By : Khalid Alfalqi Department of Computer Science, Umm Al-Qura
By : Khalid Alfalqi Department of Computer Science, Umm Al-Qura University Slides based on Security in Computing. Fourth Edition by Pfleeger and Pfleeger. Based on Dr. Musab Alzaghul’s slides Outline 1. Network Concepts 2. Precursors to attack 3. Common Attacks 1. DOS attacks 2. A/W attacks 4. Vulnerabilities of Web Add-ins 5. 6. 7. 8. Network Security Controls Firewalls Intrusion detection systems Secure e-mail Information Security 2 Precursors to attack We study the precursors ( )نذرto an attack so that if we can recognize characteristic behavior, we may be able to block the attack before it is launched. 1. Port scan. 2. Intelligence. 3. Social Engineering Information Security 3 Precursors to attack 1-Port scan. is often used by administrator to verify security policies of their networks and by attacker to identify running services on a host with the view to compromise it. An attacker can systematically query your network to determine which services and ports are open. This process is called port scanning, and it’s part of fingerprinting a network; it can reveal a great deal about your systems. Port scan tools • Nmap, http://www.insecure.org/nmap • Netcat by Hobbit • Nessus, CyberCop, SecureScanner, Internet Scanner Information Security 4 Precursors to attack Port scanning tells an attacker three things: • Which standard ports or services are running • What OS is installed on the target system, Studying the types of packets flowing from a system can determining the type of operating system installed Each version of OS/app has its fingerprint that reveals its identity (manufacturer, name, version) • What applications and versions of applications are present. Information Security 5 Precursors to attack 2-Intelligence: In security it often refers to gathering discrete bits of information from various sources and then putting them together like the pieces of a puzzle. Such as 1- Dumpster diving: (Garbage picking) involves looking through items that have been discarded in rubbish bins or recycling boxes. • network diagrams, printouts of security device configurations, system designs and source code, telephone and employee lists, and more. • Green Company Information Security 6 Precursors to attack 2-Eavesdropping ()اختالس السمع. is the process of listening in or overhearing parts of a conversation. Eavesdropping also includes attackers listening in your network traffic. 3-Snooping (( التطفل occurs when someone looks through your files in the hopes of finding something interesting. These files may be either electronic or on paper. 4-Interception A passive interception would involve someone who routinely monitors network traffic. An active interception might include putting a computer system between the sender and receiver to capture information as it’s sent. Information Security 7 Precursors to attack 3-Social Engineering. (psychological manipulation) Social engineering involves using social skills and personal interaction to get someone to reveal security-relevant information . The only preventive measure in dealing with social engineering attacks is to educate your users and staff to never give out passwords and user IDs over the phone, via e-mail, or to anyone who isn’t positively verified as being who they say the are. Information Security 8 Precursors to attack Phishing is a form of social engineering in which you simply ask someone for a piece of information that you are missing by making it looks as if it is a legitimate request. Information Security 9 Precursors to attack Shoulder surfing • is using direct observation techniques, such as looking over someone's shoulder, to get information. • Shoulder surfing can also be done long distance with the aid of vision-enhancing devices. • To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. Information Security 10 Common Attacks (DoS) attack 1. Transmission Failure 2. Connection Flooding ICMP Syn flood TearDrop 3. Traffic Redirection 4. Distributed DoS Information Security 11 Common Attacks (DoS) attack 1) Transmission Failure Communication fails for many reasons Examples: Line cut Noise on a line Node/device failure along the transmission path Device saturation: excessive traffic Some of the above service denials are short-lived and/or go away automatically Information Security 12 Common Attacks (DoS) attack 2) Connection Flooding If an attacker sends you as much data (useless packets) as your communications system can handle, you are prevented from receiving any other data. Even if an occasional packet reaches you from someone else, communication to you will be seriously degraded. Examples: • 2.1 ICMP • 2.2 Syn flood • 2.3 TearDrop Information Security 13 Common Attacks (DoS) attack 2.1) ICMP (1) Command Prompt (2) ping www.wmich.edu Internet Control Msg Protocol Designed for Internet system diagnostic ICMP protocols include • ping, sends ICMP “echo request” msg to destination D. If D replies with “echo reply” msg, it indicates that D is reachable/functioning • echo, which requests a destination to return the data sent to it, intended to show that the connection link is reliable (ping is actually a version of echo) Information Security 14 Common Attacks (DoS) attack three-way handshak A session is established with three-way handshak Session = virtual connection between protocol peers • The client (initiator) sends a sequence number to open a connection, • the server responds with that number and a sequence number of its own, • and the client responds with the server's sequence number. • Sequence numbers are incremented regularly Information Security 15 Common Attacks (DoS) attack 2.2) Syn flood A common DoS attack involves opening as many TCP sessions as possible Information Security 16 Common Attacks (DoS) attack 2.3) Teardrop the attacker sends a series of datagrams that cannot fit together properly. One datagram might say it is position 0 for length 60 bytes, another position 30 for 90 bytes, and another position 41 for 173 bytes. These three pieces overlap, so they cannot be reassembled properly. In an extreme case, the operating system locks up with these partial data units it cannot reassemble, thus leading to denial of service. Information Security 17 Common Attacks (DoS) attack 3) Redirecting traffic Routers advertise their conections to their neighbors Routers find best path for passing packets from S to D Information Security 18 Common Attacks (DoS) attack 4) Distributed DoS 1. Attacker plants Trojans on many target machines 2. Target machines controlled by Trojans become zombies 3. Attacker chooses victim V, orders zombies to attack V 4. Each zombie launches a separate DoS attack 5. Different zombies can use different DoS attacks E.g., some use syn floods, other smurf attacks 6. V becomes overwhelmed and unavailable DDoS succeeds Information Security 19 Common Attacks (DoS) attack Zombie: is a computer attached to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Information Security 20 Common Attacks –Access & Mod attack 1. 2. 3. 4. 5. Password-guessing Sniffing. Wiretapping Spoofing Impersonation Information Security 21 Common Attacks –A/W attack 1) Password-guessing attacks Brute-force attack: is an attempt to guess passwords until a successful guess occurs. Dictionary attack: uses a dictionary of common words to attempt to find the user’s password. • . Information Security 22 Common Attacks –A/W attack 2) Sniffing is the process of monitoring the data that is transmitted across a network. . Information Security 23 Common Attacks - A/W attack 3) Wiretapping التنصت علي المحادثات التلفونية Information Security 24 Common Attacks - A/W attack 4) Spoofing spoofing refers tricking or deceiving computer systems or other computer users. This is typically done by hiding one's identity or faking the identity of another user on the Internet. Examples of spoofing are • 4.1)Masquerade • 4.2)Session Hijacking • 4.3)Man-in-the-Middle Attacking. Information Security 25 Common Attacks - A/W attack 5) Impersonation Attacker foils authentication and assumes identity of a valid entity 5.1)by guessing and social engineering 5.2)by eavesdropping/wiretaping 5.3)by exploiting well-known authentication Information Security 26 Vulnerabilities of Web Add-ins Increasingly, web browsers and other web-enabled technologies allow servers to send instructions to the client to provide multi-media and other capabilities. • This is creating a problem for security professionals This section discusses the more common web-based applications such as JavaScript and applets and the vulnerabilities you should be aware of. Information Security 27 Vulnerabilities of Web Add-ins JavaScript Java code that is pushed to the client for execution Information Security 28 Vulnerabilities of Web Add-ins Java Applets A Java applet is a small, self-contained Java script that is downloaded from a server to a client and then run from the browser. Information Security 29 Vulnerabilities of Web Add-ins ActiveX ActiveX is a technology that was implemented by Microsoft to customize controls, icons, and other features, which increases the usability of webenabled systems. Information Security 30 Vulnerabilities of Web Add-ins Cookies Cookies = data object sent from server S to client C that can cause data transfers from C to S encoded using S’s key (C can’t read them) contains information about the user. • a cookie can contain a client’s history, buying habits to improve customer service. • Cookies can also be used to timestamp a user to limit access. cookies are considered a risk because they have the potential to contain your personal information, which could get into the wrong hands. The best protection is to not allow cookies to be accepted. Information Security 31 Vulnerabilities of Web Add-ins So a cookie is something that • takes up space on your disk, • holding information about you that you cannot see, • forwarded to servers • you do not know whenever the server wants it, without informing you. Information Security 32 End of Chapter 7 part 2 Security in Networks
© Copyright 2024