SlideShare a Scribd company logo
DILLA UNIVERSITY
COLLEGE OF ENGINEERING & TECHNOLOGY
School of Computing & Informatics
M. Sc in Computer Science & Networking
By
Chapter-05
Dr. Ananda Kumar K S M.Tech, Ph.D
Associate Professor, School of Comp & Info
Email: anandgdk@du.edu.et
1
Course Number CN6122
Course Title Advanced Network Security
Advanced Network Security
CHAPTER-05
1. Ethical hacking
2. Denial of Service Attacks(DoS)
3. Distributed denial-of-service (DDoS)
4. Buffer-overflow attack
2
1. HACKING
Hacking has been a part of computing for
almost five decades and it is a very broad
discipline, which covers a wide range of topics.
The first known event of hacking had taken
place in 1960 at MIT and at the same time,
the term "Hacker" was originated.
Hacking is the act of finding the possible
entry points that exist in a computer system
or a computer network and finally entering
into them.
3
Cont..
 Hacking is usually done to gain unauthorized
access to a computer system or a computer
network, either to harm the systems or to steal
sensitive information available on the computer.
 Hacking is usually legal as long as it is being
done to find weaknesses in a computer or
network system for testing purpose. This sort of
hacking is what we call Ethical Hacking.
 A computer expert who does the act of
hacking is called a "Hacker".
 Hackers are those who seek knowledge, to
understand how systems operate, how they are
designed, and then attempt to play with these
systems.
4
Ethical Vs Unethical
5
6
Phases of hacking
 Both the auditor and the cracker follow a
logical sequence of steps when conducting a
hacking. These grouped steps are called phases.
 There is a general consensus among the
entities and information security professionals
that these phases are 5 in the following order:
 Crackers Phases : 1-> Reconnaissance 2->
Scanning 3-> Gaining Access 4-> Maintaining
Access 5-> Erasing Clues
Ethical Hacking Phases: 1-> Reconnaissance 2->
Scanning 3-> Gaining Access 4-> Writing Report
5-> Presenting Report
7
Cont..
8
Cont..
9
Reconnaissance
o This is the first step of Hacking. It is also called as
Footprinting and information gathering Phase.
o This is the preparatory phase where we collect as
much information as possible about the target.
o We usually collect information about three groups,
Network, Host, People involved.
There are two types of Footprinting:
Active: Directly interacting with the target to gather
information about the target.
Eg: Using Nmap tool to scan the target
Passive: Trying to collect the information about the target
without directly accessing the target. This involves
collecting information from social media, public
websites etc.
10
Scanning
Three types of scanning are involved:
Port scanning: This phase involves scanning the target for
the information like open ports, Live systems, various
services running on the host.
Vulnerability Scanning: Checking the target for
weaknesses or vulnerabilities which can be exploited.
Usually done with help of automated tools
Network Mapping:
Finding the topology of network, routers, firewalls
servers if any, and host information and drawing a
network diagram with the available information.
This map may serve as a valuable piece of information
throughout the hacking process.
11
Gaining Access
This phase is where an attacker breaks into
the system/network using various tools or
methods.
After entering into a system, he has to
increase his privilege to administrator level
so he can install an application he needs or
modify data or hide data.
12
Maintaining Access
o Hacker may just hack the system to show it
was vulnerable or he can be so mischievous
that he wants to maintain or persist the
connection in the background without the
knowledge of the user.
o This can be done using Trojans, Rootkits or
other malicious files.
o The aim is to maintain the access to the
target until he finishes the tasks he planned to
accomplish in that target.
13
Erasing Clues or Clearing Track
o No thief wants to get caught. An intelligent
hacker always clears all evidence so that in the
later point of time, no one will find any traces
leading to him.
o This involves modifying/corrupting/deleting
the values of Logs, modifying registry values
and uninstalling all applications he used and
deleting all folders he created.
14
Cont..
 Usually these phases are represented as a
cycle that is commonly called “the circle of
hacking” (see Figure 1) with the aim of
emphasizing that the cracker can continue the
process over and over again.
 Though, information security auditors who
perform ethical hacking services present a slight
variation in the implementation phases like this:
 1-> Reconnaissance 2-> Scanning 3-> Gaining
Access 4-> Writing the Report 5-> Presenting the
Report
In this way, ethical hackers stop at Phase 3 of the
“circle of hacking” to report their findings and
make recommendations to the client.
15
TYPES OF HACKING
 When we execute an ethical hacking is
necessary to establish its scope to develop a
realistic schedule of work and to deliver the
economic proposal to the client.
 To determine the project extent we need to
know at least three basic elements: the type of
hacking that we will conduct, the modality and
the additional services that customers would like
to include with the contracted service.
 Depending on where we execute the
penetration testing, an ethical hacking can be
external or internal.
16
Cont..
External pentesting
 This type of hacking is done from the Internet
against the client’s public network infrastructure; that
is, on those computers in the organization that are
exposed to the Internet because they provide a public
service.
 Example of public hosts: router, firewall, web
server, mail server, name server, etc.
Internal pentesting
 As the name suggests, this type of hacking is
executed from the customer’s internal network, from
the point of view of a company employee, consultant,
or business associate that has access to the corporate
network.
17
Cont..
since studies show that the majority of
successful attacks come from inside the
company.
To cite an example, in a survey conducted on
computer security to a group of businessmen
in the UK, when they were asked “who the
attackers are”, these figures were obtained:
25% external, 75% internal.
18
HACKING MODALITIES
 Depending on the information that the
customer provides to the consultant, an ethical
hacking service could be executed in one of three
modes:
o black-box
o gray-box
o white-box
 The method chosen will affect the cost and
duration of the penetration testing audit, since
the lesser the information received, the greater
the time in research invested by the auditor.
19
Black box hacking
 This mode is applicable to external testing
only.
 It is called so because the client only gives the
name of the company to the consultant, so the
auditor starts with no information, the
infrastructure of the organization is a “black box”.
 While this type of audit is considered more
realistic, since the external attacker who chooses
an X victim has no further information to start
that the name of the organization that is going to
attack, it is also true that it requires a greater
investment of time and therefore the cost
incurred is higher too.
20
Gray box hacking
This method is often used synonymously to
refer to internal pentestings.
Nevertheless, some auditors also called gray-
box-hacking an external test in which the
client provides limited information on public
computers to be audited.
Example: a list of data such as IP address and
type/function of the equipment (router, web-
server, firewall, etc.).
21
White box hacking
White-box hacking is also called transparent hacking.
This method applies only to internal pentestings and is
called this way because the client gives complete
information to the auditor about its networks and
systems.
 This means, that besides providing a connection to
the network and configuration information for the NIC,
the consultant receives extensive information such as
network diagrams, detailed equipment audit list
including names, types, platforms, main services, IP
addresses, information from remote subnets, etc.
 Because the consultant avoids having to find out
this information, this kind of hacking usually takes less
time to execute and therefore also reduces costs.
22
Additional hacking services
There are additional services that can be
included with an ethical hacking; among the
popular ones are:
• Social engineering
• Wardialing
• Wardriving
• Stolen equipment simulation
• Physical security
23
Social engineering
 Social engineering refers to the act of gathering information
through the manipulation of people, it means that the hacker
acquire confidential data using the well known fact that the
weakest link in the chain of information security is the
human component.
 Examples of social engineering: sending fake emails with
malicious attachments, calls to customer personnel
pretending to be a technician from the ISP, visits to company
premises pretending to be a customer in order to place a
keystroke logger (keylogger), etc.
24
Wardialing
 Wardialing or war dialing is a technique to
automatically scan a list of telephone numbers,
usually dialing every number in a local area code
to search for modems, computers, bulletin board
systems and fax machines.
 War dialing is a brute-force method of finding
a back door into an organization's network. It is
particularly effective against a perimeter defense.
 Most organizations have telephone numbers
that are within a specified range and begin with
the same prefix.
25
Cont..
26
wardriving
 The term wardriving is derived from its
predecessor wardialing, but is applied to wireless
networks.
 The hacker strikes up a wireless war from the
vicinity of the client/victim company, usually from his
parked car with a laptop and a signal booster antenna.
 Wardriving is the act of searching for Wi-Fi wireless
networks, usually from a moving vehicle, using a laptop
or smartphone. Software for wardriving is freely
available on the internet.
 Warbiking, warcycling, warwalking and similar use
the same approach but with other modes of
transportation.
27
Stolen equipment simulation
 Here the objective is to verify if the
organization has taken steps to safeguard the
confidential information hosted on mobile
devices that belong to key executives.
 The auditor simulates a theft of the device
and uses tools (HW/SW) and his expertise
with the intention of extracting sensitive
information.
 Due to the sensitivity of the operation, we
should always recommend to our customer to
back up the devices prior to the audit.
28
Physical security Audit
 Although physical security is considered by
many experts as an independent subject from
ethical hacking, specialized companies can
integrate it as part of the service.
 This type of audit involves difficulties and
risks that you must be aware with the aim of
avoiding situations that endanger those
involved.
29
Simple steps that individuals can take to
be more secure:
– Keep your software up to date
– Install antivirus software
– Use public networks carefully
– Backup your data
– Secure your accounts with two-factor
authentication
– Make your passwords long, unique, and strong
– Be suspicious of strange links and attachments
30
Steps to secure your computer
• Keep up with system and software security updates.
• Enable a firewall.
• Adjust your browser settings.
• Install antivirus and anti spyware software.
• Password protect your software and lock your
device.
• Encrypt your data.
• Use a VPN.
31
Tools for Information Security
• Authentication
• Access Control
• Encryption
• Passwords
• Backup
• Firewalls
• Virtual Private Networks (VPN)
• Physical Security
• Security Policies
32
2. Denial of Service Attacks
• Denial of Service Attack: an attack on a computer or
network that prevents legitimate use of its resources.
• In computing, a denial-of-service attack (DoS attack)
is a cyber-attack in which the perpetrator seeks to
make a machine or network resource unavailable to
its intended users by temporarily or indefinitely
disrupting services of a host connected to the
Internet.
• DoS Attacks Affect:
– Software Systems
– Network Routers/Equipment/Servers
– Servers and End-User PCs
33
Classification of DoS Attacks
Attack Affected Area Example Description
Network Level
Device
Routers, IP
Switches,
Firewalls
Ascend Kill II,
“Christmas Tree Packets”
Attack attempts to exhaust hardware resources
using multiple duplicate packets or a software
bug.
OS Level Equipment Vendor
OS, End-User
Equipment.
Ping of Death,
ICMP Echo Attacks,
Teardrop
Attack takes advantage of the way operating
systems implement protocols.
Application
Level Attacks
Finger Bomb(The
repeated at(@)
character causes finger
to consume excessive
CPU and RAM
resources)
Finger Bomb,
Windows NT RealServer
G2 6.0
Attack a service or machine by using an
application attack to exhaust resources.
Data Flood
(Amplification,
Oscillation, Simple
Flooding)
Host computer or
network
Smurf Attack (amplifier
attack)
UDP Echo (oscillation
attack)
Attack in which massive quantities of data are
sent to a target with the intention of using up
bandwidth/processing resources.
Protocol Feature
Attacks
Servers, Client
PC, DNS Servers
SYN (connection depletion) Attack in which “bugs” in protocol are utilized
to take down network resources. Methods of
attack include: IP address spoofing, and
corrupting DNS server cache. Page 34
Countermeasures for DoS Attacks
Attack Countermeasure
Options
Example Description
Network Level
Device
Software patches,
packet filtering
Ingress and Egress
Filtering
Software upgrades can fix known bugs and
packet filtering can prevent attacking traffic
from entering a network.
OS Level SYN Cookies, drop
backlog connections,
shorten timeout time
SYN Cookies Shortening the backlog time and dropping
backlog connections will free up resources.
SYN cookies proactively prevent attacks.
Application Level
Attacks
Intrusion Detection
System
GuardDog, other
vendors.
Software used to detect illicit activity.
Data Flood
(Amplification,
Oscillation, Simple
Flooding)
Replication and Load
Balancing
Akami/Digital
Island provide
content distribution.
Extend the volume of content under attack
makes it more complicated and harder for
attackers to identify services to attack and
accomplish complete attacks.
Protocol Feature
Attacks
Extend protocols to
support security.
IETF standard for
itrace, DNS SEC
(Internet
Engineering Task
Force)
Trace source/destination packets by a means
other than the IP address (blocks against IP
address spoofing). DNSSEC would provide
authorization and authentication on DNS
information.
Page 35
3. Distributed Denial-of-service (DDoS)
 A distributed denial-of-service (DDoS) attack is a
malicious attempt to disrupt the normal traffic of a
targeted server, service or network by overwhelming
the target or its surrounding infrastructure with a flood
of Internet traffic.
 DDoS attacks achieve effectiveness by utilizing
multiple compromised computer systems as sources of
attack traffic.
 Exploited machines can include computers and
other networked resources such as IoT devices. From a
high level, a DDoS attack is like an unexpected traffic
jam clogging up the highway, preventing regular traffic
from arriving at its destination.
36
DDoS Architecture
Client Client
Handler Handler Handler Handler
Agents
37
Widely Used DDoS Programs
• Trinoo
• Tribe Flood Network
• TFN2K
• stacheldraht (barbed wire)
38
4. What is Buffer Overflow
o A buffer is a temporary area for data
storage. When more data (than was originally
allocated to be stored) gets placed by a
program or system process, the extra data
overflows.
o It causes some of that data to leak out into
other buffers, which can corrupt or overwrite
whatever data they were holding.
39
40
Cont..
• A buffer overflow, or buffer overrun, is an anomalous
condition where a process attempts to store data beyond the
boundaries of a fixed-length buffer.
• The result is that the extra data overwrites adjacent memory
locations.
• The overwritten data may include other buffers, variables and
program flow data, and may result in erratic program behavior,
a memory access exception, program termination (a crash),
incorrect results or ― especially if deliberately caused by a
malicious user ― a possible breach of system security.
• Most common with C/C++ programs
Buffer-overflow attack
o In a buffer-overflow attack, the extra data
sometimes holds specific instructions for
actions intended by a hacker or malicious
user; for example, the data could trigger a
response that damages files, changes data or
unveils private information.
o Attacker would use a buffer-overflow
exploit to take advantage of a program that is
waiting on a user’s input.
41
Types of buffer overflows
There are two types of buffer overflows:
stack-based and heap-based.
o Heap-based, which are difficult to execute
and the least common of the two, attack an
application by flooding the memory space
reserved for a program.
o Stack-based buffer overflows, which are more
common among attackers, exploit applications
and programs by using what is known as a stack:
memory space used to store user input.
42
43
What is needed to understand Buffer Overflow
• Understanding C functions and the stack.
• Some familiarity with machine code.
• Know how systems calls are made.
• The exec() system call.
• Attacker needs to know which CPU and OS are running on the
target machine.
– Our examples are for x86 running Linux.
– Details vary slightly between CPU’s and OS:
• Stack growth direction.
• big endian vs. little endian.
Buffer Overflow Example
44
45
Some unsafe C lib functions
strcpy (char *dest, const char *src)
strcat (char *dest, const char *src)
gets (char *s)
scanf ( const char *format, … )
sprintf (conts char *format, … )
46
Preventing Buffer Overflow Attacks
• Use type safe languages (Java)
• Use safe library functions
• Static source code analysis
• Non-executable stack
• Run time checking
• Address space layout randomization
• Detection deviation of program behavior
• Access control
References
Reference Text Books:
1. Karig, David and Ruby Lee. Remote Denial of Service
Attacks and Countermeasures, Princeton University
Department of Electrical Engineering Technical
Report CE-L2001-002, October 2001.
2. C.Easttom, Computer Security Fundamentals, Prentice
Hall, May 2005.
3. D. Russell and G.T. Gangemi, Computer Security Basics,
OReilly& Associates, 1991.
4. M. Bishop, Computer Security: Art and Science,
Addison-Wesley, 2002.
5. S. A. Thomas, SSL and TLS Essentials: Securing the Web,
Wiley, 2000.
47
THANK YOU
48

More Related Content

Similar to ANS_Ch_05_Handouts.pdf

IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
IRJET Journal
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Infosectrain3
 
An overview of network penetration testing
An overview of network penetration testingAn overview of network penetration testing
An overview of network penetration testing
eSAT Publishing House
 
Security protection On banking systems using ethical hacking.
Security protection  On banking systems using  ethical hacking.Security protection  On banking systems using  ethical hacking.
Security protection On banking systems using ethical hacking.
Rishabh Gupta
 
Is4560
Is4560Is4560
Is4560
Tara Hardin
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPT
ashish kumar
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptx
Infosectrain3
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Prabhat kumar Suman
 
hacker culture
hacker culturehacker culture
hacker culture
Amy McMullin
 
Ethical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive CheatsheetEthical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive Cheatsheet
Megawatt Content Marketing
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptx
youfanlimboo
 
Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answers
ShivamSharma909
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Nitheesh Adithyan
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
samprada123
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
Sweta Kumari Barnwal
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Sanu Subham
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKING
Drm Kapoor
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking Attacks
Aman Gupta
 
Web security chapter#2
Web security chapter#2Web security chapter#2
Web security chapter#2
Ishaq Shinwari
 

Similar to ANS_Ch_05_Handouts.pdf (20)

IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
 
An overview of network penetration testing
An overview of network penetration testingAn overview of network penetration testing
An overview of network penetration testing
 
Security protection On banking systems using ethical hacking.
Security protection  On banking systems using  ethical hacking.Security protection  On banking systems using  ethical hacking.
Security protection On banking systems using ethical hacking.
 
Is4560
Is4560Is4560
Is4560
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
Cyber Security PPT
Cyber Security PPTCyber Security PPT
Cyber Security PPT
 
Top 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptxTop 25 SOC Analyst interview questions that You Should Know.pptx
Top 25 SOC Analyst interview questions that You Should Know.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
hacker culture
hacker culturehacker culture
hacker culture
 
Ethical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive CheatsheetEthical Hacking: A Comprehensive Cheatsheet
Ethical Hacking: A Comprehensive Cheatsheet
 
Introduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptxIntroduction to Pre-Cybersecurity.pptx
Introduction to Pre-Cybersecurity.pptx
 
Ethical hacking interview questions and answers
Ethical hacking interview questions and answersEthical hacking interview questions and answers
Ethical hacking interview questions and answers
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Final report ethical hacking
Final report ethical hackingFinal report ethical hacking
Final report ethical hacking
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
BASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKINGBASICS OF ETHICAL HACKING
BASICS OF ETHICAL HACKING
 
Ethical Hacking And Hacking Attacks
Ethical Hacking And Hacking AttacksEthical Hacking And Hacking Attacks
Ethical Hacking And Hacking Attacks
 
Web security chapter#2
Web security chapter#2Web security chapter#2
Web security chapter#2
 

More from MeymunaMohammed1

Chapter 6-Synchronozation2.ppt
Chapter 6-Synchronozation2.pptChapter 6-Synchronozation2.ppt
Chapter 6-Synchronozation2.ppt
MeymunaMohammed1
 
Distributed system.pptx
Distributed system.pptxDistributed system.pptx
Distributed system.pptx
MeymunaMohammed1
 
ANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdfANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdf
MeymunaMohammed1
 
Seminar Course instruction .ppt
Seminar Course instruction .pptSeminar Course instruction .ppt
Seminar Course instruction .ppt
MeymunaMohammed1
 
M.Sc Mobile computing.pptx
M.Sc Mobile computing.pptxM.Sc Mobile computing.pptx
M.Sc Mobile computing.pptx
MeymunaMohammed1
 
Cloud_Ch_01_Handouts(1).pdf
Cloud_Ch_01_Handouts(1).pdfCloud_Ch_01_Handouts(1).pdf
Cloud_Ch_01_Handouts(1).pdf
MeymunaMohammed1
 
ANS_Ch_06_Handouts.pdf
ANS_Ch_06_Handouts.pdfANS_Ch_06_Handouts.pdf
ANS_Ch_06_Handouts.pdf
MeymunaMohammed1
 
ANS_Ch_04_Handouts.pdf
ANS_Ch_04_Handouts.pdfANS_Ch_04_Handouts.pdf
ANS_Ch_04_Handouts.pdf
MeymunaMohammed1
 
Chapter 3-Processes2.pptx
Chapter 3-Processes2.pptxChapter 3-Processes2.pptx
Chapter 3-Processes2.pptx
MeymunaMohammed1
 
Chapter 2-Architectures23.ppt
Chapter 2-Architectures23.pptChapter 2-Architectures23.ppt
Chapter 2-Architectures23.ppt
MeymunaMohammed1
 
Chapter 2-Architectures2.ppt
Chapter 2-Architectures2.pptChapter 2-Architectures2.ppt
Chapter 2-Architectures2.ppt
MeymunaMohammed1
 

More from MeymunaMohammed1 (11)

Chapter 6-Synchronozation2.ppt
Chapter 6-Synchronozation2.pptChapter 6-Synchronozation2.ppt
Chapter 6-Synchronozation2.ppt
 
Distributed system.pptx
Distributed system.pptxDistributed system.pptx
Distributed system.pptx
 
ANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdfANS_Ch_05_Handouts.pdf
ANS_Ch_05_Handouts.pdf
 
Seminar Course instruction .ppt
Seminar Course instruction .pptSeminar Course instruction .ppt
Seminar Course instruction .ppt
 
M.Sc Mobile computing.pptx
M.Sc Mobile computing.pptxM.Sc Mobile computing.pptx
M.Sc Mobile computing.pptx
 
Cloud_Ch_01_Handouts(1).pdf
Cloud_Ch_01_Handouts(1).pdfCloud_Ch_01_Handouts(1).pdf
Cloud_Ch_01_Handouts(1).pdf
 
ANS_Ch_06_Handouts.pdf
ANS_Ch_06_Handouts.pdfANS_Ch_06_Handouts.pdf
ANS_Ch_06_Handouts.pdf
 
ANS_Ch_04_Handouts.pdf
ANS_Ch_04_Handouts.pdfANS_Ch_04_Handouts.pdf
ANS_Ch_04_Handouts.pdf
 
Chapter 3-Processes2.pptx
Chapter 3-Processes2.pptxChapter 3-Processes2.pptx
Chapter 3-Processes2.pptx
 
Chapter 2-Architectures23.ppt
Chapter 2-Architectures23.pptChapter 2-Architectures23.ppt
Chapter 2-Architectures23.ppt
 
Chapter 2-Architectures2.ppt
Chapter 2-Architectures2.pptChapter 2-Architectures2.ppt
Chapter 2-Architectures2.ppt
 

Recently uploaded

“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 

Recently uploaded (20)

“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 

ANS_Ch_05_Handouts.pdf

  • 1. DILLA UNIVERSITY COLLEGE OF ENGINEERING & TECHNOLOGY School of Computing & Informatics M. Sc in Computer Science & Networking By Chapter-05 Dr. Ananda Kumar K S M.Tech, Ph.D Associate Professor, School of Comp & Info Email: anandgdk@du.edu.et 1 Course Number CN6122 Course Title Advanced Network Security
  • 2. Advanced Network Security CHAPTER-05 1. Ethical hacking 2. Denial of Service Attacks(DoS) 3. Distributed denial-of-service (DDoS) 4. Buffer-overflow attack 2
  • 3. 1. HACKING Hacking has been a part of computing for almost five decades and it is a very broad discipline, which covers a wide range of topics. The first known event of hacking had taken place in 1960 at MIT and at the same time, the term "Hacker" was originated. Hacking is the act of finding the possible entry points that exist in a computer system or a computer network and finally entering into them. 3
  • 4. Cont..  Hacking is usually done to gain unauthorized access to a computer system or a computer network, either to harm the systems or to steal sensitive information available on the computer.  Hacking is usually legal as long as it is being done to find weaknesses in a computer or network system for testing purpose. This sort of hacking is what we call Ethical Hacking.  A computer expert who does the act of hacking is called a "Hacker".  Hackers are those who seek knowledge, to understand how systems operate, how they are designed, and then attempt to play with these systems. 4
  • 6. 6
  • 7. Phases of hacking  Both the auditor and the cracker follow a logical sequence of steps when conducting a hacking. These grouped steps are called phases.  There is a general consensus among the entities and information security professionals that these phases are 5 in the following order:  Crackers Phases : 1-> Reconnaissance 2-> Scanning 3-> Gaining Access 4-> Maintaining Access 5-> Erasing Clues Ethical Hacking Phases: 1-> Reconnaissance 2-> Scanning 3-> Gaining Access 4-> Writing Report 5-> Presenting Report 7
  • 10. Reconnaissance o This is the first step of Hacking. It is also called as Footprinting and information gathering Phase. o This is the preparatory phase where we collect as much information as possible about the target. o We usually collect information about three groups, Network, Host, People involved. There are two types of Footprinting: Active: Directly interacting with the target to gather information about the target. Eg: Using Nmap tool to scan the target Passive: Trying to collect the information about the target without directly accessing the target. This involves collecting information from social media, public websites etc. 10
  • 11. Scanning Three types of scanning are involved: Port scanning: This phase involves scanning the target for the information like open ports, Live systems, various services running on the host. Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities which can be exploited. Usually done with help of automated tools Network Mapping: Finding the topology of network, routers, firewalls servers if any, and host information and drawing a network diagram with the available information. This map may serve as a valuable piece of information throughout the hacking process. 11
  • 12. Gaining Access This phase is where an attacker breaks into the system/network using various tools or methods. After entering into a system, he has to increase his privilege to administrator level so he can install an application he needs or modify data or hide data. 12
  • 13. Maintaining Access o Hacker may just hack the system to show it was vulnerable or he can be so mischievous that he wants to maintain or persist the connection in the background without the knowledge of the user. o This can be done using Trojans, Rootkits or other malicious files. o The aim is to maintain the access to the target until he finishes the tasks he planned to accomplish in that target. 13
  • 14. Erasing Clues or Clearing Track o No thief wants to get caught. An intelligent hacker always clears all evidence so that in the later point of time, no one will find any traces leading to him. o This involves modifying/corrupting/deleting the values of Logs, modifying registry values and uninstalling all applications he used and deleting all folders he created. 14
  • 15. Cont..  Usually these phases are represented as a cycle that is commonly called “the circle of hacking” (see Figure 1) with the aim of emphasizing that the cracker can continue the process over and over again.  Though, information security auditors who perform ethical hacking services present a slight variation in the implementation phases like this:  1-> Reconnaissance 2-> Scanning 3-> Gaining Access 4-> Writing the Report 5-> Presenting the Report In this way, ethical hackers stop at Phase 3 of the “circle of hacking” to report their findings and make recommendations to the client. 15
  • 16. TYPES OF HACKING  When we execute an ethical hacking is necessary to establish its scope to develop a realistic schedule of work and to deliver the economic proposal to the client.  To determine the project extent we need to know at least three basic elements: the type of hacking that we will conduct, the modality and the additional services that customers would like to include with the contracted service.  Depending on where we execute the penetration testing, an ethical hacking can be external or internal. 16
  • 17. Cont.. External pentesting  This type of hacking is done from the Internet against the client’s public network infrastructure; that is, on those computers in the organization that are exposed to the Internet because they provide a public service.  Example of public hosts: router, firewall, web server, mail server, name server, etc. Internal pentesting  As the name suggests, this type of hacking is executed from the customer’s internal network, from the point of view of a company employee, consultant, or business associate that has access to the corporate network. 17
  • 18. Cont.. since studies show that the majority of successful attacks come from inside the company. To cite an example, in a survey conducted on computer security to a group of businessmen in the UK, when they were asked “who the attackers are”, these figures were obtained: 25% external, 75% internal. 18
  • 19. HACKING MODALITIES  Depending on the information that the customer provides to the consultant, an ethical hacking service could be executed in one of three modes: o black-box o gray-box o white-box  The method chosen will affect the cost and duration of the penetration testing audit, since the lesser the information received, the greater the time in research invested by the auditor. 19
  • 20. Black box hacking  This mode is applicable to external testing only.  It is called so because the client only gives the name of the company to the consultant, so the auditor starts with no information, the infrastructure of the organization is a “black box”.  While this type of audit is considered more realistic, since the external attacker who chooses an X victim has no further information to start that the name of the organization that is going to attack, it is also true that it requires a greater investment of time and therefore the cost incurred is higher too. 20
  • 21. Gray box hacking This method is often used synonymously to refer to internal pentestings. Nevertheless, some auditors also called gray- box-hacking an external test in which the client provides limited information on public computers to be audited. Example: a list of data such as IP address and type/function of the equipment (router, web- server, firewall, etc.). 21
  • 22. White box hacking White-box hacking is also called transparent hacking. This method applies only to internal pentestings and is called this way because the client gives complete information to the auditor about its networks and systems.  This means, that besides providing a connection to the network and configuration information for the NIC, the consultant receives extensive information such as network diagrams, detailed equipment audit list including names, types, platforms, main services, IP addresses, information from remote subnets, etc.  Because the consultant avoids having to find out this information, this kind of hacking usually takes less time to execute and therefore also reduces costs. 22
  • 23. Additional hacking services There are additional services that can be included with an ethical hacking; among the popular ones are: • Social engineering • Wardialing • Wardriving • Stolen equipment simulation • Physical security 23
  • 24. Social engineering  Social engineering refers to the act of gathering information through the manipulation of people, it means that the hacker acquire confidential data using the well known fact that the weakest link in the chain of information security is the human component.  Examples of social engineering: sending fake emails with malicious attachments, calls to customer personnel pretending to be a technician from the ISP, visits to company premises pretending to be a customer in order to place a keystroke logger (keylogger), etc. 24
  • 25. Wardialing  Wardialing or war dialing is a technique to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for modems, computers, bulletin board systems and fax machines.  War dialing is a brute-force method of finding a back door into an organization's network. It is particularly effective against a perimeter defense.  Most organizations have telephone numbers that are within a specified range and begin with the same prefix. 25
  • 27. wardriving  The term wardriving is derived from its predecessor wardialing, but is applied to wireless networks.  The hacker strikes up a wireless war from the vicinity of the client/victim company, usually from his parked car with a laptop and a signal booster antenna.  Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet.  Warbiking, warcycling, warwalking and similar use the same approach but with other modes of transportation. 27
  • 28. Stolen equipment simulation  Here the objective is to verify if the organization has taken steps to safeguard the confidential information hosted on mobile devices that belong to key executives.  The auditor simulates a theft of the device and uses tools (HW/SW) and his expertise with the intention of extracting sensitive information.  Due to the sensitivity of the operation, we should always recommend to our customer to back up the devices prior to the audit. 28
  • 29. Physical security Audit  Although physical security is considered by many experts as an independent subject from ethical hacking, specialized companies can integrate it as part of the service.  This type of audit involves difficulties and risks that you must be aware with the aim of avoiding situations that endanger those involved. 29
  • 30. Simple steps that individuals can take to be more secure: – Keep your software up to date – Install antivirus software – Use public networks carefully – Backup your data – Secure your accounts with two-factor authentication – Make your passwords long, unique, and strong – Be suspicious of strange links and attachments 30
  • 31. Steps to secure your computer • Keep up with system and software security updates. • Enable a firewall. • Adjust your browser settings. • Install antivirus and anti spyware software. • Password protect your software and lock your device. • Encrypt your data. • Use a VPN. 31
  • 32. Tools for Information Security • Authentication • Access Control • Encryption • Passwords • Backup • Firewalls • Virtual Private Networks (VPN) • Physical Security • Security Policies 32
  • 33. 2. Denial of Service Attacks • Denial of Service Attack: an attack on a computer or network that prevents legitimate use of its resources. • In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. • DoS Attacks Affect: – Software Systems – Network Routers/Equipment/Servers – Servers and End-User PCs 33
  • 34. Classification of DoS Attacks Attack Affected Area Example Description Network Level Device Routers, IP Switches, Firewalls Ascend Kill II, “Christmas Tree Packets” Attack attempts to exhaust hardware resources using multiple duplicate packets or a software bug. OS Level Equipment Vendor OS, End-User Equipment. Ping of Death, ICMP Echo Attacks, Teardrop Attack takes advantage of the way operating systems implement protocols. Application Level Attacks Finger Bomb(The repeated at(@) character causes finger to consume excessive CPU and RAM resources) Finger Bomb, Windows NT RealServer G2 6.0 Attack a service or machine by using an application attack to exhaust resources. Data Flood (Amplification, Oscillation, Simple Flooding) Host computer or network Smurf Attack (amplifier attack) UDP Echo (oscillation attack) Attack in which massive quantities of data are sent to a target with the intention of using up bandwidth/processing resources. Protocol Feature Attacks Servers, Client PC, DNS Servers SYN (connection depletion) Attack in which “bugs” in protocol are utilized to take down network resources. Methods of attack include: IP address spoofing, and corrupting DNS server cache. Page 34
  • 35. Countermeasures for DoS Attacks Attack Countermeasure Options Example Description Network Level Device Software patches, packet filtering Ingress and Egress Filtering Software upgrades can fix known bugs and packet filtering can prevent attacking traffic from entering a network. OS Level SYN Cookies, drop backlog connections, shorten timeout time SYN Cookies Shortening the backlog time and dropping backlog connections will free up resources. SYN cookies proactively prevent attacks. Application Level Attacks Intrusion Detection System GuardDog, other vendors. Software used to detect illicit activity. Data Flood (Amplification, Oscillation, Simple Flooding) Replication and Load Balancing Akami/Digital Island provide content distribution. Extend the volume of content under attack makes it more complicated and harder for attackers to identify services to attack and accomplish complete attacks. Protocol Feature Attacks Extend protocols to support security. IETF standard for itrace, DNS SEC (Internet Engineering Task Force) Trace source/destination packets by a means other than the IP address (blocks against IP address spoofing). DNSSEC would provide authorization and authentication on DNS information. Page 35
  • 36. 3. Distributed Denial-of-service (DDoS)  A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.  DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic.  Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination. 36
  • 37. DDoS Architecture Client Client Handler Handler Handler Handler Agents 37
  • 38. Widely Used DDoS Programs • Trinoo • Tribe Flood Network • TFN2K • stacheldraht (barbed wire) 38
  • 39. 4. What is Buffer Overflow o A buffer is a temporary area for data storage. When more data (than was originally allocated to be stored) gets placed by a program or system process, the extra data overflows. o It causes some of that data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding. 39
  • 40. 40 Cont.. • A buffer overflow, or buffer overrun, is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer. • The result is that the extra data overwrites adjacent memory locations. • The overwritten data may include other buffers, variables and program flow data, and may result in erratic program behavior, a memory access exception, program termination (a crash), incorrect results or ― especially if deliberately caused by a malicious user ― a possible breach of system security. • Most common with C/C++ programs
  • 41. Buffer-overflow attack o In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions intended by a hacker or malicious user; for example, the data could trigger a response that damages files, changes data or unveils private information. o Attacker would use a buffer-overflow exploit to take advantage of a program that is waiting on a user’s input. 41
  • 42. Types of buffer overflows There are two types of buffer overflows: stack-based and heap-based. o Heap-based, which are difficult to execute and the least common of the two, attack an application by flooding the memory space reserved for a program. o Stack-based buffer overflows, which are more common among attackers, exploit applications and programs by using what is known as a stack: memory space used to store user input. 42
  • 43. 43 What is needed to understand Buffer Overflow • Understanding C functions and the stack. • Some familiarity with machine code. • Know how systems calls are made. • The exec() system call. • Attacker needs to know which CPU and OS are running on the target machine. – Our examples are for x86 running Linux. – Details vary slightly between CPU’s and OS: • Stack growth direction. • big endian vs. little endian.
  • 45. 45 Some unsafe C lib functions strcpy (char *dest, const char *src) strcat (char *dest, const char *src) gets (char *s) scanf ( const char *format, … ) sprintf (conts char *format, … )
  • 46. 46 Preventing Buffer Overflow Attacks • Use type safe languages (Java) • Use safe library functions • Static source code analysis • Non-executable stack • Run time checking • Address space layout randomization • Detection deviation of program behavior • Access control
  • 47. References Reference Text Books: 1. Karig, David and Ruby Lee. Remote Denial of Service Attacks and Countermeasures, Princeton University Department of Electrical Engineering Technical Report CE-L2001-002, October 2001. 2. C.Easttom, Computer Security Fundamentals, Prentice Hall, May 2005. 3. D. Russell and G.T. Gangemi, Computer Security Basics, OReilly& Associates, 1991. 4. M. Bishop, Computer Security: Art and Science, Addison-Wesley, 2002. 5. S. A. Thomas, SSL and TLS Essentials: Securing the Web, Wiley, 2000. 47