Security Threats: Network Based Attacks

Similar documents
Security and Authentication

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

SPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Language-Based Protection

CTS2134 Introduction to Networking. Module 08: Network Security

2. INTRUDER DETECTION SYSTEMS

CERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

The Security Problem

Intruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:

19.1. Security must consider external environment of the system, and protect it from:

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

INF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015

Management Information Systems (MMBA 6110-SP) Research Paper: Internet Security. Michael S. Pallos April 3, 2002

Chapter 10: Security and Ethical Challenges of E-Business

Hacking Terminology. Mark R. Adams, CISSP KPMG LLP

SANS Exam SEC504 Hacker Tools, Techniques, Exploits and Incident Handling Version: 7.1 [ Total Questions: 328 ]

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Malware, , Database Security

Accounting Information Systems

Protection and Security

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

NETWORK SECURITY. Ch. 3: Network Attacks

Module 20: Security. The Security Problem Authentication Program Threats System Threats Threat Monitoring Encryption. Operating System Concepts 20.

SE420 Software Quality Assurance

A Review Paper on Network Security Attacks and Defences

GCIH. GIAC Certified Incident Handler.

Access Controls. CISSP Guide to Security Essentials Chapter 2

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

CS System Security Mid-Semester Review

CS System Security 2nd-Half Semester Review

Chapter 4. Network Security. Part I

Survey of Cyber Moving Targets. Presented By Sharani Sankaran

Ethical Hacking and Prevention

ExecutivePerils CYBER INSURANCE TERMS & DEFINITIONS

Full file at

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

Point ipos Implementation Guide. Hypercom P2100 using the Point ipos Payment Core Hypercom H2210/K1200 using the Point ipos Payment Core

Introduction to Security. Computer Networks Term A15

e-commerce Study Guide Test 2. Security Chapter 10

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Firewalls 1. Firewalls. Alexander Khodenko

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Security, Privacy and Authentication. Michael Power Gowling Lafleur Henderson LLP

Security+ Practice Questions Exam Cram 2 (Exam SYO-101) Copyright 2004 by Que Publishing. International Standard Book Number:

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

MU2a Authentication, Authorization & Accounting Questions and Answers with Explainations

Denial of Service (DoS)

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet


Overview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter

ISO/IEC Common Criteria. Threat Categories

Network Security Issues and New Challenges

Firewalls, Tunnels, and Network Intrusion Detection

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

COMPUTER NETWORK SECURITY

Application Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.

Computer Network Vulnerabilities

Protection and Security. Sarah Diesburg Operating Systems CS 3430

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.


Configuring attack detection and prevention 1

Cyber Security Practice Questions. Varying Difficulty

SECURING INFORMATION SYSTEMS

Objectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats

EE 122: Network Security

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

What action do you want to perform by issuing the above command?

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

Chapter 11: Networks

3.5 SECURITY. How can you reduce the risk of getting a virus?

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Technology in Action 12/11/2014. Cybercrime and Identity Theft (cont.) Cybercrime and Identity Theft (cont.) Chapter Topics

Guide to Network Security First Edition. Chapter One Introduction to Information Security

Lecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422

Computer Security: Principles and Practice

Protection and Security

Chapter 15: Security. Operating System Concepts 8 th Edition,

Operating System Security. 0Handouts: Quizzes ProsoftTraining All Rights Reserved. Version 3.07

Endpoint Security - what-if analysis 1

Snort Rules Classification and Interpretation

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

PCI PA - DSS. Point Vx Implementation Guide. Version For VeriFone Vx520, Vx680, Vx820 terminals using the Point Vx Payment Core (Point VxPC)

IS-2150/TEL-2810 Introduction to Computer Security Quiz 2 Thursday, Dec 14, 2006

CIH

Last time. Trusted Operating System Design. Security in Networks. Security Features Trusted Computing Base Least Privilege in Popular OSs Assurance

MTA Networking Fundamentals Exam.

NETWORK THREATS DEMAN

INTRODUCTION ON D-DOS. Presentation by RAJKUMAR PATOLIYA

An Introduction to Virus Scanners

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.

Types Of Computer Virus Sources Of Virus Virus Warning Signs Virus Detection(Anti-Virus) Virus Prevention and Removal

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Transcription:

Security Threats: Network Based Attacks Lecture 2 George Berg/Sanjay Goel 1

Administrivia Starting next week, we will met in BA 349. A conference room, in keeping with the topics of the next 3 classes. 2

Administrivia I have to be away on Tuesday the 16th. I propose we have that week s class on Thursday the 18th. That would make the schedule Tuesday, March 9th Thursday, March 18th Tuesday, March 23rd. 3

Network Based Attacks Types Self-Propagating Programs Spoofing Session Hijacking Buffer Overflow 4

Self-Propagating Programs 5

Self-Propagating Programs Types Behavior: Self-replicate and propagate through the network. Basic Types: Virus Worm Trojan Horse Many variants of the basic types exist. 6

Self-Propagating Programs Types Self-replicating programs attach themselves parasitically to existing programs to propagate Consists of two parts Viral Portion Payload The program spreads by creating replicas of itself and attaching itself to other executable programs to which it has write access. 7

Self-Propagating Programs Types Viral Portion: When a user executes an infected program (e.g. runs an executable file or inserts a disk with an infected boot sector), the viral portion of the code typically executes first and then the control returns to the original program, which executes normally. 8

Self-Propagating Programs Types Payload: The action that a self-replicating program performs. It may be benign such as printing a weird message, playing music or malicious such as destroying data or corrupting the hard disk. Unless there is a visible payload that the user observes s/he is not likely to notice the malicious program. 9

Self-Propagating Programs Types Polymorphic Viruses: Viruses that modify themselves prior to replicating. These are hard to detect since they are constantly changing their signature. 10

Self-Propagating Programs Types Worms are another form of self-replicating programs that can automatically spread. They do not need a carrier program. Replicate by spawning copies of themselves. They find an exploit software vulnerabilities in order to spread. Mail servers, database servers, etc. More complex and are much harder to write than virus programs. 11

Virus Definition: Malicious software that attaches itself to other software. Typical Behavior: Replicates within a computer system, potentially attaching itself to every other program. Behavior categories: e.g. Innocuous, Humorous, Data altering, Catastrophic. 12

Virus Targets & Prevention Vulnerabilities: All computers Common Categories: Boot sector Terminate and Stay Resident (TSR) Application software Stealth (or Chameleon) Prevention Limit connectivity Limit downloads Use only authorized media for loading data and software Enforce mandatory access controls. Viruses generally cannot run unless the host application is running. 13

Virus Protection Detection Changes in file sizes or date/time stamps Computer is slow starting or slow running Unexpected or frequent system failures Change of system date/time Increased computer memory usage Increased bad blocks on disks. 14

Virus Protection Countermeasures: Overall strategy: contain, identify and recover. Anti-virus scanners: look for known viruses. Anti-virus monitors: look for virus-related application behaviors. Attempt to determine the source of infection and issue an alert. 15

Worm Definition: Malicious software which is a stand-alone application (i.e. can run without a host application) Typical Behavior: Often designed to propagate through a network, rather than just a single computer Vulnerabilities: Multitasking computers, especially those employing open network standards. 16

Worm Prevention & Detection Prevention: Limit connectivity Employ Firewalls Maintain software in a secure state Watch for alerts. Detection: Computer is slow starting or slow running Unexpected or frequent system failures Countermeasures Overall methodology: Contain, identify and recover Attempt to determine the source of the infection and issue an alert. 17

Worm Example In November of 1988, a self propagating worm known as the Internet Worm was released onto the ARPANET by Robert Morris Jr. It attached itself to the computer system rather than a single program. 18

Worm Example Process: The worm obtained a new target machine name from the host it had just infected and then attempted to get a shell program running on the target machine. The virus used several means to get the shell program running. It primarily exploited errors in two network connected server programs on computers: the sendmail routine (a debug option left enabled in the program release), and the 'finger' routine. It also attacked weak passwords. 19

Worm Example The shell program served as a beachhead and was used to download several binary executables that were used to crack passwords A common password dictionary and the system dictionary were used for password cracking The virus then attacked a new set of target hosts using any cracked accounts it may have obtained from the current host. 20

Worm Example The worm was also designed to be stealthy. If the beachhead program was unable to fully infect a machine, it deleted itself and all other files. The worm ran in memory, leaving no trace on disk. The worm changed its name and process ID frequently, so as to avoid showing long runtimes or large CPU usage. 21

Worm Example The virus was (supposedly) not intended to be malicious and did not harm any data on the systems it infected. A bug prevented the worm from always checking to tell if a host was infected causing the worm to overload the host computers it infected. 22

Trojan Horse Definition: a worm which pretends to be a useful program or a virus which is purposely attached to a useful program prior to distribution Typical Behaviors: Same as Virus or Worm, but also sometimes used to send information back to or make information available to perpetrator Vulnerabilities: Unlike Worms, which self-propagate, Trojan Horses require user cooperation Untrained users are vulnerable 23

Trojan Horse Prevention and Detection Prevention: User cooperation allows Trojan Horses to bypass automated controls. User training is best prevention Detection: Same as Virus and Worm Countermeasures: Same as Virus and Worm Alert must be issued, not only to other system administrators, but to all network users. 24

Time Bomb Definition: A Virus or Worm designed to activate at a certain date/time Typical Behaviors: Same as Virus or Worm, but widespread throughout organization upon trigger date Vulnerabilities: Same as Virus and Worm Time Bombs are usually found before the trigger date 25

Time Bomb Prevention and Detection Prevention: Run associated anti-viral software immediately as available Detection: Correlate user problem reports to find patterns indicating a possible Time Bomb Countermeasures: Contain, identify and recover Attempt to determine the source of infection and issue an alert 26

Logic Bomb Definition: A Virus or Worm designed to activate under certain conditions Typical Behaviors: Same as Virus or Worm Vulnerabilities: Same as Virus and Worm Prevention: Same as Virus and Worm Detection: Correlate user problem reports indicating possible Logic Bomb Countermeasures: Contain, identify and recover Determine the source and issue an alert 27

Rabbit Definition: A worm designed to replicate to the point of exhausting computer resources Typical Behaviors: A rabbit consumes all CPU cycles, disk space or network resources, etc. Vulnerabilities: Multitasking computers, especially those on a network 28

Rabbit Prevention & Detection Prevention: Limit connectivity Employ Firewalls Detection: Computer is slow starting or running Frequent system failures Countermeasures: Contain, identify and recover Determine the source and issue an alert 29

Bacterium Definition: A virus designed to attach itself to the OS in particular (rather than any application program) and exhaust computer resources, especially CPU cycles Typical Behaviors: Operating System consumes more and more CPU cycles, resulting eventually in noticeable delay in user transactions Vulnerabilities: Older versions of operating systems are more vulnerable than newer versions since hackers have had more time to write Bacteria. 30

Bacterium Prevention and Detection Prevention: Limit write privileges and opportunities to OS files System administrators should work from non-admin accounts whenever possible. Detection: Changes in OS file sizes, date/time stamps Computer is slow in running Unexpected or frequent system failures Countermeasures Anti-virus scanners: look for known viruses Anti-virus monitors: look for virus-related system behaviors 31

Spoofing 32

Spoofing Definition: A computer on a network pretends to have the identity of another computer, usually one with special access privileges, so as to obtain access to the other computers on the network. 33

Spoofing Typical Behaviors: The spoofing computer often doesn t have access to user-level commands so attempts to use automation-level services, such as email or message handlers, are employed to implement its attack. Vulnerabilities: Automation services designed for network interoperability are especially vulnerable, especially those adhering to open standards. 34

Spoofing Types IP Spoofing: Typically involves sending packets with spoofed IP-addresses to machines to fool the machine into processing the packets. Types of IP-spoofing Basic Address Change Use of source routing to intercept packets. Exploiting of trust relationships on Unix machines Email Spoofing: Attacker sends messages masquerading as some one else Techniques for email spoofing Fake email accounts Changing email configuration Telnet to mail port 35

Spoofing Types Web Spoofing: Assume the web identity and control traffic to and from the web server Several types of attacks Basic: Setting up fake sites Man-in-the-Middle Attack URL Rewriting Tracking State 36

Spoofing Prevention and Detection Prevention: Limit system privileges of automation services to the absolute minimum necessary Upgrade via security patches as they become available Detection: Monitor transaction logs of automation services, scanning for unusual behaviors Countermeasures: Disconnect automation services until patched Monitor automation access points, such as network sockets, scanning for next spoof, in attempt to track perpetrator 37

Masquerade Definition: Accessing a computer by pretending to have an authorized user identity Typical Behaviors: Masquerading user often employs network or administrator command functions to access even more of the system, e.g., by attempting to download password, routing tables Vulnerabilities: Placing false or modified login prompts on a computer is a common way to obtain user IDs, as are Snooping, Scanning and Scavenging. 38

Masquerade Prevention and Detection Prevention: Limit user access to network or administrator command functions Implement multiple levels of administrators, with different, restricted privileges for each. Detection: Correlate user identification with shift times or increased frequency of access Correlate user command logs with administrator command functions Countermeasures: Change user password or use standard administrator functions to determine access point, then trace back to perpetrator 39

Session Hijacking 40

Session Hijacking Definition: The attacker takes over an existing active session and exploits the existing trust relationship. 41

Session Hijacking Process: The user makes a connection to the server by authenticating using his user ID and password. After the users authenticate, they have access to the server as long as the session lasts. Hacker takes the user offline (e.g. by denial of service) Hacker gains access to the server by impersonating the user. Typical Behaviors: Attacker usually monitors the session, periodically injects commands into session and can launch passive and active attacks from the session. 42

Session Hijacking Process Bob telnets to Server Bob Bob authenticates to Server Server Die! Hi! I am Bob Protection: Use Encryption Use a secure protocol Limit incoming connections Minimize remote access Have strong authentication Attacker 43

Session Hijacking Popular Programs Juggernaut Network sniffer that that can also be used for hijacking Get from http://packetstorm.securify.com Hunt Can be use to listen, intercept and hijack active sessions on a network http://lin.fsid.cvut.cz/~kra/index.html TTY Watcher Freeware program to monitor and hijack sessions on a single host http://www.cerias.purdue.edu IP Watcher Commercial session hijacking tool based on TTY Watcher http://www.engrade.com 44

Buffer Overflow & Other Attacks 45

Buffer Overflow Attacks Definition: Attacker tries to store more information on the stack than the size of the buffer. This causes a malfunction in the computer program which the attacker exploits to execute malicious code. 46

Buffer Overflow Attacks Typical Behaviors: Can be used against many network services. Can be used for denial-ofservice (easier to do) or to obtain privileges on a machine (harder). Vulnerabilities: Takes advantage of the way in which information is stored by computer programs. Programs which do not do not have a rigorous memory check in their code are vulnerable to this attack. 47

Buffer Overflow Attacks Scenario: If memory allocated for name is 50 characters, someone can break the system by sending a fictitious name of more than 50 characters Impact: Can be used for espionage, denial of service or compromising the integrity of the data Some vulnerable software: NetMeeting Buffer Overflow Outlook Buffer Overflow AOL Instant Messenger Buffer Overflow SQL Server 2000 Extended Stored Procedure Buffer Overflow 48

Denial of Service Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. 49

Denial of Service Typical Behaviors: Crashing the system or network: Send the victim data or packets which will cause system to crash or reboot. Exhausting the resources by flooding the system or network with information. Since all resources are exhausted others are denied access to the resources Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks 50

Denial of Service Popular Programs Ping of Death SSPing Land Smurf SYN Flood CPU Hog Win Nuke RPC Locator Jolt2 Bubonic Microsoft Incomplete TCP/IP Packet Vulnerability HP Openview Node Manager SNMP DOS Vulnerability Netscreen Firewall DOS Vulnerability Checkpoint Firewall DOS Vulnerability 51

Tunneling Definition: Attempts to get under a security system by accessing very lowlevel system functions (e.g., device drivers, OS kernels). 52

Tunneling Typical Behaviors: Behaviors such as unexpected disk accesses, unexplained device failure, halted security software, etc. Vulnerabilities: Tunneling attacks often occur by creating system emergencies to cause system re-loading or initialization. 53

Tunneling Prevention: Design security and audit capabilities into even the lowest level software, such as device drivers, shared libraries, etc. Detection: Changes in date/time stamps for low-level system files or changes in sector/block counts for device drivers Countermeasures: Patch or replace compromised drivers to prevent access Monitor suspected access points to attempt trace back. 54

Trap Door Definition: System access for developers inadvertently left available after software delivery. Sometimes installed by malicious software. 55

Trap Door Typical Behaviors Unauthorized system access enables viewing, alteration or destruction of data or software Vulnerabilities Software developed outside organizational policies and formal methods 56

Trap Door Prevention: Enforce defined development policies Limit network and physical access Detection Audit trails of system usage especially user identification logs Countermeasures Close trap door or monitor ongoing access to trace pack to perpetrator Virus and worm countermeasures. 57

Identity Theft 58

Sequential Scanning Definition: Sequentially testing passwords/authentication codes until one is successful Typical Behaviors: Multiple users attempting network or administrator command functions, indicating multiple Masquerades Vulnerabilities: Prompts have a time-delay built in to foil automated scanning, accessing the encoded password table and testing it off-line is a common technique. 59

Sequential Scanning Prevention: Enforce organizational secure password policies. Make system administrator access to password files secure. Detection: Correlate user identification with shift times. Correlate user problem reports relevant to possible Masquerades. Countermeasures: Change entire password file or use baiting tactics to trace back to perpetrator 60

Dictionary Scanning Definition: Scanning through a dictionary of commonly used passwords/authentication codes until one is successful. Typical Behaviors: Multiple users attempting network or administrator command functions, indicating multiple Masquerades. Vulnerabilities: Use of common words and names as passwords or authentication codes (so-called Joe Accounts, e.g. guest, test) 61

Dictionary Scanning Prevention: Enforce organizational password policies Detection: Correlate user identification with shift times Correlate user problem reports relevant to possible Masquerades Countermeasures: Change entire password file or use baiting tactics to trace back to perpetrator 62

Digital Snooping Definition: Electronic monitoring of digital networks to uncover passwords or other data Typical Behaviors: System administrators found on-line at unusual or off-shift hours Changes in behavior of network transport layer Vulnerabilities: Example of how COMSEC (communications security) affects COMPUSEC (computer security) Links can be more vulnerable to snooping than nodes 63

Digital Snooping Prevention: Employ data encryption Limit physical access to network nodes and links Detection: Correlate user identification with shift times Correlate user problem reports. Monitor network performance Countermeasures: Change encryption schemes or employ network monitoring tools to attempt trace back to perpetrator 64

Shoulder Surfing Definition: Direct visual observation of monitor displays to obtain access. Typical Behaviors: Authorized user found on-line at unusual or off-shift hours, indicating a possible Masquerade. Authorized user attempting administrator command functions Vulnerabilities: Sticky notes used to record account & password information Password entry screens that do not mask typed text Loitering opportunities 65

Shoulder Surfing Prevention: Limit physical access to computer areas Require frequent password changes by users Detection: Correlate user identification with shift times or increased frequency of access Correlate use command logs with administrator command functions Countermeasures: Change user password or use standard administrator functions to determine access point, then trace back to perpetrator 66

Dumpster Diving Definition: Accessing discarded trash to obtain passwords and other data Typical Behaviors: Multiple users attempting network or administrator command functions, indicating multiple Masquerades. Vulnerabilities: Sticky notes used to record account and password information System administrator printouts of user logs 67

Dumpster Diving Prevention: Destroy discarded hardcopy Detection: Correlate user identification with shift times Correlate user problem reports relevant to possible Masquerades. Countermeasures: Change entire password file or use baiting tactics to trace back to perpetrator 68

Browsing Definition: Automated scanning of large unprotected data sets to obtain clues to gain access e.g. discarded media or on-line finger -type commands Typical Behaviors: Authorized user found on-line at unusual or off-shift hours, indicating a possible Masquerade Authorized user attempting admin command functions. 69

Browsing Vulnerabilities Vulnerabilities: Finger type services provide information to any and all users The information is usually assumed safe but can give clues to passwords (e.g., spouse s name) 70

Browsing Prevention & Detection Prevention: Destroy discarded media When on open networks especially, disable finger type services Detection: Correlate user identification with shift times or increased frequency of access. Correlate user command logs with administrator command functions Countermeasures: Change user password or use standard administrator functions to determine access point, then trace back to perpetrator. 71

Other Security Risks 72

Equipment Malfunction Definition: Hardware operates in abnormal, unintended ways. Typical Behaviors: Immediate loss of data due to abnormal shutdown. Continuing loss of capability until equipment is repaired Vulnerabilities: Vital peripheral equipment is often more vulnerable that the computers themselves Prevention: Replication of entire system including all data and recent transaction Detention: Hardware diagnostic systems 73

Software Malfunction Definition: Software does not work in its intended manner. Typical Behaviors: Immediate loss of data due to abnormal end Repeated failures when faulty data used again Vulnerabilities: Poor software development practices Prevention: Enforce strict software development practices Comprehensive software testing procedures Detection: Use software diagnostic tools. 74

Software Malfunction Countermeasures Backup software Robust operating systems 75

User Error Definition: Inadvertent alteration, manipulation or destruction of programs, data files or hardware Typical Behaviors Incorrect data entered into system or incorrect behavior of system Vulnerabilities Poor user documentation or training. 76

User Error Prevention: Enforcement of training policies and separation of programmer/operator duties Detection Audit trails of system transactions Countermeasures Backup copies of software and data On-site replication of hardware. 77

Spam Definition: system with incoming message or other traffic to cause Typical Behaviors: crashes, eventually traced to overfull buffer or swap space Vulnerabilities: Open source networks especially vulnerable. 78

Spam Prevention: Require authentication fields in message traffic Detection: partitions, network sockets, etc. for overfull conditions. Countermeasures: Headers to attempt trace back to perpetrator 79

References Sources & Further Reading CERT & CERIAS Web Sites Security by Pfleeger & Pfleeger Hackers Beware by Eric Cole NIST web site Other web sources 80

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback