Network Threats and Vulnerabilities. Ed Crowley



Similar documents
CS5008: Internet Computing

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Abstract. Introduction. Section I. What is Denial of Service Attack?

Denial Of Service. Types of attacks

SECURE APPLICATION DEVELOPMENT CODING POLICY OCIO TABLE OF CONTENTS

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Seminar Computer Security

Barracuda Intrusion Detection and Prevention System

Frequent Denial of Service Attacks

Denial of Service. Tom Chen SMU

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Network Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. April 23, 2015

Where every interaction matters.

Web Application Security

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

IBM Protocol Analysis Module

A Critical Investigation of Botnet

Magento Security and Vulnerabilities. Roman Stepanov

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Lecture 15 - Web Security

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

CS 356 Lecture 16 Denial of Service. Spring 2013

Chapter 28 Denial of Service (DoS) Attack Prevention

SECURING APACHE : DOS & DDOS ATTACKS - I

Attack and Defense Techniques

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Denial of Service Attacks, What They are and How to Combat Them

A Decision Maker s Guide to Securing an IT Infrastructure

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

External Supplier Control Requirements

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

1. Firewall Configuration

Firewall and UTM Solutions Guide

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Security Technology White Paper

Web Application Security

CRYPTUS DIPLOMA IN IT SECURITY

Complete Protection against Evolving DDoS Threats

Learn Ethical Hacking, Become a Pentester

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Introduction. Two levels of security vulnerabilities:

VALIDATING DDoS THREAT PROTECTION

How To Protect Your Network From Attack From A Hacker On A University Server

Firewalls and Intrusion Detection

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

A Layperson s Guide To DoS Attacks

University of Wisconsin Platteville SE411. Senior Seminar. Web System Attacks. Maxwell Friederichs. April 18, 2013

Denial of Service Attacks

co Characterizing and Tracing Packet Floods Using Cisco R

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

The Roles of Software Testing & QA in Security Testing

Sitefinity Security and Best Practices

Gaurav Gupta CMSC 681

Acquia Cloud Edge Protect Powered by CloudFlare

Network Security. Computer Security & Forensics. Security in Compu5ng, Chapter 7. l Network Defences. l Firewalls. l Demilitarised Zones

Denial of Service Attacks. Notes derived from Michael R. Grimaila s originals

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

CloudFlare advanced DDoS protection

Web Application Attacks and Countermeasures: Case Studies from Financial Systems

Analysis of Cloud Computing Vulnerabilities

School of Information Science (IS 2935 Introduction to Computer Security, 2003)

What is Web Security? Motivation

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Information Technology Policy

How To Prevent Hacker Attacks With Network Behavior Analysis

5 Simple Steps to Secure Database Development

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

Distributed Denial of Service(DDoS) Attack Techniques and Prevention on Cloud Environment

Check list for web developers

CYBERTRON NETWORK SOLUTIONS

How To Understand A Network Attack

Secure Software Programming and Vulnerability Analysis

NSFOCUS Web Application Firewall White Paper

Denial of Service (DoS) Technical Primer

INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

A Systems Engineering Approach to Developing Cyber Security Professionals

A Network Administrator s Guide to Web App Security

Denial of Service (DoS)

Transcription:

Network Threats and Vulnerabilities Ed Crowley

Objectives At the end of this unit, you will be able to describe and explain: Network attack terms Major types of attacks including Denial of Service DoS and DDoS Attacks Buffer Overflows Ping of Death Session Highjacking SQL Injection and Cross Site Scripting Identify physical security attacks and vulnerabilities 2

Related Terms Attack Any attempt by an unauthorized person to access or use network resources or compromise availability Network security Concerned with security of network assets Computer security Concerned with the security of a computer not part of a network infrastructure Computer crime Worldwide fastest growing crime type 3

Denial-of-Service Attacks Denial-of-Service (DoS) attack Prevents legitimate users from accessing resources Some forms do not involve computers Do not attempt to access information Attacks network availability Performing a DoS attack as test is unwise Only need to prove potential attack Penetration testers need to make sure that they don t DoS by accident Certain web server tests can knock down server 4

Distributed Denial-of-Service Attacks DoS attack from multiple systems Network could be flooded with billions of requests Loss of bandwidth Speed degradation Often, participants (Zombies) not aware they are part of the attack Attacking computers could be controlled using Trojan programs with commands routed through IRC bots or other third parties 5

Buffer Overflow Attacks Code vulnerability Code fails to check for input data size Twofold Goal Fill overflow buffer with executable code at appropriate position OS executes this overflow code Code elevates attacker s permission Administrator Owner of running application If position not optimum, likely program crash (DoS) 6

Ping of Death DoS attack Older, GUI based, attack (late 1990s) Process Attacker creates large ICMP packet More than 65,535 bytes Large packet is fragmented at source network Destination network reassembles large packet Destination point cannot handle oversize packet and crashes Unpatched Win 95 bluescreens 7

Session Hijacking Enables attacker to join a TCP session Attacker makes both parties think he or she is the other party 8

SQL Injection A code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. 9

Cross Site Scripting XSS A type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls. In 2007, roughly 80% of all security vulnerabilities documented by Symantec were cross-site scripting. 10

Physical Security Protecting network requires physical security Inside attacks more likely than external attacks If you don t have physical security, you don t have cyber security. 11

Keyloggers Capture computer keystrokes. May be implemented in Hardware or Software Software Trojan like May send info out on net or may require physical pickup Hardware Easy to install Goes between the keyboard and the motherboard Examples include KeyKatcher and KeyGhost 12

Physical Security Physically restrict server access Locks don t stop attackers, locks slow down or deter attackers With a week or two of practice, average person can pick a deadbolt lock in less than five minutes. With experience, deadbolt locks can be picked in under 30 seconds. Rotary locks harder to pick In secure areas, important to log everyone entering and leaving room For better security, security cards can be used rather than keys 13

Questions? Originally based upon Chapter 3 Network and Computer Attacks 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information