1 / 15

Topic 1 – Lesson 3 Network Attacks

Topic 1 – Lesson 3 Network Attacks. Summary. Questions. Compare passive attacks and active attacks How do packet sniffers work? How to mitigate? How does spoofing work? How to mitigate? A step by step description of DoS attacks; How to mitigate? Compare virus, worms, and Trojan Horses

prue
Download Presentation

Topic 1 – Lesson 3 Network Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Topic 1 – Lesson 3Network Attacks Summary

  2. Questions • Compare passive attacks and active attacks • How do packet sniffers work? How to mitigate? • How does spoofing work? How to mitigate? • A step by step description of DoS attacks; How to mitigate? • Compare virus, worms, and Trojan Horses • How to mitigate? • How do malicious applets work? How to mitigate? • How do war dialers work? How to mitigate? • How do logic bombs work? How to mitigate? • How do buffer overflow attacks work? How to mitigate? • How can hackers use social engineering tactic? How to mitigate? • How does dumpster diving work? How to mitigate?

  3. Compare passive attacks and active attacks • Passive attacks eavesdrop • Active attacks change data • Defeating passive attacks should focus on detection • Active attacks are malicious and will directly cause damage • 4 example active attacks: masquerade, replay, denial of service, modification • Active attacks generally are preceded by passive attacks

  4. How do packet sniffers work? How to mitigate? • Packet sniffers are discovering information by listening in • Packet sniffers are passive attacks & do not alter data • How to mitigate • Use encryption to prevent sniffing • Use one time passwords to help defeat • Packet sniffers are hard to detect because they do not alter network traffic

  5. How does spoofing work? How to mitigate? • Spoofing is a camouflage technique • Three common types of spoofing attacks • IP spoofing • Email address spoofing: fake an email address • Web page spoofing: fake a web page • How to mitigate? • Sender-side access control: Filters can stop people from sending out spoofed IP packets or emails • Receiver-side access control: need to know whether an arriving packet is spoofed • Cryptography and authentication may help • IP address-based authentication is limited: why? • Mitigation difficult if you have trusted systems outside your network; You should use firewalls

  6. A step by step description of DDoS attacks; How to mitigate? • Step 1: the attacker breaks into 1001 computers • Step 2: the attacker installs the master program on one computer and the daemon software on the other 1000 computers • Step 3: the attacker picks a victim • Step 4: when the attacker launches the DDoS attack, the attacker will instruct the master program to launch the attack; then the master program will instruct the 1000 daemons to send a lot packets to the victim • How to mitigate? • Ways to stop server from crashing are limiting nonessential traffic • Hard to defend because they look like normal traffic • Harder to defend because they spoof IP addresses

  7. Compare virus, worms, and Trojan Horses. How to mitigate? • In Lesson 2, we clarified the differences between virus and worms • Trojan horses are a special type of virus • A Trojan horse refers to a computer program that does things more than it claims. • One possible purpose of Trojan horses is to get passwords and info and send back • How to mitigate? • Use antivirus software • Only downloading from trusted web sites • Do not execute unknown applications/tools

  8. On Trojan Horses A clean program, e.g., a tool A clean program, e.g., a tool A Trojan Horse Being attacked Malicious code

  9. How do malicious applets work? How to mitigate? • Java applets are embedded in web pages • When you open a web page or click a hyperlink, a malicious applet could be executed on your computer • Applets compromise privacy and security by stealing passwords and modifying files, and spoofing email • How to mitigate? • Disable java to avoid

  10. How do war dialers work? How to mitigate? • Dial numerous numbers and try to establish an illegal connection • Break into a computer via its dial-up connection • How to mitigate? • Change passwords and do not use dialup. Use strong passwords. • Do not use dictionary words. • Less vulnerability using Ethernet connection.

  11. How do logic bombs work? How to mitigate? • Logic bombs can be viewed as a special type of Trojan horses • A typical Trojan horse will be activated whenever the infected software program is executed; however, logic bombs typically stay dormant until certain conditions are satisfied. • Can be deployed by worm or viruses? -- Yes • Can be internal attacks from employees. • How to mitigate? • Can be detected and removed by virus scanning • Tripwire: a tool to check if a program is modified by the attacker • Hash the original program: a hash is a unique value based on content of the program file, and if content changes then hash value changes

  12. How can hackers use social engineering tactic? How to mitigate? • Take advantage of human characteristics • Talk unsuspecting employees out of sensitive info. • Comprehensive security policies will help • Employees should be educated about this threat

  13. How does dumpster diving work? How to mitigate? • Sift through a company’s garbage to find information to help break into the computers • Sensitive documents should be shredded

  14. How do buffer overflow attacks work? How to mitigate? • When a web server is executed, its stack contains the return address • The hacker sends a carefully crafted URL request message to the web server • The request contains a piece of code • The request text overwrites the stack and the return address is changed • The changed return address will mislead the CPU to execute the code contained in the attacking message • More than 90% percent of real world hacking is via buffer overflow

  15. Buffer overflow in depth Inside RAM Step 1. The hacker sends a malicious URL request code code http://www.cnn. com/a/b/c/x.html A normal URL request http://www.x.y Input buffer Malicious code The message Return address New Return addr stack other data other data A Web Server

More Related