Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • nslookup is a computer program used in Windows and Unix to query Domain Name System (DNS) servers to find DNS details, including IP addresses of a particular computer, MX records for a domain and the NS servers of a domain. The name nslookup means "name server lookup". a DNS query tool for Windows and replacement for nslookupdig (domain information groper) is a flexible tool (for Windows) for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig. Nmap is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich).[1]Nmap is a "Network Mapper", used to discover computers and services on a computer network, thus creating a "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services on a network despite the fact that such services aren't advertising themselves with a service discovery protocol. In addition Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card.pcAnywhere is a pair of computer programs by Symantec which allows a user of the pcAnywhere remote program on a computer to connect to a personal computer running the pcAnywhere host if both are connected to the internet or the same LAN and the password is known. pcAnywhere runs on several platforms, including Microsoft Windows, Linux, Mac OS X, and Pocket PC.DameWareNT Utilities (DNTU) is an enterprise system management application for Windows NT/2000/XP/2003/Vista which is designed to allow Administrators to have more control over client computers than with Microsoft's Management Console (MMC). DNTU provides an integrated collection of MicrosoftWindows NT administration utilities, incorporated within an "easy to use" centralized interface for remote management of Windows servers and workstationsSecurity defects in DamewareVersions of DameWare Mini Remote Control prior to 2004 could be exploited by an attacker to take over control of a remote machine. The exploit used a buffer overflow in the DameWare code. This security defect was actively used by attackers.[2]Although this problem was reported as fixed in 2004, a similar problem was reported and confirmed in 2005.[3]
  • A simple virus is easily detected because an infected version of a program is longer than the corresponding uninfected one. A way to thwart this is to compress the executable file so that both the infected and uninfected versions are of identical length.
  • Mitppt

    1. 1. ADDITIONAL ASSIGNMENT By Aarti Kulshrestha 11D383
    3. 3. COMPUTER SECURITY CONCEPTS Computer Security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (i.e. hardware, software, firmware, information/data, and telecommunications)  Integrity - Assets can be modified by authorized parties only  Availability - Assets be available to authorized parties  Confidentiality - Requires information in a computer system only be accessible by authorized parties. Individuals set their own privacy requirements. Addl. requirements:  Authenticity - Requires that a computer system be able to verify the identity of a user  Accountability - Requires the detection and tracing of a security breach to a responsible party.
    6. 6. COMMUNICATION LINES AND NETWORKS Passive Attacks  Release of message contents - a telephone conversation, an electronic mail message, a transferred file, etc.  Traffic analysis - encryption can mask the contents but message size, transmission frequency, location and id of communicating hosts can still be extracted
    7. 7. COMMUNICATION LINES AND NETWORKS Active Attacks  Replay : passive capture of a data unit and its retransmission to produce an unauthorized effect  Masquerade : one entity pretends to be a different entity (e.g. try to login as someone else)  Modification of messages some portion of a legitimate message is altered, or messages are delayed or reordered  Denial of service prevents or inhibits the normal use or management of communications facilities (Disable or overload with messages)
    8. 8. INTRUDER BEHAVIOR PATTERNS Hackers Criminals Insider attacks
    9. 9. MALICIOUS SOFTWARE (MALWARE) Backdoor (Trapdoor)  Entry point into a program that allows someone who is aware of trapdoor to gain access Anyone watched the movie War Games ?  used by programmers to be able to debug and test programs while skipping a lengthy setup/authentication process during development   Avoids necessary setup and authentication Ensures that there is a method of activating program if something wrong with the authentication procedure Logic Bomb  Code embedded in a legitimate program that is set to ―explode‖ when certain conditions are met  • Presence or absence of certain files, particular day of the week, particular user running application One of the oldest types of program threat, predating viruses and worms Trojan Horse  Useful program that contains hidden code that when invoked performs some unwanted or harmful function  Can be installed through software downloads, bundling, email attachments, websites with executable content, etc. Trojan-type malware is on the rise, accounting for 83percent of the global malware.
    10. 10. VIRUSES Program that can ―infect‖ other programs by modifying them in such a way that the infected program can infect other programs Virus Stages • Dormant phase: Virus is idle • Propagation phase: Virus places an identical copy of itself into other programs or into certain system areas on the disk • Triggering phase: Virus is activated to perform the function (usually harmful) • Execution phase: Function is performed Macro Viruses • macro - an executable program embedded in a word document or other type of file • Easily spread; platform independent; infects documents, not the .exe E-mail Virus • Activated when recipient opens the e-mail attachment (e.g. Melissa virus). A new version that came out in 1999 was activated by opening the e-mail itself. • Sends itself to everyone on the mailing list of the infected user Any virus stories?
    12. 12. ** HERE VIRUSES Classification by Target  Boot sector infector - Infects boot record and spreads when system is booted from the disk containing the virus  File infector - Infects executable files  Macro virus - Infects files with macro code that is interpreted by an application Classification by concealment strategy  Encrypted virus – a portion of the virus encrypts its main body and stores the key with itself. When an infected program is executed, the virus decrypt itself and then replicates. At each replication, a different random key is selected making the detection more difficult.  Stealth - Designed to hide itself from detection by antivirus software. May use compression  Polymorphic - Mutates with every infection, making detection by the ―signature‖ of the virus impossible  Metamorphic – same as polymorphic, but rewrites itself completely making the detection even more difficult. May change functionality as well as appearance.
    13. 13. MALICIOUS SOFTWARE (CONT.) Worms Exhibits similar characteristics as an e-mail virus, but worm does not need a host program and it is not passive, it actively seeks out more machines to infect via Electronic mail facility: A worm mails a copy of itself to other systems  Remote execution: A worm executes a copy of itself on another system  Remote log-in: A worm logs on to a remote system as a user and then copies itself from one system to the other  Bots (Zombie or drone) Program that secretly takes over another Internet-attached computer and uses it to launch attacks that are difficult to trace to the bot’s creator  planted on hundreds of computers belonging to unsuspecting third parties and then used to overwhelm a target Web site by launching an overwhelming onslaught of Internet traffic  The collection of bots acting in a coordinated manner is called botnet  Uses of Bots  DDoS (Distributed Denial of Service attacks), spamming, sniffing traffic on a compromised machine, keylogging, spreading new malware, manipulating online polls/games/clicks for ads (every bot has a distinct IP address), etc.
    14. 14. B OTS Bots (Zombie or drone)  Program that secretly takes over another Internet-attached computer and uses it to launch attacks that are difficult to trace to the bot’s creator Remote Control Facility A worm propagates and activates itself, whereas a bot is controlled from a central facility  Once a communication path is established, the control module can activate the bots in host machines (which are taken hostage). For greater flexibility, the control module can instruct the bots to download a file from an internet site and execute it. This way, a bot can be used for different kinds of attacks.  Constructing the Attack Network 3 things needed: (1) attack software (2) a large number of vulnerable machines (3) locating these machines (scanning or fingerprinting). Scanning is generally done in a nested (or recursive) manner. Scanning strategies: Random – check random IP addresses for vulnerability (generates suspicious internet traffic)  Hit list – a long list is compiled a priori. Each infected machine is given a partial list to infect generates less internet traffic and therefore makes it more difficult to detect.  Topological – uses information contained on an infected machine to find more hosts to scan  Local subnet – if a host could be infected behind a firewall, that host could be used to infect others on the same subnet (all behind the same firewall). 
    15. 15. ROOTKITS Rootkit  Malware which consists of a set of programs designed to take fundamental control of a computer system and hide the fact that a system has been compromised  Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard OS security mechanisms.  Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the OS Often, they are Trojans as well, thus fooling users into believing they are safe to run on their systems.  Rootkits may also install a "back door" in a system by replacing the login mechanism (such as /bin/login) with an executable that steals a login combination, which is used to access the system illegally.   With root access, an attacker has complete control of the system to do anything Rootkit Installation Usually via a Trojan horse. A user is induced to load a Trojan horse which then installs the rootkit.  Another means of rootkit installation is by hacker activity which is a rather lengthy process. 
    19. 19.   Best Tips to Defend Yourself against Viruses and Worms You must safeguard your PC. Following these basic rules will help you protect you and your family whenever you go online.  Protect your computer with strong security software and keep it updated. McAfee Total Protection provides proven PC protection from Trojans, hackers, and spyware. Its integrated anti-virus, anti-spyware, firewall, antispam, anti-phishing, and backup technologies work together to combat today’s advanced multi-faceted attacks. It scans disks, email attachments, files downloaded from the web, and documents generated by word processing and spreadsheet programs.  Use a security conscious Internet service provider (ISP) that implements strong anti-spam and anti-phishing procedures. The SpamHaus organization lists the current top10 worst ISPs in this category—consider this when making your choice.
    20. 20.       Enable automatic Windows updates, or download Microsoft updates regularly, to keep your operating system patched against known vulnerabilities Install patches from other software manufacturers as soon as they are distributed. A fully patched computer behind a firewall is the best defense against Trojan and spyware installation. Use great caution when opening attachments. Configure your anti-virus software to automatically scan all email and instant message attachments. Make sure your email program doesn’t automatically open attachments or automatically render graphics, and ensure that the preview pane is turned off. Never open unsolicited emails, or attachments that you’re not expecting—even from people you know.
    21. 21.  Be careful when using P2P file sharing. Trojans hide within file-sharing programs waiting to be downloaded. Use the same precautions when downloading shared files that you do for email and instant messaging. Avoid downloading files with the extensions.exe, .scr, .lnk, .bat, .vbs, .dll, .bin, and .cmd.  Use security precautions for your PDA, cell phone, and Wi-Fi devices. Viruses and Trojans arrive as an email/IM attachment, are downloaded from the Internet, or are uploaded along with other data from a desktop.  Cell phone viruses and mobile phishing attacks are in the beginning stages, but will become more common as more people access mobile multimedia services and Internet content directly from their phones.  Mobile Anti-Virus software for a selected devices is available for free with some McAfee PC products.  Always use a PIN code on your cell phone and never install or download mobile software from a un-trusted source.
    22. 22. Configure your instant messaging application correctly. Make sure it does not open automatically when you fire up your computer.  Beware of spam-based phishing schemes. Don’t click on links in emails or IM.  Back up your files regularly and store the backups somewhere besides your PC. If you fall victim to a virus attack, you can recover photos, music, movies, and personal information like tax returns and bank statements.  Stay aware of current virus news by checking sites like McAfee Labs Threat Cente 
    23. 23. Thank you