If you can't read please download the document

General Overview of Attacks

  • Upload
    celine

  • View
    22

  • Download
    0

Tags:

Embed Size (px)

DESCRIPTION

General Overview of Attacks. Regardless of the motivation, a network security specialist must be aware of the threats and appropriate responses. What is an attack. Any malicious activity directed at a computer system or the services it provides. - PowerPoint PPT Presentation

Citation preview

  • General Overview of Attacks

    Regardless of the motivation, a network security specialist must be aware of the threats and appropriate responses

  • What is an attackAny malicious activity directed at a computer system or the services it provides. Eg: Viruses, use of a system by an unauthorized individual, denial of service, physical attack against computer hardware.

  • Reasons for attacks

    1) Gaining access to the system2) Simply for the challenge3) To Collect information4) Desire to cause damage

  • AttacksCriminal AttacksPublicity AttacksLogon Abuse Inappropriate System UseNetwork Intrusion

  • Criminal AttacksFraud: Involvement of money and commerceScams: Selling something of no value and getting the moneyDestructive Attacks: Work of Terrorists, employees bent on revenge or hacks gone over to the wrong side. Eg: Denial of Service Attacks on Yahoo, CNN, eBay, Amazon etcIntellectual Property Theft: Electronic versions of property. Eg: Piracy of software

  • Criminal Attacks ContinuedIdentity Theft: Why steal from someone when you can just become that person? Brand Theft: How do users know which sites are worth visiting and bookmarking?Please update your Amazon/eBay profile

  • Publicity AttacksHow can I get my name in the newspapers?Motivated by a desire to fix the problems.Possibility of exploitation by criminals.Public confidenceEg: Denial-of-service attacks

  • Different Forms of attacksNon-Technical Form of Attack:Social EngineeringTechnical Form of Attack:Implementation BugsAbuse of FeatureSystem MisconfigurationMasqueradingDoS / DDoSSession Hijacking

  • Social Engineering Attacker making use of his social contacts or people skills to get private information.Eg: Attacker acting as an administrator and convincing the individual on telephone to reveal confidential information like passwords, filenames, details about security policies.

  • Implementation BugsAttackers use bugs in trusted programs to exploit and gain unauthorized access to a computer system. Eg: buffer overflows, race conditions, and mishandled temporary files.

  • Abuse of FeatureThese are legitimate actions that one can perform that when taken to the extreme can lead to system failure. Eg: Opening hundreds of telnet connections to a machine to fill its process table or filling up a mail spool with junk email.

  • System MisconfigurationRefers to an attacker gaining access to the system because of an error in the configuration of a system

    Eg: the default configuration of some systems includes guest account that is not protected with a password.

  • Masquerading Sometimes, it is possible to fool a system into giving access by misrepresenting oneself. Eg: Sending a TCP packet that has forged source address that makes the packet appear to come from a trusted host.

  • Broad Categories of Attacks1)Denial of service attacks2)Attacks that give local user super user access.3)Attacks that give remote user local access4)Probes (Attempts to probe a system to find potential weaknesses)5)Physical attack against computer hardware

  • Possible Types of Actions in an Attack

  • Denial of Service (DoS) AttacksIs an attack in which the attacker makes some computing or memory resource too busy or too full to handle legitimate requests, or denies legitimate users access to a machine.Some DoS attacks abuse a perfectly legitimate feature.Eg: mailbomb, smurf attack

  • DoS continuedSome DoS attacks create malformed packets that confuse the TCP/IP stack of the machine that is trying to reconstruct the packet.Eg: teardrop, ping of deathOthers take advantage of bugs in a particular network daemon.Eg: apache2, back, syslogd

  • Summary of Denial of Service attacks

  • FootprintingFootprinting is gathering information about networks, specific computers, companies &/or people.Scouring the websiteWhois Lookup on the domain or command at shellGet the IP address to know about the network (Ping or nslookup)Search in ARIN database (American Registry for Internet Numbers) to find out who owns that specific netblock.Talk to the ISP that somebody from their network is sending spam or possibly start a social engineering attack

  • Where to startLocationsRelated CompaniesMerger or acquisition newsPhone numbersContact names and email addressesPrivacy and security policies indicating the security mechanisms in placeLinks to other web servers related to organization

  • Port ScanningStealth scansSpoofed scansTCP syn, syn/ack, & fin scansICMP (ping sweep)TCP ftp proxyScanner connects to real ftp server & requests data transfer to other system

  • Scanning ToolsHPingLegionNessusNmapSAINTSATANTcpviewSnort

  • User to Root AttacksAttacker starts out with access to a normal user on the system (perhaps by sniffing passwords, a dictionary attack, or social engineering) and exploits some vulnerability to gain root access. The most common attacks areBuffer overflow attacks. (eg: Eject, Ftbconfig)Poor Environment Sanitation. (eg:Loadmodule, perl)Poor Temp File Management. Lack of chroot in vulnerable system services

  • Summary of User to Root attacks

  • Remote to User AttacksAttacker who has the ability to send packets to a machine over a network, but who does not have an account on that machineexploits some vulnerability to gain local access as a user of that machine.Some of theses attacks exploit buffer overflows in network server software.

  • Remote to User AttacksMost common attacks areAbuse of feature (eg: Dictionary)Misconfiguration (eg: Ftp-write, guest, xlock)Bug (eg: Imap, Named, Phf, Sendmail)

  • Summary

  • ProbesPrograms that can automatically scan a network of computers to gather information or find known vulnerabilities.Scanning tools like satan, saint, mscan enable even a very unskilled attacker to very quickly check thousands of machines on a network for known vulnerabilities.

  • Summary

  • Most Serious Problems pointed out by CERT (2003)Exploitation of weaknesses in the cgi-bin/phf program used on web servers to steal system password files.Attacks on systems running free Linux version of UNIX, including installation of Sniffers that can steal unencrypted passwords when people log on to the systems.Denial-of-service attacks were particularly troubling for internet service providers.

  • ContinuedWidely available hacker kits ScriptKiddies attacking systems with known vulnerabilities.Abuse of email including mail-bombing, forgeries(spoofing), and a large increase in the amount of junk mail.Viruses and hoaxes about viruses (especially wild claims about dangerous mail)

  • Problems in ascertaining the threatsUnknown number of crimes of all kinds is undetected. Some of them are discovered long after they have occurred.Similarly, computer crimes may not be detected by the victims. Estimate is 1/10th of the total crimes are detected.Some of them go unreported. Estimate is 1/10th of the detected crimes are reported.

  • Precautions against attacksIntrusion detection systems:1)Those detect system attacks in real time and can be used to stop an attack in progress.2)Those provide after-the-fact information about the attacks that can be used to repair damage, understand the attack mechanism, and reduce the possibility if future attacks are of the same type.

  • Intrusion Detection SystemsIntrusion detection system should be designed in such a way that they can handle all level sophistications of the hacker right from a novice cracker to an experienced cracker who knows about the intrusion detection systems and take steps to avoid being caught.

  • Sources of data for an IDSTraffic sent over the networkSystem Level Audit DataInformation about file system stateThere are other sources of data such as real-time process lists, log files, processor loads etc. However, they are used rarely.

  • Traffic sent over the networkAll data sent over an Ethernet network is visible to every machine that is present on the local network segment. Hence, one machine connected to this Ethernet can be used to monitor traffic for all hosts on the network.

  • System Level Audit DataMost operating system offer some level of auditing of operating systems events.

    Eg: Logging failed attempts to log in, logging every systems call.

  • Information about file system state An intrusion detection system that examines this file system data can alert an administrator whenever a system binary file (such as ps, login, or ls program) is modified. Since normal user have no legitimate reason to alter these files, a change to a system binary file indicates that the system has been compromised.

  • Strategies for Intrusion Detection

    Signature VerificationAnomaly DetectionSpecification Based Intrusion SystemsBottleneck verification

  • Signature Verification exampleAn oversized ping packet of length greater than 64 kilobytes can often cause some systems to reboot. A signature verification system that is looking for a ping of death denial service attack would have a simple rule that says any ping packet of length greater than 64 kilobytes is an attack.

  • Signature VerificationAdvantages:Can be devised to detect attempts to exploit many possible vulnerabilitiesOne sniffer can monitor many work stationsThe computation required to construct network sessions and search for keywords is not excessive

  • Signature Verification

    Drawbacks:Difficult to establish rulesChances of false alarm rates are very highCan not identify novel type of attacks

  • Anomaly DetectionThese systems track typical behavior of a system and issue warning when they observe actions that deviate significantly from those models.Construct Statistical Models of a user, system, or network activity to observe typical behavior during an initial training phase. After training, anomalies are detected and flagged as attacks.Eg: NIDES (Next-Generation Intrusion Detection Expert System) by SRI international.

  • Anomaly DetectionThese systems are frequently suggested approaches to detect novel attacks.Involve large computations and memory resourcesHigh False alarm rates Can not detect if the attackers activity overlaps with that of a user or system.

  • Specification Based Intrusion Systems This type of approach detects the attacks that make improper use of system or application programs. Results in far lesser false alarm rates.Detects wide range of new attacks including many forms of malicious code such as trojan horses, viruses, attacks that take advantage of race conditions, and attacks that take advantage of improperly synchronized distributed programs.

  • Bottleneck verificationThis approach applies to situations where there are only a few, well-defined ways to transition between two groups of states.Eg: Transition between a normal user and a superuser with in a shell. If an individual is in a normal use state, the only way to legally gain a root privileges is by using the su command and entering the root password.Thus, if a bottleneck verification system can detect a shell being launched, determine the permission of the new shell and detect the successful su command to gain root access.

  • Time Vs Vulnerability

  • Referenceswww.exploitresearch.org/faqs/network-footprinting.html www.ll.mit.edu/IST/ideval/pubs/ 1998/kkendall_thesis.pdf http://www.sans.org/rr/audit/footprint.php http://www.icsalabs.com/html/library/whitepapers/crime.pdf http://csrc.nist.gov/SBC/PDF/NIST_ITL_Bulletin_05-99_Comp_Attacks.pdfSecrets & Lies


Attacks Attacks AND Attacks!

Attacks Attacks AND Attacks!

Internet
A natural Technique To Stop Panic Attacks And General Anxiety Fast!

A natural Technique To Stop Panic Attacks And General Anxiety Fast!

Healthcare
UNTHSC General Biosafety Training Overview UNTHSC General Biosafety Training Overview

UNTHSC General Biosafety Training Overview UNTHSC General Biosafety Training Overview

Documents
TEMPEST attacks against AES - Fox-IT · 2020. 7. 29. · TEMPEST attacks against AES Covertly stealing keys for €200 Overview Side-channel attacks can recover secret keys from cryptographic

TEMPEST attacks against AES - Fox-IT · 2020. 7. 29. · TEMPEST attacks against AES Covertly stealing keys for €200 Overview Side-channel attacks can recover secret keys from cryptographic

Documents
Cryptography (An Overview). Security Attacks Normal Flow Interruption ModificationFabrication Interception

Cryptography (An Overview). Security Attacks Normal Flow Interruption ModificationFabrication Interception

Documents
general overview

general overview

Documents
1 General Overview Information & Communication Technology Labs General Overview

1 General Overview Information & Communication Technology Labs General Overview

Documents
TCP/IP: sniffing, ARP attacks, IP fragmentation Recap and overview

TCP/IP: sniffing, ARP attacks, IP fragmentation Recap and overview

Documents
How to End Panic Attacks and General Anxiety Fastbmd.s3.amazonaws.com/pdf/PanicAway_Demo.pdf · How to End Panic Attacks and General Anxiety Fast Barry McDonagh ... a panic attack

How to End Panic Attacks and General Anxiety Fastbmd.s3.amazonaws.com/pdf/PanicAway_Demo.pdf · How to End Panic Attacks and General Anxiety Fast Barry McDonagh ... a panic attack

Documents
An Overview of Economic LossesIn NYC Due To Terrorist Attacks on

An Overview of Economic LossesIn NYC Due To Terrorist Attacks on

Documents
2016-05-31 Overview of Swirlds Hashgraph · Overview of Swirlds Hashgraph Leemon Baird ... proof-of-stake will make it safe from Sybil attacks, which are attacks by hordes of sock-puppet

2016-05-31 Overview of Swirlds Hashgraph · Overview of Swirlds Hashgraph Leemon Baird ... proof-of-stake will make it safe from Sybil attacks, which are attacks by hordes of sock-puppet

Documents
Fault Attacks Overview - Rensselaer Polytechnic Institutesecurity.cs.rpi.edu/courses/hwre-spring2014/Fault-Attacks-short.pdfattacks often cause the operating system to crash •Power

Fault Attacks Overview - Rensselaer Polytechnic Institutesecurity.cs.rpi.edu/courses/hwre-spring2014/Fault-Attacks-short.pdfattacks often cause the operating system to crash •Power

Documents
Lecture 10-11: General attacks on LFSR based stream ciphers

Lecture 10-11: General attacks on LFSR based stream ciphers

Documents
Network Security Attacks - TheCAT - Web Services Overview

Network Security Attacks - TheCAT - Web Services Overview

Documents
AN OVERVIEW OF ATTACKS ON HINDUS & INDIA

AN OVERVIEW OF ATTACKS ON HINDUS & INDIA

Documents
Symvionics general overview

Symvionics general overview

Business
Mountz General Overview

Mountz General Overview

Documents
15-744: Computer Networking L-22 DDoS Attacks. 2 Overview Denial of service Traceback Backscatter Analysis Reflector Attacks

15-744: Computer Networking L-22 DDoS Attacks. 2 Overview Denial of service Traceback Backscatter Analysis Reflector Attacks

Documents
Overview of European Max Beauregard Terror Attacks in

Overview of European Max Beauregard Terror Attacks in

Documents
Attacks on medical missions: overview of a polymorphous ... · Attacks on medical missions: overview ... to recognition of their almost implicit character in ... Attacks on medical

Attacks on medical missions: overview of a polymorphous ... · Attacks on medical missions: overview ... to recognition of their almost implicit character in ... Attacks on medical

Documents
Rts General Overview

Rts General Overview

Business
TEMPEST attacks against AES - Fox-IT | For a more … attacks against AES Covertly stealing keys for €200 Overview Side-channel attacks can recover secret keys from cryptographic

TEMPEST attacks against AES - Fox-IT | For a more … attacks against AES Covertly stealing keys for €200 Overview Side-channel attacks can recover secret keys from cryptographic

Documents
General Overview of Attacks Regardless of the motivation, a network security specialist must be aware of the threats and appropriate responses

General Overview of Attacks Regardless of the motivation, a network security specialist must be aware of the threats and appropriate responses

Documents
Network Attacks 1 Network Attacks Network Attacks 2 Topics Sniffing IP address spoofing Session hijacking Netcat o General-purpose network tool

Network Attacks 1 Network Attacks Network Attacks 2 Topics Sniffing IP address spoofing Session hijacking Netcat o General-purpose network tool

Documents
General overview Project organisation Objectives Technical ... · General overview Project organisation Objectives Technical Solution Pilots. 2 General overview (1) ... Consultancy

General overview Project organisation Objectives Technical ... · General overview Project organisation Objectives Technical Solution Pilots. 2 General overview (1) ... Consultancy

Documents
An Overview of Bombing and Arson Attacks by Environmental ... · An Overview of Bombing and Arson Attacks by Environmental and Animal Rights Extremists in the United States, 1995-

An Overview of Bombing and Arson Attacks by Environmental ... · An Overview of Bombing and Arson Attacks by Environmental and Animal Rights Extremists in the United States, 1995-

Documents
System Vulnerabilities and Denial of Service Attacks€¦ · System Vulnerabilities and Denial of Service Attacks Introduction and Threat Overview Denial of Service Threats DoS Attacks:

System Vulnerabilities and Denial of Service Attacks€¦ · System Vulnerabilities and Denial of Service Attacks Introduction and Threat Overview Denial of Service Threats DoS Attacks:

Documents
Project report – General Attacks on Elliptic Curve Based ... · PDF fileProject report – General Attacks on Elliptic Curve Based ... General Attacks on Elliptic Curve Based Cryptosystems

Project report – General Attacks on Elliptic Curve Based ... · PDF fileProject report – General Attacks on Elliptic Curve Based ... General Attacks on Elliptic Curve Based Cryptosystems

Documents
Security of continuous variable quantum key distribution against general attacks

Security of continuous variable quantum key distribution against general attacks

Technology
Is Troy Burning - An overview of targeted cyber attacks

Is Troy Burning - An overview of targeted cyber attacks

Technology