Cracking and Computer Security



Similar documents
10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

How To Monitor The Internet In Idaho

COB 302 Management Information System (Lesson 8)

Chapter 6: Computer and Network Security

CHAPTER 10: COMPUTER SECURITY AND RISKS

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Hackers: Detection and Prevention

Network Incident Report

Computer Networks & Computer Security

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

COSC 472 Network Security

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Information Technology Cyber Security Policy


9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

E-BUSINESS THREATS AND SOLUTIONS

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Introduction to Ethical Hacking and Network Defense. Objectives. Hackers

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY

Vulnerability Assessment & Compliance

Sample Employee Network and Internet Usage and Monitoring Policy

Threat Events: Software Attacks (cont.)

Malicious Programs. CEN 448 Security and Internet Protocols Chapter 19 Malicious Software

AASTMT Acceptable Use Policy

Denial of Service (DoS)

Don t Fall Victim to Cybercrime:

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Intruders & Intrusion Hackers Criminal groups Insiders. Detection and IDS Techniques Detection Principles Requirements Host-based Network-based

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

United Tribes Technical College Acceptable Use Policies for United Tribes Computer System

Intruders and viruses. 8: Network Security 8-1

Topic 1 Lesson 1: Importance of network security

Abstract. Introduction. Section I. What is Denial of Service Attack?

INTERENT SAFETY AND RESPONSIBILITY CYBER SECURITY

Module 5: Analytical Writing

Promoting Network Security (A Service Provider Perspective)

7 Cs of WEB design - Customer Interface

BOARD OF EDUCATION POLICY

Network Security and the Small Business

Acceptable Use of Computing and Information Technology Resources

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

Firewalls, Tunnels, and Network Intrusion Detection

How To Use A College Computer System Safely

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Overview of computer and communications security

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

Network Security. Chapter 12. Learning Objectives. Chapter Outline. After reading this chapter, you should be able to:

CSCI 4250/6250 Fall 2015 Computer and Networks Security

WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA

E-Commerce: Attacks and Preventative Strategies. The majority of not only our nation, but most of the world, is performing and conducting

Penetration Testing Service. By Comsec Information Security Consulting

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08

BBM 461: SECURE PROGRAMMING INTRODUCTION. Ahmet Burak Can

Intro to Firewalls. Summary

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Malicious Software. Ola Flygt Växjö University, Sweden Viruses and Related Threats

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Network Security: Introduction

NETWORK SECURITY ASPECTS & VULNERABILITIES

Data Management Policies. Sage ERP Online

ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure

Data Management & Protection: Common Definitions

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Norton Personal Firewall for Macintosh

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

Stopping zombies, botnets and other - and web-borne threats

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

7. Firewall - Concept

WHITE PAPER. Understanding How File Size Affects Malware Detection

Chapter 12 Objectives. Chapter 12 Computers and Society: Security and Privacy

DIOCESE OF DALLAS. Computer Internet Policy

HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

Basics of Internet Security

Transcription:

Cracking and Computer Security Ethics and Computing Chapter 4 Summer 2001 CSE 4317: Computer Security 1 Motivation Computer security is crucial for trust Cracking activity is harmful, costly and unethical Legal system is slow to adapt Security measures are mostly effective Many systems don t use them Lack of expertise Inconvenience Summer 2001 CSE 4317: Computer Security 2 1

Codes of Ethics AITP Do not exploit the weakness of a computer system for personal gain or personal satisfaction ACM Respect privacy of others Access computers only when authorized Summer 2001 CSE 4317: Computer Security 3 Codes of Ethics IEEE Avoid injuring others, their property, reputation, or employment by false or malicious action Software Engineering Use the property of a client or employer only in ways properly authorized, and with the client s or employer s knowledge and consent Summer 2001 CSE 4317: Computer Security 4 2

Hacking vs. Cracking Traditional Hacker Self-motivated Technically accomplished Creative Productive Positive Summer 2001 CSE 4317: Computer Security 5 Hacking vs. Cracking Unethical Hacker or Cracker Self-motivated Technically accomplished Creative Not productive Not positive Summer 2001 CSE 4317: Computer Security 6 3

What is Cracking? Illegitimate use of a computer system Legitimate use You use a valid account assigned for your use by a legitimate administrator of the system Your use is consistent with the established policies for the system Software you create not intended to circumvent established policies Summer 2001 CSE 4317: Computer Security 7 Cracker Activities Trojan horse programs Virus programs Worm programs Logic bomb programs Sniffing Spoofing Flooding Summer 2001 CSE 4317: Computer Security 8 4

Trojan Horse Programs Masquerades as a legitimate program Hides unwanted functions Trojan horse login program Can also be self-replicating Summer 2001 CSE 4317: Computer Security 9 Virus Programs Self replicating Means of delivery Downloaded software Floppy disk Email Web Avoid detection Expand existing code Replace existing code Polymorphic E.g., Melissa Summer 2001 CSE 4317: Computer Security 10 5

Worm Programs Similar to viruses Short-lived Spread via the network Swamp resources E.g., Internet Worm Summer 2001 CSE 4317: Computer Security 11 Logic Bomb Programs Waits for some condition Disrupts normal system operation Summer 2001 CSE 4317: Computer Security 12 6

Sniffing and Spoofing Sniffing Monitor network activity for login/password sequences IP spoofing Masquerading as a machine with privileged access to target machine Summer 2001 CSE 4317: Computer Security 13 Flooding Ping flooding Denial-of-service attacks Flooding target machine with bogus traffic to block legitimate traffic SYN (synchronization) flooding Flood target computer with SYN requests whose ACKnowledgement is never returned Summer 2001 CSE 4317: Computer Security 14 7

Who Are Crackers? Profiles Novice Student Tourist Crasher Thief Summer 2001 CSE 4317: Computer Security 15 Novice Crackers Young, emotionally immature Surface-level interest in security Willing to try proven methods, but unlikely to originate new techniques Little thought to consequences Summer 2001 CSE 4317: Computer Security 16 8

Student Crackers Serious technical interest in security Desire to experiment with cracker techniques Perceived benign intent of learning or educating Summer 2001 CSE 4317: Computer Security 17 Tourist Crackers Talents of Student Less benign, peeping tom motivation Break in and look around Emails Databases System tools Other machines Summer 2001 CSE 4317: Computer Security 18 9

Crasher High level of technical expertise Motivated by desire to crash system Vandal Desire to create more problems than just crashing system Especially defacing public web pages Summer 2001 CSE 4317: Computer Security 19 Thief Explicit criminal activity Stealing credit card numbers or other valuable data Altering records Summer 2001 CSE 4317: Computer Security 20 10

Other Cracker Profiles Spy Terrorist Angered ex-employee Spurned suitor Summer 2001 CSE 4317: Computer Security 21 Case Study U.S. vs. Craig Neidorf [1990] Electronic newsletter Phrack Unauthorized access to computer and telecommunications systems Roadmap to 911 phone system Denning article and responses Summer 2001 CSE 4317: Computer Security 22 11

Case Study 911 information claimed proprietary Neidorf (16) charged with fraud and theft Hacking phone system or phreaking Defense showed 911 information available to the public Charges dropped Summer 2001 CSE 4317: Computer Security 23 Case Study: Denning Unauthorized access 6 months in prison Unauthorized access with harmful intent 5 years Unauthorized modification 5 years Summer 2001 CSE 4317: Computer Security 24 12

Responses Parker, SRI Swift punishment Encourage good behavior Levy, author of Hackers: Heroes Crackers, as a whole, beneficial Spafford, Purdue Amount of damage considered in sentencing, not conviction Summer 2001 CSE 4317: Computer Security 25 Responses Rotenberg, CPSR Charges should not have been filed Actions were not directly harmful Bloombecker, NCCCD Crackers reflect our social values Technological competence and impatience with the property rights of others We continue to reward wizardry and ignore ethical behavior Summer 2001 CSE 4317: Computer Security 26 13

Responses Stallman, GNU Project Unauthorized access harms no one and should not be a crime Laws against unauthorized access reflect the urge to control, stifling free society Penalties will drive crackers to paranoia and eventually crime Summer 2001 CSE 4317: Computer Security 27 Policies and Laws UTA Computer and Information Technology Usage Policy http://www.uta.edu/uta/wwwteam/citup.html UTA Network Usage Guidelines http://www.uta.edu/acs/usage.htm Texas Computer Crimes Statute http://www.utexas.edu/policies/computercrimes.html Summer 2001 CSE 4317: Computer Security 28 14

Security Measures Risk analysis Identify system weaknesses Audit logs Altered by crackers if kept on disk Firewalls Packet filtering Summer 2001 CSE 4317: Computer Security 29 Security Tools COPS SATAN Tripwire Computer Emergency Response Team (CERT) http://www.cert.org Summer 2001 CSE 4317: Computer Security 30 15

Prevention Better security measures More widespread use of measures Better laws, stiffer penalties Cracking is not cool slogans Education Ethics Summer 2001 CSE 4317: Computer Security 31 Points to Remember Crackers different from hackers Cracker activities are unethical, unprofessional, and usually illegal Legal system is adapting to better handle cracker crimes WWW and e-commerce increase the potential for harm Organizations lax in use of security measures Summer 2001 CSE 4317: Computer Security 32 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information