Security Threats: Network Based Attacks
|
|
- Candice Gwendolyn Fields
- 6 years ago
- Views:
Transcription
1 Security Threats: Network Based Attacks Lecture 2 George Berg/Sanjay Goel 1
2 Administrivia Starting next week, we will met in BA 349. A conference room, in keeping with the topics of the next 3 classes. 2
3 Administrivia I have to be away on Tuesday the 16th. I propose we have that week s class on Thursday the 18th. That would make the schedule Tuesday, March 9th Thursday, March 18th Tuesday, March 23rd. 3
4 Network Based Attacks Types Self-Propagating Programs Spoofing Session Hijacking Buffer Overflow 4
5 Self-Propagating Programs 5
6 Self-Propagating Programs Types Behavior: Self-replicate and propagate through the network. Basic Types: Virus Worm Trojan Horse Many variants of the basic types exist. 6
7 Self-Propagating Programs Types Self-replicating programs attach themselves parasitically to existing programs to propagate Consists of two parts Viral Portion Payload The program spreads by creating replicas of itself and attaching itself to other executable programs to which it has write access. 7
8 Self-Propagating Programs Types Viral Portion: When a user executes an infected program (e.g. runs an executable file or inserts a disk with an infected boot sector), the viral portion of the code typically executes first and then the control returns to the original program, which executes normally. 8
9 Self-Propagating Programs Types Payload: The action that a self-replicating program performs. It may be benign such as printing a weird message, playing music or malicious such as destroying data or corrupting the hard disk. Unless there is a visible payload that the user observes s/he is not likely to notice the malicious program. 9
10 Self-Propagating Programs Types Polymorphic Viruses: Viruses that modify themselves prior to replicating. These are hard to detect since they are constantly changing their signature. 10
11 Self-Propagating Programs Types Worms are another form of self-replicating programs that can automatically spread. They do not need a carrier program. Replicate by spawning copies of themselves. They find an exploit software vulnerabilities in order to spread. Mail servers, database servers, etc. More complex and are much harder to write than virus programs. 11
12 Virus Definition: Malicious software that attaches itself to other software. Typical Behavior: Replicates within a computer system, potentially attaching itself to every other program. Behavior categories: e.g. Innocuous, Humorous, Data altering, Catastrophic. 12
13 Virus Targets & Prevention Vulnerabilities: All computers Common Categories: Boot sector Terminate and Stay Resident (TSR) Application software Stealth (or Chameleon) Prevention Limit connectivity Limit downloads Use only authorized media for loading data and software Enforce mandatory access controls. Viruses generally cannot run unless the host application is running. 13
14 Virus Protection Detection Changes in file sizes or date/time stamps Computer is slow starting or slow running Unexpected or frequent system failures Change of system date/time Increased computer memory usage Increased bad blocks on disks. 14
15 Virus Protection Countermeasures: Overall strategy: contain, identify and recover. Anti-virus scanners: look for known viruses. Anti-virus monitors: look for virus-related application behaviors. Attempt to determine the source of infection and issue an alert. 15
16 Worm Definition: Malicious software which is a stand-alone application (i.e. can run without a host application) Typical Behavior: Often designed to propagate through a network, rather than just a single computer Vulnerabilities: Multitasking computers, especially those employing open network standards. 16
17 Worm Prevention & Detection Prevention: Limit connectivity Employ Firewalls Maintain software in a secure state Watch for alerts. Detection: Computer is slow starting or slow running Unexpected or frequent system failures Countermeasures Overall methodology: Contain, identify and recover Attempt to determine the source of the infection and issue an alert. 17
18 Worm Example In November of 1988, a self propagating worm known as the Internet Worm was released onto the ARPANET by Robert Morris Jr. It attached itself to the computer system rather than a single program. 18
19 Worm Example Process: The worm obtained a new target machine name from the host it had just infected and then attempted to get a shell program running on the target machine. The virus used several means to get the shell program running. It primarily exploited errors in two network connected server programs on computers: the sendmail routine (a debug option left enabled in the program release), and the 'finger' routine. It also attacked weak passwords. 19
20 Worm Example The shell program served as a beachhead and was used to download several binary executables that were used to crack passwords A common password dictionary and the system dictionary were used for password cracking The virus then attacked a new set of target hosts using any cracked accounts it may have obtained from the current host. 20
21 Worm Example The worm was also designed to be stealthy. If the beachhead program was unable to fully infect a machine, it deleted itself and all other files. The worm ran in memory, leaving no trace on disk. The worm changed its name and process ID frequently, so as to avoid showing long runtimes or large CPU usage. 21
22 Worm Example The virus was (supposedly) not intended to be malicious and did not harm any data on the systems it infected. A bug prevented the worm from always checking to tell if a host was infected causing the worm to overload the host computers it infected. 22
23 Trojan Horse Definition: a worm which pretends to be a useful program or a virus which is purposely attached to a useful program prior to distribution Typical Behaviors: Same as Virus or Worm, but also sometimes used to send information back to or make information available to perpetrator Vulnerabilities: Unlike Worms, which self-propagate, Trojan Horses require user cooperation Untrained users are vulnerable 23
24 Trojan Horse Prevention and Detection Prevention: User cooperation allows Trojan Horses to bypass automated controls. User training is best prevention Detection: Same as Virus and Worm Countermeasures: Same as Virus and Worm Alert must be issued, not only to other system administrators, but to all network users. 24
25 Time Bomb Definition: A Virus or Worm designed to activate at a certain date/time Typical Behaviors: Same as Virus or Worm, but widespread throughout organization upon trigger date Vulnerabilities: Same as Virus and Worm Time Bombs are usually found before the trigger date 25
26 Time Bomb Prevention and Detection Prevention: Run associated anti-viral software immediately as available Detection: Correlate user problem reports to find patterns indicating a possible Time Bomb Countermeasures: Contain, identify and recover Attempt to determine the source of infection and issue an alert 26
27 Logic Bomb Definition: A Virus or Worm designed to activate under certain conditions Typical Behaviors: Same as Virus or Worm Vulnerabilities: Same as Virus and Worm Prevention: Same as Virus and Worm Detection: Correlate user problem reports indicating possible Logic Bomb Countermeasures: Contain, identify and recover Determine the source and issue an alert 27
28 Rabbit Definition: A worm designed to replicate to the point of exhausting computer resources Typical Behaviors: A rabbit consumes all CPU cycles, disk space or network resources, etc. Vulnerabilities: Multitasking computers, especially those on a network 28
29 Rabbit Prevention & Detection Prevention: Limit connectivity Employ Firewalls Detection: Computer is slow starting or running Frequent system failures Countermeasures: Contain, identify and recover Determine the source and issue an alert 29
30 Bacterium Definition: A virus designed to attach itself to the OS in particular (rather than any application program) and exhaust computer resources, especially CPU cycles Typical Behaviors: Operating System consumes more and more CPU cycles, resulting eventually in noticeable delay in user transactions Vulnerabilities: Older versions of operating systems are more vulnerable than newer versions since hackers have had more time to write Bacteria. 30
31 Bacterium Prevention and Detection Prevention: Limit write privileges and opportunities to OS files System administrators should work from non-admin accounts whenever possible. Detection: Changes in OS file sizes, date/time stamps Computer is slow in running Unexpected or frequent system failures Countermeasures Anti-virus scanners: look for known viruses Anti-virus monitors: look for virus-related system behaviors 31
32 Spoofing 32
33 Spoofing Definition: A computer on a network pretends to have the identity of another computer, usually one with special access privileges, so as to obtain access to the other computers on the network. 33
34 Spoofing Typical Behaviors: The spoofing computer often doesn t have access to user-level commands so attempts to use automation-level services, such as or message handlers, are employed to implement its attack. Vulnerabilities: Automation services designed for network interoperability are especially vulnerable, especially those adhering to open standards. 34
35 Spoofing Types IP Spoofing: Typically involves sending packets with spoofed IP-addresses to machines to fool the machine into processing the packets. Types of IP-spoofing Basic Address Change Use of source routing to intercept packets. Exploiting of trust relationships on Unix machines Spoofing: Attacker sends messages masquerading as some one else Techniques for spoofing Fake accounts Changing configuration Telnet to mail port 35
36 Spoofing Types Web Spoofing: Assume the web identity and control traffic to and from the web server Several types of attacks Basic: Setting up fake sites Man-in-the-Middle Attack URL Rewriting Tracking State 36
37 Spoofing Prevention and Detection Prevention: Limit system privileges of automation services to the absolute minimum necessary Upgrade via security patches as they become available Detection: Monitor transaction logs of automation services, scanning for unusual behaviors Countermeasures: Disconnect automation services until patched Monitor automation access points, such as network sockets, scanning for next spoof, in attempt to track perpetrator 37
38 Masquerade Definition: Accessing a computer by pretending to have an authorized user identity Typical Behaviors: Masquerading user often employs network or administrator command functions to access even more of the system, e.g., by attempting to download password, routing tables Vulnerabilities: Placing false or modified login prompts on a computer is a common way to obtain user IDs, as are Snooping, Scanning and Scavenging. 38
39 Masquerade Prevention and Detection Prevention: Limit user access to network or administrator command functions Implement multiple levels of administrators, with different, restricted privileges for each. Detection: Correlate user identification with shift times or increased frequency of access Correlate user command logs with administrator command functions Countermeasures: Change user password or use standard administrator functions to determine access point, then trace back to perpetrator 39
40 Session Hijacking 40
41 Session Hijacking Definition: The attacker takes over an existing active session and exploits the existing trust relationship. 41
42 Session Hijacking Process: The user makes a connection to the server by authenticating using his user ID and password. After the users authenticate, they have access to the server as long as the session lasts. Hacker takes the user offline (e.g. by denial of service) Hacker gains access to the server by impersonating the user. Typical Behaviors: Attacker usually monitors the session, periodically injects commands into session and can launch passive and active attacks from the session. 42
43 Session Hijacking Process Bob telnets to Server Bob Bob authenticates to Server Server Die! Hi! I am Bob Protection: Use Encryption Use a secure protocol Limit incoming connections Minimize remote access Have strong authentication Attacker 43
44 Session Hijacking Popular Programs Juggernaut Network sniffer that that can also be used for hijacking Get from Hunt Can be use to listen, intercept and hijack active sessions on a network TTY Watcher Freeware program to monitor and hijack sessions on a single host IP Watcher Commercial session hijacking tool based on TTY Watcher 44
45 Buffer Overflow & Other Attacks 45
46 Buffer Overflow Attacks Definition: Attacker tries to store more information on the stack than the size of the buffer. This causes a malfunction in the computer program which the attacker exploits to execute malicious code. 46
47 Buffer Overflow Attacks Typical Behaviors: Can be used against many network services. Can be used for denial-ofservice (easier to do) or to obtain privileges on a machine (harder). Vulnerabilities: Takes advantage of the way in which information is stored by computer programs. Programs which do not do not have a rigorous memory check in their code are vulnerable to this attack. 47
48 Buffer Overflow Attacks Scenario: If memory allocated for name is 50 characters, someone can break the system by sending a fictitious name of more than 50 characters Impact: Can be used for espionage, denial of service or compromising the integrity of the data Some vulnerable software: NetMeeting Buffer Overflow Outlook Buffer Overflow AOL Instant Messenger Buffer Overflow SQL Server 2000 Extended Stored Procedure Buffer Overflow 48
49 Denial of Service Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. 49
50 Denial of Service Typical Behaviors: Crashing the system or network: Send the victim data or packets which will cause system to crash or reboot. Exhausting the resources by flooding the system or network with information. Since all resources are exhausted others are denied access to the resources Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks 50
51 Denial of Service Popular Programs Ping of Death SSPing Land Smurf SYN Flood CPU Hog Win Nuke RPC Locator Jolt2 Bubonic Microsoft Incomplete TCP/IP Packet Vulnerability HP Openview Node Manager SNMP DOS Vulnerability Netscreen Firewall DOS Vulnerability Checkpoint Firewall DOS Vulnerability 51
52 Tunneling Definition: Attempts to get under a security system by accessing very lowlevel system functions (e.g., device drivers, OS kernels). 52
53 Tunneling Typical Behaviors: Behaviors such as unexpected disk accesses, unexplained device failure, halted security software, etc. Vulnerabilities: Tunneling attacks often occur by creating system emergencies to cause system re-loading or initialization. 53
54 Tunneling Prevention: Design security and audit capabilities into even the lowest level software, such as device drivers, shared libraries, etc. Detection: Changes in date/time stamps for low-level system files or changes in sector/block counts for device drivers Countermeasures: Patch or replace compromised drivers to prevent access Monitor suspected access points to attempt trace back. 54
55 Trap Door Definition: System access for developers inadvertently left available after software delivery. Sometimes installed by malicious software. 55
56 Trap Door Typical Behaviors Unauthorized system access enables viewing, alteration or destruction of data or software Vulnerabilities Software developed outside organizational policies and formal methods 56
57 Trap Door Prevention: Enforce defined development policies Limit network and physical access Detection Audit trails of system usage especially user identification logs Countermeasures Close trap door or monitor ongoing access to trace pack to perpetrator Virus and worm countermeasures. 57
58 Identity Theft 58
59 Sequential Scanning Definition: Sequentially testing passwords/authentication codes until one is successful Typical Behaviors: Multiple users attempting network or administrator command functions, indicating multiple Masquerades Vulnerabilities: Prompts have a time-delay built in to foil automated scanning, accessing the encoded password table and testing it off-line is a common technique. 59
60 Sequential Scanning Prevention: Enforce organizational secure password policies. Make system administrator access to password files secure. Detection: Correlate user identification with shift times. Correlate user problem reports relevant to possible Masquerades. Countermeasures: Change entire password file or use baiting tactics to trace back to perpetrator 60
61 Dictionary Scanning Definition: Scanning through a dictionary of commonly used passwords/authentication codes until one is successful. Typical Behaviors: Multiple users attempting network or administrator command functions, indicating multiple Masquerades. Vulnerabilities: Use of common words and names as passwords or authentication codes (so-called Joe Accounts, e.g. guest, test) 61
62 Dictionary Scanning Prevention: Enforce organizational password policies Detection: Correlate user identification with shift times Correlate user problem reports relevant to possible Masquerades Countermeasures: Change entire password file or use baiting tactics to trace back to perpetrator 62
63 Digital Snooping Definition: Electronic monitoring of digital networks to uncover passwords or other data Typical Behaviors: System administrators found on-line at unusual or off-shift hours Changes in behavior of network transport layer Vulnerabilities: Example of how COMSEC (communications security) affects COMPUSEC (computer security) Links can be more vulnerable to snooping than nodes 63
64 Digital Snooping Prevention: Employ data encryption Limit physical access to network nodes and links Detection: Correlate user identification with shift times Correlate user problem reports. Monitor network performance Countermeasures: Change encryption schemes or employ network monitoring tools to attempt trace back to perpetrator 64
65 Shoulder Surfing Definition: Direct visual observation of monitor displays to obtain access. Typical Behaviors: Authorized user found on-line at unusual or off-shift hours, indicating a possible Masquerade. Authorized user attempting administrator command functions Vulnerabilities: Sticky notes used to record account & password information Password entry screens that do not mask typed text Loitering opportunities 65
66 Shoulder Surfing Prevention: Limit physical access to computer areas Require frequent password changes by users Detection: Correlate user identification with shift times or increased frequency of access Correlate use command logs with administrator command functions Countermeasures: Change user password or use standard administrator functions to determine access point, then trace back to perpetrator 66
67 Dumpster Diving Definition: Accessing discarded trash to obtain passwords and other data Typical Behaviors: Multiple users attempting network or administrator command functions, indicating multiple Masquerades. Vulnerabilities: Sticky notes used to record account and password information System administrator printouts of user logs 67
68 Dumpster Diving Prevention: Destroy discarded hardcopy Detection: Correlate user identification with shift times Correlate user problem reports relevant to possible Masquerades. Countermeasures: Change entire password file or use baiting tactics to trace back to perpetrator 68
69 Browsing Definition: Automated scanning of large unprotected data sets to obtain clues to gain access e.g. discarded media or on-line finger -type commands Typical Behaviors: Authorized user found on-line at unusual or off-shift hours, indicating a possible Masquerade Authorized user attempting admin command functions. 69
70 Browsing Vulnerabilities Vulnerabilities: Finger type services provide information to any and all users The information is usually assumed safe but can give clues to passwords (e.g., spouse s name) 70
71 Browsing Prevention & Detection Prevention: Destroy discarded media When on open networks especially, disable finger type services Detection: Correlate user identification with shift times or increased frequency of access. Correlate user command logs with administrator command functions Countermeasures: Change user password or use standard administrator functions to determine access point, then trace back to perpetrator. 71
72 Other Security Risks 72
73 Equipment Malfunction Definition: Hardware operates in abnormal, unintended ways. Typical Behaviors: Immediate loss of data due to abnormal shutdown. Continuing loss of capability until equipment is repaired Vulnerabilities: Vital peripheral equipment is often more vulnerable that the computers themselves Prevention: Replication of entire system including all data and recent transaction Detention: Hardware diagnostic systems 73
74 Software Malfunction Definition: Software does not work in its intended manner. Typical Behaviors: Immediate loss of data due to abnormal end Repeated failures when faulty data used again Vulnerabilities: Poor software development practices Prevention: Enforce strict software development practices Comprehensive software testing procedures Detection: Use software diagnostic tools. 74
75 Software Malfunction Countermeasures Backup software Robust operating systems 75
76 User Error Definition: Inadvertent alteration, manipulation or destruction of programs, data files or hardware Typical Behaviors Incorrect data entered into system or incorrect behavior of system Vulnerabilities Poor user documentation or training. 76
77 User Error Prevention: Enforcement of training policies and separation of programmer/operator duties Detection Audit trails of system transactions Countermeasures Backup copies of software and data On-site replication of hardware. 77
78 Spam Definition: system with incoming message or other traffic to cause Typical Behaviors: crashes, eventually traced to overfull buffer or swap space Vulnerabilities: Open source networks especially vulnerable. 78
79 Spam Prevention: Require authentication fields in message traffic Detection: partitions, network sockets, etc. for overfull conditions. Countermeasures: Headers to attempt trace back to perpetrator 79
80 References Sources & Further Reading CERT & CERIAS Web Sites Security by Pfleeger & Pfleeger Hackers Beware by Eric Cole NIST web site Other web sources 80
Security and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationCompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management
CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationLanguage-Based Protection
Language-Based Protection Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources. Language implementation can provide
More informationCTS2134 Introduction to Networking. Module 08: Network Security
CTS2134 Introduction to Networking Module 08: Network Security Denial of Service (DoS) DoS (Denial of Service) attack impacts system availability by flooding the target system with traffic or by exploiting
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationCERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES
CERT-In Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES Department of Information Technology Ministry of Communications and Information Technology Government of India Anti Virus
More informationData Communication. Chapter # 5: Networking Threats. By: William Stalling
Data Communication Chapter # 5: By: Networking Threats William Stalling Risk of Network Intrusion Whether wired or wireless, computer networks are quickly becoming essential to everyday activities. Individuals
More informationThe Security Problem
CSC 4103 - Operating Systems Spring 2007 Lecture - XX Protection and Security Tevfik Koşar Louisiana State University April 12 th, 2007 1 The Security Problem Security must consider external environment
More informationIntruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:
Intruders significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders: masquerader misfeasor clandestine user varying levels of competence
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More informationNETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
NETWORK INTRUSION Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Recognize different
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationManagement Information Systems (MMBA 6110-SP) Research Paper: Internet Security. Michael S. Pallos April 3, 2002
Management Information Systems (MMBA 6110-SP) Research Paper: Internet Security Michael S. Pallos April 3, 2002 Walden University Dr. Pamela Luckett-Wilson ii TABLE OF CONTENTS Internet Security... 1 Executive
More informationChapter 10: Security and Ethical Challenges of E-Business
Chapter 10: Security and Ethical Challenges of E-Business Learning Objectives Identify several ethical issues in IT that affect employment, individuality, working condition, privacy, crime health etc.
More informationHacking Terminology. Mark R. Adams, CISSP KPMG LLP
Hacking Terminology Mark R. Adams, CISSP KPMG LLP Backdoor Also referred to as a trap door. A hole in the security of a system deliberately left in place by designers or maintainers. Hackers may also leave
More informationSANS Exam SEC504 Hacker Tools, Techniques, Exploits and Incident Handling Version: 7.1 [ Total Questions: 328 ]
s@lm@n SANS Exam SEC504 Hacker Tools, Techniques, Exploits and Incident Handling Version: 7.1 [ Total Questions: 328 ] https://certkill.com SANS SEC504 : Practice Test Topic break down Topic No. of Questions
More informationCISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks
CISNTWK-440 Intro to Network Security Chapter 4 Network Vulnerabilities and Attacks Objectives Explain the types of network vulnerabilities List categories of network attacks Define different methods of
More informationMalware, , Database Security
Malware, E-mail, Database Security Malware A general term for all kinds of software with a malign purpose Viruses, Trojan horses, worms etc. Created on purpose Can Prevent correct use of resources (DoS)
More informationAccounting Information Systems
Accounting Information Systems Fourteenth Edition Chapter 6 Computer Fraud and Abuse Techniques ALW AYS LEARNING Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how
More informationProtection and Security
Protection and Security CS 502 Spring 99 WPI MetroWest/Southboro Campus Three Circles of Computer Security Inner Circle Memory, CPU, and File protection. Middle Circle Security Perimeter. Authentication
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationModule 20: Security. The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption. Operating System Concepts 20.
Module 20: Security The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption 20.1 The Security Problem Security must consider external environment of the system,
More informationSE420 Software Quality Assurance
SE420 Software Quality Assurance Encryption Backgrounder September 5, 2014 Sam Siewert Encryption - Substitution Re-map Alphabet, 1-to-1 and On-to (function) A B C D E F G H I J K L M N O P Q R S T U V
More informationA Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
More informationGCIH. GIAC Certified Incident Handler.
GIAC GCIH GIAC Certified Incident Handler TYPE: DEMO http://www.examskey.com/gcih.html Examskey GIAC GCIH exam demo product is here for you to test the quality of the product. This GIAC GCIH demo also
More informationAccess Controls. CISSP Guide to Security Essentials Chapter 2
Access Controls CISSP Guide to Security Essentials Chapter 2 Objectives Identification and Authentication Centralized Access Control Decentralized Access Control Access Control Attacks Testing Access Controls
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationCS System Security Mid-Semester Review
CS 356 - System Security Mid-Semester Review Fall 2013 Mid-Term Exam Thursday, 9:30-10:45 you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This is to
More informationCS System Security 2nd-Half Semester Review
CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This
More informationChapter 4. Network Security. Part I
Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationExecutivePerils CYBER INSURANCE TERMS & DEFINITIONS
11845 West Olympic Boulevard Suite 795 Los Angeles CA 90064 T:310 444 9333 F:310 444 9355 Web: www.eperils.com CA Lic# 0E36308 dba: Executive Perils Insurance Services CYBER INSURANCE TERMS & DEFINITIONS
More informationFull file at
Chapter 2 Solutions Answers to the Chapter 2 Review Questions 1. The Melissa virus was transported by. c. e-mail 2. Which of the following are used for updates in Windows XP Professional? (Choose all that
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationPoint ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core
PCI PA - DSS Point ipos Implementation Guide Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core Version 1.02 POINT TRANSACTION SYSTEMS AB Box 92031,
More informationIntroduction to Security. Computer Networks Term A15
Introduction to Security Computer Networks Term A15 Intro to Security Outline Network Security Malware Spyware, viruses, worms and trojan horses, botnets Denial of Service and Distributed DOS Attacks Packet
More informatione-commerce Study Guide Test 2. Security Chapter 10
e-commerce Study Guide Test 2. Security Chapter 10 True/False Indicate whether the sentence or statement is true or false. 1. Necessity refers to preventing data delays or denials (removal) within the
More informationThreat Modeling. Bart De Win Secure Application Development Course, Credits to
Threat Modeling Bart De Win bart.dewin@ascure.com Secure Application Development Course, 2009 Credits to Frank Piessens (KUL) for the slides 2 1 Overview Introduction Key Concepts Threats, Vulnerabilities,
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationFirewalls 1. Firewalls. Alexander Khodenko
Firewalls 1 Firewalls Alexander Khodenko May 01, 2003 Firewalls 2 Firewalls Firewall is defined as a linkage in a network, which relays only those data packets that are clearly intended for and authorized
More informationIntroduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?
Introduction Controlling Information Systems When computer systems fail to work as required, firms that depend heavily on them experience a serious loss of business function. M7011 Peter Lo 2005 1 M7011
More informationSecurity, Privacy and Authentication. Michael Power Gowling Lafleur Henderson LLP
Security, Privacy and Authentication Michael Power owling Lafleur Henderson LLP Why Security Autonomous Agents, Back Doors, Backup Theft, Call Forwarding Fakery, Condition Bombs, Covert Channels, Cracking,
More informationSecurity+ Practice Questions Exam Cram 2 (Exam SYO-101) Copyright 2004 by Que Publishing. International Standard Book Number:
Security+ Practice Questions Exam Cram 2 (Exam SYO-101) Copyright 2004 by Que Publishing International Standard Book Number: 0789731517 Warning and Disclaimer Every effort has been made to make this book
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More informationMU2a Authentication, Authorization & Accounting Questions and Answers with Explainations
98-367 MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations Which are common symptoms of a virus infection? (Lesson 5 p 135-136) Poor system performance. Unusually low
More informationDenial of Service (DoS)
Flood Denial of Service (DoS) Comp Sci 3600 Security Outline Flood 1 2 3 4 5 Flood 6 7 8 Denial-of-Service (DoS) Attack Flood The NIST Computer Security Incident Handling Guide defines a DoS attack as:
More informationOur Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II
Our Narrow Focus 15-441 15-441 Computer Networking 15-641 Lecture 22 Security: DOS Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Yes: Creating a secure channel for communication (Part I) Protecting
More informationSYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet
SYMANTEC ENTERPRISE SECURITY Symantec Internet Security Threat Report September 00 Power and Energy Industry Data Sheet An important note about these statistics The statistics discussed in this document
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme file
More informationOverview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter
Computer Network Lab 2017 Fachgebiet Technische Informatik, Joachim Zumbrägel Overview Security Type of attacks Firewalls Protocols Packet filter 1 Security Security means, protect information (during
More informationISO/IEC Common Criteria. Threat Categories
ISO/IEC 15408 Common Criteria Threat Categories 2005 Bar Biszick-Lockwood / QualityIT Redmond, WA 2003 Purpose This presentation introduces you to the threat categories contained in ISO/IEC 15408, used
More informationNetwork Security Issues and New Challenges
Network Security Issues and New Challenges Brijesh Kumar, Ph.D. Princeton Jct, NJ 08550 Brijesh_kumar@hotmail.com A talk delivered on 11/05/2008 Contents Overview The problem Historical Perspective Software
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationExam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo
Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (1 st Week) Outline Course Information and Policies Course Syllabus 1. Overview Course Information Instructor: Prof. Dr. Hasan H. BALIK, balik@yildiz.edu.tr,
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationProtection and Security. Sarah Diesburg Operating Systems CS 3430
Protection and Security Sarah Diesburg Operating Systems CS 3430 Definitions Security: policy of authorizing accesses Prevents intentional misuses of a system Protection: the actual mechanisms implemented
More informationSANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.
SANS SEC504 Hacker Tools, Techniques, Exploits and Incident Handling http://killexams.com/exam-detail/sec504 QUESTION: 315 Which of the following techniques can be used to map 'open' or 'pass through'
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme file
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationCyber Security Practice Questions. Varying Difficulty
Cyber Security Practice Questions Varying Difficulty 1 : This is a class of programs that searches your hard drive and floppy disks for any known or potential viruses. A. intrusion detection B. security
More informationSECURING INFORMATION SYSTEMS
SECURING INFORMATION SYSTEMS (November 7, 2016) BUS3500 - Abdou Illia - Fall 2016 1 LEARNING GOALS Understand security attacks preps Discuss the major threats to information systems. Discuss protection
More informationObjectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Enterprise Network Security Describe the general methods used to mitigate security threats to Enterprise networks
More informationEE 122: Network Security
Motivation EE 122: Network Security Kevin Lai December 2, 2002 Internet currently used for important services - financial transactions, medical records Could be used in the future for critical services
More informationACS / Computer Security And Privacy. Fall 2018 Mid-Term Review
ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified
More informationWhat action do you want to perform by issuing the above command?
1 GIAC - GPEN GIACCertified Penetration Tester QUESTION: 1 You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe What action do you want to perform by issuing the above command?
More informationETHICAL HACKING & COMPUTER FORENSIC SECURITY
ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,
More informationChapter 11: Networks
Chapter 11: Networks Devices in a Small Network Small Network A small network can comprise a few users, one router, one switch. A Typical Small Network Topology looks like this: Device Selection Factors
More information3.5 SECURITY. How can you reduce the risk of getting a virus?
3.5 SECURITY 3.5.4 MALWARE WHAT IS MALWARE? Malware, short for malicious software, is any software used to disrupt the computer s operation, gather sensitive information without your knowledge, or gain
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationTechnology in Action 12/11/2014. Cybercrime and Identity Theft (cont.) Cybercrime and Identity Theft (cont.) Chapter Topics
Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Eleventh Edition Technology in Action Chapter 9 Securing Your System: Protecting Your Digital Data and Devices Copyright 2015 Pearson Education,
More informationGuide to Network Security First Edition. Chapter One Introduction to Information Security
Guide to Network Security First Edition Chapter One Introduction to Information Security About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter
More informationLecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422
Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Malware review How does the malware start running? Logic bomb? Trojan horse?
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 6 Intrusion Detection First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Intruders significant issue hostile/unwanted
More informationProtection and Security
Protection and Security Security: policy for controlling access to system Protection: mechanism implementing security policy Why: users can do bad things to system either maliciously or unintentionally
More informationChapter 15: Security. Operating System Concepts 8 th Edition,
Chapter 15: Security, Silberschatz, Galvin and Gagne 2009 Chapter 15: Security The Security Problem Program Threats System and Network Threats Cryptography as a Security Tool User Authentication Implementing
More informationOperating System Security. 0Handouts: Quizzes ProsoftTraining All Rights Reserved. Version 3.07
0Handouts: Lesson 1 Quiz 1. What is the working definition of authentication? a. The ability for a person or system to prove identity. b. Protection of data on a system or host from unauthorized access.
More informationEndpoint Security - what-if analysis 1
Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File
More informationSnort Rules Classification and Interpretation
Snort Rules Classification and Interpretation Pop2 Rules: Class Type Attempted Admin(SID: 1934, 284,285) GEN:SID 1:1934 Message POP2 FOLD overflow attempt Summary This event is generated when an attempt
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationChapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.
Name Date Chapter 10: Security After completion of this chapter, students should be able to: Explain why security is important and describe security threats. Explain social engineering, data wiping, hard
More informationPCI PA - DSS. Point Vx Implementation Guide. Version For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC)
PCI PA - DSS Point Vx Implementation Guide For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC) Version 2.02 POINT TRANSACTION SYSTEMS AB Box 92031, 120 06 Stockholm,
More informationIS-2150/TEL-2810 Introduction to Computer Security Quiz 2 Thursday, Dec 14, 2006
IS-2150/TEL-2810 Introduction to Computer Security Quiz 2 Thursday, Dec 14, 2006 Name: Email: Total Time : 1:00 Hour Total Score : 100 There are three parts. Part I is worth 20 points. Part II is worth
More informationCIH
mitigating at host level, 23 25 at network level, 25 26 Morris worm, characteristics of, 18 Nimda worm, characteristics of, 20 22 replacement login, example of, 17 signatures. See signatures SQL Slammer
More informationLast time. Trusted Operating System Design. Security in Networks. Security Features Trusted Computing Base Least Privilege in Popular OSs Assurance
Last time Trusted Operating System Design Security Features Trusted Computing Base Least Privilege in Popular OSs Assurance Security in Networks Network Concepts Threats in Networks 11-1 This time Security
More informationMTA Networking Fundamentals Exam.
Microsoft 98-367 MTA Networking Fundamentals Exam TYPE: DEMO http://www.examskey.com/98-367.html Examskey Microsoft 98-367 exam demo product is here for you to test the quality of the product. This Microsoft
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationINTRODUCTION ON D-DOS. Presentation by RAJKUMAR PATOLIYA
INTRODUCTION ON D-DOS Presentation by RAJKUMAR PATOLIYA What is d-dos??? The full form of the D-DOS is Distributed Denial of Service. The attacks are carried out by flooding site traffic at appoint in
More informationAn Introduction to Virus Scanners
From the SelectedWorks of Umakant Mishra August, 2010 An Introduction to Virus Scanners Umakant Mishra Available at: https://works.bepress.com/umakant_mishra/76/ An Introduction to Virus Scanners Umakant
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More information(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.
CS140 Winter 2006 Final Exam Solutions (1) In class we talked about the link count in the inode of the Unix file system being incorrect after a crash. The reference count can either be either too high
More informationTypes Of Computer Virus Sources Of Virus Virus Warning Signs Virus Detection(Anti-Virus) Virus Prevention and Removal
DATA PROCESSING NOTES FOR SS THREE FIRST TERM 2016/2017 SESSION SCHEME OF WORK Week 3 Week 4 Continuation of Spreadsheet(Practical) Computer Virus Types Of Computer Virus Sources Of Virus Virus Warning
More informationExam4Tests. Latest exam questions & answers help you to pass IT exam test easily
Exam4Tests http://www.exam4tests.com Latest exam questions & answers help you to pass IT exam test easily Exam : CEH-001 Title : Certified Ethical Hacker (CEH) Vendor : GAQM Version : DEMO 1 / 9 Get Latest
More information