David Gamez IUA and the Autumn 2007 Security



Similar documents
Certified Ethical Hacker Exam Version Comparison. Version Comparison

How To Classify A Dnet Attack

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Computer Viruses: How to Avoid Infection

HoneyBOT User Guide A Windows based honeypot solution

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Spyware. Summary. Overview of Spyware. Who Is Spying?

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

A Decision Maker s Guide to Securing an IT Infrastructure

Computer Security Maintenance Information and Self-Check Activities

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

CRYPTUS DIPLOMA IN IT SECURITY

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

E-BUSINESS THREATS AND SOLUTIONS

Threat Events: Software Attacks (cont.)

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Cyber Security: Beginners Guide to Firewalls

Information Security Threat Trends

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Common Cyber Threats. Common cyber threats include:

Computer Networks & Computer Security

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

Hackers: Detection and Prevention

Security Event Management. February 7, 2007 (Revision 5)

Ethical Hacking Course Layout

Detailed Description about course module wise:

CYBERTRON NETWORK SOLUTIONS

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Introduction to Computer Security Table of Contents

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Countermeasures against Bots

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

GlobalSign Malware Monitoring

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Firewall and UTM Solutions Guide

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

How Spyware and Anti-Spyware Work

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

Thick Client Application Security

Firewalls and Software Updates

THE ROLE OF IDS & ADS IN NETWORK SECURITY

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Securing small business. Firewalls Anti-virus Anti-spyware

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

Security Issues with Integrated Smart Buildings

How To Protect Your Network From Attack From A Hacker On A University Server

Keeping you and your computer safe in the digital world.

Keyloggers ETHICAL HACKING EEL-4789 GROUP 2: WILLIAM LOPEZ HUMBERTO GUERRA ENIO PENA ERICK BARRERA JUAN SAYOL

WEB ATTACKS AND COUNTERMEASURES

Web Application Security

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Certified Ethical Hacker (CEH)

ICTN Enterprise Database Security Issues and Solutions

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

Hacking Database for Owning your Data

IBM Protocol Analysis Module

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Network Incident Report

Top tips for improved network security

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

for Critical Infrastructure Protection Supervisory Control and Data Acquisition SCADA SECURITY ADVICE FOR CEOs

Global Partner Management Notice

Paul Nguyen CSG Interna0onal

1 Introduction. Agenda Item: Work Item:

ZNetLive Malware Monitoring

Essentials of PC Security: Central Library Tech Center Evansville Vanderburgh Public Library

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

Is your data secure?

CS5008: Internet Computing

FAKE ANTIVIRUS MALWARE This information has come from - a very useful resource if you are having computer issues.

Shellshock. Oz Elisyan & Maxim Zavodchik

What are the common online dangers?

Cyber Security Awareness

TIME TO LIVE ON THE NETWORK

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold

Basic Computer Security Part 2

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

CEH Version8 Course Outline

Networking for Caribbean Development

Alexander Nikov. 9. Information Assurance and Security, Protecting Information Resources. Learning Objectives. You re on Facebook? Watch Out!

Security threats and attackers are turning

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

CYBER-SAFETY BASICS. A computer security tutorial for UC Davis students, faculty and staff

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

What you need to know to keep your computer safe on the Internet

Transcription:

Overview Computer Security Vast topic only space here to touch on some of the key issues. Extremely important sloppy computer security costs time, money and even lives. David Gamez IUA Week 5 Autumn 2007 1 David Gamez IUA Week 5 Autumn 2007 2 Bad Computer Security Costs Loss of data - code, financial information, plans for new cars etc. Loss of information about employees - National Insurance numbers, bank details, etc. Loss of customer information - credit card numbers etc. Loss of reputation no one wants to use with a bank whose security has been compromised. Bad Computer Security Costs Loss of cash many electronic attempts to steal money from banks. Loss of service if the website is down it can t deliver services or sell goods. Customers will go elsewhere. Loss of work time if the computer network is compromised, employees cannot do their job. Clean up time network administrators have to spend a lot of time cleaning up the mess. David Gamez IUA Week 5 Autumn 2007 3 David Gamez IUA Week 5 Autumn 2007 4 Costs Graph Taken from: http://www.cisco.com/warp/public/779/govtaffairs/images/crs_cyber_attacks.pdf David Gamez IUA Week 5 Autumn 2007 5 Costs Graph Shows that the most reported types of attacks are not the ones that cause the greatest losses. Theft of proprietary information (reported by 21%) and denial of service (reported by 42%) accounted for 67.3% of total money losses ($135.8 million out of $201.8 million). Companies estimates of losses due to cyberattacks should be interpreted with caution! David Gamez IUA Week 5 Autumn 2007 6 1

Physical Access Vulnerabilities Often overlooked, but it is the easiest way to access an organization. Staff member holds door open for the person behind them. They plug their computer into the network or shoulder surf a password and steal the organization s information. David Gamez IUA Week 5 Autumn 2007 7 David Gamez IUA Week 5 Autumn 2007 8 Phone The hacker phones someone in the organization and claims to be the network administrator. Requests username and password for a test. Many users will give this information, especially if the attacker is persuasive or threatening and knows the name of their boss. Sniffing Easy to listen on a network to access the information being sent across it. All unencrypted information can be read. Can access passwords, emails, sensitive documents etc. Ethereal: www.ethereal.com David Gamez IUA Week 5 Autumn 2007 9 David Gamez IUA Week 5 Autumn 2007 10 Scanning Scanning software used to probe the network to find out: IP addresses of other machines. Ports open on other machines. Services running on these ports Vulnerabilities Network scanning discovers the machines on the network. Vulnerability scanning discovers vulnerabilities on a given machine. Network Access Company is running a program that is listening on a particular port, perhaps the DBMS, a webserver or something else. Malicious software on another computer sends packets containing a buffer overflow attack (for example). This starts a new application on the compromised computer, which may download other code and attack other machines in turn. Can be run from anywhere in the world. Easier when you have physical access to the company network. David Gamez IUA Week 5 Autumn 2007 11 David Gamez IUA Week 5 Autumn 2007 12 2

Wireless Access An organization s wireless networks can be accessed without physical access. With a suitable aerial, this can be over a long distance. Wireless security (or WEP) can be cracked easily once you have captured enough packets. Wireless networks should always be isolated from main networks. Or communications over wireless should themselves be encrypted, using virtual private networks (VPN), for example. Malicious Websites Exploit buffer overflow vulnerability or similar to execute arbitrary code on users computer. User just has to view site using a vulnerable browser for example Internet Explorer. One common response is to maintain a list of dangerous websites and automatically block access to them. Also worth using a better browser, such as Firefox (see Resources). David Gamez IUA Week 5 Autumn 2007 13 David Gamez IUA Week 5 Autumn 2007 14 Email Emails can be sent to members of the organization containing malicious code. Sometimes these are very obvious, such as FILENAME.exe, and the user has to take action to run the file and install the virus. Other attachments can exploit vulnerabilities in Windows to automatically run the code when the email is viewed. Email Sometimes the user is given a link to a website that breaks into the computer when the user clicks on it. Sometimes the user is tricked into entering their login details on a bogus website. Emails may also contain ActiveX or JavaScript code that can hack the system. Emails often use clever social engineering to make the user click on the link or install the code. David Gamez IUA Week 5 Autumn 2007 15 David Gamez IUA Week 5 Autumn 2007 16 Buffer Overflow Attacks Common way for malicious software to access the system. Exploits a program that does not check the length of a piece of data. Provides a way for an attacker to execute arbitrary code on a remote computer. Often part of other methods of attack, such as email or website. Buffer Overflow Attack Two requirements: Inject attack code The attacker provides an input string that is actually executable, binary code native to the machine being attacked. Typically this code is simple, and does something similar to exec("sh") to produce a root shell. Change return address There is a stack frame for a currently active function above the buffer being attacked on the stack. The buffer overflow changes the return address to point to the attack code. When the function returns, instead of jumping back to where it was called from, it jumps to the attack code. David Gamez IUA Week 5 Autumn 2007 17 David Gamez IUA Week 5 Autumn 2007 18 3

Buffer Overflow Attacks Protection Use safe C libraries that check the amount of data that is being copied. Stack smashing protection checks to see if stack has been altered before returning and throws error if it is has changed. Separate executable code from data on the stack supported by some CPUs. Address space randomization addresses are different in each copy of Windows Vista, for example. Scan packets for buffer overflow exploits using an intrusion detection system. David Gamez IUA Week 5 Autumn 2007 19 David Gamez IUA Week 5 Autumn 2007 20 Format String Attack Exploits function in C that carries out string formatting, such as printf( ). Program is forced to overwrite the address of a library function or the return address on the stack with a pointer to some malicious code. The malicious code is executed and installs itself on the user s computer. SQL Injection SQL Injection takes advantage of the syntax of SQL to inject commands that read or modify a database, or compromise the meaning of the original query. Russian hackers broke into a Rhode Island government web site and allegedly stole 53,000 credit card numbers. David Gamez IUA Week 5 Autumn 2007 21 David Gamez IUA Week 5 Autumn 2007 22 UN Website Compromised by SQL Injection SQL Injection Example Breaks code that controls access to a website. Form has a user name and password field. Both are assumed to be an ordinary string. The following SQL is used to query database with user supplied information. If this returns 1 row, the user is given access. David Gamez IUA Week 5 Autumn 2007 23 David Gamez IUA Week 5 Autumn 2007 24 4

SQL Code SELECT UserList.Username FROM UserList WHERE UserList.Username = 'Username' AND UserList.Password = 'Password' What if an unauthorized user types mypassword OR 1 = 1? SQL Code SELECT UserList.Username FROM UserList WHERE UserList.Username = 'Username' AND UserList.Password = 'password' OR '1'= '1' Now the query will always return one row (assuming the username is correct) and the attacker will gain unauthorized access. David Gamez IUA Week 5 Autumn 2007 25 David Gamez IUA Week 5 Autumn 2007 26 Worms Malicious Software Spread over networks by attacking vulnerable services. Generally are not malicious, but may provide a way in which other malicious software can spread. Main impact is consuming network resources so that websites etc. can no longer be reached. For example, Blaster and Slammer worms. David Gamez IUA Week 5 Autumn 2007 27 David Gamez IUA Week 5 Autumn 2007 28 Viruses Malicious code that spreads through a variety of methods. Distributed through malicious websites. Sends emails using addresses harvested from the user s computer Network attack Copies itself into shared folders and removable media. David Gamez IUA Week 5 Autumn 2007 29 Trojan Software that is often installed by a virus (although there is not a clear distinction between the two). May contain a key logger, which records all of the keystrokes on the computer. Can be used to control many other features of the computer. May block access to anti-virus websites. May stop user running the Task Manager. David Gamez IUA Week 5 Autumn 2007 30 5

Trojan May stop installation of anti-virus programs. May delete all or some of the data on your computer. Often gathers credit card details and other information for identity theft. Often sends spam emails. Attacks other computers, either by sending email, copying files or via scanning + network attack. David Gamez IUA Week 5 Autumn 2007 31 Rootkit Piece of code that hides itself in the operating system. Often changes the behaviour of the operating system so the root kit is completely invisible to the user. Common way for malicious software to hide itself. Viruses and trojans can be removed relatively easily. May take a complete reinstall to get rid of rootkits. David Gamez IUA Week 5 Autumn 2007 32 Sony Rootkit Recent case in which Sony installed a rootkit as part of its copy-prevention software. Interfered with the normal way in which the Microsoft Windows operating system played CDs. Opened security holes that allowed viruses to break in, and caused other problems. Sony Rootkit More than half a million computers worldwide were infected with Sony rootkit. Lawsuit claimed that the rootkit had damaged users computers. Sony removed software from shelves and offered to replace the copy-protected CDs with non-copy-protected CDs. David Gamez IUA Week 5 Autumn 2007 33 David Gamez IUA Week 5 Autumn 2007 34 Spyware Often installed as part of a free or cheap application. Sends back private information to companies, possibly about the user s browsing habits etc. Not always recognized by anti-virus software. Specialized anti-spyware software can be used to recognize and remove it (see Resources section). Human Attackers David Gamez IUA Week 5 Autumn 2007 35 David Gamez IUA Week 5 Autumn 2007 36 6

Overview Have covered how different types of malicious software are distributed in different ways. Threat from human attackers who want to break into business systems to steal money, credit card details or information. Several different stages to a successful cyberattack. Some examples in the Resources section. Cyberattack Example 1 Wearing a blue boiler suit and fake ID the attacker gains physical access to the building. Carries something big so that an employee helpfully lets him through the door and he does not have to swipe his fake ID. Installs a wireless device that sniffs the network and allows him to communicate with it. Sits outside the organisation and gathers any information that he wants. David Gamez IUA Week 5 Autumn 2007 37 David Gamez IUA Week 5 Autumn 2007 38 Cyberattack Example 1 The wireless device may allow him to penetrate other computers on the network. Could also have installed a rootkit on the computers to accomplish the same task. This would have been even easier if the attacker had gained a cleaning job at the organisation. Cyberattack Example 2 Laptop containing sensitive information with an unencrypted hard drive is left in a car by a stupid employee. Steal laptop. Job done! If laptop does not contain the required information, it may contain VPN passwords etc., which give the attacker remote access to the corporate network. David Gamez IUA Week 5 Autumn 2007 39 David Gamez IUA Week 5 Autumn 2007 40 Cyberattack Example 3 Research on the companies website reveals a list of telephone numbers of employees. Could use Google to discover poorly secured information about employees (see article in Resources section). Phone employee and pretend to be a network administrator. Get their username and password and use this to access the system. Cyberattack Example 4 Attacker in Russia sends carefully targeted emails to employees. These contain a game or amusing pictures and the employee has to open the attachment to play the game or view the amusing picture. Or they just have to follow a link. Malicious software is installed on the machine which the attacker uses to access it remotely from Russia. David Gamez IUA Week 5 Autumn 2007 41 David Gamez IUA Week 5 Autumn 2007 42 7

Cyberattack Example 4 This software sends all of the keystrokes on the worker s machine. It also allows the attacker to use other methods, such as buffer overflow exploits to attack other machines on the network. The attacker can also sniff all of the traffic on the network, including unsecured emails, passwords, etc. Cyberattack Example 5 Attacker gathers as much information as he or she can about the computer infrastructure of the organization. This includes software, hardware, IP addresses etc. Company reports, software consultants, etc. can all be sources for this information. David Gamez IUA Week 5 Autumn 2007 43 David Gamez IUA Week 5 Autumn 2007 44 Cyberattack Example 5 Cyberattack Example 5 Attacker selects target machines and runs a vulnerability scanner against them. This is a piece of software that reveals the vulnerable parts of the system, which services are running, etc. Attacker launches an exploit against a machine and installs malicious software. David Gamez IUA Week 5 Autumn 2007 45 David Gamez IUA Week 5 Autumn 2007 46 Cyberattack Example 5 Once inside the corporate network he or she can run a network scanner. This reveals all of the machines on the network. He can then choose another machine to attack, steal sensitive information, or disable the network. Cyberterrorism? Most industrial systems are controlled by computers using standard technology, such as TCP/IP and Windows. Conceivable that an attacker could break into a nuclear or chemical plant s networks and disable safety systems, release dangerous substances or worse. David Gamez IUA Week 5 Autumn 2007 47 David Gamez IUA Week 5 Autumn 2007 48 8

Cyberterrorism - Examples An ex-employee broke into a sewage treatment plant computer system and released 250 million tonnes of raw sewage. Slammer worm compromised safety systems of an Ohio nuclear plant. Claims that Russian hackers controlled a gas pipeline for 24 hours. Denial of Service David Gamez IUA Week 5 Autumn 2007 49 David Gamez IUA Week 5 Autumn 2007 50 Botnets Poor home security practices enable attackers to compromise and control very large numbers of computers. Called bots or zombie computers. Generally communicate using Internet Relay Chat. Botnets Used to send spam and to host illegal websites. Attack other computers in order to increase the size of the botnet. Used for distributed denial of service attacks. Can be huge Storm Worm botnet probably has over half a million machines. David Gamez IUA Week 5 Autumn 2007 51 David Gamez IUA Week 5 Autumn 2007 52 Denial of Service Brings a website or service down in different ways. Can exploit a flaw in the program to crash it. For example Ping of death crashed many operating systems by sending a malformed packet Or can use up the server s memory resources by sending lots of fraudulent requests. Denial of Service Can also bring down a website by flooding it with nonsense packets. For example, a large number of big packets is sent, which the webserver has to spend a lot of time filtering out. David Gamez IUA Week 5 Autumn 2007 53 David Gamez IUA Week 5 Autumn 2007 54 9

DDos Attack DDos Extortion Criminals controlling large botnets try to extort money from companies in exchange for not bringing their website down. First they launch a DDos attack on a website and then threaten to attack again unless paid $40,000, for example. Online gambling sites are often targeted. David Gamez IUA Week 5 Autumn 2007 55 David Gamez IUA Week 5 Autumn 2007 56 DDos Extortion One article claims that 6000-7000 organisations are paying extortion demands. Resources section has a recent news item of man arrested for DDos extortion with 7000 remotely controlled machines. Defence David Gamez IUA Week 5 Autumn 2007 57 David Gamez IUA Week 5 Autumn 2007 58 Training! If your staff are not trained properly it will be easy to compromise your organization. Need to promote a culture of security in which everyone is aware of its importance. Staff should challenge people without id badges. Staff should never disclose their usernames or passwords to anyone. Updating Software manufacturers frequently release fixes for vulnerabilities in their code. Windows, Mac OS X and Linux, for example, all need to be updated regularly. Machines will be much more vulnerable without regular updating. David Gamez IUA Week 5 Autumn 2007 59 David Gamez IUA Week 5 Autumn 2007 60 10

Privileges Mac OS X and UNIX / Linux are more secure than Windows XP because the standard user lacks certain privileges. The user has a much more limited ability to change the system than a superuser or root user. Attacks generally compromise just the user space, not the whole computer. Privileges This approach can be implemented in XP (in the IUA lab the Student account has reduced privileges). However, most users of Windows run with administrator privileges. Windows Vista makes a more secure approach to privileges standard for all users. Delicate balance between security requirements and enabling users to efficiently carry out tasks. David Gamez IUA Week 5 Autumn 2007 61 David Gamez IUA Week 5 Autumn 2007 62 Secure Passwords Many people and network administrators have insecure passwords or fail to change them from their default. Example of Herbless hacker who broke into hundreds of websites using the default Microsoft SQL administrator password. This password should have been changed on day 1 when they set up the server! Secure Coding Patching is used to fix sloppy coding on commercial software. Training and a culture of security is the only way to reduce security vulnerabilities in software written by your own company. Bad design, bad checking of inputs and insecure libraries are the major ways in which software security is compromised. All can be minimised by careful and responsible coding. David Gamez IUA Week 5 Autumn 2007 63 David Gamez IUA Week 5 Autumn 2007 64 Operating Systems Linux and Mac OS X are more secure than Windows XP. This is largely because Windows is more popular, so more attackers target Windows Windows Vista has introduced a number of improvements to its security: Address space randomization. More sophisticated privileges Network access protection Better firewall Security Software Many different software applications exist to help to protect organisations against threats. Regular updates to this software especially to the intrusion detector and virus checker is essential to success. David Gamez IUA Week 5 Autumn 2007 65 David Gamez IUA Week 5 Autumn 2007 66 11

Signature Detection Most defences work by looking at the signature of the malicious code. This is accurate and has a low false positive rate. This means that it is unlikely that the software will report a virus when there is no virus. Signature Detection However, signature scanning offers no defence against a new virus. People have to wait for a signature to be written and tested by the anti-virus vendors. Possibility of viruses that change their signature. Does not work with encryption. David Gamez IUA Week 5 Autumn 2007 67 David Gamez IUA Week 5 Autumn 2007 68 Anomaly Detection Another alternative is to monitor the normal state of the system and look for deviations from this normal state. This is called anomaly detection. Anomaly detection is an active research area. So far few products have made it to the market. Anomaly Detection Main problem is false positives the system reports an attack when there is no attack. This behaviour is unacceptable for consumer applications, but may be ok in a corporate environment where there are a large number of false alarms from other sources. David Gamez IUA Week 5 Autumn 2007 69 David Gamez IUA Week 5 Autumn 2007 70 Anti-virus Software Based on signature detection. Deployed as standard on most Windows PCs. Should be deployed on the machines in the IUA lab! Scans files and emails looking for the signature of a particular virus. Alerts the user when one is found. File Integrity Checkers A form of anomaly detection. A checksum is carried out on key system files. If this checksum changes an alarm is raised. For example: Tripwire: www.tripwire.com Afick: http://afick.sourceforge.net/ David Gamez IUA Week 5 Autumn 2007 71 David Gamez IUA Week 5 Autumn 2007 72 12

Firewalls IPv4 Datagram Hardware or software that filters out packets directed to specific ports and other types of traffic. Critical method of defence for a computer and organization. Can block DDos attacks, but only if applied at the right place in the network. Should filter incoming and outgoing traffic. Windows XP firewall only blocks incoming David traffic. Gamez IUA Week 5 Autumn 2007 73 David Gamez IUA Week 5 Autumn 2007 74 TCP Header Firewall David Gamez IUA Week 5 Autumn 2007 75 David Gamez IUA Week 5 Autumn 2007 76 DDos Attack Intrusion Detection Systems Scan packets sent through the network looking for viruses etc. Alert network administrator when problem is found. Need to know the signature of the malicious code. Can generate a lot of false alarms for example, when an employee is browsing security-related information. David Gamez IUA Week 5 Autumn 2007 77 David Gamez IUA Week 5 Autumn 2007 78 13

Penetration Testing Security professional attempts to break into system. Different amounts of information may be provided to the tester. Provide a report on the computer security to the company. Multi-level Security Nothing works perfectly! Pursue a multi-level approach that maximises security in each area of the organization. So training+physical security+updated systems+virus checkers+firewalls etc etc. must all be done as well as possible. David Gamez IUA Week 5 Autumn 2007 79 David Gamez IUA Week 5 Autumn 2007 80 Costs Questions? Taken from: http://www.cisco.com/warp/public/779/govtaffairs/images/crs_cyber_attacks.pdf David Gamez IUA Week 5 Autumn 2007 81 David Gamez IUA Week 5 Autumn 2007 82 Resources - General Resources Business-oriented handbook on computer security (PDF file): http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf Online book on computer security: http://www.kernelthread.com/publications/securit y Guide to home computer security: http://www.cert.org/homeusers/homecomputers ecurity/ High quality articles and news on securityrelated issues: http://www.securityfocus.com David Gamez IUA Week 5 Autumn 2007 83 David Gamez IUA Week 5 Autumn 2007 84 14

Resources - General Cost of cyberattacks (PDF document): http://www.cisco.com/warp/public/779/govtaffairs/images /CRS_Cyber_Attacks.pdf Sony rootkit: http://www.wired.com/politics/security/commentary/secur itymatters/2005/11/69601 Blaster worm: http://acmqueue.com/modules.php?name=content&pa= showpage&pid=159&page=1 Using Google to access sensitive information: http://www.securityfocus.com/columnists/224 Malicious websites: http://www.pcpro.co.uk/news/85609/wave-of-maliciouswebsites-exploit-new-ie-vulnerability.html Resources Buffer Overflows Buffer overflow attacks: http://www.computerworld.com/action/artic le.do?command=viewarticlebasic&articlei d=82920&intsrc=article_pots_side Buffer overflow attacks: http://www.linuxjournal.com/comment/repl y/6701 Defence against buffer overflow attacks: http://www.mcs.csuhayward.edu/~simon/s ecurity/boflo.html David Gamez IUA Week 5 Autumn 2007 85 David Gamez IUA Week 5 Autumn 2007 86 Resources Denial of Service Botnets: http://www.windowsecurity.com/articles/robot- Wars-How-Botnets-Work.html Ping of death denial of service: http://insecure.org/sploits/ping-o-death.html Distributed denial of service attack (DDos): http://www.grc.com/dos/grcdos.htm DDos extortion: http://software.silicon.com/security/0,39024655,3 9124881,00.htm Man arrested for DDos attacks: http://www.securityfocus.com/brief/601 Resources - Attacks Poor password security: http://www.vnunet.com/vnunet/news/2113624/herblessfive-weeks-hacktivism Keylogger scam: http://www.consumeraffairs.com/news04/2005/keylogger _scam.html Failed attempt to steal 220 million using keyloggers: http://www.timesonline.co.uk/tol/news/uk/article429916.e ce Physical access: http://seclists.org/isn/2005/apr/0013.html Stolen laptop contains sensitive information: http://www.theregister.co.uk/2007/08/06/verisign_laptop_ theft/ David Gamez IUA Week 5 Autumn 2007 87 David Gamez IUA Week 5 Autumn 2007 88 Resources - Cyberterrorism Roundtable discussion about the possibility of cyberterrorism: http://www.watchguard.com/rss/showarticle.as px?pack=rss.rtcyberterr Hackers target utility control systems: http://www.computerweekly.com/articles/2004/1 0/18/206046/hackers-target-utilities-controlsystems.htm Slammer worm disables safety monitoring system at nuclear plant: http://www.securityfocus.com/news/6767 Software Firefox web browser: www.mozilla.com/firefox Snort open source intrusion detection system: http://www.snort.org/ Ethereal sniffer: www.ethereal.com. AVG free anti-virus software: http://free.grisoft.com/doc/29116/us/frt/0 Adaware anti-spyware: http://www.lavasoftusa.com/ Spybot anti-spyware: www.safer-networking.org/ David Gamez IUA Week 5 Autumn 2007 89 David Gamez IUA Week 5 Autumn 2007 90 15

Software Windows rootkit revealer: http://www.microsoft.com/technet/sysinter nals/utilities/rootkitrevealer.mspx Afick file integrity checker: http://afick.sourceforge.net/ Top 100 Network security tools: http://sectools.org/ David Gamez IUA Week 5 Autumn 2007 91 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information