Network Security -

Network Security -

School of Business Eastern Illinois University Security (Part 1) (Week 13, Tuesday 4/3/2007) Abdou Illia, Spring 2007 Learning Objectives Discuss types of system attacks Scanning process Types of attacks Discuss system defense tools & techniques

Security goals Defense tools and techniques 2 Received: from ( []) 3 by (Spam Firewall) with ESMTP id B10BA1F52DC for ; Wed, 8 Feb 2006 18:14:59 -0600 (CST) Received: from mail pickup service by with Microsoft SMTPSVC; Wed, 8 Feb 2006 16:14:58 -0800 Message-ID: Received: from by with HTTP; Thu, 09 Feb 2006 00:14:58 GMT X-Originating-IP: [] X-Originating-Email: [[email protected]] X-Sender: [email protected] In-Reply-To: <[email protected]se.corp> X-PH: [email protected] From: To: [email protected] X-ASG-Orig-Subj: RE: FW: Same cell# Subject: RE: FW: Same cell#

Date: Thu, 09 Feb 2006 00:14:58 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 09 Feb 2006 00:14:58.0614 (UTC) FILETIME=[DCA31D60:01C62D0D] X-Virus-Scanned: by Barracuda Spam Firewall at X-Barracuda-Spam-Score: 0.00 Identifying security attacks targets 4 Scanning (Probing) Ping messages (To know if a potential victim exist) Firewalls usually configured to prevent pinging by outsiders Supervisory messages (To know if victim available) Tracert, Traceroute (To know how to get to target) Identifying security attacks targets Examining scanning results reveal IP addresses of potential victims What services victims are running. Different services have different weaknesses Hosts operating system, version number, etc. Whois database at NetworkSolutions also used when ping scans fail

Social engineering Tricking employees into giving out passwords and keys Guessing passwords and Dictionary attacks (Using Password Recovery software and other tools) 5 Review Questions 1 What do ping messages allow? Why are ping scans often not effective?

What does social engineering mean? An organization has a DNS server with IP address What IP address range would an attacker search to find hosts to attack? 6 Types of system attacks 7 Attacks Physical Access Attacks -Wiretapping - Vandalism - Drive-by-hacking Denial-of-Service - Flooding - Smurf - Ping of death - LAND - DDoS Intercepting messages - Eavesdropping - Message alteration Malware

-Virus Worms - Trojan horse - Logic bomb Denial of Service (DoS) attacks Types of DoS attacks: Flooding Smurf Ping DoS Flooding DoS of Death attacks LAND attacks Distributed Denial of Service attacks

8 9 Flooding DoS Send a stream of request messages to the target Makes the target run very slowly or crash Objective is to have the target deny service to legitimate users Legitimate request Legitimate user DoS requests Server

Legitimate request Attacker Legitimate user Smurf Flooding DoS Attacker uses IP spoofing (false source IP address in outgoing messages) Attacker sends ping / echo messages to third party computers on behalf of the target All third party computers respond to target

10 Ping of Death attacks 11 Take advantage of Fact that TCP/IP allows large packets to be fragmented Some operating systems inability to handle packets larger than 65536 bytes Attacker sends a request message that are larger than 65,536 bytes Ping of Death are usually single-message DoS attacks

Ping of death attacks are rare today as most operating systems have been fixed to prevent this type of attack from occurring LAND attacks 12 First, appeared in 1997 Attacker uses IP spoofing (false source IP address in outgoing messages) Attacker sends IP packets where the source and destination address refer to

target itself. LAND attacks are usually single-message DoS attacks Back in time, OS and routers were not designed to deal with loopback Problem resurfaces recently with Windows XP and Windows 2003 Server Distributed DoS (DDoS) Attack Attacker hacks into multiple clients and plants Zombie programs on them Attacker sends commands to Zombie programs which execute the attacks

First appeared in 2000 with Mafiaboy attack against,,,, etc. DoS Messages 13 Attack Command Computer with Zombie Server Attacker DoS Messages Attack Command Computer with

14 Review Question 2 All DoS messages are requests that require a response T message from the target F DDoS can be seen as a way to launch a denial of service attack rather than a type of attack T F Single-message DoS attacks send unusual messages for which the software designer on the target device did not plan. T F

Why dont all DoS attacks use IP address spoofing to maintain anonymity? 15 Intercepting messages Eavesdropping: Intercepting confidential messages Message Exchange What is account #? Account number 111-2233444 Client PC (Allexs) Server (Steves)

Attacker (Eve) Taps into the Conversation: Tries to Read Messages Eavesdropping is also called Person-in-the-middle attack Intercepting messages 16 Message alteration Message Exchange What is the balance? Balance = $1.00 Balance = $1000.00 Client PC Server Balance = $1.00 Balance = $1000.00

Attacker intercepts the message, alters it and, then, forwards it Malware attacks Types of malware: Viruses Worms Trojan Logic horses bombs 17 Virus Program (script, macro) that:

18 Attaches to files Performs annoying actions when they are executed Performs destructive actions when they are executed Spreads by user actions (floppy disk, flash drive, opening email attachment, IRC, etc), not by themselves. Could be Boot sector virus: attaches itself to files in boot sector of HD File infector virus: attaches itself to program files and

user files Polymorphic virus: mutates with every infection, making them hard to locate 19 Worm Does not attach to files A self-replicating computer program that propagate across a system Uses a host computers resources and network connections to transfer a copy of itself to another computer

Harms the host computer by consuming processing time and memory Harms the network by consuming the bandwidth Q: Distinguish between viruses and worms Trojan horse A computer program That appears as a useful program like a game, a screen saver, etc. But, is really a program designed to damage or take control of the host computer

When executed, a Trojan horse could 20 Format disks Delete files Open some TCP ports to allow a remote computer to take control of the host computer NetBus and SubSeven used to be attackers favorite programs for target remote control 21 Trojan horse NetBus Interface

Logic bomb Piece of malicious code intentionally inserted into a software system The bomb is set to run when a certain condition is met 22 Passing of specified date/time Deletion of a specific record in a database Example: a programmer could insert a logic bomb that will function as follow:

Scan the payroll records each day. If the programmers name is removed from payroll, then the logic bomb will destroy vital files weeks or months after the name removal. Review Questions 3 23 What kind of malware is a malicious program that could allow an attacker to take control of a target computer? What kind of malware could harm a host computer by consuming processor time and random access memory?

Recently Viewed Presentations

  • Gaining Hope, Finding Purpose: The Power of a

    Gaining Hope, Finding Purpose: The Power of a

    Work begins with a focus on the patient and the current situation, be it diagnosis, survivorship, or the news that the disease cannot be treated. ... Community-Medical Partnerships to address "social determinants of care" ...
  • Fundamentals of Biochemistry

    Fundamentals of Biochemistry

    MRN complex ultimately triggers the assembly of common players such as nucleases, polymerases and ligases at the site of DSB—thereby resulting in direct ligation of broken ends in the presence (HR) or absence (NHEJ) of a homologous template
  • Allegations Against Adults - Halton Safeguarding

    Allegations Against Adults - Halton Safeguarding

    Managing Allegations Against Adults Briefings. Katherine Appleton - Local Authority Designated Officer. ... Nigel Leat. The school heard of at least 30 incidents were his behaviour was considered inappropriate or unproffessional ... In Halton the named LADO is Katherine Appleton....
  • The New Power Balance, 1850-1900

    The New Power Balance, 1850-1900

    In Japan, daimyos were able to control their land with little interference from the shogunate. No coordination of resources in case of major invasion. ... Japan had to define a "sphere of influence" that included Korea, Manchuria, and part of...
  • Human Alu Insertion Polymorphism Experiment

    Human Alu Insertion Polymorphism Experiment

    Summary of PCR tube To PCR tube containing "bead" add: 20.0 ul of primer solution 5.0 ul of cheek cell DNA VNTR : PCR reaction 32 cycles at: 94C 65C 72C 30 seconds 30 seconds 30 seconds The gel electrophoresis...
  • Eastern Religion and The New Age Movement

    Eastern Religion and The New Age Movement

    Eastern Religion and The New Age Movement History, Theology and Practice By John Oakes, Ph.D. Outline Definitions Hinduism Buddhism New Age Other Eastern Religions Jaina Confucianism Daoism Sikhism Shinto Ba'hai Definitions Animism: Anima = spirit.
  • Government in the Sunshine and UNF Student Government

    Government in the Sunshine and UNF Student Government

    Further information regarding Florida's Government-in-the-Sunshine law can be accessed on UNF's Office of the General Counsel's website in the FAQ area. Also, feel free to contact Marc Snow in the Office of the General Counsel at 620-2866.
  • AS Business Studies Revision - tutor2u

    AS Business Studies Revision - tutor2u

    AS Business Studies Revision Eggheads (AQA - F291) How the game works… You will be put in to separate teams A business category will appear on the screen and you will decide which member of your team you will nominate...