  • The victim computer records each request and reserves a place for the connection in a local table in memory.
  • The victim computer then sends an acknowledgment back to the attacker.
security breach denial of service dos5
Security Breach: Denial of Service (DoS)
  • The attacker never responds, the result being that the victim computer fills up its connec­tions table waiting for all the request acknowledgments.
  • In the meantime, no legitimate users can connect to the victim computer because the SYN llood has filled the connection table.
  • The victim computer will remain unavailable until the connection requests time out.
security breach distributed denial of service ddos
Security Breach: Distributed Denial of Service (DDoS)
  • The DDoS attack is a type of DoS attack.
  • It involves flooding one or more target computers with false requests.
  • This overloads the computers and prevents legitimate users from gaining access.
  • In a DDoS attack, attackers hijack hundreds or even thousands of Internet computers, planting automated attack agents on those systems.
security breach distributed denial of service ddos1
Security Breach: Distributed Denial of Service (DDoS)
  • The attacker then instructs the agents to bombard the target site with forged messages.
  • This overloads the site and blocks legitimate traffic.
  • The key here is strength in numbers.
  • The attacker does more damage by distributing the attack across multiple computers.
security breach distributed denial of service ddos2
Security Breach: Distributed Denial of Service (DDoS)
  • Larger companies and universities tend to be attractive targets for attackers launching DDoS attacks.
  • Researchers have estimated that attackers issue thousands of DDoS attacks against networks each week.
  • This threat is so serious that preventing such attacks is a top priority in many organizations, including security product vendors.
security breach unacceptable web browsing
Security Breach: Unacceptable Web Browsing
  • Unacceptable Web browsing describes the use of a Web browser in an unacceptable manner.
  • Each organization should have an acceptable use policy (AUP) that clearly states what behavior is acceptable and what is not.
  • Unacceptable use can include unauthorized users searching files or storage directories for data and information they are not supposed to read, or users simply visiting prohibited Web sites.
security breach wiretapping
Security Breach: Wiretapping
  • Attackers can tap telephone lines and data-communication lines.
  • Wiretapping can be active, where the attacker makes modifications to the line.
  • It can also be passive, where an unauthorized user simply listens to the transmission without changing the contents.
security breach wiretapping1
Security Breach: Wiretapping
  • Two methods of active wiretapping are as follows:
    • Between-the-lines wiretapping—This type of wiretapping does not alter the messages sent by the legitimate user, but inserts additional messages into the communication line when the legitimate user pauses.
    • Piggyback-entry wiretapping—This type of wiretapping intercepts and modifies the original message by breaking the communications line and routing the message to another computer that acts as a host.
security breach wiretapping2
Security Breach: Wiretapping
  • Although the term wiretapping is generally associated with voice telephone communi­cations, attackers can also use wiretapping to intercept data communications. (sniffing)
security breach backdoor
Security Breach: Backdoor
  • Software developers sometimes include hidden access methods in their programs, called backdoors.
  • Backdoors give developers or support personnel easy access to a system, without having to struggle with security controls.
  • The problem is that backdoors don’t always stay hidden.
security breach backdoor1
Security Breach: Backdoor
  • When an attacker discovers a backdoor, he or she can use it to bypass existing security controls such as passwords, encryption, and so on.
  • Where legitimate users log on through front doors using a user ID and password, attackers use backdoors to bypass these normal access controls.
security breach backdoor2
Security Breach: Backdoor
  • Attackers can also compromise a system by installing their own backdoor program on it.
  • Attackers can use this type of backdoor to bypass controls that the administrator has put in place to protect the computer system.
  • The netcat utility is one of the most popular backdoor tools in use today.
security breach data modifications
Security Breach: Data Modifications
  • Problems with data integrity, including accidental partial data modifications and the storage of incorrect data values, can also cause a security breach.
  • An incompletemodification can occur when multiple processes attempt to update data without observing basic data-integrity constraints.
security breach data modifications1
Security Breach: Data Modifications
  • The best way to avoid data-modification issues is to validate data before storing it and to ensure that your programs adhere to strict data-integrity rules.
security breach spam
Security Breach: Spam
  • Spam is unwanted e-mail or instant messages.
  • Most spam is commercial advertising— often for get-rich-quick schemes, dubious products, or other services.
  • Sending spam costs very little because the recipient covers most of the costs associated with spam.
security breach spam1
Security Breach: Spam
  • It costs money for ISPs and online services to transmit spam.
  • Processing large volumes of unwanted messages is expensive.
  • In addition, spamming forces the receiving user to waste administrative time on cleanup and monitoring of their received messages.
security breach spam2
Security Breach: Spam
  • E-mail spam targets individual users with direct-mail messages.
  • Often, spammers send messages to members of mailing lists associated with public or private e-mail discussion forums.
  • Another popular technique for spammers is to use software to construct e-mail addresses from common user names and domain names and to send messages to those addresses.
security breach spam3
Security Breach: Spam
  • Instant-message spam follows the same approach but uses instant messages to deliver the spam instead of e-mail.
  • A favorite technique of spammers is to send messages containing an “unsubscribe" link to a set of e-mail addresses. The idea is to use the link to determine whether an e-mail address is valid.
security breach spam4
Security Breach: Spam
  • That is, instead of unsubscribing users who click the link, spammers simply determine that the e-mail address is valid and therefore an even more attractive target.
  • On a similar note, spam-generating software often includes lists of e-mail addresses.
  • According to research by pcpitstop.com, the overall spam volume stabilized in February 2008 for the second month in a row at an estimated 78.5 percent of all e-mail.
security breach spam5
Security Breach: Spam
  • Spam is no longer just a nuisance. The ability to block it is critical for IT security.
  • Recently, spam has become a way for criminals to solicit individual and company infor­mation and to plant Trojan horses and other malware onto user computers.
  • Organizationsmust tackle spam. Fortunately, many software companies offer effective e-mail and Web-security solutions that provide fail-safe protection against spam, phishing, and other threats.
security breach hoax
Security Breach: Hoax
  • A hoax is some act intended to deceive or trick the receiver.
  • In this context, hoaxes normally travel in e-mail messages.
  • Often, these messages contain warnings about devastating new viruses.
security breach hoax1
Security Breach: Hoax
  • Forwarding a cute message to one or two friends is not a problem.
  • However, sending an unconfirmed warning or plea to everyone in your address book, and asking all those recipients to forward it to everyone in their address books, just adds to the clutter that already fills every­one’s inboxes.
security breach cookies
Security Breach: Cookies
  • To help a Web server track a user's history, Web browsers allow the Web server to store a cookie on the user’s hard drive.
  • A cookie is simply a text file that contains details gleaned from past visits to a Web site.
  • These details might include the user’s username, credit card information the user has entered, and so on.
security breach cookies1
Security Breach: Cookies
  • Later, when the user sends a request to the Web server, the server can access the cookie instead of requesting that the user reenter the information.
  • Cookies are sometimes controversial because they allow a Web server to transmit files to a person's computer for storage on his or her hard drive.
security breach cookies2
Security Breach: Cookies
  • Because they are text files, though, they generally cannot cause immediate harm. Cookies do not directly perform malicious acts. Cookies cannot spread viruses, nor can they access additional information on the user’s hard drive.
  • This does not mean that cookies do not pose a security issue, however. Although cookies cannot gather information from a user’s hard drive, as mentioned, they sometimes do store information that is sensitive, such as credit card details.
security breach cookies3
Security Breach: Cookies
  • The problem with cookies is that they store information in cleartext tiles.
  • That means anyone with access to your computer can potentially read the contents of your cookies.
  • Although Web sites developed in a secure manner would never store information like credit card numbers in a cookie, some sites are sloppy.
security breach cookies4
Security Breach: Cookies
  • You never really know what infor­mation is stored in the cookies on your computer.
  • The best way to avoid having personal information stored in cookies is to restrict the cookies you allow to Web sites you trust.
threat targets
ThreatTargets
  • Using his or her favorite search engine, an attacker can find precise instructions for breaching nearly any protocol, operating system, application, device, or hardware environment.
  • For this reason, you must monitor all threats very closely.
  • You never know where one might come from next.
  • It may be a professional cybercriminal or someone within your own four walls. The safest bet is to monitor all threat targets constantly and carefully.
threat targets1
ThreatTargets
  • The first step in developing a monitoring plan is to identify where in the seven domains of an IT infrastructure threats are likely to occur.
  • Nextslidelists many common threat targets as well as where they are found within an IT infrastructure.
threat types
ThreatTypes
  • Denial or destruction threats
  • Alteration threats
  • Disclosure threats
threat types denial or destruction
ThreatTypes: Denial or Destruction
  • Denial or destruction threats make assets or resources unavailable or unusable.
  • Any threat that destroys information or makes it unavailable violates the availability tenet of information security.
  • A denial or destruction attack is successful when it prevents an authorized user to access a resource either temporarily or permanently.
threat types alteration
ThreatTypes: Alteration
  • An alteration threat violates information integrity.
  • This type of attack compromises asystem by making unauthorized changes to data on a system intentionally or uninten­tionally.
  • This change might occur while the data is stored on a network resource or while it is moving between two resources.
threat types alteration1
ThreatTypes: Alteration
  • Intentional changes are usually malicious. Unintentional changes are usually accidental.
  • People can and often do, make mistakes that affect the integrity of computer and network resources.
threat types alteration2
ThreatTypes: Alteration
  • Modifications to the system configuration can also compromise the integrity of a network resource.
  • Such a modification can occur when an unauthorized party tampers with an asset or when an authorized user makes a change that has unintended effects.
threat types alteration3
ThreatTypes: Alteration
  • For example, a user might modify database files, operating systems, application software, and even hardware devices.
  • Modifications might include creating, changing, deleting, and writing information to a network resource.
  • It’s a good idea to put techniques in place that enable you to track or audit these changes as they happen.
threat types alteration4
ThreatTypes: Alteration
  • That way, you can have a record of who. what. when, where, and how modifications were made.
  • In addition, change management systems limit who can make changes, how they make changes, and how they document changes.
threat types disclosure
ThreatTypes: Disclosure
  • Disclosure occurs any time unauthorized users access private or confidential information that is stored on a network resource or while it is in transit between network resources.
  • Disclosure can also occur when a computer or device containing private or confidential data, such as a database of medical records, is lost or stolen.
malicious attack
Malicious Attack
  • It is an attack on a computer system or network asset succeeds by exploiting a vulnerability in the system.
  • There are four general categories of attacks.
  • Fabrications—Fabrications involve the creation of some deception in order to trick unsuspecting users.
  • Interceptions—An interception involves eavesdropping on transmissions and redirecting them for unauthorized use.
malicious attack1
Malicious Attack
  • Interruptions—An interruption causes a break in a communication channel, which blocks the transmission of data.
  • Modifications—A modification is the alteration of data contained in transmissions or files.
malicious attack2
Malicious Attack
  • Security threats can be active or passive.
  • An active attack involves a modification of the data stream or attempts to gain unauthorized access to computer and networking systems.
  • In a passive attack, the attacker does not make changes to the system. This type of attack just eavesdrops on and monitors transmissions.
malicious attack3
Malicious Attack
  • Active threats include the following:
    • Brute-force attacks
    • Dictionary threats
    • Address spoofing
    • Hijacking
    • Replay attacks
    • Man-in-the-middle attacks
    • Masquerading
    • Social engineering
malicious attack brute force
MaliciousAttack: Brute Force
  • One of the most tried-and-true attack methods is the brute-force attack.
  • In a brute-force attack, the attacker tries different passwords on a system until one of them is successful.
  • Usually, the attacker employs a software program to try all possible combinations of a likely password, user IDor security code until it locates a match.
malicious attack dictionary attacks
MaliciousAttack: Dictionary Attacks
  • A dictionary attack is a simple attack that relies on users making poor password choices.
  • In a dictionary attack, a simple password-cracker program takes all the words from a dictionary file and attempts to log on by entering each dictionary entry as a password.
malicious attack hijacking
MaliciousAttack: Hijacking
  • Hijacking is a type of attack in which the attacker takes control of a session between two machines and masquerades as one of them.
  • Man-in-the-middle hijacking—In this type of hijacking, the attacker uses a program to take control of a connection by masquerading as each end of the connection.
  • For example, if Mary and Fred want to communicate, the attacker pretends to be Mary when talking with Fred and pretends to be Fred when talking to Mary.
malicious attack hijacking1
MaliciousAttack: Hijacking
  • Neither Mary nor Fred knows they are talking to the attacker. The attacker can collect substantial infor­mation and can even alter data as it flows between Mary and Fred.
  • Browser hijacking—In a browser hijacking, the user is directed to a different Web site than what he or she requested, usually to a fake page that the attacker has created.
  • This gives the user the impression that the attacker has compro­mised the Web site, when in fact the attacker simply diverted the user’s browser from the actual site.
malicious attack hijacking2
MaliciousAttack: Hijacking
  • Attackers can use this attack with phishing to trick a user into providing private information, such as a password.
  • Session hijacking—In session hijacking, the attacker attempts to take over an existing connection between two network computers.
  • The first step in this attack is for the attacker to take control of a network device on the LAN, such as a firewall or another computer, in order to monitor the connection.
malicious attack hijacking3
MaliciousAttack: Hijacking
  • This enables the attacker to determine the sequence numbers used by the sender and receiver.
  • After determining the sequence numbering, the attacker generates traffic that appears to come from one of the communicating parties.
  • This steals the session from one of the legitimate users.
malicious attack hijacking4
MaliciousAttack: Hijacking
  • To get rid of the legitimate user who initiated the hijacked session, the attacker overloads one of the communicating devices with excess packets so that it drops out of the session.
malicious attack replay attack
MaliciousAttack: Replay Attack
  • Replay attacks involve capturing data packets from a network and retransmitting them to produce an unauthorized effect.
  • The receipt of duplicate, authenticated IP packets may disrupt service or have some other undesired consequence.
  • Systems can he broken through replay attacks when attackers reuse old messages or parts of old messages to deceive system users.
malicious attack man in the middle
MaliciousAttack: Man-in-the-middle
  • A man-in-the-middle attack takes advantage of the multi-hop process used by many types of networks.
  • In this type of attack, an attacker intercepts messages between two parties before transferring them on to their intended destination.
malicious attack man in the middle1
MaliciousAttack: Man-in-the-middle
  • Web spooling is a type of man-in-the-middle attack in which the user believes a secure session exists with a particular Web server.
  • In reality, the secure connection only exists with the attacker, not the Web server.
  • The attacker then establishes a secure connection with the Web server and passes traffic between the user and the Web server.
malicious attack man in the middle2
MaliciousAttack: Man-in-the-middle
  • In this way, the attacker can trick the user into supplying passwords, credit card information, and other private data.
  • Attackers use man-in-the-middle attacks to steal theft information, to execute denial of service attacks, to corrupt transmitted data, to gain access to an organization’s internal computer and network resources, and to introduce new information into network sessions.
malicious attack social engineering
MaliciousAttack: Social Engineering
  • Attackers often use a deception technique called social engineering to gain access to resources in an IT infrastructure.
  • In nearly all cases, social engineering involves tricking authorized users to carry out actions for unauthorized users.
  • The success of social engineering attacks depends on the basic tendency of people to want to be helpful.
malicious attack social engineering1
MaliciousAttack: Social Engineering
  • Eliminating social-engineering attacks can be difficult, but here are some techniques to reduce their impact:
    • Ensure that employees are educated on the basics of a secure environment.
    • Develop a security policy and computer-use policy.
    • Enforce a strict policy for internal and external technical-support procedures.
    • Require the use of all identification for all personnel.
    • Limit the data accessible to the public by restricting the information published in directories, Yellow Pages. Web sites, and public databases.
malicious attack phreaking
MaliciousAttack: Phreaking
  • Phreaking is a slang term that describes the activity of people who study, experiment with, or explore telephonesystems, telephone company equipment, and systems connected topublic telephone networks.
  • Phone phreaking is the art of exploitingbugs and glitches that exist in the telephone system.
malicious attack phishing
MaliciousAttack: Phishing
  • Fraud is a growing problem on the Internet.
  • Phishing is a type of fraud in which an attacker attempts to trick the victim into providing private information such as credit card numbers, passwords, dates of birth, bank-account numbers, automated teller machine (ATM) PINs, and Social Security numbers.
malicious attack phishing1
MaliciousAttack: Phishing
  • A phishing scam is an attempt to commit identity theft via e-mail or instant message.
  • The message appears to come from a legitimate source, such as a trusted business or financial institution, and includes an urgent request for personal information.
  • Phishing messages usually indicate a critical need to update an account (banking, credit card, etc.) immediately.
malicious attack phishing2
MaliciousAttack: Phishing
  • The message instructs the victim to either provide the requested information or click on a link provided in the message.
  • Clicking the link leads the victim to a spoofed Web site. This Web site looks identical to the official site, but in fact belongs to the scammer.
malicious attack pharming
MaliciousAttack: Pharming
  • Pharming is another type of attack that seeks to obtain personal or private financial information through domain spooling.
  • Pharming uses domain spoofing, “poisoning” a domain name system (DNS) server.
  • The result is that when a user enters the poisoned server's Web address into his or her address bar that user navigates to the attacker’s site.
malicious attack pharming1
MaliciousAttack: Pharming
  • The user’s browser still shows the correct Web site, which makes pharming difficult to detect—and therefore more serious.
  • Where phishing attempts to scam people one at a time with an e-mail or instant message, pharming enables scammers to target large groups of people at one time through domain spoofing.