The document discusses various security threats like viruses, worms, intruders, insiders and information warfare. It describes the differences between viruses and worms and how they spread. It also compares intruders and insiders and explains how insiders pose a greater risk. The document outlines security basics like confidentiality, integrity, availability, authentication and authorization. It covers different types of attacks like active attacks involving masquerading, replay, message modification and denial of service. Passive attacks involving traffic analysis and release of message contents are also discussed. Common security threats like man-in-the-middle, TCP/IP hacking, phishing, sniffing, spoofing and SQL injection are briefly explained.
The document discusses various security threats like viruses, worms, intruders, insiders and information warfare. It describes the differences between viruses and worms and how they spread. It also compares intruders and insiders and explains how insiders pose a greater risk. The document outlines security basics like confidentiality, integrity, availability, authentication and authorization. It covers different types of attacks like active attacks involving masquerading, replay, message modification and denial of service. Passive attacks involving traffic analysis and release of message contents are also discussed. Common security threats like man-in-the-middle, TCP/IP hacking, phishing, sniffing, spoofing and SQL injection are briefly explained.
The document discusses various security threats like viruses, worms, intruders, insiders and information warfare. It describes the differences between viruses and worms and how they spread. It also compares intruders and insiders and explains how insiders pose a greater risk. The document outlines security basics like confidentiality, integrity, availability, authentication and authorization. It covers different types of attacks like active attacks involving masquerading, replay, message modification and denial of service. Passive attacks involving traffic analysis and release of message contents are also discussed. Common security threats like man-in-the-middle, TCP/IP hacking, phishing, sniffing, spoofing and SQL injection are briefly explained.
The document discusses various security threats like viruses, worms, intruders, insiders and information warfare. It describes the differences between viruses and worms and how they spread. It also compares intruders and insiders and explains how insiders pose a greater risk. The document outlines security basics like confidentiality, integrity, availability, authentication and authorization. It covers different types of attacks like active attacks involving masquerading, replay, message modification and denial of service. Passive attacks involving traffic analysis and release of message contents are also discussed. Common security threats like man-in-the-middle, TCP/IP hacking, phishing, sniffing, spoofing and SQL injection are briefly explained.
Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt
You are on page 1/ 42
Introduction and Security Threats:
Points to be Covered:
• Threats to security • Avenues of Attack, steps in attack • Security Basics – Confidentiality, Integrity, Availability • Types of attack Threats to security • Virus • Worms • Intruders • Insiders • Information warfare Virus • Programming code that replicates by being copied or initiating its copying to another program • Viruses can be transmitted as attachments to mail or in a downloaded file • Once a virus infects a computer,it performs two separate tasks •Replicates itself by spreading to other computers by human intervention •Activates its malicious payload BootSector Virus Email Virus Macro Virus Worm • A computer worm is a standalone malware computer program that replicates it self in order to spread to other computers • Self Replicate • Action perform: Deleting Files, allow remote control • Worms are different from viruses in two regards: – A worm can travel by itself – A worm does not require any user action to begin its execution Concealing Malware • Trojan Horse – Program advertised as per forming one activity that but actually does something else. – Trojan horse programs are typically executable programs that contain hidden code that attack the computer system • Rootkit – Unauthorized access and often mask its existence – Detection: behavioural-based methods, signature scanning, difference scanning, and memory dump analysis. – UserMode v/s Kernel Mode Malware for Profit • Spam • Spyware • Adware • Key logger Virus V/s Worms Virus Worm A virus is a piece of code that A worm is a malicious program attaches itself to legitimate that spread automatically. program Virus modifies the code. Worm does not modifies the code Virus does not replicate itself Worm replicate itself Virus is a destructive in nature Worm is non-destructive in nature Aim of virus is to infect the code Aim of worm is to make computer or program stored on computer or network unusable system Virus can infect other files Worm does not infect other files but it occupies memory space replication. Virus may need a trigger for Worm does not need any trigger execution Intruders V/s Insiders INTRUDERS INSIDERS
Intruders are authorized or Insiders are authorized users who try
unauthorized users who are trying to to access system or network for which access the system or network. he is unauthorized. Intruders are hackers or crackers. Insiders are not hackers.
Intruders are illegal users. Insiders are legal users.
Intruders are less dangerous than Insiders are more dangerous than Insiders Intruders. Intruders do not have access to system Insiders have easy access to the system because they are authorized users Many security mechanisms are used There is no such mechanism to protect to protect system from Intruders. system from Insider Steps in Attack Security Basics • Confidentiality – Helps to set secret communication – The goal of confidentiality is to ensure that only those individuals who have the Authority can view a piece of information. Security Basics • Authentication: – helps to establish proof of identities – Authentication deals with the desire to ensure that an individual is who they claim to be. The need for this in an online transaction is obvious Security Basics • Integrity : – helps to determines originality of message Security Basics • Authorization: – Permissible usage of the resources – Id password credentials • Non repudiation – The sender should not be able to deny sending the message. The receiver should not be able to deny receiving the message Types of Security Attacks Active attacks Masquerade.
Replay.
Modification of Message.
Denial of service (DOS)
Masquerade • A masquerade takes place when one entity pretends to be a different entity. OR • Masquerade is a type of attack where the attacker pretends to be an authorized user of a system in order to gain access to it or to gain greater privileges than they are authorized for. • A masquerade may be attempted through the use of stolen log on Ids and passwords, through finding security gaps in programs, or through bypassing the authentication mechanism. Replay Attack • Replay Attack involves the passive capture of data unit and subsequent retransmission to produce an unauthorized effect. • Prevention: – Use of session token – OTP – TimeStamp Modification of Messages • In this type of attacks one portion of original or legal message is altered, or that message are delayed or recorded to produced and unauthorized effect. DOS • An attempt to make a machine or network resource unavailable to its intended users. • Example: disruption of an entire network,either by disabling the network or by overloading it with messages so as to degrade performance. DOS example Passive Attacks
Release of Messages Content.
Traffic Analysis Release Of Message Contents Traffic Analysis • Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. • In this attack the attacker observe the patterns of message that is being transferred from source to destination BASIS FOR COMPARISON ACTIVE ATTACK PASSIVE ATTACK
Basic Active attack tries to change Passive attack tries to read or make the system resources or affect use of information from the system their operation. but does not influence system resources.
Modification in Occurs does not take place
the information Harm to the Always causes damage to the Do not cause any harm. system system.
Threat to Integrity and availability Confidentiality
Attack The entity (victim) gets The entity is unaware of the attack. awareness informed about the attack. Task performed The transmission is captured Just need to observe the by the attacker by physically controlling the transmission. portion of a link.
Emphasis is on Detection Prevention
Other Types Attacks 1.Man in The Middle
2.TCP/IP Hacking
3.Phishing
4.Sniffing
5.Spoofing
6. SQL Injection
7. Backdoors and Trapdoors
Man In The Middle • A man in the middle attack occurs when attackers are able to place themselves in the middle of two other hosts that are communicating in order to view or modify the traffic. • This is done by making sure that all communication going to or from the target host is routed through the attacker’s host. • Then the attacker is able to observe all traffic before transmitting it and can actually modify or block traffic. • To the target host, communication is occurring normally, since all expected replies are received. TCP/IP Hacking • This attack is caused by the three-way hand shake mechanism used between host and the server to set up connection. • Once it responds to a SYN request using SYNACK it sets aside resources for this connection and listens for ACK from client. • If the attacker sends multiple SYN within very short interval then the server will exhaust its resources. • The attacker does not respond to SYNACK sent by the server and the connections are left opened. • This ways server is unable to respond to Further connection request because of exhaustion of resources and denial of service takes place Phishing • Phishing is the attempt to acquire sensitive information by masquerading as a trust worthy entity in an electronic communication. • Typically, the messages appear to come from well known and trustworthy Websites. Websites that are frequently spoofed by phishers include eBay, Yahoo, facebook, twitter etc.. SQL Injection • SQL Injection is one of the web attack mechanisms used by hackers to steal data from organizations. Sniffing (Snooping) • Sniffing is type of attack in which attacker listen a conversation. • A network sniffer device. • The device can be used to view all traffic, all it can target a specific protocol, service or even string of characters. • Normally the network device that connects a computer to a network is designed to ignore all traffic that is not destined for that computer. • Network sniffers ignore this friendly agreement and observe all traffic on the network whether destined for that computer or others. Spoofing • A spoofing attack is a situation in which one person successfully masquerades as another by falsifying data and there by gaining an illegal advantage. Type of Spoofing attack • Caller ID Spoofing • Email Spoofing • IP Address Spoofing • SMS Spoofing • URL spoofing(fishing attack) Cross Site Scripting(XSS) attack • Exploit vulnerabilities of browser at client side • Most of the case use JSS,VBS embedded to webpage • Attack Vectors: – <Script> Tag – Java script Events:OnLoad,OnError – <Body> Tag: background – <Img> Tag – <iFrame> ,<input>etc.. • To prevent, sensitize all input taken from web form Backdoors • A backdoor in a computer system(or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer obtaining access to plain text, and so on, while attempting to remain undetected. • Usually legitimately used in debugging and Testing
