SlideShare una empresa de Scribd logo

ANS_Ch_05_Handouts.pdf

M
MeymunaMohammed1

Distrbuting

Tecnología
1 de 48
Descargar para leer sin conexión
DILLA UNIVERSITY COLLEGE OF ENGINEERING & TECHNOLOGY School of Computing & Informatics M. Sc in Computer Science & Networking By Chapter-05 Dr. Ananda Kumar K S M.Tech, Ph.D Associate Professor, School of Comp & Info Email: anandgdk@du.edu.et 1 Course Number CN6122 Course Title Advanced Network Security
Advanced Network Security CHAPTER-05 1. Ethical hacking 2. Denial of Service Attacks(DoS) 3. Distributed denial-of-service (DDoS) 4. Buffer-overflow attack 2
1. HACKING Hacking has been a part of computing for almost five decades and it is a very broad discipline, which covers a wide range of topics. The first known event of hacking had taken place in 1960 at MIT and at the same time, the term "Hacker" was originated. Hacking is the act of finding the possible entry points that exist in a computer system or a computer network and finally entering into them. 3
Cont..  Hacking is usually done to gain unauthorized access to a computer system or a computer network, either to harm the systems or to steal sensitive information available on the computer.  Hacking is usually legal as long as it is being done to find weaknesses in a computer or network system for testing purpose. This sort of hacking is what we call Ethical Hacking.  A computer expert who does the act of hacking is called a "Hacker".  Hackers are those who seek knowledge, to understand how systems operate, how they are designed, and then attempt to play with these systems. 4
Ethical Vs Unethical 5
6
Phases of hacking  Both the auditor and the cracker follow a logical sequence of steps when conducting a hacking. These grouped steps are called phases.  There is a general consensus among the entities and information security professionals that these phases are 5 in the following order:  Crackers Phases : 1-> Reconnaissance 2-> Scanning 3-> Gaining Access 4-> Maintaining Access 5-> Erasing Clues Ethical Hacking Phases: 1-> Reconnaissance 2-> Scanning 3-> Gaining Access 4-> Writing Report 5-> Presenting Report 7
Cont.. 8
Cont.. 9
Reconnaissance o This is the first step of Hacking. It is also called as Footprinting and information gathering Phase. o This is the preparatory phase where we collect as much information as possible about the target. o We usually collect information about three groups, Network, Host, People involved. There are two types of Footprinting: Active: Directly interacting with the target to gather information about the target. Eg: Using Nmap tool to scan the target Passive: Trying to collect the information about the target without directly accessing the target. This involves collecting information from social media, public websites etc. 10
Scanning Three types of scanning are involved: Port scanning: This phase involves scanning the target for the information like open ports, Live systems, various services running on the host. Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which can be exploited. Usually done with help of automated tools Network Mapping: Finding the topology of network, routers, firewalls servers if any, and host information and drawing a network diagram with the available information. This map may serve as a valuable piece of information throughout the hacking process. 11
Gaining Access This phase is where an attacker breaks into the system/network using various tools or methods. After entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide data. 12
Maintaining Access o Hacker may just hack the system to show it was vulnerable or he can be so mischievous that he wants to maintain or persist the connection in the background without the knowledge of the user. o This can be done using Trojans, Rootkits or other malicious files. o The aim is to maintain the access to the target until he finishes the tasks he planned to accomplish in that target. 13
Erasing Clues or Clearing Track o No thief wants to get caught. An intelligent hacker always clears all evidence so that in the later point of time, no one will find any traces leading to him. o This involves modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling all applications he used and deleting all folders he created. 14
Cont..  Usually these phases are represented as a cycle that is commonly called “the circle of hacking” (see Figure 1) with the aim of emphasizing that the cracker can continue the process over and over again.  Though, information security auditors who perform ethical hacking services present a slight variation in the implementation phases like this:  1-> Reconnaissance 2-> Scanning 3-> Gaining Access 4-> Writing the Report 5-> Presenting the Report In this way, ethical hackers stop at Phase 3 of the “circle of hacking” to report their findings and make recommendations to the client. 15
TYPES OF HACKING  When we execute an ethical hacking is necessary to establish its scope to develop a realistic schedule of work and to deliver the economic proposal to the client.  To determine the project extent we need to know at least three basic elements: the type of hacking that we will conduct, the modality and the additional services that customers would like to include with the contracted service.  Depending on where we execute the penetration testing, an ethical hacking can be external or internal. 16
Cont.. External pentesting  This type of hacking is done from the Internet against the client’s public network infrastructure; that is, on those computers in the organization that are exposed to the Internet because they provide a public service.  Example of public hosts: router, firewall, web server, mail server, name server, etc. Internal pentesting  As the name suggests, this type of hacking is executed from the customer’s internal network, from the point of view of a company employee, consultant, or business associate that has access to the corporate network. 17
Cont.. since studies show that the majority of successful attacks come from inside the company. To cite an example, in a survey conducted on computer security to a group of businessmen in the UK, when they were asked “who the attackers are”, these figures were obtained: 25% external, 75% internal. 18
HACKING MODALITIES  Depending on the information that the customer provides to the consultant, an ethical hacking service could be executed in one of three modes: o black-box o gray-box o white-box  The method chosen will affect the cost and duration of the penetration testing audit, since the lesser the information received, the greater the time in research invested by the auditor. 19
Black box hacking  This mode is applicable to external testing only.  It is called so because the client only gives the name of the company to the consultant, so the auditor starts with no information, the infrastructure of the organization is a “black box”.  While this type of audit is considered more realistic, since the external attacker who chooses an X victim has no further information to start that the name of the organization that is going to attack, it is also true that it requires a greater investment of time and therefore the cost incurred is higher too. 20
Gray box hacking This method is often used synonymously to refer to internal pentestings. Nevertheless, some auditors also called gray- box-hacking an external test in which the client provides limited information on public computers to be audited. Example: a list of data such as IP address and type/function of the equipment (router, web- server, firewall, etc.). 21
White box hacking White-box hacking is also called transparent hacking. This method applies only to internal pentestings and is called this way because the client gives complete information to the auditor about its networks and systems.  This means, that besides providing a connection to the network and configuration information for the NIC, the consultant receives extensive information such as network diagrams, detailed equipment audit list including names, types, platforms, main services, IP addresses, information from remote subnets, etc.  Because the consultant avoids having to find out this information, this kind of hacking usually takes less time to execute and therefore also reduces costs. 22
Additional hacking services There are additional services that can be included with an ethical hacking; among the popular ones are: • Social engineering • Wardialing • Wardriving • Stolen equipment simulation • Physical security 23
Social engineering  Social engineering refers to the act of gathering information through the manipulation of people, it means that the hacker acquire confidential data using the well known fact that the weakest link in the chain of information security is the human component.  Examples of social engineering: sending fake emails with malicious attachments, calls to customer personnel pretending to be a technician from the ISP, visits to company premises pretending to be a customer in order to place a keystroke logger (keylogger), etc. 24
Wardialing  Wardialing or war dialing is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems and fax machines.  War dialing is a brute-force method of finding a back door into an organization's network. It is particularly effective against a perimeter defense.  Most organizations have telephone numbers that are within a specified range and begin with the same prefix. 25
Cont.. 26
wardriving  The term wardriving is derived from its predecessor wardialing, but is applied to wireless networks.  The hacker strikes up a wireless war from the vicinity of the client/victim company, usually from his parked car with a laptop and a signal booster antenna.  Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet.  Warbiking, warcycling, warwalking and similar use the same approach but with other modes of transportation. 27
Stolen equipment simulation  Here the objective is to verify if the organization has taken steps to safeguard the confidential information hosted on mobile devices that belong to key executives.  The auditor simulates a theft of the device and uses tools (HW/SW) and his expertise with the intention of extracting sensitive information.  Due to the sensitivity of the operation, we should always recommend to our customer to back up the devices prior to the audit. 28
Physical security Audit  Although physical security is considered by many experts as an independent subject from ethical hacking, specialized companies can integrate it as part of the service.  This type of audit involves difficulties and risks that you must be aware with the aim of avoiding situations that endanger those involved. 29
Simple steps that individuals can take to be more secure: – Keep your software up to date – Install antivirus software – Use public networks carefully – Backup your data – Secure your accounts with two-factor authentication – Make your passwords long, unique, and strong – Be suspicious of strange links and attachments 30
Steps to secure your computer • Keep up with system and software security updates. • Enable a firewall. • Adjust your browser settings. • Install antivirus and anti spyware software. • Password protect your software and lock your device. • Encrypt your data. • Use a VPN. 31
Tools for Information Security • Authentication • Access Control • Encryption • Passwords • Backup • Firewalls • Virtual Private Networks (VPN) • Physical Security • Security Policies 32
2. Denial of Service Attacks • Denial of Service Attack: an attack on a computer or network that prevents legitimate use of its resources. • In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. • DoS Attacks Affect: – Software Systems – Network Routers/Equipment/Servers – Servers and End-User PCs 33
Classification of DoS Attacks Attack Affected Area Example Description Network Level Device Routers, IP Switches, Firewalls Ascend Kill II, “Christmas Tree Packets” Attack attempts to exhaust hardware resources using multiple duplicate packets or a software bug. OS Level Equipment Vendor OS, End-User Equipment. Ping of Death, ICMP Echo Attacks, Teardrop Attack takes advantage of the way operating systems implement protocols. Application Level Attacks Finger Bomb(The repeated at(@) character causes finger to consume excessive CPU and RAM resources) Finger Bomb, Windows NT RealServer G2 6.0 Attack a service or machine by using an application attack to exhaust resources. Data Flood (Amplification, Oscillation, Simple Flooding) Host computer or network Smurf Attack (amplifier attack) UDP Echo (oscillation attack) Attack in which massive quantities of data are sent to a target with the intention of using up bandwidth/processing resources. Protocol Feature Attacks Servers, Client PC, DNS Servers SYN (connection depletion) Attack in which “bugs” in protocol are utilized to take down network resources. Methods of attack include: IP address spoofing, and corrupting DNS server cache. Page 34
Countermeasures for DoS Attacks Attack Countermeasure Options Example Description Network Level Device Software patches, packet filtering Ingress and Egress Filtering Software upgrades can fix known bugs and packet filtering can prevent attacking traffic from entering a network. OS Level SYN Cookies, drop backlog connections, shorten timeout time SYN Cookies Shortening the backlog time and dropping backlog connections will free up resources. SYN cookies proactively prevent attacks. Application Level Attacks Intrusion Detection System GuardDog, other vendors. Software used to detect illicit activity. Data Flood (Amplification, Oscillation, Simple Flooding) Replication and Load Balancing Akami/Digital Island provide content distribution. Extend the volume of content under attack makes it more complicated and harder for attackers to identify services to attack and accomplish complete attacks. Protocol Feature Attacks Extend protocols to support security. IETF standard for itrace, DNS SEC (Internet Engineering Task Force) Trace source/destination packets by a means other than the IP address (blocks against IP address spoofing). DNSSEC would provide authorization and authentication on DNS information. Page 35
3. Distributed Denial-of-service (DDoS)  A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.  DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic.  Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination. 36
DDoS Architecture Client Client Handler Handler Handler Handler Agents 37
Widely Used DDoS Programs • Trinoo • Tribe Flood Network • TFN2K • stacheldraht (barbed wire) 38
4. What is Buffer Overflow o A buffer is a temporary area for data storage. When more data (than was originally allocated to be stored) gets placed by a program or system process, the extra data overflows. o It causes some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding. 39
40 Cont.. • A buffer overflow, or buffer overrun, is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer. • The result is that the extra data overwrites adjacent memory locations. • The overwritten data may include other buffers, variables and program flow data, and may result in erratic program behavior, a memory access exception, program termination (a crash), incorrect results or ― especially if deliberately caused by a malicious user ― a possible breach of system security. • Most common with C/C++ programs
Buffer-overflow attack o In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions intended by a hacker or malicious user; for example, the data could trigger a response that damages files, changes data or unveils private information. o Attacker would use a buffer-overflow exploit to take advantage of a program that is waiting on a user’s input. 41
Types of buffer overflows There are two types of buffer overflows: stack-based and heap-based. o Heap-based, which are difficult to execute and the least common of the two, attack an application by flooding the memory space reserved for a program. o Stack-based buffer overflows, which are more common among attackers, exploit applications and programs by using what is known as a stack: memory space used to store user input. 42
43 What is needed to understand Buffer Overflow • Understanding C functions and the stack. • Some familiarity with machine code. • Know how systems calls are made. • The exec() system call. • Attacker needs to know which CPU and OS are running on the target machine. – Our examples are for x86 running Linux. – Details vary slightly between CPU’s and OS: • Stack growth direction. • big endian vs. little endian.
Buffer Overflow Example 44
45 Some unsafe C lib functions strcpy (char *dest, const char *src) strcat (char *dest, const char *src) gets (char *s) scanf ( const char *format, … ) sprintf (conts char *format, … )
46 Preventing Buffer Overflow Attacks • Use type safe languages (Java) • Use safe library functions • Static source code analysis • Non-executable stack • Run time checking • Address space layout randomization • Detection deviation of program behavior • Access control
References Reference Text Books: 1. Karig, David and Ruby Lee. Remote Denial of Service Attacks and Countermeasures, Princeton University Department of Electrical Engineering Technical Report CE-L2001-002, October 2001. 2. C.Easttom, Computer Security Fundamentals, Prentice Hall, May 2005. 3. D. Russell and G.T. Gangemi, Computer Security Basics, OReilly& Associates, 1991. 4. M. Bishop, Computer Security: Art and Science, Addison-Wesley, 2002. 5. S. A. Thomas, SSL and TLS Essentials: Securing the Web, Wiley, 2000. 47
THANK YOU 48

Recomendados

Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxasharshaikh8
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Vulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfVulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfMithunJV
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxBishalRay8
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 

Recomendados

Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxasharshaikh8
 
Selected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingSelected advanced themes in ethical hacking and penetration testing
Selected advanced themes in ethical hacking and penetration testingCSITiaesprime
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Vulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfVulnerability Prevention Using Ethical Hacking.pdf
Vulnerability Prevention Using Ethical Hacking.pdfMithunJV
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxBishalRay8
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET Journal
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxInfosectrain3
 
An overview of network penetration testing
An overview of network penetration testingAn overview of network penetration testing
An overview of network penetration testingeSAT Publishing House
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Rishabh Gupta
 
Is4560
Is4560Is4560
Is4560Tara Hardin
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxInfosectrain3
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingPrabhat kumar Suman
 
hacker culture
hacker culturehacker culture
hacker cultureAmy McMullin
 
Ethical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive CheatsheetEthical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive CheatsheetMegawatt Content Marketing
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxyoufanlimboo
 
Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answersShivamSharma909
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingNitheesh Adithyan
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber securitySweta Kumari Barnwal
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingSanu Subham
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGDrm Kapoor
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksAman Gupta
 
Web security chapter#2
Web security chapter#2Web security chapter#2
Web security chapter#2Ishaq Shinwari
 
Chapter 6-Synchronozation2.ppt
Chapter 6-Synchronozation2.pptChapter 6-Synchronozation2.ppt
Chapter 6-Synchronozation2.pptMeymunaMohammed1
 
Distributed system.pptx
Distributed system.pptxDistributed system.pptx
Distributed system.pptxMeymunaMohammed1
 

Más contenido relacionado

Similar a ANS_Ch_05_Handouts.pdf

IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET Journal
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxInfosectrain3
 
An overview of network penetration testing
An overview of network penetration testingAn overview of network penetration testing
An overview of network penetration testingeSAT Publishing House
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Rishabh Gupta
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPTashish kumar
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxInfosectrain3
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxyoufanlimboo
 
Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answersShivamSharma909
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hackingsamprada123
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGDrm Kapoor
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksAman Gupta
 
Web security chapter#2
Web security chapter#2Web security chapter#2
Web security chapter#2Ishaq Shinwari
 

Similar a ANS_Ch_05_Handouts.pdf (20)

IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
 
An overview of network penetration testing
An overview of network penetration testingAn overview of network penetration testing
An overview of network penetration testing
 
Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.Security protection On banking systems using ethical hacking.
Security protection On banking systems using ethical hacking.
 
Is4560
Is4560Is4560
Is4560
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPT
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
hacker culture
hacker culturehacker culture
hacker culture
 
Ethical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive CheatsheetEthical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive Cheatsheet
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptx
 
Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answers
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKING
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking Attacks
 
Web security chapter#2
Web security chapter#2Web security chapter#2
Web security chapter#2
 

Más de MeymunaMohammed1

Chapter 6-Synchronozation2.ppt
Chapter 6-Synchronozation2.pptChapter 6-Synchronozation2.ppt
Chapter 6-Synchronozation2.pptMeymunaMohammed1
 
Seminar Course instruction .ppt
Seminar Course instruction .pptSeminar Course instruction .ppt
Seminar Course instruction .pptMeymunaMohammed1
 
M.Sc Mobile computing.pptx
M.Sc Mobile computing.pptxM.Sc Mobile computing.pptx
M.Sc Mobile computing.pptxMeymunaMohammed1
 
Cloud_Ch_01_Handouts(1).pdf
Cloud_Ch_01_Handouts(1).pdfCloud_Ch_01_Handouts(1).pdf
Cloud_Ch_01_Handouts(1).pdfMeymunaMohammed1
 
Chapter 2-Architectures23.ppt
Chapter 2-Architectures23.pptChapter 2-Architectures23.ppt
Chapter 2-Architectures23.pptMeymunaMohammed1
 
Chapter 2-Architectures2.ppt
Chapter 2-Architectures2.pptChapter 2-Architectures2.ppt
Chapter 2-Architectures2.pptMeymunaMohammed1
 

Más de MeymunaMohammed1 (11)

Chapter 6-Synchronozation2.ppt
Chapter 6-Synchronozation2.pptChapter 6-Synchronozation2.ppt
Chapter 6-Synchronozation2.ppt
 
Distributed system.pptx
Distributed system.pptxDistributed system.pptx
Distributed system.pptx
 
Seminar Course instruction .ppt
Seminar Course instruction .pptSeminar Course instruction .ppt
Seminar Course instruction .ppt
 
M.Sc Mobile computing.pptx
M.Sc Mobile computing.pptxM.Sc Mobile computing.pptx
M.Sc Mobile computing.pptx
 
Cloud_Ch_01_Handouts(1).pdf
Cloud_Ch_01_Handouts(1).pdfCloud_Ch_01_Handouts(1).pdf
Cloud_Ch_01_Handouts(1).pdf
 
ANS_Ch_06_Handouts.pdf
ANS_Ch_06_Handouts.pdfANS_Ch_06_Handouts.pdf
ANS_Ch_06_Handouts.pdf
 
ANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdfANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdf
 
ANS_Ch_04_Handouts.pdf
ANS_Ch_04_Handouts.pdfANS_Ch_04_Handouts.pdf
ANS_Ch_04_Handouts.pdf
 
Chapter 3-Processes2.pptx
Chapter 3-Processes2.pptxChapter 3-Processes2.pptx
Chapter 3-Processes2.pptx
 
Chapter 2-Architectures23.ppt
Chapter 2-Architectures23.pptChapter 2-Architectures23.ppt
Chapter 2-Architectures23.ppt
 
Chapter 2-Architectures2.ppt
Chapter 2-Architectures2.pptChapter 2-Architectures2.ppt
Chapter 2-Architectures2.ppt
 

Último

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 

Último (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 

ANS_Ch_05_Handouts.pdf

  • 1. DILLA UNIVERSITY COLLEGE OF ENGINEERING & TECHNOLOGY School of Computing & Informatics M. Sc in Computer Science & Networking By Chapter-05 Dr. Ananda Kumar K S M.Tech, Ph.D Associate Professor, School of Comp & Info Email: anandgdk@du.edu.et 1 Course Number CN6122 Course Title Advanced Network Security
  • 2. Advanced Network Security CHAPTER-05 1. Ethical hacking 2. Denial of Service Attacks(DoS) 3. Distributed denial-of-service (DDoS) 4. Buffer-overflow attack 2
  • 3. 1. HACKING Hacking has been a part of computing for almost five decades and it is a very broad discipline, which covers a wide range of topics. The first known event of hacking had taken place in 1960 at MIT and at the same time, the term "Hacker" was originated. Hacking is the act of finding the possible entry points that exist in a computer system or a computer network and finally entering into them. 3
  • 4. Cont..  Hacking is usually done to gain unauthorized access to a computer system or a computer network, either to harm the systems or to steal sensitive information available on the computer.  Hacking is usually legal as long as it is being done to find weaknesses in a computer or network system for testing purpose. This sort of hacking is what we call Ethical Hacking.  A computer expert who does the act of hacking is called a "Hacker".  Hackers are those who seek knowledge, to understand how systems operate, how they are designed, and then attempt to play with these systems. 4
  • 6. 6
  • 7. Phases of hacking  Both the auditor and the cracker follow a logical sequence of steps when conducting a hacking. These grouped steps are called phases.  There is a general consensus among the entities and information security professionals that these phases are 5 in the following order:  Crackers Phases : 1-> Reconnaissance 2-> Scanning 3-> Gaining Access 4-> Maintaining Access 5-> Erasing Clues Ethical Hacking Phases: 1-> Reconnaissance 2-> Scanning 3-> Gaining Access 4-> Writing Report 5-> Presenting Report 7
  • 10. Reconnaissance o This is the first step of Hacking. It is also called as Footprinting and information gathering Phase. o This is the preparatory phase where we collect as much information as possible about the target. o We usually collect information about three groups, Network, Host, People involved. There are two types of Footprinting: Active: Directly interacting with the target to gather information about the target. Eg: Using Nmap tool to scan the target Passive: Trying to collect the information about the target without directly accessing the target. This involves collecting information from social media, public websites etc. 10
  • 11. Scanning Three types of scanning are involved: Port scanning: This phase involves scanning the target for the information like open ports, Live systems, various services running on the host. Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which can be exploited. Usually done with help of automated tools Network Mapping: Finding the topology of network, routers, firewalls servers if any, and host information and drawing a network diagram with the available information. This map may serve as a valuable piece of information throughout the hacking process. 11
  • 12. Gaining Access This phase is where an attacker breaks into the system/network using various tools or methods. After entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide data. 12
  • 13. Maintaining Access o Hacker may just hack the system to show it was vulnerable or he can be so mischievous that he wants to maintain or persist the connection in the background without the knowledge of the user. o This can be done using Trojans, Rootkits or other malicious files. o The aim is to maintain the access to the target until he finishes the tasks he planned to accomplish in that target. 13
  • 14. Erasing Clues or Clearing Track o No thief wants to get caught. An intelligent hacker always clears all evidence so that in the later point of time, no one will find any traces leading to him. o This involves modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling all applications he used and deleting all folders he created. 14
  • 15. Cont..  Usually these phases are represented as a cycle that is commonly called “the circle of hacking” (see Figure 1) with the aim of emphasizing that the cracker can continue the process over and over again.  Though, information security auditors who perform ethical hacking services present a slight variation in the implementation phases like this:  1-> Reconnaissance 2-> Scanning 3-> Gaining Access 4-> Writing the Report 5-> Presenting the Report In this way, ethical hackers stop at Phase 3 of the “circle of hacking” to report their findings and make recommendations to the client. 15
  • 16. TYPES OF HACKING  When we execute an ethical hacking is necessary to establish its scope to develop a realistic schedule of work and to deliver the economic proposal to the client.  To determine the project extent we need to know at least three basic elements: the type of hacking that we will conduct, the modality and the additional services that customers would like to include with the contracted service.  Depending on where we execute the penetration testing, an ethical hacking can be external or internal. 16
  • 17. Cont.. External pentesting  This type of hacking is done from the Internet against the client’s public network infrastructure; that is, on those computers in the organization that are exposed to the Internet because they provide a public service.  Example of public hosts: router, firewall, web server, mail server, name server, etc. Internal pentesting  As the name suggests, this type of hacking is executed from the customer’s internal network, from the point of view of a company employee, consultant, or business associate that has access to the corporate network. 17
  • 18. Cont.. since studies show that the majority of successful attacks come from inside the company. To cite an example, in a survey conducted on computer security to a group of businessmen in the UK, when they were asked “who the attackers are”, these figures were obtained: 25% external, 75% internal. 18
  • 19. HACKING MODALITIES  Depending on the information that the customer provides to the consultant, an ethical hacking service could be executed in one of three modes: o black-box o gray-box o white-box  The method chosen will affect the cost and duration of the penetration testing audit, since the lesser the information received, the greater the time in research invested by the auditor. 19
  • 20. Black box hacking  This mode is applicable to external testing only.  It is called so because the client only gives the name of the company to the consultant, so the auditor starts with no information, the infrastructure of the organization is a “black box”.  While this type of audit is considered more realistic, since the external attacker who chooses an X victim has no further information to start that the name of the organization that is going to attack, it is also true that it requires a greater investment of time and therefore the cost incurred is higher too. 20
  • 21. Gray box hacking This method is often used synonymously to refer to internal pentestings. Nevertheless, some auditors also called gray- box-hacking an external test in which the client provides limited information on public computers to be audited. Example: a list of data such as IP address and type/function of the equipment (router, web- server, firewall, etc.). 21
  • 22. White box hacking White-box hacking is also called transparent hacking. This method applies only to internal pentestings and is called this way because the client gives complete information to the auditor about its networks and systems.  This means, that besides providing a connection to the network and configuration information for the NIC, the consultant receives extensive information such as network diagrams, detailed equipment audit list including names, types, platforms, main services, IP addresses, information from remote subnets, etc.  Because the consultant avoids having to find out this information, this kind of hacking usually takes less time to execute and therefore also reduces costs. 22
  • 23. Additional hacking services There are additional services that can be included with an ethical hacking; among the popular ones are: • Social engineering • Wardialing • Wardriving • Stolen equipment simulation • Physical security 23
  • 24. Social engineering  Social engineering refers to the act of gathering information through the manipulation of people, it means that the hacker acquire confidential data using the well known fact that the weakest link in the chain of information security is the human component.  Examples of social engineering: sending fake emails with malicious attachments, calls to customer personnel pretending to be a technician from the ISP, visits to company premises pretending to be a customer in order to place a keystroke logger (keylogger), etc. 24
  • 25. Wardialing  Wardialing or war dialing is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems and fax machines.  War dialing is a brute-force method of finding a back door into an organization's network. It is particularly effective against a perimeter defense.  Most organizations have telephone numbers that are within a specified range and begin with the same prefix. 25
  • 27. wardriving  The term wardriving is derived from its predecessor wardialing, but is applied to wireless networks.  The hacker strikes up a wireless war from the vicinity of the client/victim company, usually from his parked car with a laptop and a signal booster antenna.  Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet.  Warbiking, warcycling, warwalking and similar use the same approach but with other modes of transportation. 27
  • 28. Stolen equipment simulation  Here the objective is to verify if the organization has taken steps to safeguard the confidential information hosted on mobile devices that belong to key executives.  The auditor simulates a theft of the device and uses tools (HW/SW) and his expertise with the intention of extracting sensitive information.  Due to the sensitivity of the operation, we should always recommend to our customer to back up the devices prior to the audit. 28
  • 29. Physical security Audit  Although physical security is considered by many experts as an independent subject from ethical hacking, specialized companies can integrate it as part of the service.  This type of audit involves difficulties and risks that you must be aware with the aim of avoiding situations that endanger those involved. 29
  • 30. Simple steps that individuals can take to be more secure: – Keep your software up to date – Install antivirus software – Use public networks carefully – Backup your data – Secure your accounts with two-factor authentication – Make your passwords long, unique, and strong – Be suspicious of strange links and attachments 30
  • 31. Steps to secure your computer • Keep up with system and software security updates. • Enable a firewall. • Adjust your browser settings. • Install antivirus and anti spyware software. • Password protect your software and lock your device. • Encrypt your data. • Use a VPN. 31
  • 32. Tools for Information Security • Authentication • Access Control • Encryption • Passwords • Backup • Firewalls • Virtual Private Networks (VPN) • Physical Security • Security Policies 32
  • 33. 2. Denial of Service Attacks • Denial of Service Attack: an attack on a computer or network that prevents legitimate use of its resources. • In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. • DoS Attacks Affect: – Software Systems – Network Routers/Equipment/Servers – Servers and End-User PCs 33
  • 34. Classification of DoS Attacks Attack Affected Area Example Description Network Level Device Routers, IP Switches, Firewalls Ascend Kill II, “Christmas Tree Packets” Attack attempts to exhaust hardware resources using multiple duplicate packets or a software bug. OS Level Equipment Vendor OS, End-User Equipment. Ping of Death, ICMP Echo Attacks, Teardrop Attack takes advantage of the way operating systems implement protocols. Application Level Attacks Finger Bomb(The repeated at(@) character causes finger to consume excessive CPU and RAM resources) Finger Bomb, Windows NT RealServer G2 6.0 Attack a service or machine by using an application attack to exhaust resources. Data Flood (Amplification, Oscillation, Simple Flooding) Host computer or network Smurf Attack (amplifier attack) UDP Echo (oscillation attack) Attack in which massive quantities of data are sent to a target with the intention of using up bandwidth/processing resources. Protocol Feature Attacks Servers, Client PC, DNS Servers SYN (connection depletion) Attack in which “bugs” in protocol are utilized to take down network resources. Methods of attack include: IP address spoofing, and corrupting DNS server cache. Page 34
  • 35. Countermeasures for DoS Attacks Attack Countermeasure Options Example Description Network Level Device Software patches, packet filtering Ingress and Egress Filtering Software upgrades can fix known bugs and packet filtering can prevent attacking traffic from entering a network. OS Level SYN Cookies, drop backlog connections, shorten timeout time SYN Cookies Shortening the backlog time and dropping backlog connections will free up resources. SYN cookies proactively prevent attacks. Application Level Attacks Intrusion Detection System GuardDog, other vendors. Software used to detect illicit activity. Data Flood (Amplification, Oscillation, Simple Flooding) Replication and Load Balancing Akami/Digital Island provide content distribution. Extend the volume of content under attack makes it more complicated and harder for attackers to identify services to attack and accomplish complete attacks. Protocol Feature Attacks Extend protocols to support security. IETF standard for itrace, DNS SEC (Internet Engineering Task Force) Trace source/destination packets by a means other than the IP address (blocks against IP address spoofing). DNSSEC would provide authorization and authentication on DNS information. Page 35
  • 36. 3. Distributed Denial-of-service (DDoS)  A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.  DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic.  Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination. 36
  • 37. DDoS Architecture Client Client Handler Handler Handler Handler Agents 37
  • 38. Widely Used DDoS Programs • Trinoo • Tribe Flood Network • TFN2K • stacheldraht (barbed wire) 38
  • 39. 4. What is Buffer Overflow o A buffer is a temporary area for data storage. When more data (than was originally allocated to be stored) gets placed by a program or system process, the extra data overflows. o It causes some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding. 39
  • 40. 40 Cont.. • A buffer overflow, or buffer overrun, is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer. • The result is that the extra data overwrites adjacent memory locations. • The overwritten data may include other buffers, variables and program flow data, and may result in erratic program behavior, a memory access exception, program termination (a crash), incorrect results or ― especially if deliberately caused by a malicious user ― a possible breach of system security. • Most common with C/C++ programs
  • 41. Buffer-overflow attack o In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions intended by a hacker or malicious user; for example, the data could trigger a response that damages files, changes data or unveils private information. o Attacker would use a buffer-overflow exploit to take advantage of a program that is waiting on a user’s input. 41
  • 42. Types of buffer overflows There are two types of buffer overflows: stack-based and heap-based. o Heap-based, which are difficult to execute and the least common of the two, attack an application by flooding the memory space reserved for a program. o Stack-based buffer overflows, which are more common among attackers, exploit applications and programs by using what is known as a stack: memory space used to store user input. 42
  • 43. 43 What is needed to understand Buffer Overflow • Understanding C functions and the stack. • Some familiarity with machine code. • Know how systems calls are made. • The exec() system call. • Attacker needs to know which CPU and OS are running on the target machine. – Our examples are for x86 running Linux. – Details vary slightly between CPU’s and OS: • Stack growth direction. • big endian vs. little endian.
  • 45. 45 Some unsafe C lib functions strcpy (char *dest, const char *src) strcat (char *dest, const char *src) gets (char *s) scanf ( const char *format, … ) sprintf (conts char *format, … )
  • 46. 46 Preventing Buffer Overflow Attacks • Use type safe languages (Java) • Use safe library functions • Static source code analysis • Non-executable stack • Run time checking • Address space layout randomization • Detection deviation of program behavior • Access control
  • 47. References Reference Text Books: 1. Karig, David and Ruby Lee. Remote Denial of Service Attacks and Countermeasures, Princeton University Department of Electrical Engineering Technical Report CE-L2001-002, October 2001. 2. C.Easttom, Computer Security Fundamentals, Prentice Hall, May 2005. 3. D. Russell and G.T. Gangemi, Computer Security Basics, OReilly& Associates, 1991. 4. M. Bishop, Computer Security: Art and Science, Addison-Wesley, 2002. 5. S. A. Thomas, SSL and TLS Essentials: Securing the Web, Wiley, 2000. 47