1 / 23

NETWORK THREAT REVIEW

NETWORK THREAT REVIEW. Agenda. In this section Network threats Worms Hackers Security holes Social engineering. NETWORK THREATS. Threats. Threats Network worms Hackers, crackers Security holes and vulnerabilities User-installed uncontrolled programs

veda-briggs
Download Presentation

NETWORK THREAT REVIEW

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. NETWORK THREAT REVIEW

  2. Agenda • In this section • Network threats • Worms • Hackers • Security holes • Social engineering

  3. NETWORK THREATS

  4. Threats • Threats • Network worms • Hackers, crackers • Security holes and vulnerabilities • User-installed uncontrolled programs • Threats can be divided to external and internal ones based on where they originate from

  5. Worm • WORM is a computer program that replicates independently by sending itself to other systems • E-mail worms • Spread using email in attachments • Network worms • Very fast at spreading • Network worms connect directly over the network • Bluetooth worm

  6. Network Worms • Network worms use hacker techniques to automatically sneak in from the Internet • For example Nimda, Slammer, Lovsan, Slapper, Sasser • Connect directly over the network (extremely fast spreading) • Traditional antivirus response times are not enough to stop these worms from spreading, personal firewalls are needed • In a way, network worms are automated hacker attacks

  7. Malware type: Network worm Replication mechanism: Exploits an LSASS security hole in Win 2000 and XP Payload: Installs a backdoor and launches an DDoS attack Effect: Caused unpatched machines to start to reboot Created problems in at least three large banks; rail traffic was halted in Australia on Saturday, leaving 300,000 travellers stranded, etc. Example: Sasser (2004) Writer Sven Jaschen arrested 6 days after seeding

  8. Case: Sasser Attack failedTCP 445 openLSASS patched Attack successful TCP 445 open LSASS unpatched

  9. Virulence vs. Payload • Damage caused by worms can be measured by two key components • VIRULENCE measures how fast a worm spreads, how well the replication mechanism works • Aggressive spreading typically affects resources such as network bandwidth • Extremely virulent worms can cause system overload or failure • PAYLOAD measures what the worm does • May be carried by the worm or distributed later • Doesn’t have to be harmful • Not all worms have payloads, some only exist to propagate

  10. Common Payloads • E-Mail proxies • Installed in stealth • Used as relays for spam distribution • Trojan backdoors • Used by the attacker to control the infected computers • Distributed Denial of Service (D-DoS)

  11. D-DoS • Distributed Denial of Service • Overloading a service by misusing its resources • Very effective way to take someone down, not much one can do about it • Most famous incidents • February 2000: Yahoo, Amazon, CNN, eBay • Attacks done by a teenager “Mafiaboy” • January 2001: Microsoft • March 2003: www.aljazeera.net • August 2004: Gambling sites blackmail during Olympics

  12. Slave Master D-DoS Example

  13. Hacking • CRACKING (also HACKING) is gaining direct access to a target system • Wide range of methods available (stolen access information, finding open ports, known security holes, etc.) • Attacks can be divided to external attacks and internal attacks • EXPLOITis a common term for software that takes advantage of a bug, glitch, security hole or vulnerability • Vulnerability types include buffer overflow, format string attacks, race condition, cross-site scripting, and cross-site request forgery

  14. Security Holes and Vulnerabilities • As all operating systems have security holes, the question is how fast the vulnerabilities are patched • Mostly hackers rely on patches to develop exploits • Full disclosure vs. security through obscurity • The average time between a vulnerability made public and the first exploit is getting shorter • Nimda, 365 days (2001) • Sasser, 18 days (2004) • Witty, 1 day (2004) Product ships Vulnerability found Hole publicied, patch issued Patch implemented Exploits appear

  15. Linux vs. Windows • Average expectancy to compromise for an unpatched Linux system has increased from 72 hours to 3 months in two years • Windows has an average life expectancy of a few minutes • Still, Microsoft usually is faster at releasing fixes to security holes • Also, Microsoft is becoming more security-conscious (SP2 for XP centres around security features only, anti-spyware tool) • Most direct intrusions are performed against Windows hosts • Lower level of basic protection, especially if not updated regularly • Windows dominates the market, which makes it an attractive target • Monoculture, homogenous environments

  16. There were no major incidents in Linux operating system Linux users were targeted with a spam message that claimed a security vulnerability has been found in Fedora and the fix is available at fedora-redhat.com. The fake update file turned out to be a rootkit. Some bugs were found and SuSE dispatched three local security holes to prevent a local user from hacking the computer Opener, the first real malware for Apple Macintosh OS X was found Bash script containing a keylogger, a backdoor etc. Security holes were found (and patched in silence) in Samba, Squid, PHP and others Linux and OSX is 2004

  17. Social Engineering and Users • Users have the possibility to install software which can leak out information – either by themselves or because they have been fooled in doing so • The line between ’good’ and ’bad’ programs is blurry (spyware, peer-to-peer software, etc.) • Worms and viruses are looking for non-protected entry points, such as Instant Messaging, peer-to-peer networks, Internet Relay Chat (IRC) • Companies typically do not have any means to prevent employees from using software that is not allowed • PHISHING means luring sensitive information (like passwords) from a victim by masquerading as someone trustworthy with a real need for such information

  18. Company Visitors • Unsafe devices (laptops, PDAs, mobile phones) that visitors connect to the corporate network are a big threat • These devices might be infected with a fast spreading network worm • These may then try to infect not just internal but also external targets • Damage to the company reputation!

  19. Other Attack Types • A wealth of other methods are available as well • Hacking • Exploiting a known weakness (vulnerabilities) of the operating system or application • Spoofing • IP spoofing: Changing the packet source address to falsify the actual source • DNS spoofing (poisoning): Changing DNS records • E-Mail spoofing: Changing the source e-mail address (e.g used in spam or phishing attacks) • URL / Web spoofing: Sites that look the same as the real ones, but are in fact plagiates (for example using extended domain names) • Scanning • Systematic scanning to find open ports or operating system

  20. Uninvited Guests • Why? Who? • National interest (spies) • Personal gain (thiefs) • Personal fame (trespassers) • Curiosity (vandals, script kiddies)

  21. Other Malware • MALWARE is a common name for all kinds of unwanted software such as viruses, worms, spyware and trojans • TROJAN HORSE (or trojan) is a program with hidden destructive functionality • SPAM means unsolicited bulk email, something the recipient did not ask for it and that is sent in large volumes

  22. Viruses and Spyware • VIRUS is a computer program that replicates by attaching itself to another object • Boot sector virus • File virus • Macro virus • SPYWARE is software that aids in gathering information about a person or organization without their knowledge, and can relay this information back to an unauthorized third party File virus ”Funlove”

  23. Summary • In this section • Network threats • Worms • Hackers • Security holes • Social engineering

More Related