2. Outlines
īŽ Security threats
īŽ Types of threats
īŽ Natural threat
īŽ Man-made threat
īŽ Network Security Threats
īŽ Privacy and Internet
īŽ New emerging technologies
2
3. Threat
īŽ In computer security a threat is a possible danger that
might exploit a vulnerability to breach security and
therefore cause possible harm.
īŽ A threat can be either "intentional" (i.e. hacking: an
individual cracker or a criminal organization) or
"accidental" (e.g. the possibility of a computer
malfunctioning, or the possibility of a natural disaster
such as an earthquake, a fire, or a tornado ,hurricane) or
otherwise a circumstance, capability, action, or event.
3
4. Threat classification
īŽ Threats can be classified according to their type and
origin
īŽ Physical damage: fire, water, pollution
īŽ Natural events: climatic, seismic, volcanic
īŽ Loss of essential services: electrical power, air conditioning,
telecommunication
īŽ Compromise of information: eavesdropping(spying), theft of
media, retrieval of discarded materials
īŽ Technical failures: equipment, software, capacity saturation,
īŽ Compromise of functions: error in use, abuse of rights,
denial of actions
4
5. Threat communities
īŽ Subsets of the overall threat agent population
that share key characteristics. The notion of
threat communities is a powerful tool for
understanding who and what weâre up against as
we try to manage risk
īŽ If the organization were to come under attack,
what components of the organization would be
likely targets? For example, how likely is it that
terrorists would target the company information
or systems?
5
6. īŽ The following threat communities are examples of the
human malicious threat landscape many organizations
face:
īŽ Insiders(Internal)
īŽ Employees
īŽ Contractors (and vendors)
īŽ Partners
Threat communitiesâĻ
6
8. 2.3 Malicious Code(Malware)
īŽ Malicious code (also known as a rogue program or
malware) is a software written to intentionally cause
unanticipated or undesirable effects.
īŽ Malicious code can do anything that as a ânormalâ
program can do
īŽ Malicious Code can damage:-
īŽ Data
īŽ Other program
īŽ Malicious code was âdefinedâ by Cohen in 1984 but
virus behavior has been known since at least 1970.
8
9. Hackers
īŽ A hacker is an individual who uses computer, networking
or other skills to overcome a technical problem.
īŽ The term hacker may refer to anyone with technical
skills, but it often refers to a person who uses his or her
abilities to gain unauthorized access to systems or
networks in order to commit crimes.
9
10. Types of hackers
The types of hackers are
īŽ white hat hacker
īŽ Motives: A desire to help businesses, along with a passion for
finding holes in security networks.
īŽ grey hat hacker
īŽ Grey Hat hackers have all the skills of a Black and a White
Hat hacker. The difference is, they donât care about stealing
from people, nor do they particularly want to help people.
īŽ Nothing in life is black and white, and neither is hacking.
īŽ Motives: Personal enjoyment.
īŽ black hat hacker.
īŽ Motives: Financial gain.
10
11. īŽ Blue Hat
īŽ Vengeful and aggressive in every way- but only if you create them.
īŽ Motives: Revenge.
īŽ Red Hat
īŽ The caped crusaders of the cyber world.
īŽ To put a stop to people they know to be Black Hat hackers
īŽ Motives: Vigilante justice.
īŽ Green Hat
īŽ Baby hackers taking their first steps in the cyber world.
īŽ Motives: Learning to be full blown hackers(learn how to hack)
īŽ Script Kiddie
īŽ This is something of an âodd one outâ, since itâs neither a hat or a colour!
But a Script Kiddie can still cause problems, no matter how innocent the
name sounds.
īŽ Motives: Causing chaos and disruption.
11
Types of hackers
12. Common forms of malware
Virus, Trojan horse and worm are the most common types of malware.
12
13. Virus
īŽ A hidden, self-replicating section of computer software,
usually malicious logic, that propagates by infecting
another program or system memory
īŽ Viruses can be divided in to two groups
īŽ Transient virus is active only when its host program is active
īŽ Resident virus establishes itself in the computerâs memory
and can remain active without its host.
Common forms of malwareâĻ
13
14. Worm
īŽ A computer program that can run independently, can propagate a
complete working version of itself on to other hosts in a network,
and may consume computer resources destructively.
Trojan horse
īŽ A computer program that appears to have a useful function but
also has a hidden and malicious purpose that evades security
mechanism, sometimes by exploiting the legitimating
authorizations of the user who invokes the program
Example: you downloaded a game app for your smart phone, when
you launch the app, you will able to play the game but the app is
secretly made copies of your contacts list and transfer information to
the remote server.
Common forms of malwareâĻ
14
15. Other types of malware
Zombie
īŽ A malicious software that enables a computer to be
controlled by a remote master machine
Logic bomb
īŽ Malicious program logic that activates when specified
conditions are met.
Time bomb
īŽ A type of logic bomb that activates at a specific
date/time
15
16. Rabbit
īŽ A virus or worm that replicates itself without limit to
exhaust system resources
Trapdoor/backdoor
īŽ A hidden computer flaw to an intruder, a hidden
malicious software installed by intruder.
(Java)Script attack
īŽ Malicious software written in a scripting language that
is downloaded when a user loads a webpage.
Other types of malwareâĻ
16
17. Hiding a virus
īŽ Viruses can be hidden in many places i.e. in:
īŽ boot sector
īŽ memory
īŽ application programs
īŽ library files(e.g .dll files)
īŽ other widely shared files and programs
17
18. 2.5 Network security attacks
īŽ Network advantages
īŽ Resource sharing
īŽ Distribution of workload
īŽ Increased reliability
īŽ easy expandability and scalability
18
19. Network vulnerability
īŽ Several characteristics make networks vulnerable to
attack, including:
īŽ Anonymity
īŽ Many point of attack
īŽ Resource and workload sharing
īŽ Network architecture is complex
īŽ Networks have unknown boundary
Example: wireless node
19
20. Types of network security attacks
Network Treat can affect both hardware & software
īŽ Hardware threats involve four types of threats
īŽ Physical
īŽ Electrical
īŽ Environmental
īŽ Maintenance
20
21. Software treats
Adversary
īŽ An adversary (a person/hacker/cracker who is interested
in attacking your network) can use any kind of attack to
threat the network infrastructures.
īŽ A network may face several other attacks from
adversary while achieving above goals. In following
section, it includes some most common attacks
21
23. Computer Software Security threats
Reconnaissance Attack (Investigation)
īŽ In this kind of attack, an adversary collects as much
information about your network as he needed for other
attacks.
īŽ This information includes IP address range, server
location, running OS, software version, types of devices
etc.
īŽ Packet capturing software, Ping command, trace root
command, who is lookup are some example tools which
can be used to collect this information. Adversary will
use this information in mapping your infrastructure for
next possible attack.
23
24. Passive attack
īŽ In this attack an adversary deploys a sniffer tool and
waits for sensitive information to be captured. This
information can be used for other types of attacks.
īŽ It includes packet sniffer tools, traffic analysis
software, filtering clear text passwords from
unencrypted traffic and seeking authentication
information from unprotected communication. Once an
adversary found any sensitive or authentication
information, he will use that without the knowledge of
the user.
Computer Software Security threatsâĻ
24
25. Active Attack
īŽ In this attack an adversary does not wait for any
sensitive or authentication information. He actively tries
to break or bypass the secured systems.
īŽ It includes viruses, worms, Trojan horses, stealing
login information, inserting malicious code and
penetrating network backbone. Active attacks are the
most dangerous in natures. It results in disclosing
sensitive information, modification of data or complete
data lost.
Computer Software Security threat âĻ
25
26. Distributed Attack
īŽ In this attack an adversary hides malicious code in
trusted software. Later this software is distributed to
many other users through the internet without their
knowledge. Once end user installs infected software, it
starts sending sensitive information to the adversary
silently. Pirated software is heavily used for this
purpose.
Computer Software Security threatâĻ
26
27. Insider Attack
īŽ According to a survey more than 70% attacks are
insider. Insider attacks are divided in two categories;
intentionally and accidentally.
īŽ In intentionally attack, an attacker intentionally damage
network infrastructure or data. Usually intentionally
attacks are done by disgruntled or frustrated employees
for money or revenge.
īŽ In accidentally attack, damages are done by the
carelessness or lack of knowledge.
Computer Software Security threatsâĻ
27
28. Hijacking
īŽ This attack usually takes place between running
sessions. Hacker joins a running session and silent
disconnects other party. Then he starts communicating
with active parties by using the identity of disconnected
party.
īŽ Active party thinks that he is talking with original party
and may send sensitive information to the adversary.
Computer Software Security threatsâĻ
28
29. Phishing
īŽ Phishing attack is gaining popularity from last couple of
years. In this attack an adversary creates fake email
address or website which looks like a reputed mail
address or popular site. Later attacker sends email using
their name. These emails contain convincing message,
some time with a link that leads to a fake site. This fake
site looks exactly same as original site. Without
knowing the truth user tries to log on with their account
information, hacker records this authentication
information and uses it on real site.
Computer Software Security threat
29
30. Spoofing
īŽ In this kind of attack an adversary changes the sources
address of packet so receiver assumes that packet
comes from someone else. This technique is typically
used to bypass the firewall rules.
Computer Software Security threat
30
31. Buffer overflow attack
īŽ This attack is part of DoS technique. In this attack an
adversary sends more data to an application than its
buffer size. It results in failure of service. This attack is
usually used to halt a service or server.
Computer Software Security threat
31
32. Exploit attack
īŽ Exploit attack is used after Reconnaissance attack. Once
an attacker learned from reconnaissance attack that
which OS or software is running on target system, he
starts exploiting vulnerability in that particular software
or OS.
Computer Software Security threat
32
33. Packet capturing attack
īŽ This attack is part of passive attack. In this attack an
attacker uses a packet capturing software which
captures all packets from wire. Later he extracts
information from these packets. This information can be
used to deploy several kinds of other attacks.
Computer Software Security threat
33
34. Ping sweep attack
īŽ In this attack an attacker pings all possible IP addresses
on a subnet to find out which hosts are up. Once he
finds an up system, he tries to scan the listening ports.
īŽ From listing ports he can learn about the type of
services running on that system. Once he figures out the
services, he can try to exploit the vulnerabilities
associated with those services.
Computer Software Security threat
34
35. DNS Query attack
īŽ DNS queries are used to discover information about
public server on the internet. All OS includes the tool
for DNS queries such as lookup in Windows, Dig and
Host in Linux.
īŽ These tools query a DNS server for information about
specified domain. DNS server respond with internal
information such as Server IP address, Email Server,
technical contacts etc. An adversary can use this
information in phishing or ping attack.
Computer Software Security threat
35
36. MiTM attacks
īŽ In this attack an adversary captures data from middle of
transmission and changes it, then send it again to the
destination. Receiving person thinks that this message
came from original source.
īŽ For example in a share trading company Jack is sending
a message to Rick telling him to hold the shares. An
adversary intercepts this message in way that it looks
like Jack is telling for sell. When Rick receives this
message, he will think that Jack is telling for the sell and
he will sell the shares. This is known as Man in the
middle attack.
Computer Software Security threat
36
37. Botnets
īŽ Botnets are armies of remote-controlled devices used
for the purpose of sending spam (including Phishing
scams), propagating malware and launching DDoS
attacks.
īŽ Botnets are the master-mover of most cyber security
threats in terms of the scope of damage they cause in
CSP networks across the globe
Computer Software Security threat
37
38. 2.6 What is Denial of Service(DOS)?
ī Denial of service(DOS) is an attack on availability of
network resources
ī Dos attacks can be initiated in many ways, including
īŽ Transmission failure
īŽ Traffic redirection
īŽ DNS attack
īŽ Connection flooding
38
39. Connection flooding
īŽ Connection flooding attack seeks to negatively affect
the availability of a network resource by exhausting or
overwhelming the capacity of a communication channel
39
40. Types of connection flooding attacks
īŽ There are five main connection flooding attacks.
īŽ Echo chargen attack
īŽ Ping of death attack
īŽ Smuf attack
īŽ SYN flood attack
īŽ Teardrop attack
40
45. īŽ In SYN flooding attack implementation of three-way
handshake of the TCP/IP protocol is exploited
īŽ In three-way handshake
(1) first the client sends a SYN packet to the server,
(2) server then responds with a SYN-ACK.
(3) then the client responds to this SYN-ACK and
handshake is completed and data transfer starts. In SYN
flood attack the attacker does not respond to the
45
SYN flood attack
48. Distributed Denial of Service(DDOS) attack
īŽ In a distributed denial of service,an attacker uses any
convenient method to distribute a Trojan horse to as
many target machines as possible.
īŽ After choosing a victim, a signal is transmitted from the
attacker to each zombie machine to initiate the attack
īŽ The Trojan horse on each machine then launches a
denial of service on the target
48
50. Intrusion Detection System
īŽ It is better to prevent an attack than to detect it after it
has already succeeded.
īŽ Intrusion detection System is a device that monitors
system activities with a view toward detecting malicious
and suspicious events.
īŽ Intrusion detection system attempt to detect:
īŽ Outsiders breaking into a system
īŽ Insiders attempting to perform unappropriate actions
50
51. Intrusion detection system methodologies
Common terms associated with the use of intrusion detection
systems:
Anomaly
īŽ Refers to abnormal or unusual behavior that is occurring in the network
Misuse
īŽ Refers to an activity that violets the network or system security policy
Intrusion
īŽ Refers to a situation the system or network is being misused either by
insiders or outsiders
Audit
īŽ Refers to action of the user or system is evaluated or ananized
Profiling
īŽ Refers to the process of observing legitimate users or the system
in ordrer to establish a model of normanl behavior
51
53. Goals of Intrusion Detection System
Intrusion detection systems have two primary goals
1. Detect all attacks correctly
īŽ Avoid false positives (false alarm)
īŽ Avoid false negatives
2. Monitor systems effectively with minimal overhead
and performance degradation
53
54. 2.9 Method-Opportunity-Motive
Attackers need MOM
Method
īŽ Skill, knowledge, tools, etc. with which to attempt an attack
Opportunity
īŽ Time and access to attempt an attack
Motive
īŽ A reason to attempt an attack
54
56. 2.9 Method of defense
Six approaches to defense computing system
1. Prevent attack
īŽ Block attack/close vulnerability
2. Deter attack
īŽ Make attack harder(we canât make it impossible)
3. Deflect attack
īŽ Make another target more attractive than this target
4. Mitigate attack
īŽ Make the impact of attack less serve
5 Detect attack
īŽ During or after
6. Recover from attack
56
57. Privacy and the Internet
ī For many people , the Internet represents the greatest
threat to the personal privacy.
ī Internet-based threats to privacy abound, and include:-
īŽ Social networks
īŽ Online payments
īŽ Website registrations
īŽ Preference tracking
īŽ Targeted advertising
īŽ Contests , prizes and special offers
īŽ Cookies
īŽ Spyware and adware
57
58. Privacy and email
īŽ Email messages are highly exposed as the travel across
the Internet. Hence represent serous threat to personal
privacy.
īŽ By default email messages are not encrypted.as such
email privacy can be compromised at any point while an
email message is in transit.
īŽ Email anonymity
īŽ Although the name and email address of the sender of
an email message can be readily forged, the IP and
MAC address of the source are contained in the packet
stream. Thus limiting email anonymity
58
59. īŽ To send an email message anonymously, a user may
choose to sent a message by way of a remailer
īŽ Threats to email privacy include:-
īŽ Interception of email messages
īŽ Monitoring of email messages
59
Privacy and emailâĻ..
60. Privacy and emerging technologies
īŽ The rapid development and adoption of new
information and communication technologies implies a
need to evaluate and consider those technologies from
security perspective.
īŽ Emerging technologies with serious privacy implications include:
īŽ Radio frequency Identification (RFID) Tags
īŽ Small inexpensive devices which of uniquely identifiable from distance
īŽ Voice over IP (VoIP)
īŽ Electronic voting
īŽ Location-based services
īŽ Smart phones have gps capabilities
60