SlideShare una empresa de Scribd logo

Lecture 2

Descargar como PPT, PDF
E
Education

The document discusses various common computer network attacks and exploits. It provides descriptions of denial of service attacks, distributed denial of service attacks, backdoors, spoofing, man-in-the-middle attacks, replay attacks, session hijacking, DNS poisoning, password guessing, software exploits, war dialing, war driving, buffer overflows, SYN floods, ICMP floods, UDP floods, smurfing, sniffing, ping of death attacks and more. It also discusses implementing network security through identifying assets, threats, risk assessment, security policies, technical implementation, auditing and continuous improvement.

Ingeniería
1 de 38
Computer Network Security 1 Common attacks and Exploits Denial of Service (Dos) Distributed Denial of Service (DDoS) Back door Spoofing Man in the middle Replay Session hijacking DNS poisoning Password guessing Software exploitation
Computer Network Security 2 Common attacks and Exploits War dialing War driving Buffer overflow SYN flood ICMP flood UDP flood Smurfing Sniffing Ping of death
Computer Network Security 3 Common attacks and Exploits Denial of Service (DoS) A denial of service attack causes disruption of service to legitimate users. For example, causing a web server to overload, due to which browsers would be unable to view the websites on that web server, or overloading a file server so that users are unable to access their home folders. Work by: Resource exhaustion Application or OS crash
Computer Network Security 4 Common attacks and Exploits Distributed Denial of Service (DDoS) A distributed denial of service attack is when several machines taken over by an attacker launch a coordinated denial of service attack against a common target to achieve a far greater impact. These are compromised machines. See http://grc.com/dos/grcdos.htm for a good example of this type of attack.
Computer Network Security 5 Common attacks and Exploits Back door A backdoor is an opening in a software which allows entry into the system/application without the knowledge of the owner. Backdoors are sometimes left by the developer intentionally, and sometimes exist by virtue of bad programming logic and practices. Spoofing Some communication protocols use a host’s IP address as a trust and authentication mechanism. An attacker may forge the IP address of a trusted host to fool the target into trusting the attacker’s machine
Computer Network Security 6 Common attacks and Exploits Man in the middle Man in the middle attacks are launched by placing oneself in the middle of a communication session, so as to intercept the traffic. The attacker may merely passively listen in on the conversation or may introduce other information into the traffic. Replay The attacker uses a packet sniffer to capture packets on the wire and extracting information from them. For example, username and passwords, and later placing the same information back on the wire so as to have the target believe that it is a new legitimate session. Session hijacking This is when an attacker takes over a communication session between two hosts.
Computer Network Security 7 Common attacks and Exploits DNS poisoning Wrong information may be added to your DNS files. Your host will be directed to the wrong direction due to DNS poisoning. Password guessing Password guessing is an attack on the authentication credentials on any system. One form of password guessing is brute force attacks in which an attacker uses every single possible key to try and crack the passwords. In another form, known as dictionary attack, all words in a dictionary file are tried as passwords. Software exploitation These are attacks against a system’s software bugs or flawed code.
Computer Network Security 8 Common attacks and Exploits War dialing In order to gain access into a network, the organization’s range of PBX numbers is used as input to a war dialer program, which dials all those phone numbers using a modem, and logs whether or not the call was answered by a modem. War driving These are attacks against wireless networks, which work by passing from outside the building with a wireless Ethernet card in promiscuous mode. Buffer overflow Buffer overflow attacks are due to poorly written code which does not check the length of variable arguments.
Computer Network Security 9 Common attacks and Exploits SYN flood Occurs when a network becomes so overwhelmed by SYN packets initiating incomplete connection requests that it can no longer process legitimate connection request causing high CPU, memory, and NIC usage. ICMP flood An ICMP flood occurs when ICMP pings overload a system with so many echo requests that the system expends all its resources responding until it can no longer process valid network traffic. UDP flood Similar to the ICMP flood, UDP flooding occurs when UDP packets are sent with the purpose of slowing down the system to the point that it can no longer handle valid connections.
Computer Network Security 10 Common attacks and Exploits Smurfing An ICMP echo request is sent to a network’s broadcast address with a spoofed source IP address. The spoofed machine is then overwhelmed with a large number of echo replies. Sniffing Sniffing uses protocol analyzers or packet sniffers to capture network traffic for passwords or other data. Ping of death Ping of death attack uses oversized ICMP echo requests to a hosts in an attempt to crash it.
Computer Network Security 11 TCP Three-way handshake
Computer Network Security 12 Security implementation Identify what you are trying to protect. Determine what you are trying to protect them from. Determine how likely the threats are. Implement steps that protect your assets in a cost effective manner Review the process continuously making improvements when you find a weakness
Computer Network Security 13 Assets needing to be protected Physical resources Intellectual resources Time resources Perception resources
Computer Network Security 14 Physical resources Anything that has a physical form Routers, hubs, switches, servers etc
Computer Network Security 15 Intellectual resources Sometimes harder to identify Exist in electronic form only Any information that plays a vital role in your organization’s business Software, financial records, database records, schematics, emails etc
Computer Network Security 16 Time resources An important resources which is overlooked quite often in a risk analysis. To evaluate what lost time costs your organization, make sure to include all consequences of lost time
Computer Network Security 17 Perception resources Risk of damage to perception is the cause of significant trouble Following the DoS attacks of February 2000, the stock prices of the affected companies fell Following breach of Microsoft’s system followed speculation about the credibility of products
Computer Network Security 18 Sources to protect from Internal network Access from field offices Access from WAN link to the business partners Access through the Internet Access through modem pools
Computer Network Security 19 Internal systems A vast majority of attacks originate from within the organization Using firewalls protects from external threats, but it is still the employees that are responsible for the greatest amount of damage or compromise of data, because they have the insider’s view of how your network operates
Computer Network Security 20 Internal attacks Disgruntled employee or ex-employee Not so computer literate management with access privileges A company’s CEO insisted on having administrative privileges on the NetWare server and inadvertently deleted the cc:Mail directory
Computer Network Security 21 External attacks Competitors Stealing designs, financial statements, making network resources unavailable Shorten development time Equip their products with better features Second lowest price website DoS Militant viewpoints If your organization has controversial viewpoints High profile An organization with high visibility is a good candidate for an attack for merely the sake of notoriety or a wider audience
Computer Network Security 22 Threat assessment Network security attacks are malicious or unintentional attempts to use or modify resources available through a network in a way they were not intended to be used The goal of network security is to protect its assets from network attacks.
Computer Network Security 23 Network attack types Unauthorized access to resources or information through the use of a network Unauthorized manipulation and alteration of information on a network Denial of service
Computer Network Security 24 Network security goals Based on the three types of attacks, the goals of network security are to: Ascertain data confidentiality Maintain data integrity Maintain data availability
Computer Network Security 25 Risk assessment After threat identification, the likelihood must be determined Security is expensive It is not feasible to protect against all types of attacks It is wise to protect against the most likely threats Two things are important in risk assessment: The likelihood of a particular attack against the resource. The cost in terms of damages to the network in case of a successful attack
Computer Network Security 26 Risk assessment It is often useful to divide the risk analysis into three categories: Confidentiality Integrity Availability If an asset’s availability is critical and the likelihood of an attack is high, the asset’s risk level can be considered high e.g., a high visibility web server is a high risk asset in terms of availability An FTP server used internally, which is not visible from the outside has a lower risk level in terms of availability but a high risk level in terms of confidentiality Note that all risk assessments are relative
Computer Network Security 27 Network security policy Having determined the risk level of various assets, the next step is to formulate a security policy A security policy must prioritize mitigation of threats against high risk assets and then spend the rest of its resources to protecting the lower risk assets Defines a framework for protecting the assets connected to a network Defines access rules and limitations for accessing various assets A source of information for users and administrators as they: Setup, Use and Audit the network
Computer Network Security 28 Network security policy Should be broad and general in scope Provide a high level view of the principles on which security related decisions should be taken Should not go into the details of how security is to be implemented The details can change overnight, but the general principles of what these details are trying to achieve should remain the same Roles played by the policy: Clarify what is being protected and why State who is responsible for providing the protection Provide grounds on which to interpret and resolve any future conflicts
Computer Network Security 29 Network security policy The first point is an offshoot of the asset identification and risk analysis Those responsible for the protection can be one or more of the following: Users Administrators and managers Network usage auditors Managers who have overall ownership of the network and its associate resources The third point places responsibility on shoulders of a particular person to resolve any conflicts A network policy should be such that it can be implemented using existing technology, it shouldn’t contain elements that are not technically enforceable
Computer Network Security 30 Network security policy In terms of ease of use there are two types of network security policies: Permissive: that which is not expressly prohibited is allowed Restrictive: that which is not expressly allowed is prohibited It is better to have a restrictive policy and then based on usage open it up for legitimate uses A permissive policy will have holes in it no matter how hard you try to plug all holes
Computer Network Security 31 Network security policy A security policy must balance: Ease of use Network performance Security aspects An overly restrictive policy costs more than a slightly more lenient one might make up for it in terms of performance gains Minimum security requirements as identified by risk analysis must be met for a security policy to be practical.
Computer Network Security 32 Implementation Implementation of Network security involves technical and non-technical aspects It is important to come up with a design agreeable for all involved parties The following points must be kept in mind before implementation: All stakeholders (including users and management) must agree on the policy
Computer Network Security 33 Implementation It is crucial to educate all parties including management on why security is necessary. This education must continue in case of newcomers Management and financial people must be educated about the cost and risk analysis because security is expensive and is not a one- time expense Responsibilities of people and their reporting relationship must be clearly defined
Computer Network Security 34 Implementation The next step is network security design Translate security policy into procedures which are usually laid out tasks that must be completed to implement the security policy Execution of these procedures results in a network design that can be implemented using various devices
Computer Network Security 35 Implementation The following are components of network security design: Device security features such as administrative password Firewalls Remote access VPN concentrators Intrusion detection Access control and limiting mechanisms
Computer Network Security 36 Audit and improvement It is important to continually analyze, test and improve the security policy after implementation This can be done through: Formal security audits Day-to-day checks based on operational measurements Audits can also be done using automated tools An important purpose of audits is to keep the users aware of implications of their actions
Computer Network Security 37 Audit and improvement Can help identify bad user habits There should be schedule and random audits A random audit will help: Catch the organization with its guards down Reveal weakness during maintenance etc If the audit reveals technical issues, they can be fixed by technical means Other issues can be addressed by user education programs
Computer Network Security 38 Audit and improvement Education programs should not go into minute details, but focus on the goals of the policy and how the user can help in its implementation Using examples of what they did wrong would cause the users to think that they can not do any wrong unless they are caught doing wrong

Recomendados

Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
L1803046876
L1803046876L1803046876
L1803046876
IOSR Journals
 
Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasures
karanwayne
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
Marcelo Silva
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learning
eSAT Publishing House
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
Somyos U.
 

Recomendados

Security Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network AttacksSecurity Attack Analysis for Finding and Stopping Network Attacks
Security Attack Analysis for Finding and Stopping Network Attacks
Savvius, Inc
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
Ch04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and AttacksCh04 Network Vulnerabilities and Attacks
Ch04 Network Vulnerabilities and Attacks
Information Technology
 
L1803046876
L1803046876L1803046876
L1803046876
IOSR Journals
 
Network Attacks and Countermeasures
Network Attacks and CountermeasuresNetwork Attacks and Countermeasures
Network Attacks and Countermeasures
karanwayne
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
Marcelo Silva
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learning
eSAT Publishing House
 
Event - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security PerimetersEvent - Internet Thailand - Total Security Perimeters
Event - Internet Thailand - Total Security Perimeters
Somyos U.
 
Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6
HCL Technologies
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux servers
IJNSA Journal
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)
Wail Hassan
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)
Wail Hassan
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
Shaurya Gogia
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Network defenses
Network defensesNetwork defenses
Network defenses
G Prachi
 
Network Security
Network SecurityNetwork Security
Network Security
VIKAS SINGH BHADOURIA
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Ahmed Ghazey
 
Denail of Service
Denail of ServiceDenail of Service
Denail of Service
Ramasubbu .P
 
System and web security
System and web securitySystem and web security
System and web security
chirag patil
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
leminhvuong
 
why security is needed
why security is neededwhy security is needed
why security is needed
sourov_das
 
Hack the hack
Hack the hackHack the hack
Hack the hack
Shakti Ranjan
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Kaustubh Padwad
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Eric Vanderburg
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
Nitin Bisht
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
stollen_fusion
 
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEthical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
Eric Vanderburg
 
Denial of Service Attacks: The Complete Guide
Denial of Service Attacks: The Complete GuideDenial of Service Attacks: The Complete Guide
Denial of Service Attacks: The Complete Guide
Imperva
 
Chapter 4.ppt
Chapter 4.pptChapter 4.ppt
Chapter 4.ppt
girmawodajo
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System Admin
MD SAHABUDDIN
 

Más contenido relacionado

La actualidad más candente

Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux servers
IJNSA Journal
 
why security is needed
why security is neededwhy security is needed
why security is needed
sourov_das
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Kaustubh Padwad
 

La actualidad más candente (20)

Cyber security & network attack6
Cyber security & network attack6Cyber security & network attack6
Cyber security & network attack6
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux servers
 
Module 18 (linux hacking)
Module 18 (linux hacking)Module 18 (linux hacking)
Module 18 (linux hacking)
 
Module 20 (buffer overflows)
Module 20 (buffer overflows)Module 20 (buffer overflows)
Module 20 (buffer overflows)
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Network Security
Network SecurityNetwork Security
Network Security
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Denail of Service
Denail of ServiceDenail of Service
Denail of Service
 
System and web security
System and web securitySystem and web security
System and web security
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
 
why security is needed
why security is neededwhy security is needed
why security is needed
 
Hack the hack
Hack the hackHack the hack
Hack the hack
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
 
DDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin BishtDDoS Attack PPT by Nitin Bisht
DDoS Attack PPT by Nitin Bisht
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric VanderburgEthical hacking Chapter 1 - Overview - Eric Vanderburg
Ethical hacking Chapter 1 - Overview - Eric Vanderburg
 
Denial of Service Attacks: The Complete Guide
Denial of Service Attacks: The Complete GuideDenial of Service Attacks: The Complete Guide
Denial of Service Attacks: The Complete Guide
 

Similar a Lecture 2

ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
IJNSA Journal
 
V1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docV1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.doc
praveena06
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacks
ijdmtaiir
 
Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments
IJITCA Journal
 

Similar a Lecture 2 (20)

Chapter 4.ppt
Chapter 4.pptChapter 4.ppt
Chapter 4.ppt
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System Admin
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
 
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaInformation Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons Bulgaria
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Security
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2
 
Cloud Computing & Security
Cloud Computing & SecurityCloud Computing & Security
Cloud Computing & Security
 
Network security
Network securityNetwork security
Network security
 
Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet security
 
New internet security
New internet securityNew internet security
New internet security
 
Computing safety
Computing safetyComputing safety
Computing safety
 
V1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.docV1_I2_2012_Paper4.doc
V1_I2_2012_Paper4.doc
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacks
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments
 

Más de Education

A friendly introduction to differential equations
A friendly introduction to differential equationsA friendly introduction to differential equations
A friendly introduction to differential equations
Education
 

Más de Education (11)

A friendly introduction to differential equations
A friendly introduction to differential equationsA friendly introduction to differential equations
A friendly introduction to differential equations
 
High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)
 
assembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YUassembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YU
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3
 
Lecture 7
Lecture 7Lecture 7
Lecture 7
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
Lecture 4
Lecture 4Lecture 4
Lecture 4
 
Lecture 3
Lecture 3Lecture 3
Lecture 3
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
 
Data warehousing labs maunal
Data warehousing labs maunalData warehousing labs maunal
Data warehousing labs maunal
 

Último

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
mphochane1998
 
Verification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptxVerification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptx
chumtiyababu
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
AldoGarca30
 

Último (20)

Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEGEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptxHOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
HOA1&2 - Module 3 - PREHISTORCI ARCHITECTURE OF KERALA.pptx
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Wadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptxWadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptx
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
Verification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptxVerification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptx
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planes
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 

Lecture 2

  • 1. Computer Network Security 1 Common attacks and Exploits Denial of Service (Dos) Distributed Denial of Service (DDoS) Back door Spoofing Man in the middle Replay Session hijacking DNS poisoning Password guessing Software exploitation
  • 2. Computer Network Security 2 Common attacks and Exploits War dialing War driving Buffer overflow SYN flood ICMP flood UDP flood Smurfing Sniffing Ping of death
  • 3. Computer Network Security 3 Common attacks and Exploits Denial of Service (DoS) A denial of service attack causes disruption of service to legitimate users. For example, causing a web server to overload, due to which browsers would be unable to view the websites on that web server, or overloading a file server so that users are unable to access their home folders. Work by: Resource exhaustion Application or OS crash
  • 4. Computer Network Security 4 Common attacks and Exploits Distributed Denial of Service (DDoS) A distributed denial of service attack is when several machines taken over by an attacker launch a coordinated denial of service attack against a common target to achieve a far greater impact. These are compromised machines. See http://grc.com/dos/grcdos.htm for a good example of this type of attack.
  • 5. Computer Network Security 5 Common attacks and Exploits Back door A backdoor is an opening in a software which allows entry into the system/application without the knowledge of the owner. Backdoors are sometimes left by the developer intentionally, and sometimes exist by virtue of bad programming logic and practices. Spoofing Some communication protocols use a host’s IP address as a trust and authentication mechanism. An attacker may forge the IP address of a trusted host to fool the target into trusting the attacker’s machine
  • 6. Computer Network Security 6 Common attacks and Exploits Man in the middle Man in the middle attacks are launched by placing oneself in the middle of a communication session, so as to intercept the traffic. The attacker may merely passively listen in on the conversation or may introduce other information into the traffic. Replay The attacker uses a packet sniffer to capture packets on the wire and extracting information from them. For example, username and passwords, and later placing the same information back on the wire so as to have the target believe that it is a new legitimate session. Session hijacking This is when an attacker takes over a communication session between two hosts.
  • 7. Computer Network Security 7 Common attacks and Exploits DNS poisoning Wrong information may be added to your DNS files. Your host will be directed to the wrong direction due to DNS poisoning. Password guessing Password guessing is an attack on the authentication credentials on any system. One form of password guessing is brute force attacks in which an attacker uses every single possible key to try and crack the passwords. In another form, known as dictionary attack, all words in a dictionary file are tried as passwords. Software exploitation These are attacks against a system’s software bugs or flawed code.
  • 8. Computer Network Security 8 Common attacks and Exploits War dialing In order to gain access into a network, the organization’s range of PBX numbers is used as input to a war dialer program, which dials all those phone numbers using a modem, and logs whether or not the call was answered by a modem. War driving These are attacks against wireless networks, which work by passing from outside the building with a wireless Ethernet card in promiscuous mode. Buffer overflow Buffer overflow attacks are due to poorly written code which does not check the length of variable arguments.
  • 9. Computer Network Security 9 Common attacks and Exploits SYN flood Occurs when a network becomes so overwhelmed by SYN packets initiating incomplete connection requests that it can no longer process legitimate connection request causing high CPU, memory, and NIC usage. ICMP flood An ICMP flood occurs when ICMP pings overload a system with so many echo requests that the system expends all its resources responding until it can no longer process valid network traffic. UDP flood Similar to the ICMP flood, UDP flooding occurs when UDP packets are sent with the purpose of slowing down the system to the point that it can no longer handle valid connections.
  • 10. Computer Network Security 10 Common attacks and Exploits Smurfing An ICMP echo request is sent to a network’s broadcast address with a spoofed source IP address. The spoofed machine is then overwhelmed with a large number of echo replies. Sniffing Sniffing uses protocol analyzers or packet sniffers to capture network traffic for passwords or other data. Ping of death Ping of death attack uses oversized ICMP echo requests to a hosts in an attempt to crash it.
  • 11. Computer Network Security 11 TCP Three-way handshake
  • 12. Computer Network Security 12 Security implementation Identify what you are trying to protect. Determine what you are trying to protect them from. Determine how likely the threats are. Implement steps that protect your assets in a cost effective manner Review the process continuously making improvements when you find a weakness
  • 13. Computer Network Security 13 Assets needing to be protected Physical resources Intellectual resources Time resources Perception resources
  • 14. Computer Network Security 14 Physical resources Anything that has a physical form Routers, hubs, switches, servers etc
  • 15. Computer Network Security 15 Intellectual resources Sometimes harder to identify Exist in electronic form only Any information that plays a vital role in your organization’s business Software, financial records, database records, schematics, emails etc
  • 16. Computer Network Security 16 Time resources An important resources which is overlooked quite often in a risk analysis. To evaluate what lost time costs your organization, make sure to include all consequences of lost time
  • 17. Computer Network Security 17 Perception resources Risk of damage to perception is the cause of significant trouble Following the DoS attacks of February 2000, the stock prices of the affected companies fell Following breach of Microsoft’s system followed speculation about the credibility of products
  • 18. Computer Network Security 18 Sources to protect from Internal network Access from field offices Access from WAN link to the business partners Access through the Internet Access through modem pools
  • 19. Computer Network Security 19 Internal systems A vast majority of attacks originate from within the organization Using firewalls protects from external threats, but it is still the employees that are responsible for the greatest amount of damage or compromise of data, because they have the insider’s view of how your network operates
  • 20. Computer Network Security 20 Internal attacks Disgruntled employee or ex-employee Not so computer literate management with access privileges A company’s CEO insisted on having administrative privileges on the NetWare server and inadvertently deleted the cc:Mail directory
  • 21. Computer Network Security 21 External attacks Competitors Stealing designs, financial statements, making network resources unavailable Shorten development time Equip their products with better features Second lowest price website DoS Militant viewpoints If your organization has controversial viewpoints High profile An organization with high visibility is a good candidate for an attack for merely the sake of notoriety or a wider audience
  • 22. Computer Network Security 22 Threat assessment Network security attacks are malicious or unintentional attempts to use or modify resources available through a network in a way they were not intended to be used The goal of network security is to protect its assets from network attacks.
  • 23. Computer Network Security 23 Network attack types Unauthorized access to resources or information through the use of a network Unauthorized manipulation and alteration of information on a network Denial of service
  • 24. Computer Network Security 24 Network security goals Based on the three types of attacks, the goals of network security are to: Ascertain data confidentiality Maintain data integrity Maintain data availability
  • 25. Computer Network Security 25 Risk assessment After threat identification, the likelihood must be determined Security is expensive It is not feasible to protect against all types of attacks It is wise to protect against the most likely threats Two things are important in risk assessment: The likelihood of a particular attack against the resource. The cost in terms of damages to the network in case of a successful attack
  • 26. Computer Network Security 26 Risk assessment It is often useful to divide the risk analysis into three categories: Confidentiality Integrity Availability If an asset’s availability is critical and the likelihood of an attack is high, the asset’s risk level can be considered high e.g., a high visibility web server is a high risk asset in terms of availability An FTP server used internally, which is not visible from the outside has a lower risk level in terms of availability but a high risk level in terms of confidentiality Note that all risk assessments are relative
  • 27. Computer Network Security 27 Network security policy Having determined the risk level of various assets, the next step is to formulate a security policy A security policy must prioritize mitigation of threats against high risk assets and then spend the rest of its resources to protecting the lower risk assets Defines a framework for protecting the assets connected to a network Defines access rules and limitations for accessing various assets A source of information for users and administrators as they: Setup, Use and Audit the network
  • 28. Computer Network Security 28 Network security policy Should be broad and general in scope Provide a high level view of the principles on which security related decisions should be taken Should not go into the details of how security is to be implemented The details can change overnight, but the general principles of what these details are trying to achieve should remain the same Roles played by the policy: Clarify what is being protected and why State who is responsible for providing the protection Provide grounds on which to interpret and resolve any future conflicts
  • 29. Computer Network Security 29 Network security policy The first point is an offshoot of the asset identification and risk analysis Those responsible for the protection can be one or more of the following: Users Administrators and managers Network usage auditors Managers who have overall ownership of the network and its associate resources The third point places responsibility on shoulders of a particular person to resolve any conflicts A network policy should be such that it can be implemented using existing technology, it shouldn’t contain elements that are not technically enforceable
  • 30. Computer Network Security 30 Network security policy In terms of ease of use there are two types of network security policies: Permissive: that which is not expressly prohibited is allowed Restrictive: that which is not expressly allowed is prohibited It is better to have a restrictive policy and then based on usage open it up for legitimate uses A permissive policy will have holes in it no matter how hard you try to plug all holes
  • 31. Computer Network Security 31 Network security policy A security policy must balance: Ease of use Network performance Security aspects An overly restrictive policy costs more than a slightly more lenient one might make up for it in terms of performance gains Minimum security requirements as identified by risk analysis must be met for a security policy to be practical.
  • 32. Computer Network Security 32 Implementation Implementation of Network security involves technical and non-technical aspects It is important to come up with a design agreeable for all involved parties The following points must be kept in mind before implementation: All stakeholders (including users and management) must agree on the policy
  • 33. Computer Network Security 33 Implementation It is crucial to educate all parties including management on why security is necessary. This education must continue in case of newcomers Management and financial people must be educated about the cost and risk analysis because security is expensive and is not a one- time expense Responsibilities of people and their reporting relationship must be clearly defined
  • 34. Computer Network Security 34 Implementation The next step is network security design Translate security policy into procedures which are usually laid out tasks that must be completed to implement the security policy Execution of these procedures results in a network design that can be implemented using various devices
  • 35. Computer Network Security 35 Implementation The following are components of network security design: Device security features such as administrative password Firewalls Remote access VPN concentrators Intrusion detection Access control and limiting mechanisms
  • 36. Computer Network Security 36 Audit and improvement It is important to continually analyze, test and improve the security policy after implementation This can be done through: Formal security audits Day-to-day checks based on operational measurements Audits can also be done using automated tools An important purpose of audits is to keep the users aware of implications of their actions
  • 37. Computer Network Security 37 Audit and improvement Can help identify bad user habits There should be schedule and random audits A random audit will help: Catch the organization with its guards down Reveal weakness during maintenance etc If the audit reveals technical issues, they can be fixed by technical means Other issues can be addressed by user education programs
  • 38. Computer Network Security 38 Audit and improvement Education programs should not go into minute details, but focus on the goals of the policy and how the user can help in its implementation Using examples of what they did wrong would cause the users to think that they can not do any wrong unless they are caught doing wrong