1 / 33

Software Attacks

Software Attacks. used to overwhelm the processing capabilities of online systems or to gain access to protected systems by hidden means. Malware. specially crafted software to attack a system trick users – install on their systems. redirect attacks and denial-of-service attacks

georgina
Download Presentation

Software Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software Attacks used to overwhelm the processing capabilities of online systems or to gain access to protected systems by hidden means

  2. Malware • specially crafted software to attack a system • trick users – install on their systems. • redirect attacks and denial-of-service attacks • damage, destroy, or deny service to targeted systems • adware : undesired marketing and advertising, including popups and banners on a user’s screens. • Spyware: gather information about people or organizations without their knowledge.

  3. virus : malware - attached to other executable programs. When activated, replicates and propagates itself to multiple systems, spreading by multiple communications vectors. • virus hoax :A message that reports the presence of a non existent virus or worm and wastes time • worm : activate and replicate without being attached to an existing program.

  4. polymorphic threat : Malware (a virus or worm) that over time changes the way it appears to antivirus software programs - making it undetectable by techniques that look for preconfigured signatures. • Trojan horse : A malware program that hides its true nature and reveals its designed behavior only when activated.

  5. Virus • code segments (programming instructions) – perform malicious actions. • code attaches itself to an existing program and takes control of the program’s access to the targeted computer. T • controlled target program - carries out the virus plan -replicate itself into additional targeted systems. • Infection - cause from random messages on a user’s screen to the destruction of entire hard drives. • passed from machine to machine via physical media, e-mail, or other forms of computer data transmission. • In infected machine, immediately scan it for e-mail applications or to every user in the e-mail address book. • common methods of virus transmission - e-mail attachment files • current software marketplace - Symantec Norton AntiVirus, Kaspersky Antivirus, AVG AntiVirus, McAfee VirusScan

  6. Virus Categories • boot virus: Also known as a boot sector virus, targets the boot sector or Master Boot Record (MBR) of a computer system’s hard drive or removable storage media. • macro virus: A type of virus written in a specific macro language to target applications that use the language. affects documents, slideshows, e-mails, or spread sheets created by office suite applications. • memory-resident virus : capable of installing itself in a computer’s operating system, when the computer is activated, and residing in the system’s memory even after the host application is terminated. Also known as a resident virus. • non-memory-resident virus: terminates after it has been activated, infected its host system, and replicated itself,do not reside in an operating system or memory after executing. Also known as a non-resident virus.

  7. WORMS • continue replicating themselves until they completely fill available resources (memory, hard drive space, and network bandwidth) • Example - Code Red, Sircam, Nimda (“admin” spelled backwards), and Klez– combine multiple modes of attack into a singlepackage. • Nimda- spread to span the Internet address space of 14 countries in less than 25 minutes. • Klez worm- delivers a double-barreledpayload, has an attachment that contains the worm, if the e-mail is viewed on an HTML-enabled browser, attempts to deliver a macro virus. • News-making attacks - MyDoomand Netsky variants of the multifaceted attack worms and viruses - exploit weaknesses in leading operating systems and applications.

  8. WORMS • complex behaviour of worms - initiated with or without the user downloading or executing the file. • Once infected a computer -redistribute itself to all e-mail addresses found on the infected system. • deposit copies of itself onto all Web servers that the infected system can reach; subsequently visiting users - become infected. • take advantage of open shares found on the network in which an infected system is located. • place working copies of their code onto the server - users of the open shares are likely to become infected.

  9. TROJAN HORSE • disguised as helpful, interesting, or necessary pieces of software,(readme.exe) files - included with shareware or freeware packages. • once brought into a system - become activated and can wreak havoc on the unsuspecting user.

  10. Trojan Horse Attack

  11. Polymorphic Threats • biggest challenges - emergence of polymorphic threats • evolves, changes its size and other external file characteristics to elude detection by antivirus software programs

  12. Virus and Worm Hoaxes • More time and money are spent resolving virus hoaxes. • send group e-mails warning of supposedly dangerous viruses that don’t exist - When people fail to follow virus-reporting procedures in response to a hoax - network overloaded and users waste time and energy forwarding the warning message to everyone they know, posting the message on bulletin boards, and trying to update their antivirus protection software. • prominent virus hoax - 1994 “Goodtimes virus,” - was transmitted in an e-mail with the header “Good Times” or “goodtimes.” • never existed, and thousands of hours of employee time were wasted retransmitting the e-mail, effectively creating a denial of service. • another example, the Teddy Bear hoax - tricked users into deleting necessary operating system files - made systems stop working.

  13. back door or trap door • allows the attacker to access the system at will with special privileges. • Examples - Subsevenand Back Orifice. • maintenance hook – when these doors are left behind by system designers or maintenance staff; • attackers place a back door into a system or network they have compromised, making their return to the system - much easier the next time. • hard to detect

  14. Denial-of-Service (DoS) and Distributed Denial-of-Service(DDoS) Attacks • DoS attack - large number of connection or information requests to a target , becomes overloaded and cannot respond to legitimate requests for service, - system may crash or become unable to perform ordinary functions. • DDoS attack - a coordinated stream of requests is launched against a target from many locations at the same time. • Most DDoS attacks - preceded by a preparation phase - many systems compromised. • The compromised machines - turn into bots or zombies, (directed remotely by the attacker (usually via a transmitted command) to participate in the attack) • DDoS attacks - more difficult to defend against, currently no controls • system connected to the Internet and providing TCP-based network services - a Web server, FTP server, or mail server - vulnerable to DoS attacks. • DoS attacks - launched against routers or other network server systems if these hosts enable other TCP services, such as echo.

  15. DoS Attack

  16. E-mail Attacks • mail bomb : attack designed to overwhelm the receiver with excessive quantities of e-mail , form of e-mail attack -also a DoS attack – accomplished using traditional e-mailing techniques or by exploiting various technical flaws in SMTP. • target of the attack receives an unmanageably large volume of unsolicited e-mail, sending large e-mails with forged header information, poorly configured e-mail systems on the Internet • many systems - tricked into participating, target e-mail address - buried under thousands or even millions of unwanted e-mails. • Spam : Undesired e-mail, typically commercial advertising transmitted in bulk, consequence -waste of computer and human resources, - attempt to cope with the flood of spam by using e-mail filtering technologies, to delete unwanted messages.

  17. Communications Interception Attacks • Domain Name System (DNS) cache poisoning : intentional hacking and modification of a DNS database to redirect legitimate traffic to illegitimate Internet locations –DNS spoofing • subcategories designed to intercept and collect information in transit - sniffers, spoofing, pharming, and man-in-the-middle attacks.

  18. Packet Sniffer • monitor data traveling over a network. • used both for legitimate network management functions and for • stealing information. • Unauthorized sniffers - extremely dangerous to a network’s security - virtually impossible to detect and can be inserted almost anywhere- favorite weapon for hacker. • Work on TCP/IP networks. • add risk to networks - many systems and users send information • on local networks in clear text. • sniffer program shows all the data going by - passwords, the data inside files (such as word-processing documents), and screens full of sensitive data from applications

  19. Spoofing • hackers use a variety of techniques to obtain trusted IP addresses , modify the packet headers to insert these forged addresses. • Newer routers and firewall arrangements - protection against IP spoofing.

  20. IP Spoofing Attack

  21. Pharming • use Trojans, worms, or other virus technologies to attack an Internet browser’s address bar - the valid URL - modified to illegitimate Web site. • form of pharming called Domain Name System (DNS) cache poisoning - targets the Internet DNS system, corrupting legitimate data tables. • key difference between pharming and the social engineering attack called phishing - later requires the user to actively click a link or button to redirect to the illegitimate site, whereas pharming attacks modify the user’s traffic without the user’s knowledge or active participation

  22. Man-in-the-Middle Attack • an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. • TCP hijacking attack - also known as session hijacking, the attacker uses address spoofing to impersonate other legitimate entities on the network. • allows the attacker to eavesdrop ,to change, delete, reroute, add, forge, or divert data. • Variant of TCP hijacking - interception of an encryption key exchange, which enables the hacker to act as an invisible man in the middle—that is, an eavesdropper—on encrypted communications.

  23. Man in the Middle Attack

  24. Access Controls • access control - selective method by which systems specify who may use a particular resource and how they may use it. • achieved through a combination of policies, programs, and technologies • focused on the permissions or privileges that a subject (user or system) has on an object (resource) • access control list (ACL) - A specification of an organization’s information asset, the users who may access and use it, and their rights and privileges for using the asset. • attribute - characteristic of a subject (user or system) that can be used to restrict access to an object. (subject attribute) • capability table - A specification of an organization’s users, the information assets that users may access, and their rights and privileges for using the assets. (user profiles or user policies.)

  25. Access Control Approaches

  26. Discretionary Access Control • DACs - share resources in a peer-to-peer configuration- allows users to control and provide access to information or resources at their disposal. • allows general, unrestricted access of resources to specific people or groups of people • Example – hard drive access to specific coworkers by name in the share control function

  27. Nondiscretionary access controls • NDACs -managed by a central authority in the organization • lattice-based access control (LBAC), - users are assigned a matrix of authorizations for particular areas of access-authorization vary between levels - depends on the classification of authorizations • lattice structure - subjects and objects, and the boundaries associated with each pair are demarcated • specifies the level of access each subject has to each object, as given in access control lists (ACLs) and capability tables

  28. Lattice Based • lattice-based controls - a person’s duties and responsibilities • role-based access controls (RBACs) and task-based access controls (TBACs). • Role based controls - duties a user performs in an organization-position or temporary assignment like project manager • task-based controls are - particular chore or responsibility- department’s printer administrator. • easy to maintain the restrictions associated with a particular role or task- different people • Assign access rights to the role or task. • users are associated with that role or task – automatically receive the corresponding access. • When their turns are over - removed from the role or task and access is revoked. • Roles - last for a longer term , be related to a position, tasks - more granular and short-term.

  29. Mandatory access controls • MACs - a form of lattice-based, nondiscretionary access controls - use data classification schemes • give users and data owners limited control over access to information resources. • data classification scheme - each collection of information is rated, specify the level of information they may access. • ratings - sensitivity levels, indicate the level of confidentiality • newer approach - attribute-based access controls (ABACs). • attributes of a subject such as name, date of birth, home address, training record, and job function, unique identity etc • uses one of these attributes to regulate access to a particular set of data.

  30. Access Control Mechanisms • four fundamental functions of access control systems: ● Identification: I am a user of the system. ● Authentication: I can prove I’m a user of the system. ● Authorization: Here’s what I can do with the system. ● Accountability: You can verify my use of the system.

  31. Access Control Matrix • An integration of access control lists (focusing on assets) and capability tables (focusing on users) that results in a matrix with organizational assets listed in the column headings and users listed in the row headings. • ACLs in columns for a particular device or asset and capability tables in rows for a particular user.

  32. Access Control Mechanisms • identification - unverified entities or supplicants who seek access to a resource provide a label by which they are known to the system. • authentication - requires the validation and verification of a supplicant’s purported identity. • authorization - represents the matching of an authenticated entity to a list of information assets and corresponding access levels. • accountability - ensures all actions on a system—authorized or unauthorized—can be attributed to an authenticated identity. Also known as auditability.

More Related