1 / 17

Chapter Overview

Chapter Overview. Chapter 6: Computer and Network Security. Introduction Viruses, worms, and Trojan horses Phreaks and hackers Denial-of-service attacks. Introduction. Computers getting faster and less expensive Utility of computers increasing Email Web surfing Shopping

dyanne
Download Presentation

Chapter Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter Overview Chapter 6: Computer and Network Security • Introduction • Viruses, worms, and Trojan horses • Phreaks and hackers • Denial-of-service attacks

  2. Introduction • Computers getting faster and less expensive • Utility of computers increasing • Email • Web surfing • Shopping • Managing personal information • Increasing use of computers growing importance of computer security

  3. Viruses (1/2) • Virus: piece of self-replicating code embedded within another program (host) • Viruses associated with program files • Hard disks, floppy disks, CD-ROMS • Email attachments • How viruses spread • Diskettes or CDs • Email • Files downloaded from Internet

  4. Viruses (2/2) • Well-known viruses • Brain • Michelangelo • Melissa • Love Bug • Viruses today • Commercial antivirus software • Few people keep up-to-date

  5. Worms • Worm • Self-contained program • Spreads through a computer network • Exploits security holes in networked computers • Famous worms • WANK • Code Red • Sapphire (Slammer) • Blaster • Sasser

  6. Trojan Horses • Trojan horse: program with benign capability that masks a sinister purpose • Remote access Trojan: Trojan horse that gives attack access to victim’s computer • Back Orifice • SubSeven • RAT servers often found within files downloaded from erotica/porn Usenet sites

  7. Bot Networks • Bot: A software program that responds to commands from a program on another computer • Some bots support legitimate activities • Internet Relay Chat • Multiplayer Internet games • Other bots support illegitimate activities • Distributing spam • Collecting person information for ID theft • Distributed denial-of-service attacks

  8. Defensive Measures • System administrators play key role • Authorization: determining that a user has permission to perform a particular action • Authentication: determining that people are who they claim to be • Firewall: a computer monitoring packets entering and leaving a local area network

  9. Hackers (1/2) • Original meaning • Explorer • Risk-taker • Technical virtuoso • Hacker ethic • Hands-on imperative • Free exchange of information • Mistrust of authority • Value skill above all else • Optimistic view of technology

  10. Hackers (2/2) • Meaning of “hacker” changed • Movie WarGames • Teenagers accessing corporate or government computers • Dumpster diving • Social engineering • Malicious acts • Destroying databases • Stealing confidential personal information

  11. Phone Phreaking • Phone phreak: someone who manipulates phone system to make free calls • Most popular methods • Steal long-distance telephone access codes • Guess long-distance telephone access codes • Use a “blue box” to get free access to long-distance lines • Access codes posted on “pirate boards”

  12. Penalties for Hacking • Examples of illegal activities • Accessing without authorization any Internet computer • Transmitting a virus or worm • Trafficking in computer passwords • Intercepting a telephone conversation, email, or any other data transmission • Accessing stored email messages without authorization • Adopting another identity to carry out an illegal activity • Maximum penalty: 20 years in prison + $250,000 fine

  13. Denial-of-Service AttacksDoS • Denial-of-service attack: an intentional action designed to prevent legitimate users from making use of a computer service • Goal of attack: disrupt a server’s ability to respond to its clients • About 4,000 Web sites attacked each week • Asymmetrical attack that may prove popular with terrorists

  14. Attacks that Consume Scarce Resources • SYN flood attack A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. • Smurf attack The Smurf attack is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a system via spoofed broadcast ping messages. • Fill target computer’s hard disk • Email bombing • Worm • Break-in followed by file copying

  15. Defensive Measures • Physical security of server • Benchmarking • Disk quota systems • Disabling unused network services • Turning off routers’ amplifier network capability

  16. Distributed Denial-of-Service AttacksDDoS • Attacker gains access to thousands of computers • Launches simultaneous attack on target servers • Defensive measures • Secure computers to prevent hijackings • Check for forged IP addresses

  17. SATAN • Security Administrator Tool for Analyzing Networks (SATAN) • Allows administrators to test their systems • Could be used to probe other computers • Critics worried SATAN would turn unskilled teenagers into hackersThat never happened

More Related