75000 victim in 10 min5, 2003.the program did not use the SQL language; it exploited a buffer overflow bug in Microsoft's flagship SQL Server and Desktop Engine database products
الاغريق والجيش اليوناني
The basic protocol for sending data over the Internet network and many other computer networks is the Internet Protocol ("IP"). The header of each IP packet contains, among other things, the numerical source and destination address of the packet. The source address is normally the address that the packet was sent from. By forging the header so it contains a different address, an attacker can make it appear that the packet was sent by a different machine. The machine that receives spoofed packets will send a response back to the forged source address, which means that this technique is mainly used when the attacker does not care about the response or the attacker has some way of guessing the response.In certain cases, it might be possible for the attacker to see or redirect the response to his own machine. The most usual case is when the attacker is spoofing an address on the same LAN orWAN.
Prepared by :Mohammed Adnan Abu Ward 120081704
Main Points Introduction Computer Security Attributes Statistics Types of Attacks Technology for Internet Security Conclusion References
Introduction The public Internet is a worldwide collection ofconnected computer networks that are accessible byindividual variety of ways using a particular set ofcommunication protocols which is known as TCP/IP. Today millions of end systems use the Internetregardless of national or geographic boundaries ortime.
Computer Security Attributes Understanding the security attributes is critical in order to conduct risk analysis and find the suitable control for each attribute. There are four main computer security attributes : Confidentiality : Unauthorized persons should not gain access to others data. Integrity : involves accuracy of data.
Computer Security Attributes… Privacy : the ability and/or right to protect your personal secrets. Availability : computer assets should be available for and accessible to authorized persons when they need them and should not be interrupted.
Numbers of Users of the Internet % WORLD DATE NUMBER OF USERS POPULATION June, 2010 1,966 millions 28.7 % Sept, 2010 1,971 millions 28.8 % Mar, 2011 2,095 millions 30.2 % Jun, 2011 2,110 millions 30.4 % Sept, 2011 2,180 millions 31.5 % Dec, 2011 2,267 millions 32.7 % Mar, 2012 2,336 millions 33.3 % June, 2012 2,405 millions 34.3 %
Vulnerable applications targeted by malicious users
1-Viruses Viruses are self-replicating programs that infect and propagate through files. Viruses often have additional properties, beyond being an infector or macro virus, A virus may also be multi-partite, stealth, encrypted or polymorphic. A virus using encryption will know how to decrypt itself to run, As the bulk of the virus is encrypted, it is harder to detect and analyze.
2-System and Boot Record Infectors System and Boot record infectors were the most common type of virus until the mid 1990s. These types of viruses infect system areas of a computer such as the Master Boot Record (MBR) on hard disks. By installing itself into boot records, the virus can run itself every time the computer is booted up. with the introduction of more modern operating systems, and virus checks being enabled in the Basic Input Output System (BIOS), The risk of these viruses disappear.
3-Eavesdropping Eavesdropping involves interception or gaining access to communications by unauthorized party.There are two types of Eavesdropping Passive : when an unauthorized person listens secretly to the networked messages. Active : intruder not only listens to but also injects something into the communication to distort or create bogus .
4-Hacking Hackers can be people who are career criminal. They are competent and highly skilled at using computers. Once they analyze and discover a leak point in the target system, they will find ways to access and attack the system. They can also break through Web servers to access or steal information.
5- Worms A worm is a self-replicating program that propagates over a network in some way. Unlike viruses, worms do not require an infected file to propagate. Worms classified into two types : mass-mailing worms : Email worms. network-aware worms : SQL Slammer.
6- Trojans Name story Today’s Trojans work in a very similar way. They will appear to be benign programs to the user, but will actually have some malicious purpose.
7-IP Spoofing Attacks The basic protocol for sending data over the Internet network and many other computer networks is the Internet Protocol The header of each IP packet contains, among other things, the numerical source and destination address of the packet. By forging the header so it contains a different address, an attacker can make it appear that the packet was sent by a different machine. The machine that receives spoofed packets will send a response back to the forged source address.
8-Denial of Service Is an attempt to make a machine or network resource unavailable to its intended users. It generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.
9-Email Bombing and Spamming Email bombing is the intentional sending of large volumes of messages to a target address. The overloading of the target email address can render it unusable and can even cause the mail server to crash. Email Spamming : is the practice of sending unwanted email messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients.
10-Phishing phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details . Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
Technology for Internet Security With the rapid growth of interest in the Internet, network security has become a major concern to companies throughout the world. Internet security tools typically provide authentication, encryption, identify attacks, and block and filter packets
1-Cryptographic systemsCryptography originally denotes the art of keepinginformation secret by the use of codes and ciphers.
2- Firewall A firewall can either be software-based or hardware- based and is used to help keep a network secure. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set.
3- Intrusion Detection Systems An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. Everything from a simple port scan to a full attack against your Web server can be detected by the IDS system.
4- Anti-Malware Software and scanners Viruses, worms and Trojan horses are all examples of malicious software, or Malware for short. anti-Malware tools are used to detect them and cure an infected system. The most common type of anti-Malware software is virus scanners. These tools often consist of two different but related parts • Scanner • Disinfector.
5-Internet Protocol Security (IPSec) Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of a communication session. IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).
Secure Socket Layer (SSL) The Secure Socket Layer (SSL) is a suite of protocols that actually uses many different standards of key exchange, authentication and encryption. The server typically provides regular web service http on port 80, and SSL-encrypted web traffic https over port 443. SSL is a standard way to achieve a good level of security between a web browser and a website.
Conclusion Internet threats will continue to be a major issue in the global world as long as information is accessible and transferred across the Internet. Security is critical and must be ensured so that Internet users can have confidence engaging in activities on the Internet.