SlideShare a Scribd company logo

Ch1 cse

Download as PPT, PDF
B
bhaskard8

This document provides an introduction to computer security and security trends. It discusses the need for security as information has become a strategic asset for organizations. The main aspects of security are prevention, detection, and reaction. It then covers key security concepts like confidentiality, integrity, availability, authentication, access control, and non-repudiation. The document also examines common security threats like viruses, worms, intruders, insiders, criminal organizations, terrorists, and information warfare and how they can attack systems.

Education
1 of 79
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
Introduction to Computer Security and Security Trends 22Marks Chapter 1
2 Need for security Information is a strategic resource A significant portion of organizational budget is spent on managing information Have several security related objectives • Confidentiality (secrecy) - protect info value • Integrity - protect info accuracy • Availability - ensure info delivery
3 What is Security? Security is the protection of assets. The three main aspects are: • Prevention • Detection • Re-action
4 Some differences between traditional security and information security • Information can be stolen - but you still have it • Confidential information may be copied and sold - but the theft might not be detected • The criminals may be on the other side of the world
5 Computer Security Security is the protection of assets. The three main aspects are: • Prevention • Detection • Re-action
6 What is Security? “Deals with the prevention and detection of unauthorised actions by users of a computer system.” “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).”
7 Security basics • Data ConfidentialityData Confidentiality ––protection of data from unauthorized disclosure. (Secrecy) • Data IntegrityData Integrity -- assurance that data received is as sent by an authorized entity. (Trust worthiness) • AvailabilityAvailability –– resource accessible/usable • AuthenticationAuthentication -- assurance that communicating entity is the one claimed – have both peer-entity & data origin authentication • Access ControlAccess Control -- prevention of the unauthorized use of a resource
8 Confidentiality  Preserving authorized restrictions on information access and disclosure  Protecting personal privacy and proprietary information  Loss of confidentiality is the unauthorized disclosure of information.
9 Integrity  Guarding against improper information modification or destruction  Loss of integrity is the unauthorized modification or destruction of information.  BA Attacker Modifies data
10 Availability  Ensuring timely and reliable access to and use of information  Loss of availability is the disruption of access to or use of information  Assures that systems work promptly and service is not denied to authorized users
11 Authentication  Authentication is the process of verifying communicating entity is the one who claim to be.  Authenticity is the property of being genuine, valid or trusted.  Authentication helps to establish proof of identities.  Authentication gives confidence in the validity of transmission, a message, or originator.  The task of authentication mechanism is to make sure that only valid user is admitted.
12 Authentication Method Something you know Authentication based on users remembrance Ex. Username and password Something you have Authentication based on some thing that user needs to carry Ex. Access card, Something you are Authentication based on humans unique physical characteristics. Biometrics.
13 Access Control  Access is the ability of a subject to interact with an object.  It is ability to specify, control and limit the access to the host system or application, which prevents unauthorized use to access or modify data or resources  prevention of the unauthorized use of a resource
14 Non Repudiation  Nonrepudiation prevents either sender or receiver from denying a transmitted message.  Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message.  Similarly, when a message is received, the sender can prove that the alleged receiver in fact received the message
15 Authorization  Authorization is a process of verifying that a known person has the authority to perform certain operation.  Authorization cannot occur without authentication.
16 Example of Security Low • Loss should have a limited effect on Org operations, assets or individuals • Cause degradation in mission capability • Reduce effectiveness of function • Minor damage to assets • Minor functional loss • Minor harm to individual
17 Example of Security Moderate • Loss should have a serious effect on Org operations, assets or individuals • Cause significant degradation in mission capability • significantly reduce effectiveness of function • significant damage to assets • significant functional loss • significant harm to individual
18 Example of Security High • Loss should have a sever effect on Org operations, assets or individuals • Cause sever degradation in mission capability • Organization is not able to perform one or more primary function • major damage to assets • Major functional loss • Major harm to individual
19 Challenges for Security • Not simple, major requirement of CIA, • While designing security mechanism consider potential attack. • Security mechanism is complex • It is necessary to decide where to use them (physical / logical). • Involves more than one protocol/algorithm, problem of secret information (encryption key)
20 Challenges for Security • War between attacker and admin/designer • Problem of human tendency, security investment until failure • Need regular, constant monitoring • It is essential to add security at time of designing rather than after design. • Security is often afterthought (consider at design time) • Tendency, strong security is obstacle
21 Model for Security Security means protecting assets, and assets are  Hardware  Software  Data  Communication facilities and networks Following are possible vulnerabilities  Data can be Corrupted.  Data can be leak.  Data can be unavailable.
22 Risk and Threat Analysis • Risk • Risk is some incident or attack that can cause damage to system. • An attack is done by sequence of actions like, Exploiting weak points
23 Risk and Threat Analysis • Risk analysis is review of data gathered and analysis of risk • Risk assessment team determine asset values, system criticality, likely threats, and existence of vulnerabilities. • Risk calculations Risk = Assets X Threats X Vulnerabilities
24 Risk and Threat Analysis Assets • Those items that an organization wishes to protect. • Asset can be any data, device or other component that support information related security. • Assets can be hardware, software, confidential information. • Valuing of assets scope and guide security risk assessment
25 Risk and Threat Analysis Threats • An undesired event that may result in loss, disclosure or damage to org asset. • Threat is potential for violation of security • When exist there is circumstance, capability, action or event could breach security • Threat can identified by damage done in asset. – Spoofing identity of users – Information may be disclosure – User get more privileges
26 Risk and Threat Analysis Vulnerability • Vulnerability is a weakness in the information infrastructure of org. • It will accidentally or intentionally damage the asset • Vulnerabilities can be – Programs with unnecessary privilege – Accounts default password not changed – Program with known faults. – Weak access control – Weak firewall.
27 Threats to Security • Viruses • Worms • Intruders • Insiders • Criminal organizations • Terrorists • Information warfare
28 VirusesViruses • Piece of software that infects programs – Modifying them to include a copy of the virus – So it executes secretly when host program is run • Specific to operating system and hardware – Taking advantage of their details and weaknesses • A typical virus goes through phases of: – Dormant – Propagation – Triggering – Execution
29 Virus • A virus attaches itself to program and propagates copies of itself to other programs. • The essential component of virus is set of instruction which, when executed, spreads itself to other, previously unaffected, programs or files. • performs two functions: I. It copies itself into previously uninfected programs or files. II. it executes whatever other instructions the virus author included in.
30 Virus • It may damage by replicating itself and taking up system resources, disk space, CPU time, or network connection. • A virus is a program that can pass on malicious code to other non-malicious program by modifying them. • The term ‘virus’ was coined acts like biological virus • A virus can be either transient or resident. – A transient virus has a life that depends on the life of its host; – The virus runs when its attached program executes and terminates when its attached program ends. – A resident virus locates itself in memory, then it can remain active or be activated as a stand alone program, even after its attached program ends.
31 Virus ClassificationVirus Classification • Boot sector • File infector • Macro virus • Stealth virus • Polymorphic virus • Metamorphic virus
32 Types of VirusesTypes of Viruses Can classify on basis of how they attack • Parasitic virus -Attaches itself to executable files and replicates • memory-resident virus -Lodges in the main memory and infects every program that executes. • Boot sector virus -Infects a boot record and spreads when the system is booted from the disk
33 Virus types • Stealth Virus – A stealth virus is one which hides the modification it has made in the file or boot record – By monitoring the system functions used by programs to read files or physical blocks from storage media – undetected by anti viral programs • Polymorphic Virus – A polymorphic virus is one which produces varied and fully operational copies of itself, in an attempt to avoid signature detection.
34 Macro VirusMacro Virus • Became very common in mid-1990s since – Platform independent – Infect documents – Easily spread • Exploit macro capability of office apps – Executable program embedded in office doc – Often a form of Basic • More recent releases include protection • Recognized by many anti-virus programs
35 Virus StructureVirus Structure • Components: – Infection mechanism - enables replication – Trigger - event that makes payload activate – Payload - what it does, malicious activity • Pre appended / post appended / embedded • When infected program invoked, executes virus code then original program code
36 Phases of VirusPhases of Virus a typical virus goes through phases of:a typical virus goes through phases of:  DormantDormant  PropagationPropagation  TriggeringTriggering  ExecutionExecution
37 Triggers of the Virus Attacks Attacks begin upon the occurrence of a certain event On a certain Date/ time of year. At a certain time of day When a certain job is run After cloning itself n times when a certain combination of keystrokes occurs When a computer is restarted. The virus code must put itself into a position to either start itself when the computer is turned on, or when a specific program is run
38 Protection against viruses 1. Education 2. Backup and recovery procedures 3. Isolate software libraries 4. Implement software library management procedures 5. Develop a virus alert procedure
39 Worm • A worm is a program that can replicate itself • It is a malicious s/w which does not require a host program for its execution. • Replicating program that propagates over net but not infecting program (does not attach itself to a program) • worm is non destructive • A worm can harm a computer system by filling main memory with its replicated copies.
40 Worm • Worm is able to send multiple copies of itself to other computer on network • A worm can harm a network and consume network bandwidth. • Has phases like a virus: – Dormant, propagation, triggering, execution – Propagation phase: searches for other systems, connects to it, copies self to it and runs
41 Some Worm AttacksSome Worm Attacks • Code Red – July 2001 exploiting MS IIS bug – probes random IP address, does DDoS attack • Code Red II variant includes backdoor • SQL Slammer – early 2003, attacks MS SQL Server • Mydoom – mass-mailing e-mail worm that appeared in 2004 – installed remote access backdoor in infected systems • Warezov family of worms – scan for e-mail addresses, send in attachment
Virus vs Worm Virus Worm A piece of code that attaches itself to other program A malicious program that spread automatically Virus modifies code Worm does not modify code Some viruses cannot replicate itself It can replicate itself Virus is destructive in nature Worm is non destructive Aim of virus is to infect other program stored on computer system Aim of worm is to make computer or network unusable Virus infect files Worm does not infect other files but it occupies memory space by replication Virus may need trigger for execution Worm does not need any trigger. 42
43 Insiders • More dangerous than outside intruders • Most difficult to detect and prevent • Have access and knowledge to cause immediate damage to an organization. • Have knowledge of the security systems in place and will be better able to avoid detection. • Employees are not the only insiders but there are other people who have access like contractors or partners.
44 Insiders For Preventing Insider attacker • Enforce least privilege, allow access to resources that employee need to do their job • Set logs to see what users access and what commands they are entering. • Protect sensitive resources with strong authentication • Upon termination, delete employees computer and network access.
45 Intruders • Hacking means act of accessing computer system/n/w without authorization. (includes authorized users) • Intruders are extremely patience since the process to gain access is requires persistence and dogged determination • If first attack gets fail they try in different angle (search for another possible vulnerability) • Second attack may be blocked/fail, they try for third and so on till they get vulnerability or access
46 Intruders Levels •At low end the individuals who are not technically experts to develop new script or find new vulnerability •They use readymade scripts (downloaded) for known vulnerability •Next level, the peoples who are capable of writing scripts to exploit known vulnerabilities. •8 to 12 % malicious internet activity •Top end, called elite hackers. •Capable of writing scripts that exploit vulnerability. •Also capable of discovering new vulnerabilities.
47 Intruders • Often referred to as a hacker or cracker • Three classes of intruders: – Masquerader: An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account – Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges – Clandestine user: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection
48 Intruders Insiders Intruders are authorized or unauthorized users who are trying to access the system or network Insiders are authorized users who try to access system or network for which he is unauthorized Intruders are hackers or crackers Insiders are not hackers Intruders are illegal users Insiders are legal user Intruders are less dangerous Insiders are more dangerous Intruders have to study or gain knowledge about security system Insiders have a knowledge about the security system. Intruders do not have access to system Insiders have easy access to system Many security mechanisms are used to protect from intrudes There is no such mechanism to protect system from insider
49 Criminal organizations • Organized groups of hackers now a threat – Corporation / government / loosely affiliated gangs – Typically young – Often target credit cards on e-commerce server • Criminal activities on the internet same as criminal activities in physical world – Fraud, extortion, theft, forgery • Criminal hackers usually have specific targets • Once penetrated act quickly and get out • IDS / IPS help but less effective • Sensitive data needs strong protection
50 Terrorists and Information Warfare • Nations are dependent on computer and network • Information is conducted against information and information processing equipments. • It is highly structured threat/attack • It requires a longer period of penetration, large financial backing, and large organized group of attackers • Military forces are key target
51 Avenues of Attack • The two most frequent types of attacks: – viruses and insider abuse. • 2 general reasons a particular computer system is attacked: – It is either specifically targeted by the attacker, not because of the hardware or software the organization is running but for some other reason, such as a political reason – Or it is an opportunistic target, is conducted against a site that has hardware or software that is vulnerable to a specific exploit. • Targeted attacks are more difficult and take more time than attacks on a target of opportunity
52 The Steps in an Attack • The steps an attacker takes are similar to the ones that a security consultant performing a penetration test would take. – gather as much information about the organization as possible. – determine what target systems are available and active. 1.ping sweep, sends an ICMP echo request to the target machine. 2.perform a port scan to identify the open ports, which indicates the services running on the target machine. 3.Determine OS – refer • An attacker can search for known vulnerabilities and tools that exploit them, download the information and tools, and then use them against a site. • If the exploits do not work, other, less system-specific, attacks may be attempted.
53 Security AttacksSecurity Attacks
54 Passive AttacksPassive Attacks • Eavesdropping on transmissions • Attacker aims to obtain information in transit – Release of possibly sensitive/confidential message contents – Traffic analysis which monitors frequency and length of messages to get info on senders • Does not perform any modification to data. • Difficult to detect • Can be prevented using encryption
55 Passive AttacksPassive Attacks
56 Passive Attacks TypesPassive Attacks Types • Release of Message contents – A confidential message should be accessed by authorized user otherwise a message is released against our wishes • Traffic analysis – Attacker may try to find out similarities between encodes message for some clues regarding communication
57 Active AttacksActive Attacks • The contents of original message are modified by the attacker • These attacks can not be prevented easily. • Types of active attack • Interruption: • Modification • Fabrication.
58 Active AttacksActive Attacks • Masquerade – pretending to be a different entity • Replay • Modification of messages • Denial of service • Easy to detect – Detection may lead to deterrent • Hard to prevent – Focus on detection and recovery
59 Active AttacksActive Attacks
60 Denial of Service Attack • Attacker is attempting to deny authorized users access to specific information. • Aim of DOS attack is to prevent access to target system. • Denial-of-service (DoS) attack aims at disrupting the authorized use of networks, systems, or applications. 60
61 SYN Flooding Attack • Used to prevent to prevent services to the system. • Takes advantage of trusted relationship of TCP SYN SYN+ACK ACK TCP 3 Way Handshake 61
62 SYN Flooding Attack • The attacker sends fake request of communication • Each of these requests will be answered by the target system, which then waits for the third part of the handshake. • Since the requests are fake the target will wait for responses that will never come. • The target system will drop these connections after a specific time-out period 62
63 SYN Flooding Attack SYN With Fake IP address SYN+ACK SYN Flooding Attack Attacker Target Response to Fake IP address Reserve Connection Wait for ACK 63
64 SYN Flooding Attack • If the attacker sends requests faster than the time- out period eliminates them, the system will quickly be filled with requests. • The number of connections a system can support is finite, when more requests come in than can be processed, the system will soon be reserving all its connections for fake requests. • Any further requests are simply dropped 64
65 Ping of Death (POD) Attack • In the POD attack, the attacker sends an Internet Control Message Protocol (ICMP) ping packet equal to, or exceeding 64KB. • Certain systems were not able to handle this size of packet, and the system would hang or crash. 65
66 Distributed Denial of Service Attack • DoS attacks are conducted using single system • A DOS attack employing multiple attacking systems is known as a distributed denial of service (DDOS) attack • The goal of a DDOS attack is the same: to deny the use of or access to a specific service or system. • Aim of DDOS is to overwhelm the target with traffic from many different systems. 66
67 Distributed Denial of Service Attack 67
68 Distributed Denial of Service Attack • A network of attack agents (Zombies) created by attacker. • When zombies/agent receives command attacker, the agents commence sending a specific type of traffic against the target. • Systems are compromised and DDOS S/W agent is installed • Sleep zombies are activated after receiving attack command. 68
69 Backdoor and TrapdoorsBackdoor and Trapdoors • Secret entry point into a program • Allows those who know access bypassing usual security procedures • Have been commonly used by developers • A threat when left in production programs allowing exploited by attackers • Avery hard to block in O/S • Requires good s/w development & update
70 Sniffing • It is software or hardware that is used to observe traffic as it passes through a network on shared broadcast media. • used to view all traffic or target specific protocol, service, or string of characters like logins. • Some network sniffers are not just designed to observe the all traffic but also modify the traffic. • Network administrators use sniffers for monitoring traffic. 70
71 Sniffing • used for network bandwidth analysis R Attacker 71
Spoofing • Spoofing – A sophisticated way to authenticate one machine to another by using forged packets – Misrepresenting the sender of a message to cause the human recipient to behave a certain way • Two critical issues for internetworked systems – Trust – Authentication • Authentication is less critical when there is more trust • A computer can be authenticated by its IP address, IP host address, or MAC address • TCP/IP has a basic flaw that allows IP spoofing • Trust and authentication have an inverse relationship • Initial authentication is based on the source address in trust relationships • Most fields in a TCP header can be changed (forged) 72
73 Man_In_The_Middle Attack (MITM( • A Man_in_The_Middle attack generally occurs when attacker are able to place themselves in the middle of two other hosts that are communicating in order to view and/or modify the traffic. Host 1 Host 2 Communication appears to be direct Communication actually sent to attacker Attacker relays message to dest. host Attacker 73
74 Man_In_The_Middle Attack (MITM( • This is done by ensuring that all communication going to or from the target host routed through the attacker host. • The attacker can observe all traffic before relaying it and can actually modify or block traffic. • To the target host it appears that communication is occurring normally, since all expected replies are received • A MITM attack can only be successful when the attacker can impersonate each endpoint to the satisfaction of the other. 74
75 Replay Attack • A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. • A replay attack is an attack where the attacker captures a portion of a comm. between two parties and retransmits it after some time. • A best way to prevent replay attacks is with encryption, cryptographic authentication and time stamps. 75
76 Malware • The term malware also known as malicious code. • Malware refers to S/W that has been designed for some nefarious purpose. • Designed to cause damage to a system such as deleting all files, • It may be designed to create a backdoor in the system in order to grant access to unauthorized users. • Different types of malicious S/W, such as viruses, worms, Trojan horse, logic bomb. • Malicious code runs under the users authority. • Malicious code can read, write, modify, append or even delete data or files without users permission.
77 Logic BombLogic Bomb • One of oldest types of malicious software • Code embedded in legitimate program • Activated when specified conditions met – eg presence/absence of some file – particular date/time – particular user • When triggered typically damage system – modify/delete files/disks
78 Trojan HorseTrojan Horse • Program with hidden side-effects • Which is usually superficially attractive – eg game, s/w upgrade etc • When run performs some additional tasks – allows attacker to indirectly gain access they do not have directly • Often used to propagate a virus/worm or install a backdoor • Or simply to destroy data
79 ZombieZombie • Program which secretly takes over another networked computer • Then uses it to indirectly launch attacks • Often used to launch distributed denial of service (DDoS) attacks • Exploits known flaws in network systems

More Related Content

PPTX
802.1x authentication
Xiaoqi Zhao
 
PDF
Huawei AC6508 Wireless Access Controller Datasheet.pdf
Bruno Rafael
 
PDF
CCNA CheatSheet
Eng. Emad Al-Atoum
 
PPTX
Evaluación de la Red
Adolfo Azpeitia Escalera
 
PDF
14 palo alto quality of service(qos) concept
Mostafa El Lathy
 
PDF
Dvwa low level
hackstuff
 
PPTX
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
PDF
Client-Side Penetration Testing Presentation
Chris Gates
 
802.1x authentication
Xiaoqi Zhao
 
Huawei AC6508 Wireless Access Controller Datasheet.pdf
Bruno Rafael
 
CCNA CheatSheet
Eng. Emad Al-Atoum
 
Evaluación de la Red
Adolfo Azpeitia Escalera
 
14 palo alto quality of service(qos) concept
Mostafa El Lathy
 
Dvwa low level
hackstuff
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
Client-Side Penetration Testing Presentation
Chris Gates
 

What's hot (20)

PDF
Introduction to networks CCNAv7 Module-1
Mukesh Chinta
 
DOCX
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
IT Tech
 
PPTX
CCNA v6.0 ITN - Chapter 01
Irsandi Hasan
 
DOCX
How to configure vlan, stp, dtp step by step guide
IT Tech
 
PPS
Sécurité informatique
alexartiste
 
PDF
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
PDF
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Florian Roth
 
PDF
Subnet mask vs wildcard mask
Edgardo Scrimaglia
 
ODP
How to change wi fi password
kingroc
 
PDF
IOS Cisco - Cheat sheets
Alejandro Marin
 
PDF
Cisco umbrella overview
Cisco Canada
 
PPTX
CCNA 2 Routing and Switching v5.0 Chapter 1
Nil Menon
 
PDF
What is Penetration & Penetration test ?
Bhavin Shah
 
PPT
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
PDF
CCNAv5 - S2: Chapter4 Routing Concepts
Vuz Dở Hơi
 
ODP
Top 10 Web Security Vulnerabilities
Carol McDonald
 
PPTX
Routers and Routing Configuration
yasir1122
 
PDF
Network security
Christalin Nelson
 
PPTX
Network Administrator Project PowerPoint
Steven Washington
 
PDF
Assessing AML Geographic Risk: a Methodology (November 2020)
Alessa
 
Introduction to networks CCNAv7 Module-1
Mukesh Chinta
 
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
IT Tech
 
CCNA v6.0 ITN - Chapter 01
Irsandi Hasan
 
How to configure vlan, stp, dtp step by step guide
IT Tech
 
Sécurité informatique
alexartiste
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Florian Roth
 
Subnet mask vs wildcard mask
Edgardo Scrimaglia
 
How to change wi fi password
kingroc
 
IOS Cisco - Cheat sheets
Alejandro Marin
 
Cisco umbrella overview
Cisco Canada
 
CCNA 2 Routing and Switching v5.0 Chapter 1
Nil Menon
 
What is Penetration & Penetration test ?
Bhavin Shah
 
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
CCNAv5 - S2: Chapter4 Routing Concepts
Vuz Dở Hơi
 
Top 10 Web Security Vulnerabilities
Carol McDonald
 
Routers and Routing Configuration
yasir1122
 
Network security
Christalin Nelson
 
Network Administrator Project PowerPoint
Steven Washington
 
Assessing AML Geographic Risk: a Methodology (November 2020)
Alessa
 
Ad

Similar to Ch1 cse (20)

PPT
Chapter1 intro network_security_sunorganised
Bule Hora University
 
PPT
Lecture 01- What is Information Security.ppt
shahadd2021
 
PDF
Network and Information security_new2.pdf
AyanMujawar2
 
PPTX
UNit 7 Information Security By Sulav Acharya
nmnqknibzxthowqwzc
 
PDF
Lecture 01 Information Security BS computer Science
maqib8373
 
PPTX
Data Network Security
Atif Rehmat
 
PPTX
Cloud Security.pptx
Binod Rimal
 
PPTX
information security (network security methods)
Zara Nawaz
 
PPTX
Information security ist lecture
Zara Nawaz
 
PPTX
Cyber Security and data Security for all.pptx
RajagopalKeshavan
 
PPTX
Informations Security and It's Consequence By Sulav Acharya
AchSulav
 
PPTX
Information Security introduction and management.pptx
daudevarist18
 
PPTX
Unit 1.pptx
MsVaishaliKumar
 
PPT
its a computer security based ppt which is very useful
SantoshChintawar
 
PPTX
Information Security Lecture One for Basic
hassankhan978073
 
PPTX
chapitre 1 introduction to ethical hakcing.pptx
rsi3pfe
 
PPTX
IS Chap 1 by whitman chapter 1 pptx.pptx
sania82678
 
ODP
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
PDF
Concepts of Cyber Security lecture notes.pdf
Priyank974941
 
PPTX
AAU Chapter 5.pptxpppppppppppppppppppppppt
AYNETUTEREFE1
 
Chapter1 intro network_security_sunorganised
Bule Hora University
 
Lecture 01- What is Information Security.ppt
shahadd2021
 
Network and Information security_new2.pdf
AyanMujawar2
 
UNit 7 Information Security By Sulav Acharya
nmnqknibzxthowqwzc
 
Lecture 01 Information Security BS computer Science
maqib8373
 
Data Network Security
Atif Rehmat
 
Cloud Security.pptx
Binod Rimal
 
information security (network security methods)
Zara Nawaz
 
Information security ist lecture
Zara Nawaz
 
Cyber Security and data Security for all.pptx
RajagopalKeshavan
 
Informations Security and It's Consequence By Sulav Acharya
AchSulav
 
Information Security introduction and management.pptx
daudevarist18
 
Unit 1.pptx
MsVaishaliKumar
 
its a computer security based ppt which is very useful
SantoshChintawar
 
Information Security Lecture One for Basic
hassankhan978073
 
chapitre 1 introduction to ethical hakcing.pptx
rsi3pfe
 
IS Chap 1 by whitman chapter 1 pptx.pptx
sania82678
 
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
Concepts of Cyber Security lecture notes.pdf
Priyank974941
 
AAU Chapter 5.pptxpppppppppppppppppppppppt
AYNETUTEREFE1
 
Ad

Recently uploaded (20)

PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
master seminar digital applications in india
ananyaray35
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PDF
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
master seminar digital applications in india
ananyaray35
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Physiotherapy_for_Respiratory_and_Cardiac_Problems WEBBER.pdf
DrMONISHAphysio
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
Pre independence Education in Inndia.pdf
goofy5603
 

Ch1 cse

  • 1. Introduction to Computer Security and Security Trends 22Marks Chapter 1
  • 2. 2 Need for security Information is a strategic resource A significant portion of organizational budget is spent on managing information Have several security related objectives • Confidentiality (secrecy) - protect info value • Integrity - protect info accuracy • Availability - ensure info delivery
  • 3. 3 What is Security? Security is the protection of assets. The three main aspects are: • Prevention • Detection • Re-action
  • 4. 4 Some differences between traditional security and information security • Information can be stolen - but you still have it • Confidential information may be copied and sold - but the theft might not be detected • The criminals may be on the other side of the world
  • 5. 5 Computer Security Security is the protection of assets. The three main aspects are: • Prevention • Detection • Re-action
  • 6. 6 What is Security? “Deals with the prevention and detection of unauthorised actions by users of a computer system.” “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).”
  • 7. 7 Security basics • Data ConfidentialityData Confidentiality ––protection of data from unauthorized disclosure. (Secrecy) • Data IntegrityData Integrity -- assurance that data received is as sent by an authorized entity. (Trust worthiness) • AvailabilityAvailability –– resource accessible/usable • AuthenticationAuthentication -- assurance that communicating entity is the one claimed – have both peer-entity & data origin authentication • Access ControlAccess Control -- prevention of the unauthorized use of a resource
  • 8. 8 Confidentiality  Preserving authorized restrictions on information access and disclosure  Protecting personal privacy and proprietary information  Loss of confidentiality is the unauthorized disclosure of information.
  • 9. 9 Integrity  Guarding against improper information modification or destruction  Loss of integrity is the unauthorized modification or destruction of information.  BA Attacker Modifies data
  • 10. 10 Availability  Ensuring timely and reliable access to and use of information  Loss of availability is the disruption of access to or use of information  Assures that systems work promptly and service is not denied to authorized users
  • 11. 11 Authentication  Authentication is the process of verifying communicating entity is the one who claim to be.  Authenticity is the property of being genuine, valid or trusted.  Authentication helps to establish proof of identities.  Authentication gives confidence in the validity of transmission, a message, or originator.  The task of authentication mechanism is to make sure that only valid user is admitted.
  • 12. 12 Authentication Method Something you know Authentication based on users remembrance Ex. Username and password Something you have Authentication based on some thing that user needs to carry Ex. Access card, Something you are Authentication based on humans unique physical characteristics. Biometrics.
  • 13. 13 Access Control  Access is the ability of a subject to interact with an object.  It is ability to specify, control and limit the access to the host system or application, which prevents unauthorized use to access or modify data or resources  prevention of the unauthorized use of a resource
  • 14. 14 Non Repudiation  Nonrepudiation prevents either sender or receiver from denying a transmitted message.  Thus, when a message is sent, the receiver can prove that the alleged sender in fact sent the message.  Similarly, when a message is received, the sender can prove that the alleged receiver in fact received the message
  • 15. 15 Authorization  Authorization is a process of verifying that a known person has the authority to perform certain operation.  Authorization cannot occur without authentication.
  • 16. 16 Example of Security Low • Loss should have a limited effect on Org operations, assets or individuals • Cause degradation in mission capability • Reduce effectiveness of function • Minor damage to assets • Minor functional loss • Minor harm to individual
  • 17. 17 Example of Security Moderate • Loss should have a serious effect on Org operations, assets or individuals • Cause significant degradation in mission capability • significantly reduce effectiveness of function • significant damage to assets • significant functional loss • significant harm to individual
  • 18. 18 Example of Security High • Loss should have a sever effect on Org operations, assets or individuals • Cause sever degradation in mission capability • Organization is not able to perform one or more primary function • major damage to assets • Major functional loss • Major harm to individual
  • 19. 19 Challenges for Security • Not simple, major requirement of CIA, • While designing security mechanism consider potential attack. • Security mechanism is complex • It is necessary to decide where to use them (physical / logical). • Involves more than one protocol/algorithm, problem of secret information (encryption key)
  • 20. 20 Challenges for Security • War between attacker and admin/designer • Problem of human tendency, security investment until failure • Need regular, constant monitoring • It is essential to add security at time of designing rather than after design. • Security is often afterthought (consider at design time) • Tendency, strong security is obstacle
  • 21. 21 Model for Security Security means protecting assets, and assets are  Hardware  Software  Data  Communication facilities and networks Following are possible vulnerabilities  Data can be Corrupted.  Data can be leak.  Data can be unavailable.
  • 22. 22 Risk and Threat Analysis • Risk • Risk is some incident or attack that can cause damage to system. • An attack is done by sequence of actions like, Exploiting weak points
  • 23. 23 Risk and Threat Analysis • Risk analysis is review of data gathered and analysis of risk • Risk assessment team determine asset values, system criticality, likely threats, and existence of vulnerabilities. • Risk calculations Risk = Assets X Threats X Vulnerabilities
  • 24. 24 Risk and Threat Analysis Assets • Those items that an organization wishes to protect. • Asset can be any data, device or other component that support information related security. • Assets can be hardware, software, confidential information. • Valuing of assets scope and guide security risk assessment
  • 25. 25 Risk and Threat Analysis Threats • An undesired event that may result in loss, disclosure or damage to org asset. • Threat is potential for violation of security • When exist there is circumstance, capability, action or event could breach security • Threat can identified by damage done in asset. – Spoofing identity of users – Information may be disclosure – User get more privileges
  • 26. 26 Risk and Threat Analysis Vulnerability • Vulnerability is a weakness in the information infrastructure of org. • It will accidentally or intentionally damage the asset • Vulnerabilities can be – Programs with unnecessary privilege – Accounts default password not changed – Program with known faults. – Weak access control – Weak firewall.
  • 27. 27 Threats to Security • Viruses • Worms • Intruders • Insiders • Criminal organizations • Terrorists • Information warfare
  • 28. 28 VirusesViruses • Piece of software that infects programs – Modifying them to include a copy of the virus – So it executes secretly when host program is run • Specific to operating system and hardware – Taking advantage of their details and weaknesses • A typical virus goes through phases of: – Dormant – Propagation – Triggering – Execution
  • 29. 29 Virus • A virus attaches itself to program and propagates copies of itself to other programs. • The essential component of virus is set of instruction which, when executed, spreads itself to other, previously unaffected, programs or files. • performs two functions: I. It copies itself into previously uninfected programs or files. II. it executes whatever other instructions the virus author included in.
  • 30. 30 Virus • It may damage by replicating itself and taking up system resources, disk space, CPU time, or network connection. • A virus is a program that can pass on malicious code to other non-malicious program by modifying them. • The term ‘virus’ was coined acts like biological virus • A virus can be either transient or resident. – A transient virus has a life that depends on the life of its host; – The virus runs when its attached program executes and terminates when its attached program ends. – A resident virus locates itself in memory, then it can remain active or be activated as a stand alone program, even after its attached program ends.
  • 31. 31 Virus ClassificationVirus Classification • Boot sector • File infector • Macro virus • Stealth virus • Polymorphic virus • Metamorphic virus
  • 32. 32 Types of VirusesTypes of Viruses Can classify on basis of how they attack • Parasitic virus -Attaches itself to executable files and replicates • memory-resident virus -Lodges in the main memory and infects every program that executes. • Boot sector virus -Infects a boot record and spreads when the system is booted from the disk
  • 33. 33 Virus types • Stealth Virus – A stealth virus is one which hides the modification it has made in the file or boot record – By monitoring the system functions used by programs to read files or physical blocks from storage media – undetected by anti viral programs • Polymorphic Virus – A polymorphic virus is one which produces varied and fully operational copies of itself, in an attempt to avoid signature detection.
  • 34. 34 Macro VirusMacro Virus • Became very common in mid-1990s since – Platform independent – Infect documents – Easily spread • Exploit macro capability of office apps – Executable program embedded in office doc – Often a form of Basic • More recent releases include protection • Recognized by many anti-virus programs
  • 35. 35 Virus StructureVirus Structure • Components: – Infection mechanism - enables replication – Trigger - event that makes payload activate – Payload - what it does, malicious activity • Pre appended / post appended / embedded • When infected program invoked, executes virus code then original program code
  • 36. 36 Phases of VirusPhases of Virus a typical virus goes through phases of:a typical virus goes through phases of:  DormantDormant  PropagationPropagation  TriggeringTriggering  ExecutionExecution
  • 37. 37 Triggers of the Virus Attacks Attacks begin upon the occurrence of a certain event On a certain Date/ time of year. At a certain time of day When a certain job is run After cloning itself n times when a certain combination of keystrokes occurs When a computer is restarted. The virus code must put itself into a position to either start itself when the computer is turned on, or when a specific program is run
  • 38. 38 Protection against viruses 1. Education 2. Backup and recovery procedures 3. Isolate software libraries 4. Implement software library management procedures 5. Develop a virus alert procedure
  • 39. 39 Worm • A worm is a program that can replicate itself • It is a malicious s/w which does not require a host program for its execution. • Replicating program that propagates over net but not infecting program (does not attach itself to a program) • worm is non destructive • A worm can harm a computer system by filling main memory with its replicated copies.
  • 40. 40 Worm • Worm is able to send multiple copies of itself to other computer on network • A worm can harm a network and consume network bandwidth. • Has phases like a virus: – Dormant, propagation, triggering, execution – Propagation phase: searches for other systems, connects to it, copies self to it and runs
  • 41. 41 Some Worm AttacksSome Worm Attacks • Code Red – July 2001 exploiting MS IIS bug – probes random IP address, does DDoS attack • Code Red II variant includes backdoor • SQL Slammer – early 2003, attacks MS SQL Server • Mydoom – mass-mailing e-mail worm that appeared in 2004 – installed remote access backdoor in infected systems • Warezov family of worms – scan for e-mail addresses, send in attachment
  • 42. Virus vs Worm Virus Worm A piece of code that attaches itself to other program A malicious program that spread automatically Virus modifies code Worm does not modify code Some viruses cannot replicate itself It can replicate itself Virus is destructive in nature Worm is non destructive Aim of virus is to infect other program stored on computer system Aim of worm is to make computer or network unusable Virus infect files Worm does not infect other files but it occupies memory space by replication Virus may need trigger for execution Worm does not need any trigger. 42
  • 43. 43 Insiders • More dangerous than outside intruders • Most difficult to detect and prevent • Have access and knowledge to cause immediate damage to an organization. • Have knowledge of the security systems in place and will be better able to avoid detection. • Employees are not the only insiders but there are other people who have access like contractors or partners.
  • 44. 44 Insiders For Preventing Insider attacker • Enforce least privilege, allow access to resources that employee need to do their job • Set logs to see what users access and what commands they are entering. • Protect sensitive resources with strong authentication • Upon termination, delete employees computer and network access.
  • 45. 45 Intruders • Hacking means act of accessing computer system/n/w without authorization. (includes authorized users) • Intruders are extremely patience since the process to gain access is requires persistence and dogged determination • If first attack gets fail they try in different angle (search for another possible vulnerability) • Second attack may be blocked/fail, they try for third and so on till they get vulnerability or access
  • 46. 46 Intruders Levels •At low end the individuals who are not technically experts to develop new script or find new vulnerability •They use readymade scripts (downloaded) for known vulnerability •Next level, the peoples who are capable of writing scripts to exploit known vulnerabilities. •8 to 12 % malicious internet activity •Top end, called elite hackers. •Capable of writing scripts that exploit vulnerability. •Also capable of discovering new vulnerabilities.
  • 47. 47 Intruders • Often referred to as a hacker or cracker • Three classes of intruders: – Masquerader: An individual who is not authorized to use the computer and who penetrates a system’s access controls to exploit a legitimate user’s account – Misfeasor: A legitimate user who accesses data, programs, or resources for which such access is not authorized, or who is authorized for such access but misuses his or her privileges – Clandestine user: An individual who seizes supervisory control of the system and uses this control to evade auditing and access controls or to suppress audit collection
  • 48. 48 Intruders Insiders Intruders are authorized or unauthorized users who are trying to access the system or network Insiders are authorized users who try to access system or network for which he is unauthorized Intruders are hackers or crackers Insiders are not hackers Intruders are illegal users Insiders are legal user Intruders are less dangerous Insiders are more dangerous Intruders have to study or gain knowledge about security system Insiders have a knowledge about the security system. Intruders do not have access to system Insiders have easy access to system Many security mechanisms are used to protect from intrudes There is no such mechanism to protect system from insider
  • 49. 49 Criminal organizations • Organized groups of hackers now a threat – Corporation / government / loosely affiliated gangs – Typically young – Often target credit cards on e-commerce server • Criminal activities on the internet same as criminal activities in physical world – Fraud, extortion, theft, forgery • Criminal hackers usually have specific targets • Once penetrated act quickly and get out • IDS / IPS help but less effective • Sensitive data needs strong protection
  • 50. 50 Terrorists and Information Warfare • Nations are dependent on computer and network • Information is conducted against information and information processing equipments. • It is highly structured threat/attack • It requires a longer period of penetration, large financial backing, and large organized group of attackers • Military forces are key target
  • 51. 51 Avenues of Attack • The two most frequent types of attacks: – viruses and insider abuse. • 2 general reasons a particular computer system is attacked: – It is either specifically targeted by the attacker, not because of the hardware or software the organization is running but for some other reason, such as a political reason – Or it is an opportunistic target, is conducted against a site that has hardware or software that is vulnerable to a specific exploit. • Targeted attacks are more difficult and take more time than attacks on a target of opportunity
  • 52. 52 The Steps in an Attack • The steps an attacker takes are similar to the ones that a security consultant performing a penetration test would take. – gather as much information about the organization as possible. – determine what target systems are available and active. 1.ping sweep, sends an ICMP echo request to the target machine. 2.perform a port scan to identify the open ports, which indicates the services running on the target machine. 3.Determine OS – refer • An attacker can search for known vulnerabilities and tools that exploit them, download the information and tools, and then use them against a site. • If the exploits do not work, other, less system-specific, attacks may be attempted.
  • 54. 54 Passive AttacksPassive Attacks • Eavesdropping on transmissions • Attacker aims to obtain information in transit – Release of possibly sensitive/confidential message contents – Traffic analysis which monitors frequency and length of messages to get info on senders • Does not perform any modification to data. • Difficult to detect • Can be prevented using encryption
  • 56. 56 Passive Attacks TypesPassive Attacks Types • Release of Message contents – A confidential message should be accessed by authorized user otherwise a message is released against our wishes • Traffic analysis – Attacker may try to find out similarities between encodes message for some clues regarding communication
  • 57. 57 Active AttacksActive Attacks • The contents of original message are modified by the attacker • These attacks can not be prevented easily. • Types of active attack • Interruption: • Modification • Fabrication.
  • 58. 58 Active AttacksActive Attacks • Masquerade – pretending to be a different entity • Replay • Modification of messages • Denial of service • Easy to detect – Detection may lead to deterrent • Hard to prevent – Focus on detection and recovery
  • 60. 60 Denial of Service Attack • Attacker is attempting to deny authorized users access to specific information. • Aim of DOS attack is to prevent access to target system. • Denial-of-service (DoS) attack aims at disrupting the authorized use of networks, systems, or applications. 60
  • 61. 61 SYN Flooding Attack • Used to prevent to prevent services to the system. • Takes advantage of trusted relationship of TCP SYN SYN+ACK ACK TCP 3 Way Handshake 61
  • 62. 62 SYN Flooding Attack • The attacker sends fake request of communication • Each of these requests will be answered by the target system, which then waits for the third part of the handshake. • Since the requests are fake the target will wait for responses that will never come. • The target system will drop these connections after a specific time-out period 62
  • 63. 63 SYN Flooding Attack SYN With Fake IP address SYN+ACK SYN Flooding Attack Attacker Target Response to Fake IP address Reserve Connection Wait for ACK 63
  • 64. 64 SYN Flooding Attack • If the attacker sends requests faster than the time- out period eliminates them, the system will quickly be filled with requests. • The number of connections a system can support is finite, when more requests come in than can be processed, the system will soon be reserving all its connections for fake requests. • Any further requests are simply dropped 64
  • 65. 65 Ping of Death (POD) Attack • In the POD attack, the attacker sends an Internet Control Message Protocol (ICMP) ping packet equal to, or exceeding 64KB. • Certain systems were not able to handle this size of packet, and the system would hang or crash. 65
  • 66. 66 Distributed Denial of Service Attack • DoS attacks are conducted using single system • A DOS attack employing multiple attacking systems is known as a distributed denial of service (DDOS) attack • The goal of a DDOS attack is the same: to deny the use of or access to a specific service or system. • Aim of DDOS is to overwhelm the target with traffic from many different systems. 66
  • 67. 67 Distributed Denial of Service Attack 67
  • 68. 68 Distributed Denial of Service Attack • A network of attack agents (Zombies) created by attacker. • When zombies/agent receives command attacker, the agents commence sending a specific type of traffic against the target. • Systems are compromised and DDOS S/W agent is installed • Sleep zombies are activated after receiving attack command. 68
  • 69. 69 Backdoor and TrapdoorsBackdoor and Trapdoors • Secret entry point into a program • Allows those who know access bypassing usual security procedures • Have been commonly used by developers • A threat when left in production programs allowing exploited by attackers • Avery hard to block in O/S • Requires good s/w development & update
  • 70. 70 Sniffing • It is software or hardware that is used to observe traffic as it passes through a network on shared broadcast media. • used to view all traffic or target specific protocol, service, or string of characters like logins. • Some network sniffers are not just designed to observe the all traffic but also modify the traffic. • Network administrators use sniffers for monitoring traffic. 70
  • 71. 71 Sniffing • used for network bandwidth analysis R Attacker 71
  • 72. Spoofing • Spoofing – A sophisticated way to authenticate one machine to another by using forged packets – Misrepresenting the sender of a message to cause the human recipient to behave a certain way • Two critical issues for internetworked systems – Trust – Authentication • Authentication is less critical when there is more trust • A computer can be authenticated by its IP address, IP host address, or MAC address • TCP/IP has a basic flaw that allows IP spoofing • Trust and authentication have an inverse relationship • Initial authentication is based on the source address in trust relationships • Most fields in a TCP header can be changed (forged) 72
  • 73. 73 Man_In_The_Middle Attack (MITM( • A Man_in_The_Middle attack generally occurs when attacker are able to place themselves in the middle of two other hosts that are communicating in order to view and/or modify the traffic. Host 1 Host 2 Communication appears to be direct Communication actually sent to attacker Attacker relays message to dest. host Attacker 73
  • 74. 74 Man_In_The_Middle Attack (MITM( • This is done by ensuring that all communication going to or from the target host routed through the attacker host. • The attacker can observe all traffic before relaying it and can actually modify or block traffic. • To the target host it appears that communication is occurring normally, since all expected replies are received • A MITM attack can only be successful when the attacker can impersonate each endpoint to the satisfaction of the other. 74
  • 75. 75 Replay Attack • A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. • A replay attack is an attack where the attacker captures a portion of a comm. between two parties and retransmits it after some time. • A best way to prevent replay attacks is with encryption, cryptographic authentication and time stamps. 75
  • 76. 76 Malware • The term malware also known as malicious code. • Malware refers to S/W that has been designed for some nefarious purpose. • Designed to cause damage to a system such as deleting all files, • It may be designed to create a backdoor in the system in order to grant access to unauthorized users. • Different types of malicious S/W, such as viruses, worms, Trojan horse, logic bomb. • Malicious code runs under the users authority. • Malicious code can read, write, modify, append or even delete data or files without users permission.
  • 77. 77 Logic BombLogic Bomb • One of oldest types of malicious software • Code embedded in legitimate program • Activated when specified conditions met – eg presence/absence of some file – particular date/time – particular user • When triggered typically damage system – modify/delete files/disks
  • 78. 78 Trojan HorseTrojan Horse • Program with hidden side-effects • Which is usually superficially attractive – eg game, s/w upgrade etc • When run performs some additional tasks – allows attacker to indirectly gain access they do not have directly • Often used to propagate a virus/worm or install a backdoor • Or simply to destroy data
  • 79. 79 ZombieZombie • Program which secretly takes over another networked computer • Then uses it to indirectly launch attacks • Often used to launch distributed denial of service (DDoS) attacks • Exploits known flaws in network systems