1 / 43

Data and Computer Communications

Computer and Network Security Threats. The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the change of his not attacking, but rather on the fact that we have made our position unassailable.??The Art of War. Sun

niel
Download Presentation

Data and Computer Communications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Data and Computer Communications Ninth Edition by William Stallings

    2. Computer and Network Security Threats The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the change of his not attacking, but rather on the fact that we have made our position unassailable.   —The Art of War. Sun Tzu

    3. Computer Security Key objectives: confidentiality integrity availability

    4. Confidentiality term covers two related concepts: Data assures that private or confidential information is not made available or disclosed to unauthorized individuals Privacy assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed

    5. Integrity term covers two related concepts: Data integrity assures that information and programs are changed only in a specified and authorized manner System integrity assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system

    6. Availability

    7. Loss of Security FIPS PUB 199 identifies the loss of security in each category: Confidentiality unauthorized disclosure of information Integrity unauthorized modification or destruction of information Availability disruption of access to or use of information or an information system

    8. Additional Security Objectives Some information security professionals feel that two more objectives need to be added:

    9. Threats and Attacks

    10. Computer and Network Assets, with Examples of Threats

    11. Scope of System Security

    12. Hardware most vulnerable to attack least susceptible to automated controls threats accidental damage intentional damage theft

    13. Software includes operating system, utilities and application programs key threats:

    14. Data security concerns with respect to data are broad, encompassing: availability secrecy integrity major concerns with data have to do with:

    15. Communication Lines & Networks Network Security attack classification:

    16. Active Attacks

    17. Classes of Intruders Masquerader – usually outsider penetrates a real users account by pretending to be them Misfeasor – usually insider legitimate user who accesses unauthorized areas Clandestine User – outsider or insider user who seizes supervisory control of a system in order to avoid prevention, access and detection controls

    18. Behavior Patterns of Intruders: Hackers and Criminals Hackers usually high level of competence share their findings look for targets of opportunity Criminals organized groups of hackers are a common modern threat typically young usually have specific targets

    19. Behavior Patterns of Intruders: Insiders

    20. Intrusion Techniques

    21. Malicious Software

    22. Categories of Malicious Software parasitic fragments of programs that cannot exist independently of some actual application program, utility, or system program viruses, logic bombs, backdoors independent self-contained programs that can be scheduled and run by the operating system worms, bots

    23. Terminology of Malicious Programs

    24. Backdoor trapdoor is a secret entry point into a program that can allow unauthorized access to the data backdoors are common among the programming community and are used for a variety of maintenance tasks (maintenance hook) it is important to not allow backdoors into production environments

    25. Logic Bomb predates viruses and worms code embedded in a legitimate program that will “explode” at a given time or when certain conditions are met presence or absence of certain files particular day of the week or date particular user using the application

    26. Trojan Horse program that contains hidden code that, when invoked, causes harm to the system or system infrastructure it was launched from

    27. Mobile Code script, macro, or other portable instruction that can be shipped unchanged to a collection of platforms transmitted from a remote system to a local system and then executed on the local system without the user’s explicit instruction mechanism for a virus, worm, or Trojan horse vulnerabilities such as unauthorized data access

    28. Multiple Threat Malware multipartite – capable of infecting multiple types of files blended attack – uses multiple methods of infection or transmission to maximize infection speed Nimda erroneously referred to as simply a worm uses a combination of items like email, web servers, web clients, etc. to propagate and infect

    29. Viruses can do anything other programs can do attaches itself to a program and executes secretly once running it can perform any function allowed by the current users rights

    30. Virus Lifecycle

    31. Virus Classification by target by concealment strategy

    32. Target boot sector infector infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus file infector infects files that the operating system or shell consider to be executable macro virus infects files with macro code that is interpreted by an application

    33. Concealment Strategy

    34. E-Mail Viruses a more recent development in malicious software Melissa E-mail virus sends itself to everyone on the mailing list in the user’s e-mail package virus does local damage on the user’s system another virus appeared that activates by merely opening the e-mail that contains the virus rather than the attachment

    35. Worms self replicating – usually very quickly usually performs some unwanted function actively seeks out more machines to infect

    36. Worms In the propagation phase the Worm will Phases

    37. Worm Technology Multiplatform – variety of platforms Multi-Exploit – variety of penetration schemes Ultrafast Spreading – accelerated distribution Polymorphic – evades set signatures Metamorphic – evades anomaly detectors Transport Vehicles – used to spread other distributed attack tools Zero Day – exploits a yet unknown vulnerability

    38. Worm Propagation

    39. Bots AKA – Zombie or Drone secretly takes over an internet connected computer launches attacks from that computer that are hard to trace back to the creator Botnet collection of Bots that act in a coordinated manner has 3 characteristics bot functionality remote control facility spreading mechanism

    40. Bot Usage Distributed Denial of Service Attack Spamming Sniffing Traffic Keylogging Spreading of new malware Installing Ads (Adware and SpyWare) Attacking IRC Chat networks Manipulation of online polls / games

    41. Remote Control Facility distinguishes a bot from a worm worm propagates itself, bot is controlled from some central facility (initially) IRC server all bots join a specific channel on this server and treat incoming messages as commands control module activates the bots

    42. Constructing the Attack Network first step in a botnet attack is for the attacker to infect a number of machines with bot software that will be used to carry out the attack essential ingredients software that can carry out the attack vulnerability in a large number of systems strategy for locating and identifying vulnerable machines scanning / fingerprinting

    43. Summary computer security concepts threats, attacks, and assets hardware, software, data intruders hackers, criminals, insiders malicious software Trojan horse, malware viruses, worms, and bots

More Related