SlideShare a Scribd company logo

Cryptography and Network Security: Understanding Malicious Threats

Download as PPT, PDF
D
DHANABALSUBRAMANIAN

Unit - 5.ppt

Education
1 of 28
Cryptography and Network Security
Viruses and Other Malicious Content  computer viruses have got a lot of publicity  one of a family of malicious software  effects usually obvious  have figured in news reports, fiction, movies (often exaggerated)  getting more attention than deserve  are a concern though
Malicious Software
Backdoor or Trapdoor  secret entry point into a program  allows those who know access bypassing usual security procedures  have been commonly used by developers  a threat when left in production programs allowing exploited by attackers  very hard to block in O/S  requires good s/w development & update
Logic Bomb  one of oldest types of malicious software  code embedded in legitimate program  activated when specified conditions met  eg presence/absence of some file  particular date/time  particular user  when triggered typically damage system  modify/delete files/disks, halt machine, etc
Trojan Horse  program with hidden side-effects  which is usually superficially attractive  eg game, s/w upgrade etc  when run performs some additional tasks  allows attacker to indirectly gain access they do not have directly  often used to propagate a virus/worm or install a backdoor  or simply to destroy data
Zombie  program which secretly takes over another networked computer  then uses it to indirectly launch attacks  often used to launch distributed denial of service (DDoS) attacks  exploits known flaws in network systems
Viruses  a piece of self-replicating code attached to some other code  cf biological virus  both propagates itself & carries a payload  carries code to make copies of itself  as well as code to perform some covert task
Virus Operation  virus phases:  dormant – waiting on trigger event  propagation – replicating to programs/disks  triggering – by event to execute payload  execution – of payload  details usually machine/OS specific  exploiting features/weaknesses
Virus Structure program V := {goto main; 1234567; subroutine infect-executable := {loop: file := get-random-executable-file; if (first-line-of-file = 1234567) then goto loop else prepend V to file; } subroutine do-damage := {whatever damage is to be done} subroutine trigger-pulled := {return true if condition holds} main: main-program := {infect-executable; if trigger-pulled then do-damage; goto next;} next: }
Types of Viruses  can classify on basis of how they attack  parasitic virus  memory-resident virus  boot sector virus  stealth  polymorphic virus  metamorphic virus
Macro Virus  macro code attached to some data file  interpreted by program using file  eg Word/Excel macros  esp. using auto command & command macros  code is now platform independent  is a major source of new viral infections  blur distinction between data and program files  classic trade-off: "ease of use" vs "security”  have improving security in Word etc  are no longer dominant virus threat
Email Virus  spread using email with attachment containing a macro virus  cf Melissa  triggered when user opens attachment  or worse even when mail viewed by using scripting features in mail agent  hence propagate very quickly  usually targeted at Microsoft Outlook mail agent & Word/Excel documents  need better O/S & application security
Worms  replicating but not infecting program  typically spreads over a network  cf Morris Internet Worm in 1988  led to creation of CERTs  using users distributed privileges or by exploiting system vulnerabilities  widely used by hackers to create zombie PC's, subsequently used for further attacks, esp DoS  major issue is lack of security of permanently connected systems, esp PC's
Worm Operation  worm phases like those of viruses:  dormant  propagation • search for other systems to infect • establish connection to target remote system • replicate self onto remote system  triggering  execution
Morris Worm  best known classic worm  released by Robert Morris in 1988  targeted Unix systems  using several propagation techniques  simple password cracking of local pw file  exploit bug in finger daemon  exploit debug trapdoor in sendmail daemon  if any attack succeeds then replicated self
Recent Worm Attacks  new spate of attacks from mid-2001  Code Red - used MS IIS bug  probes random IPs for systems running IIS  had trigger time for denial-of-service attack  2nd wave infected 360000 servers in 14 hours  Code Red 2 - installed backdoor  Nimda - multiple infection mechanisms  SQL Slammer - attacked MS SQL server  Sobig.f - attacked open proxy servers  Mydoom - mass email worm + backdoor
Worm Techology  multiplatform  multiexploit  ultrafast spreading  polymorphic  metamorphic  transport vehicles  zero-day exploit
Virus Countermeasures  best countermeasure is prevention  but in general not possible  hence need to do one or more of:  detection - of viruses in infected system  identification - of specific infecting virus  removeal - restoring system to clean state
Anti-Virus Software  first-generation  scanner uses virus signature to identify virus  or change in length of programs  second-generation  uses heuristic rules to spot viral infection  or uses crypto hash of program to spot changes  third-generation  memory-resident programs identify virus by actions  fourth-generation  packages with a variety of antivirus techniques  eg scanning & activity traps, access-controls  arms race continues
Advanced Anti-Virus Techniques  generic decryption  use CPU simulator to check program signature & behavior before actually running it  digital immune system (IBM)  general purpose emulation & virus detection  any virus entering org is captured, analyzed, detection/shielding created for it, removed
Digital Immune System
Behavior-Blocking Software  integrated with host O/S  monitors program behavior in real-time  eg file access, disk format, executable mods, system settings changes, network access  for possibly malicious actions  if detected can block, terminate, or seek ok  has advantage over scanners  but malicious code runs before detection
Distributed Denial of Service Attacks (DDoS)  Distributed Denial of Service (DDoS) attacks form a significant security threat  making networked systems unavailable  by flooding with useless traffic  using large numbers of “zombies”  growing sophistication of attacks  defense technologies struggling to cope
Distributed Denial of Service Attacks (DDoS)
Contructing the DDoS Attack Network  must infect large number of zombies  needs: 1. software to implement the DDoS attack 2. an unpatched vulnerability on many systems 3. scanning strategy to find vulnerable systems  random, hit-list, topological, local subnet
DDoS Countermeasures  three broad lines of defense: 1. attack prevention & preemption (before) 2. attack detection & filtering (during) 3. attack source traceback & ident (after)  huge range of attack possibilities  hence evolving countermeasures
Summary  have considered:  various malicious programs  trapdoor, logic bomb, trojan horse, zombie  viruses  worms  countermeasures  distributed denial of service attacks

Recommended

Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Malicious
MaliciousMalicious
Maliciousashraf karaimeh
 
Ch19
Ch19Ch19
Ch19Joe Christensen
 
Ch19
Ch19Ch19
Ch19saurabhmittal79
 
Malicious software
Malicious softwareMalicious software
Malicious softwareDr.Florence Dayana
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwaresMirza Adnan Baig
 
Mitppt
MitpptMitppt
MitpptAarti Prakash
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 

Recommended

Malicious software
Malicious softwareMalicious software
Malicious softwaremsdeepika
 
Malicious
MaliciousMalicious
Maliciousashraf karaimeh
 
Ch19
Ch19Ch19
Ch19Joe Christensen
 
Ch19
Ch19Ch19
Ch19saurabhmittal79
 
Malicious software
Malicious softwareMalicious software
Malicious softwareDr.Florence Dayana
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwaresMirza Adnan Baig
 
Mitppt
MitpptMitppt
MitpptAarti Prakash
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 
Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Computer viruses
Computer virusesComputer viruses
Computer virusesMDAZAD53
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To MalwaresCyber Vignan
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Digital Immunity -The Myths and Reality
Digital Immunity -The Myths and RealityDigital Immunity -The Myths and Reality
Digital Immunity -The Myths and Realityamiable_indian
 
Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo MaliciosoJose Manuel Acosta
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and DefenseMd.Tanvir Ul Haque
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and WormsDINESH KAMBLE
 
Computer viruses
Computer virusesComputer viruses
Computer virusesYousef Bahaa
 
viruses
virusesviruses
viruseskhadija habib
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
Computer viruses
Computer virusesComputer viruses
Computer virusesYousef Bahaa
 
FCS Presentation.pptx
FCS Presentation.pptxFCS Presentation.pptx
FCS Presentation.pptxSridharChowdary10
 
Computer Introduction-Lecture04
Computer Introduction-Lecture04Computer Introduction-Lecture04
Computer Introduction-Lecture04Dr. Mazin Mohamed alkathiri
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
computer virus Report
computer virus Reportcomputer virus Report
computer virus Reportrawaabdullah
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakrabortyJoy Chakraborty
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
virus
virusvirus
virusVinod siragaon
 
unit 2.ppt
unit 2.pptunit 2.ppt
unit 2.pptDHANABALSUBRAMANIAN
 
Unit --3.ppt
Unit --3.pptUnit --3.ppt
Unit --3.pptDHANABALSUBRAMANIAN
 

More Related Content

Similar to Cryptography and Network Security: Understanding Malicious Threats

Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & preventionKhaleel Assadi
 
Computer viruses
Computer virusesComputer viruses
Computer virusesMDAZAD53
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To MalwaresCyber Vignan
 
Presentation2
Presentation2Presentation2
Presentation2Jeslynn
 
Digital Immunity -The Myths and Reality
Digital Immunity -The Myths and RealityDigital Immunity -The Myths and Reality
Digital Immunity -The Myths and Realityamiable_indian
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Pruthvi Monarch
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. AllwoodStavia
 
computer virus Report
computer virus Reportcomputer virus Report
computer virus Reportrawaabdullah
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakrabortyJoy Chakraborty
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 

Similar to Cryptography and Network Security: Understanding Malicious Threats (20)

Network virus detection & prevention
Network virus detection & preventionNetwork virus detection & prevention
Network virus detection & prevention
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Introductions To Malwares
Introductions To MalwaresIntroductions To Malwares
Introductions To Malwares
 
Presentation2
Presentation2Presentation2
Presentation2
 
Digital Immunity -The Myths and Reality
Digital Immunity -The Myths and RealityDigital Immunity -The Myths and Reality
Digital Immunity -The Myths and Reality
 
Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo Malicioso
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and Defense
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and Worms
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
viruses
virusesviruses
viruses
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
FCS Presentation.pptx
FCS Presentation.pptxFCS Presentation.pptx
FCS Presentation.pptx
 
Computer Introduction-Lecture04
Computer Introduction-Lecture04Computer Introduction-Lecture04
Computer Introduction-Lecture04
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
Malware by Ms. Allwood
Malware by Ms. AllwoodMalware by Ms. Allwood
Malware by Ms. Allwood
 
computer virus Report
computer virus Reportcomputer virus Report
computer virus Report
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakraborty
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
virus
virusvirus
virus
 

More from DHANABALSUBRAMANIAN

More from DHANABALSUBRAMANIAN (15)

unit 2.ppt
unit 2.pptunit 2.ppt
unit 2.ppt
 
Unit --3.ppt
Unit --3.pptUnit --3.ppt
Unit --3.ppt
 
Unit 4.ppt
Unit 4.pptUnit 4.ppt
Unit 4.ppt
 
Unit 1.ppt
Unit 1.pptUnit 1.ppt
Unit 1.ppt
 
Unit -- 5.ppt
Unit -- 5.pptUnit -- 5.ppt
Unit -- 5.ppt
 
Unit 3.ppt
Unit 3.pptUnit 3.ppt
Unit 3.ppt
 
Unit 5.ppt
Unit 5.pptUnit 5.ppt
Unit 5.ppt
 
Unit - 3.ppt
Unit - 3.pptUnit - 3.ppt
Unit - 3.ppt
 
unit -1.ppt
unit -1.pptunit -1.ppt
unit -1.ppt
 
Unit -2.ppt
Unit -2.pptUnit -2.ppt
Unit -2.ppt
 
OS UNIT1.pptx
OS UNIT1.pptxOS UNIT1.pptx
OS UNIT1.pptx
 
OS UNIT2.ppt
OS UNIT2.pptOS UNIT2.ppt
OS UNIT2.ppt
 
OS Unit5.pptx
OS Unit5.pptxOS Unit5.pptx
OS Unit5.pptx
 
OS UNIT4.pptx
OS UNIT4.pptxOS UNIT4.pptx
OS UNIT4.pptx
 
OS UNIT3.pptx
OS UNIT3.pptxOS UNIT3.pptx
OS UNIT3.pptx
 

Recently uploaded

ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayMakMakNepo
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 

Recently uploaded (20)

ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Quarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up FridayQuarter 4 Peace-education.pptx Catch Up Friday
Quarter 4 Peace-education.pptx Catch Up Friday
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 

Cryptography and Network Security: Understanding Malicious Threats

  • 2. Viruses and Other Malicious Content  computer viruses have got a lot of publicity  one of a family of malicious software  effects usually obvious  have figured in news reports, fiction, movies (often exaggerated)  getting more attention than deserve  are a concern though
  • 4. Backdoor or Trapdoor  secret entry point into a program  allows those who know access bypassing usual security procedures  have been commonly used by developers  a threat when left in production programs allowing exploited by attackers  very hard to block in O/S  requires good s/w development & update
  • 5. Logic Bomb  one of oldest types of malicious software  code embedded in legitimate program  activated when specified conditions met  eg presence/absence of some file  particular date/time  particular user  when triggered typically damage system  modify/delete files/disks, halt machine, etc
  • 6. Trojan Horse  program with hidden side-effects  which is usually superficially attractive  eg game, s/w upgrade etc  when run performs some additional tasks  allows attacker to indirectly gain access they do not have directly  often used to propagate a virus/worm or install a backdoor  or simply to destroy data
  • 7. Zombie  program which secretly takes over another networked computer  then uses it to indirectly launch attacks  often used to launch distributed denial of service (DDoS) attacks  exploits known flaws in network systems
  • 8. Viruses  a piece of self-replicating code attached to some other code  cf biological virus  both propagates itself & carries a payload  carries code to make copies of itself  as well as code to perform some covert task
  • 9. Virus Operation  virus phases:  dormant – waiting on trigger event  propagation – replicating to programs/disks  triggering – by event to execute payload  execution – of payload  details usually machine/OS specific  exploiting features/weaknesses
  • 10. Virus Structure program V := {goto main; 1234567; subroutine infect-executable := {loop: file := get-random-executable-file; if (first-line-of-file = 1234567) then goto loop else prepend V to file; } subroutine do-damage := {whatever damage is to be done} subroutine trigger-pulled := {return true if condition holds} main: main-program := {infect-executable; if trigger-pulled then do-damage; goto next;} next: }
  • 11. Types of Viruses  can classify on basis of how they attack  parasitic virus  memory-resident virus  boot sector virus  stealth  polymorphic virus  metamorphic virus
  • 12. Macro Virus  macro code attached to some data file  interpreted by program using file  eg Word/Excel macros  esp. using auto command & command macros  code is now platform independent  is a major source of new viral infections  blur distinction between data and program files  classic trade-off: "ease of use" vs "security”  have improving security in Word etc  are no longer dominant virus threat
  • 13. Email Virus  spread using email with attachment containing a macro virus  cf Melissa  triggered when user opens attachment  or worse even when mail viewed by using scripting features in mail agent  hence propagate very quickly  usually targeted at Microsoft Outlook mail agent & Word/Excel documents  need better O/S & application security
  • 14. Worms  replicating but not infecting program  typically spreads over a network  cf Morris Internet Worm in 1988  led to creation of CERTs  using users distributed privileges or by exploiting system vulnerabilities  widely used by hackers to create zombie PC's, subsequently used for further attacks, esp DoS  major issue is lack of security of permanently connected systems, esp PC's
  • 15. Worm Operation  worm phases like those of viruses:  dormant  propagation • search for other systems to infect • establish connection to target remote system • replicate self onto remote system  triggering  execution
  • 16. Morris Worm  best known classic worm  released by Robert Morris in 1988  targeted Unix systems  using several propagation techniques  simple password cracking of local pw file  exploit bug in finger daemon  exploit debug trapdoor in sendmail daemon  if any attack succeeds then replicated self
  • 17. Recent Worm Attacks  new spate of attacks from mid-2001  Code Red - used MS IIS bug  probes random IPs for systems running IIS  had trigger time for denial-of-service attack  2nd wave infected 360000 servers in 14 hours  Code Red 2 - installed backdoor  Nimda - multiple infection mechanisms  SQL Slammer - attacked MS SQL server  Sobig.f - attacked open proxy servers  Mydoom - mass email worm + backdoor
  • 18. Worm Techology  multiplatform  multiexploit  ultrafast spreading  polymorphic  metamorphic  transport vehicles  zero-day exploit
  • 19. Virus Countermeasures  best countermeasure is prevention  but in general not possible  hence need to do one or more of:  detection - of viruses in infected system  identification - of specific infecting virus  removeal - restoring system to clean state
  • 20. Anti-Virus Software  first-generation  scanner uses virus signature to identify virus  or change in length of programs  second-generation  uses heuristic rules to spot viral infection  or uses crypto hash of program to spot changes  third-generation  memory-resident programs identify virus by actions  fourth-generation  packages with a variety of antivirus techniques  eg scanning & activity traps, access-controls  arms race continues
  • 21. Advanced Anti-Virus Techniques  generic decryption  use CPU simulator to check program signature & behavior before actually running it  digital immune system (IBM)  general purpose emulation & virus detection  any virus entering org is captured, analyzed, detection/shielding created for it, removed
  • 23. Behavior-Blocking Software  integrated with host O/S  monitors program behavior in real-time  eg file access, disk format, executable mods, system settings changes, network access  for possibly malicious actions  if detected can block, terminate, or seek ok  has advantage over scanners  but malicious code runs before detection
  • 24. Distributed Denial of Service Attacks (DDoS)  Distributed Denial of Service (DDoS) attacks form a significant security threat  making networked systems unavailable  by flooding with useless traffic  using large numbers of “zombies”  growing sophistication of attacks  defense technologies struggling to cope
  • 25. Distributed Denial of Service Attacks (DDoS)
  • 26. Contructing the DDoS Attack Network  must infect large number of zombies  needs: 1. software to implement the DDoS attack 2. an unpatched vulnerability on many systems 3. scanning strategy to find vulnerable systems  random, hit-list, topological, local subnet
  • 27. DDoS Countermeasures  three broad lines of defense: 1. attack prevention & preemption (before) 2. attack detection & filtering (during) 3. attack source traceback & ident (after)  huge range of attack possibilities  hence evolving countermeasures
  • 28. Summary  have considered:  various malicious programs  trapdoor, logic bomb, trojan horse, zombie  viruses  worms  countermeasures  distributed denial of service attacks