SlideShare a Scribd company logo

Ch03 Network and Computer Attacks

Download as PPT, PDF
P
phanleson

Network and Computer Attacks

EducationNews & Politics
1 of 45
Hands-On EthicalHands-On Ethical Hacking and NetworkHacking and Network DefenseDefense Chapter 3Chapter 3 Network and Computer AttacksNetwork and Computer Attacks
2 ObjectivesObjectives Describe the different types of maliciousDescribe the different types of malicious softwaresoftware Describe methods of protecting againstDescribe methods of protecting against malware attacksmalware attacks Describe the types of network attacksDescribe the types of network attacks Identify physical security attacks andIdentify physical security attacks and vulnerabilitiesvulnerabilities
3 Malicious Software (Malware)Malicious Software (Malware) Network attacks prevent a business fromNetwork attacks prevent a business from operatingoperating Malicious software (Malware) includesMalicious software (Malware) includes  VirusVirus  WormsWorms  Trojan horsesTrojan horses GoalsGoals  Destroy dataDestroy data  Corrupt dataCorrupt data  Shutdown a network or systemShutdown a network or system
4 VirusesViruses Virus attaches itself to an executable fileVirus attaches itself to an executable file Can replicate itself through an executableCan replicate itself through an executable programprogram  Needs a host program to replicateNeeds a host program to replicate No foolproof method of preventing themNo foolproof method of preventing them
5 Antivirus SoftwareAntivirus Software Detects and removes virusesDetects and removes viruses Detection based on virus signaturesDetection based on virus signatures Must update signature database periodicallyMust update signature database periodically Use automatic update featureUse automatic update feature
6
7 Base 64 EncodingBase 64 Encoding Used to evade anti-spam tools, and toUsed to evade anti-spam tools, and to obscure passwordsobscure passwords Encodes six bits at a time (0 – 64) with aEncodes six bits at a time (0 – 64) with a single ASCII charactersingle ASCII character  A - Z:A - Z: 0 – 250 – 25  a – z:a – z: 26 – 5126 – 51  1 – 9:1 – 9: 52 – 6152 – 61  + and -+ and - 62 and 6362 and 63 See links Ch 3a, 3bSee links Ch 3a, 3b
8 Viruses (continued)Viruses (continued) Commercial base 64 decodersCommercial base 64 decoders ShellShell  Executable piece of programming codeExecutable piece of programming code  Should not appear in an e-mail attachmentShould not appear in an e-mail attachment
9 Macro VirusesMacro Viruses Virus encoded as a macroVirus encoded as a macro MacroMacro  Lists of commandsLists of commands  Can be used in destructive waysCan be used in destructive ways Example: MelissaExample: Melissa  Appeared in 1999Appeared in 1999  It is very simple – see link Ch 3c for sourceIt is very simple – see link Ch 3c for source codecode
10 Writing VirusesWriting Viruses Even nonprogrammersEven nonprogrammers can create macro virusescan create macro viruses  Instructions posted onInstructions posted on Web sitesWeb sites  Virus creation kits available forVirus creation kits available for download (see link Ch 3d)download (see link Ch 3d) Security professionals can learnSecurity professionals can learn from thinking like attackersfrom thinking like attackers  But don’t create and release a virus!But don’t create and release a virus! People get long prison terms for that.People get long prison terms for that.
11 WormsWorms WormWorm  Replicates and propagates without a hostReplicates and propagates without a host Infamous examplesInfamous examples  Code RedCode Red  NimdaNimda Can infect every computer in the world inCan infect every computer in the world in a short timea short time  At least in theoryAt least in theory
12 ATM Machine WormsATM Machine Worms  Cyberattacks against ATM machinesCyberattacks against ATM machines  Slammer and Nachi wormsSlammer and Nachi worms  Trend produces antivirus for ATM machinesTrend produces antivirus for ATM machines See links Ch 3g, 3h, 3iSee links Ch 3g, 3h, 3i  Nachi was written to clean up damage causedNachi was written to clean up damage caused by the Blaster worm, but it got out of controlby the Blaster worm, but it got out of control See link Ch 3jSee link Ch 3j  Diebold was criticized for using Windows forDiebold was criticized for using Windows for ATM machines, which they also use on votingATM machines, which they also use on voting machinesmachines
13
14
15 Trojan ProgramsTrojan Programs Insidious attack against networksInsidious attack against networks Disguise themselves as useful programsDisguise themselves as useful programs  Hide malicious content in programHide malicious content in program BackdoorsBackdoors RootkitsRootkits  Allow attackers remote accessAllow attackers remote access
16 FirewallsFirewalls Identify traffic on uncommon portsIdentify traffic on uncommon ports Can block this type of attack, if yourCan block this type of attack, if your firewall filters outgoing trafficfirewall filters outgoing traffic  Windows XP SP2’s firewall does not filterWindows XP SP2’s firewall does not filter outgoing trafficoutgoing traffic  Vista’s firewall doesn’t either (by default),Vista’s firewall doesn’t either (by default), according to link Ch 3l and 3maccording to link Ch 3l and 3m Trojan programs can use known ports toTrojan programs can use known ports to get through firewallsget through firewalls  HTTP (TCP 80) or DNS (UDP 53)HTTP (TCP 80) or DNS (UDP 53)
17
18 Trojan DemonstrationTrojan Demonstration Make a file withMake a file with command-line Windowscommand-line Windows commandscommands Save it asSave it as C:Documents and SettingsC:Documents and Settings usernameusernamecmd.batcmd.bat Start, Run, CMD will execute this fileStart, Run, CMD will execute this file instead ofinstead of C:WindowsSystem32Cmd.exeC:WindowsSystem32Cmd.exe
19 Improved TrojanImproved Trojan Resets the administrator passwordResets the administrator password Almost invisible to userAlmost invisible to user Works in Win XP, but not so easy in VistaWorks in Win XP, but not so easy in Vista
20 SpywareSpyware Sends information from the infected computer toSends information from the infected computer to the attackerthe attacker  Confidential financial dataConfidential financial data  PasswordsPasswords  PINsPINs  Any other stored dataAny other stored data Can register each keystroke entered (keylogger)Can register each keystroke entered (keylogger) Prevalent technologyPrevalent technology Educate users about spywareEducate users about spyware
21 Deceptive Dialog BoxDeceptive Dialog Box
22 AdwareAdware Similar to spywareSimilar to spyware  Can be installed without the user being awareCan be installed without the user being aware Sometimes displays a bannerSometimes displays a banner Main goalMain goal  Determine user’s online purchasing habitsDetermine user’s online purchasing habits  Tailored advertisementTailored advertisement Main problemMain problem  Slows down computersSlows down computers
23 Protecting Against MalwareProtecting Against Malware AttacksAttacks Difficult taskDifficult task New viruses, worms, Trojan programsNew viruses, worms, Trojan programs appear dailyappear daily Antivirus programs offer a lot of protectionAntivirus programs offer a lot of protection Educate your users about these types ofEducate your users about these types of attacksattacks
24
25
26 Educating Your UsersEducating Your Users Structural trainingStructural training  Most effective measureMost effective measure  Includes all employees and managementIncludes all employees and management E-mail monthly security updatesE-mail monthly security updates  Simple but effective training methodSimple but effective training method Update virus signature databaseUpdate virus signature database automaticallyautomatically
27 Educating Your UsersEducating Your Users SpyBot and Ad-AwareSpyBot and Ad-Aware  Help protect against spyware and adwareHelp protect against spyware and adware  Windows Defender is excellent tooWindows Defender is excellent too FirewallsFirewalls  Hardware (enterprise solution)Hardware (enterprise solution)  Software (personal solution)Software (personal solution)  Can be combinedCan be combined Intrusion Detection System (IDS)Intrusion Detection System (IDS)  Monitors your network 24/7Monitors your network 24/7
28 FUDFUD Fear, Uncertainty and DoubtFear, Uncertainty and Doubt  Avoid scaring users into complying with securityAvoid scaring users into complying with security measuresmeasures  Sometimes used by unethical security testersSometimes used by unethical security testers  Against the OSSTMM’s Rules of EngagementAgainst the OSSTMM’s Rules of Engagement Promote awareness rather than instillingPromote awareness rather than instilling fearfear  Users should be aware of potential threatsUsers should be aware of potential threats  Build on users’ knowledgeBuild on users’ knowledge
29 Intruder Attacks on NetworksIntruder Attacks on Networks and Computersand Computers AttackAttack  Any attempt by an unauthorized person to access orAny attempt by an unauthorized person to access or use network resourcesuse network resources Network securityNetwork security  Security of computers and other devices in a networkSecurity of computers and other devices in a network Computer securityComputer security  Securing a standalone computer--not part of a networkSecuring a standalone computer--not part of a network infrastructureinfrastructure Computer crimeComputer crime  Fastest growing type of crime worldwideFastest growing type of crime worldwide
30 Denial-of-Service AttacksDenial-of-Service Attacks Denial-of-Service (DoS) attackDenial-of-Service (DoS) attack  Prevents legitimate users from accessingPrevents legitimate users from accessing network resourcesnetwork resources  Some forms do not involve computers, likeSome forms do not involve computers, like feeding a paper loop through a fax machinefeeding a paper loop through a fax machine DoS attacks do not attempt to accessDoS attacks do not attempt to access informationinformation  Cripple the networkCripple the network  Make it vulnerable to other type of attacksMake it vulnerable to other type of attacks
31 Testing for DoS VulnerabilitiesTesting for DoS Vulnerabilities Performing an attack yourself is not wisePerforming an attack yourself is not wise  You only need to prove that an attack couldYou only need to prove that an attack could be carried outbe carried out
32 Distributed Denial-of-ServiceDistributed Denial-of-Service AttacksAttacks Attack on a host from multiple servers orAttack on a host from multiple servers or workstationsworkstations Network could be flooded with billions ofNetwork could be flooded with billions of requestsrequests  Loss of bandwidthLoss of bandwidth  Degradation or loss of speedDegradation or loss of speed Often participants are not aware they areOften participants are not aware they are part of the attackpart of the attack  Attacking computers could be controlled usingAttacking computers could be controlled using Trojan programsTrojan programs
33 Buffer Overflow AttacksBuffer Overflow Attacks Vulnerability in poorly written codeVulnerability in poorly written code  Code does not check predefined size of inputCode does not check predefined size of input fieldfield GoalGoal  Fill overflow buffer with executable codeFill overflow buffer with executable code  OS executes this codeOS executes this code  Can elevate attacker’s permission toCan elevate attacker’s permission to Administrator or even KernelAdministrator or even Kernel Programmers need special training toProgrammers need special training to write secure codewrite secure code
34
35
36 Ping of Death AttacksPing of Death Attacks Type of DoS attackType of DoS attack Not as common as during the late 1990sNot as common as during the late 1990s How it worksHow it works  Attacker creates a large ICMP packetAttacker creates a large ICMP packet More than 65,535 bytesMore than 65,535 bytes  Large packet is fragmented at source networkLarge packet is fragmented at source network  Destination network reassembles large packetDestination network reassembles large packet  Destination point cannot handle oversize packet andDestination point cannot handle oversize packet and crashescrashes  Modern systems are protected from this (Link Ch 3n)Modern systems are protected from this (Link Ch 3n)
37 Session HijackingSession Hijacking Enables attacker to join a TCP sessionEnables attacker to join a TCP session Attacker makes both parties think he orAttacker makes both parties think he or she is the other partyshe is the other party
38 Addressing Physical SecurityAddressing Physical Security Protecting a network also requiresProtecting a network also requires physical securityphysical security Inside attacks are more likely than attacksInside attacks are more likely than attacks from outside the companyfrom outside the company
39 KeyloggersKeyloggers Used to capture keystrokes on a computerUsed to capture keystrokes on a computer  HardwareHardware  SoftwareSoftware SoftwareSoftware  Behaves like Trojan programsBehaves like Trojan programs HardwareHardware  Easy to installEasy to install  Goes between the keyboard and the CPUGoes between the keyboard and the CPU  KeyKatcher and KeyGhostKeyKatcher and KeyGhost
40
41
42 Keyloggers (continued)Keyloggers (continued) ProtectionProtection  Software-basedSoftware-based AntivirusAntivirus  Hardware-basedHardware-based Random visual testsRandom visual tests Look for added hardwareLook for added hardware Superglue keyboard connectors inSuperglue keyboard connectors in
43 Behind Locked DoorsBehind Locked Doors Lock up your serversLock up your servers  Physical access means they can hack inPhysical access means they can hack in  Consider Ophcrack – booting to a CD-basedConsider Ophcrack – booting to a CD-based OS will bypass almost any securityOS will bypass almost any security
44 LockpickingLockpicking Average person can pick deadbolt locks inAverage person can pick deadbolt locks in less than five minutesless than five minutes  After only a week or two of practiceAfter only a week or two of practice Experienced hackers can pick deadboltExperienced hackers can pick deadbolt locks in under 30 secondslocks in under 30 seconds Bump keys are even easier (Link Ch 3o)Bump keys are even easier (Link Ch 3o)
45 Card Reader LocksCard Reader Locks Keep a log of whoKeep a log of who enters and leaves theenters and leaves the roomroom Security cards can beSecurity cards can be used instead of keysused instead of keys for better securityfor better security  Image from link Ch 3pImage from link Ch 3p

Recommended

Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Akash Karwande
 
Malware
MalwareMalware
MalwareAnoushka Srivastava
 

Recommended

Network Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and TechniquesNetwork Security: Attacks, Tools and Techniques
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Akash Karwande
 
Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and FirewallShafeeqaFarsana
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
Cyber Security 03
Cyber Security 03Cyber Security 03
Cyber Security 03Home
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Network Security
Network Security Network Security
Network Security Abdul Qadir Pattal
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)Pace IT at Edmonds Community College
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cyber security
Cyber securityCyber security
Cyber securityPihu Goel
 
Network security
Network securityNetwork security
Network securitySimranpreet Singh
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Network Attacks
Network AttacksNetwork Attacks
Network AttacksSecurityTube.Net
 
a documentation of final year SRS for AI drons.ppt
a documentation of final year SRS for AI drons.ppta documentation of final year SRS for AI drons.ppt
a documentation of final year SRS for AI drons.pptNebiyuTeferaShite
 

More Related Content

What's hot

Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and FirewallShafeeqaFarsana
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )Kashyap Mandaliya
 
Cyber Security 03
Cyber Security 03Cyber Security 03
Cyber Security 03Home
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
 
Malicious software
Malicious softwareMalicious software
Malicious softwareCAS
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotVi Tính Hoàng Nam
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cyber security
Cyber securityCyber security
Cyber securityPihu Goel
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 

What's hot (20)

Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
Aircrack
AircrackAircrack
Aircrack
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
Cyber Security 03
Cyber Security 03Cyber Security 03
Cyber Security 03
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Network Security
Network Security Network Security
Network Security
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Network Security
Network SecurityNetwork Security
Network Security
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Ceh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypotCeh v5 module 19 evading ids firewall and honeypot
Ceh v5 module 19 evading ids firewall and honeypot
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)PACE-IT: Network Hardening Techniques (part 1)
PACE-IT: Network Hardening Techniques (part 1)
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Network security
Network securityNetwork security
Network security
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Network security
Network securityNetwork security
Network security
 

Similar to Ch03 Network and Computer Attacks

a documentation of final year SRS for AI drons.ppt
a documentation of final year SRS for AI drons.ppta documentation of final year SRS for AI drons.ppt
a documentation of final year SRS for AI drons.pptNebiyuTeferaShite
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEric Vanderburg
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewareAJAY VISHKARMA
 
Lecture #12,#13 : Program and OS Security -Part I
Lecture #12,#13 : Program and OS Security -Part ILecture #12,#13 : Program and OS Security -Part I
Lecture #12,#13 : Program and OS Security -Part IDr. Ramchandra Mangrulkar
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious CodeSatria Ady Pradana
 
Form4 cd2
Form4 cd2Form4 cd2
Form4 cd2smktsj2
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareTeodoro Cipresso
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeMangesh wadibhasme
 
IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED
 

Similar to Ch03 Network and Computer Attacks (20)

Network Attacks
Network AttacksNetwork Attacks
Network Attacks
 
a documentation of final year SRS for AI drons.ppt
a documentation of final year SRS for AI drons.ppta documentation of final year SRS for AI drons.ppt
a documentation of final year SRS for AI drons.ppt
 
Lecture 1-2.pptx
Lecture 1-2.pptxLecture 1-2.pptx
Lecture 1-2.pptx
 
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric VanderburgEthical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
 
Basics of hacking
Basics of hackingBasics of hacking
Basics of hacking
 
virus
virusvirus
virus
 
Lecture #12,#13 : Program and OS Security -Part I
Lecture #12,#13 : Program and OS Security -Part ILecture #12,#13 : Program and OS Security -Part I
Lecture #12,#13 : Program and OS Security -Part I
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Form4 cd2
Form4 cd2Form4 cd2
Form4 cd2
 
Dickmaster
DickmasterDickmaster
Dickmaster
 
Identifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting MalwareIdentifying, Monitoring, and Reporting Malware
Identifying, Monitoring, and Reporting Malware
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasme
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
IJSRED-V2I3P69
IJSRED-V2I3P69IJSRED-V2I3P69
IJSRED-V2I3P69
 
Data security
Data securityData security
Data security
 
Iss lecture 9
Iss lecture 9Iss lecture 9
Iss lecture 9
 
Antiviruse.ppt
Antiviruse.pptAntiviruse.ppt
Antiviruse.ppt
 
INT 1010 05-3.pdf
INT 1010 05-3.pdfINT 1010 05-3.pdf
INT 1010 05-3.pdf
 

More from phanleson

Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Sparkphanleson
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewallsphanleson
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hackingphanleson
 
Authentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless ProtocolsAuthentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless Protocolsphanleson
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacksphanleson
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsphanleson
 
HBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table designHBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table designphanleson
 
HBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - OperationsHBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - Operationsphanleson
 
Hbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBaseHbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBasephanleson
 
Learning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlibLearning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlibphanleson
 
Learning spark ch10 - Spark Streaming
Learning spark ch10 - Spark StreamingLearning spark ch10 - Spark Streaming
Learning spark ch10 - Spark Streamingphanleson
 
Learning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQLLearning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQLphanleson
 
Learning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a ClusterLearning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a Clusterphanleson
 
Learning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark ProgrammingLearning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark Programmingphanleson
 
Learning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your DataLearning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your Dataphanleson
 
Learning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value PairsLearning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value Pairsphanleson
 
Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Sparkphanleson
 
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about LibertagiaHướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagiaphanleson
 
Lecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLLecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLphanleson
 
Lecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the WebLecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the Webphanleson
 

More from phanleson (20)

Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Spark
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hacking
 
Authentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless ProtocolsAuthentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless Protocols
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacks
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
 
HBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table designHBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table design
 
HBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - OperationsHBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - Operations
 
Hbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBaseHbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBase
 
Learning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlibLearning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlib
 
Learning spark ch10 - Spark Streaming
Learning spark ch10 - Spark StreamingLearning spark ch10 - Spark Streaming
Learning spark ch10 - Spark Streaming
 
Learning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQLLearning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQL
 
Learning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a ClusterLearning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a Cluster
 
Learning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark ProgrammingLearning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark Programming
 
Learning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your DataLearning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your Data
 
Learning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value PairsLearning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value Pairs
 
Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Spark
 
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about LibertagiaHướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
 
Lecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLLecture 1 - Getting to know XML
Lecture 1 - Getting to know XML
 
Lecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the WebLecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the Web
 

Recently uploaded

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 

Recently uploaded (20)

Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 

Ch03 Network and Computer Attacks

  • 1. Hands-On EthicalHands-On Ethical Hacking and NetworkHacking and Network DefenseDefense Chapter 3Chapter 3 Network and Computer AttacksNetwork and Computer Attacks
  • 2. 2 ObjectivesObjectives Describe the different types of maliciousDescribe the different types of malicious softwaresoftware Describe methods of protecting againstDescribe methods of protecting against malware attacksmalware attacks Describe the types of network attacksDescribe the types of network attacks Identify physical security attacks andIdentify physical security attacks and vulnerabilitiesvulnerabilities
  • 3. 3 Malicious Software (Malware)Malicious Software (Malware) Network attacks prevent a business fromNetwork attacks prevent a business from operatingoperating Malicious software (Malware) includesMalicious software (Malware) includes  VirusVirus  WormsWorms  Trojan horsesTrojan horses GoalsGoals  Destroy dataDestroy data  Corrupt dataCorrupt data  Shutdown a network or systemShutdown a network or system
  • 4. 4 VirusesViruses Virus attaches itself to an executable fileVirus attaches itself to an executable file Can replicate itself through an executableCan replicate itself through an executable programprogram  Needs a host program to replicateNeeds a host program to replicate No foolproof method of preventing themNo foolproof method of preventing them
  • 5. 5 Antivirus SoftwareAntivirus Software Detects and removes virusesDetects and removes viruses Detection based on virus signaturesDetection based on virus signatures Must update signature database periodicallyMust update signature database periodically Use automatic update featureUse automatic update feature
  • 6. 6
  • 7. 7 Base 64 EncodingBase 64 Encoding Used to evade anti-spam tools, and toUsed to evade anti-spam tools, and to obscure passwordsobscure passwords Encodes six bits at a time (0 – 64) with aEncodes six bits at a time (0 – 64) with a single ASCII charactersingle ASCII character  A - Z:A - Z: 0 – 250 – 25  a – z:a – z: 26 – 5126 – 51  1 – 9:1 – 9: 52 – 6152 – 61  + and -+ and - 62 and 6362 and 63 See links Ch 3a, 3bSee links Ch 3a, 3b
  • 8. 8 Viruses (continued)Viruses (continued) Commercial base 64 decodersCommercial base 64 decoders ShellShell  Executable piece of programming codeExecutable piece of programming code  Should not appear in an e-mail attachmentShould not appear in an e-mail attachment
  • 9. 9 Macro VirusesMacro Viruses Virus encoded as a macroVirus encoded as a macro MacroMacro  Lists of commandsLists of commands  Can be used in destructive waysCan be used in destructive ways Example: MelissaExample: Melissa  Appeared in 1999Appeared in 1999  It is very simple – see link Ch 3c for sourceIt is very simple – see link Ch 3c for source codecode
  • 10. 10 Writing VirusesWriting Viruses Even nonprogrammersEven nonprogrammers can create macro virusescan create macro viruses  Instructions posted onInstructions posted on Web sitesWeb sites  Virus creation kits available forVirus creation kits available for download (see link Ch 3d)download (see link Ch 3d) Security professionals can learnSecurity professionals can learn from thinking like attackersfrom thinking like attackers  But don’t create and release a virus!But don’t create and release a virus! People get long prison terms for that.People get long prison terms for that.
  • 11. 11 WormsWorms WormWorm  Replicates and propagates without a hostReplicates and propagates without a host Infamous examplesInfamous examples  Code RedCode Red  NimdaNimda Can infect every computer in the world inCan infect every computer in the world in a short timea short time  At least in theoryAt least in theory
  • 12. 12 ATM Machine WormsATM Machine Worms  Cyberattacks against ATM machinesCyberattacks against ATM machines  Slammer and Nachi wormsSlammer and Nachi worms  Trend produces antivirus for ATM machinesTrend produces antivirus for ATM machines See links Ch 3g, 3h, 3iSee links Ch 3g, 3h, 3i  Nachi was written to clean up damage causedNachi was written to clean up damage caused by the Blaster worm, but it got out of controlby the Blaster worm, but it got out of control See link Ch 3jSee link Ch 3j  Diebold was criticized for using Windows forDiebold was criticized for using Windows for ATM machines, which they also use on votingATM machines, which they also use on voting machinesmachines
  • 13. 13
  • 14. 14
  • 15. 15 Trojan ProgramsTrojan Programs Insidious attack against networksInsidious attack against networks Disguise themselves as useful programsDisguise themselves as useful programs  Hide malicious content in programHide malicious content in program BackdoorsBackdoors RootkitsRootkits  Allow attackers remote accessAllow attackers remote access
  • 16. 16 FirewallsFirewalls Identify traffic on uncommon portsIdentify traffic on uncommon ports Can block this type of attack, if yourCan block this type of attack, if your firewall filters outgoing trafficfirewall filters outgoing traffic  Windows XP SP2’s firewall does not filterWindows XP SP2’s firewall does not filter outgoing trafficoutgoing traffic  Vista’s firewall doesn’t either (by default),Vista’s firewall doesn’t either (by default), according to link Ch 3l and 3maccording to link Ch 3l and 3m Trojan programs can use known ports toTrojan programs can use known ports to get through firewallsget through firewalls  HTTP (TCP 80) or DNS (UDP 53)HTTP (TCP 80) or DNS (UDP 53)
  • 17. 17
  • 18. 18 Trojan DemonstrationTrojan Demonstration Make a file withMake a file with command-line Windowscommand-line Windows commandscommands Save it asSave it as C:Documents and SettingsC:Documents and Settings usernameusernamecmd.batcmd.bat Start, Run, CMD will execute this fileStart, Run, CMD will execute this file instead ofinstead of C:WindowsSystem32Cmd.exeC:WindowsSystem32Cmd.exe
  • 19. 19 Improved TrojanImproved Trojan Resets the administrator passwordResets the administrator password Almost invisible to userAlmost invisible to user Works in Win XP, but not so easy in VistaWorks in Win XP, but not so easy in Vista
  • 20. 20 SpywareSpyware Sends information from the infected computer toSends information from the infected computer to the attackerthe attacker  Confidential financial dataConfidential financial data  PasswordsPasswords  PINsPINs  Any other stored dataAny other stored data Can register each keystroke entered (keylogger)Can register each keystroke entered (keylogger) Prevalent technologyPrevalent technology Educate users about spywareEducate users about spyware
  • 22. 22 AdwareAdware Similar to spywareSimilar to spyware  Can be installed without the user being awareCan be installed without the user being aware Sometimes displays a bannerSometimes displays a banner Main goalMain goal  Determine user’s online purchasing habitsDetermine user’s online purchasing habits  Tailored advertisementTailored advertisement Main problemMain problem  Slows down computersSlows down computers
  • 23. 23 Protecting Against MalwareProtecting Against Malware AttacksAttacks Difficult taskDifficult task New viruses, worms, Trojan programsNew viruses, worms, Trojan programs appear dailyappear daily Antivirus programs offer a lot of protectionAntivirus programs offer a lot of protection Educate your users about these types ofEducate your users about these types of attacksattacks
  • 24. 24
  • 25. 25
  • 26. 26 Educating Your UsersEducating Your Users Structural trainingStructural training  Most effective measureMost effective measure  Includes all employees and managementIncludes all employees and management E-mail monthly security updatesE-mail monthly security updates  Simple but effective training methodSimple but effective training method Update virus signature databaseUpdate virus signature database automaticallyautomatically
  • 27. 27 Educating Your UsersEducating Your Users SpyBot and Ad-AwareSpyBot and Ad-Aware  Help protect against spyware and adwareHelp protect against spyware and adware  Windows Defender is excellent tooWindows Defender is excellent too FirewallsFirewalls  Hardware (enterprise solution)Hardware (enterprise solution)  Software (personal solution)Software (personal solution)  Can be combinedCan be combined Intrusion Detection System (IDS)Intrusion Detection System (IDS)  Monitors your network 24/7Monitors your network 24/7
  • 28. 28 FUDFUD Fear, Uncertainty and DoubtFear, Uncertainty and Doubt  Avoid scaring users into complying with securityAvoid scaring users into complying with security measuresmeasures  Sometimes used by unethical security testersSometimes used by unethical security testers  Against the OSSTMM’s Rules of EngagementAgainst the OSSTMM’s Rules of Engagement Promote awareness rather than instillingPromote awareness rather than instilling fearfear  Users should be aware of potential threatsUsers should be aware of potential threats  Build on users’ knowledgeBuild on users’ knowledge
  • 29. 29 Intruder Attacks on NetworksIntruder Attacks on Networks and Computersand Computers AttackAttack  Any attempt by an unauthorized person to access orAny attempt by an unauthorized person to access or use network resourcesuse network resources Network securityNetwork security  Security of computers and other devices in a networkSecurity of computers and other devices in a network Computer securityComputer security  Securing a standalone computer--not part of a networkSecuring a standalone computer--not part of a network infrastructureinfrastructure Computer crimeComputer crime  Fastest growing type of crime worldwideFastest growing type of crime worldwide
  • 30. 30 Denial-of-Service AttacksDenial-of-Service Attacks Denial-of-Service (DoS) attackDenial-of-Service (DoS) attack  Prevents legitimate users from accessingPrevents legitimate users from accessing network resourcesnetwork resources  Some forms do not involve computers, likeSome forms do not involve computers, like feeding a paper loop through a fax machinefeeding a paper loop through a fax machine DoS attacks do not attempt to accessDoS attacks do not attempt to access informationinformation  Cripple the networkCripple the network  Make it vulnerable to other type of attacksMake it vulnerable to other type of attacks
  • 31. 31 Testing for DoS VulnerabilitiesTesting for DoS Vulnerabilities Performing an attack yourself is not wisePerforming an attack yourself is not wise  You only need to prove that an attack couldYou only need to prove that an attack could be carried outbe carried out
  • 32. 32 Distributed Denial-of-ServiceDistributed Denial-of-Service AttacksAttacks Attack on a host from multiple servers orAttack on a host from multiple servers or workstationsworkstations Network could be flooded with billions ofNetwork could be flooded with billions of requestsrequests  Loss of bandwidthLoss of bandwidth  Degradation or loss of speedDegradation or loss of speed Often participants are not aware they areOften participants are not aware they are part of the attackpart of the attack  Attacking computers could be controlled usingAttacking computers could be controlled using Trojan programsTrojan programs
  • 33. 33 Buffer Overflow AttacksBuffer Overflow Attacks Vulnerability in poorly written codeVulnerability in poorly written code  Code does not check predefined size of inputCode does not check predefined size of input fieldfield GoalGoal  Fill overflow buffer with executable codeFill overflow buffer with executable code  OS executes this codeOS executes this code  Can elevate attacker’s permission toCan elevate attacker’s permission to Administrator or even KernelAdministrator or even Kernel Programmers need special training toProgrammers need special training to write secure codewrite secure code
  • 34. 34
  • 35. 35
  • 36. 36 Ping of Death AttacksPing of Death Attacks Type of DoS attackType of DoS attack Not as common as during the late 1990sNot as common as during the late 1990s How it worksHow it works  Attacker creates a large ICMP packetAttacker creates a large ICMP packet More than 65,535 bytesMore than 65,535 bytes  Large packet is fragmented at source networkLarge packet is fragmented at source network  Destination network reassembles large packetDestination network reassembles large packet  Destination point cannot handle oversize packet andDestination point cannot handle oversize packet and crashescrashes  Modern systems are protected from this (Link Ch 3n)Modern systems are protected from this (Link Ch 3n)
  • 37. 37 Session HijackingSession Hijacking Enables attacker to join a TCP sessionEnables attacker to join a TCP session Attacker makes both parties think he orAttacker makes both parties think he or she is the other partyshe is the other party
  • 38. 38 Addressing Physical SecurityAddressing Physical Security Protecting a network also requiresProtecting a network also requires physical securityphysical security Inside attacks are more likely than attacksInside attacks are more likely than attacks from outside the companyfrom outside the company
  • 39. 39 KeyloggersKeyloggers Used to capture keystrokes on a computerUsed to capture keystrokes on a computer  HardwareHardware  SoftwareSoftware SoftwareSoftware  Behaves like Trojan programsBehaves like Trojan programs HardwareHardware  Easy to installEasy to install  Goes between the keyboard and the CPUGoes between the keyboard and the CPU  KeyKatcher and KeyGhostKeyKatcher and KeyGhost
  • 40. 40
  • 41. 41
  • 42. 42 Keyloggers (continued)Keyloggers (continued) ProtectionProtection  Software-basedSoftware-based AntivirusAntivirus  Hardware-basedHardware-based Random visual testsRandom visual tests Look for added hardwareLook for added hardware Superglue keyboard connectors inSuperglue keyboard connectors in
  • 43. 43 Behind Locked DoorsBehind Locked Doors Lock up your serversLock up your servers  Physical access means they can hack inPhysical access means they can hack in  Consider Ophcrack – booting to a CD-basedConsider Ophcrack – booting to a CD-based OS will bypass almost any securityOS will bypass almost any security
  • 44. 44 LockpickingLockpicking Average person can pick deadbolt locks inAverage person can pick deadbolt locks in less than five minutesless than five minutes  After only a week or two of practiceAfter only a week or two of practice Experienced hackers can pick deadboltExperienced hackers can pick deadbolt locks in under 30 secondslocks in under 30 seconds Bump keys are even easier (Link Ch 3o)Bump keys are even easier (Link Ch 3o)
  • 45. 45 Card Reader LocksCard Reader Locks Keep a log of whoKeep a log of who enters and leaves theenters and leaves the roomroom Security cards can beSecurity cards can be used instead of keysused instead of keys for better securityfor better security  Image from link Ch 3pImage from link Ch 3p