SlideShare a Scribd company logo

Internet worm-case-study

Download as PPTX, PDF
Ian Sommerville
Ian Sommerville

Describes one of the first cybersecurity incidents in 1988

Technology
1 of 14
Internet work case study., 2012 Slide 1 The Internet Worm – Compromising the availability and reliability of systems through security failure
Internet work case study., 2012 Slide 2 What happened • In November 1988, a program was deliberately released that spread itself throughout Digital VAX and Sun workstations across the Internet. It exploited security vulnerabilities in Unix systems. • In itself, the program did no damage but it’s replication and threat of damage caused extensive loss of system service and reduced system responsiveness in thousands of host computers. • This program has become known as the Internet Worm. • This was the first widely distributed Internet security threat.
Internet work case study., 2012 Slide 3 Terminology • A worm – This is a program that can autonomously spread itself across a network of computers. • A virus – This is a program that can spread itself across a network of computers by attaching itself to some other program or document. • A trapdoor – This is a vulnerability in a program that allows normal security controls to be bypassed.
Internet work case study., 2012 Slide 4 Consequences of the worm • Strange files appeared in systems that were infected. • Strange log messages appeared in certain programs. • Each infection caused a number of processes to be generated. As systems were constantly re-infected, the number of processes grew and systems became overloaded. • Some systems (1000s) were shut down because of the problems and because of the unknown threat of damage.
Internet work case study., 2012 Slide 5 Worm description • Program was made up of two parts – A main program that looked for other machines that might be infected and that tried to find ways of getting into these machines; – A vector program (99 lines of C) that was compiled and run on the infected machine and which then transferred the main program to continue the process of infection. • Security vulnerabilities – fingerd - an identity program in Unix that runs in the background; – sendmail - the principal mail distribution program; – Password cracking; – Trusted logins.
Internet work case study., 2012 Slide 6 fingerd • Written in C and runs continuously. • C does NOT have bound checking on arrays. fingerd expects an input string but the writer of the worm noticed that if a longer string than was allowed for was presented, this overwrote part of memory. • By designing a string that included machine instructions and that overwrote a return address, the worm could invoke a remote shell (a Unix facility) that allowed priviledged commands to be executed.
Internet work case study., 2012 Slide 7 sendmail • sendmail routes mail and the worm took advantage of a debug facility that was often left on and which allowed a set of commands to be issued to the sendmail program. • This allowed the worm to specify that information should be transferred to new hosts through the mail system without having to process normal mail messages.
Internet work case study., 2012 Slide 8 Password cracking • Unix passwords are encrypted and, in the encrypted form, are publicly available in /etc/passwd. • The worm encrypted lists of possible passwords and compared them with the password file to discover user passwords. • It used a list of about 400 common words that were known to be used as passwords. • It exploited fast versions of the encryption algorithm that were not envisaged when the Unix scheme was devised.
Internet work case study., 2012 Slide 9 Trusted logins • On Unix, tasks can be executed on remote machines. • To support this, there is the notion of a trusted login so that if a login command is issued to machine Z from user Y in machine X then Z assumes that X has carried out the authentication and that Y is trusted; no password is required. • The worm exploited this by looking for machines that might be trusted. It did this by examining files that listed machines trusted by the current machine and then assumed reciprocal trust.
Internet work case study., 2012 Slide 10 Killing the worm • The main effects of the worm were in the US and system managers worked for several days to devise ways of stopping the worm. • These involved devising modifications to the programs affected so that the worm could not propagate itself, distributing these changes, installing them then rebooting infected machines to remove worm processes. • The process took several days before the net was cleared of infection.
Internet work case study., 2012 Slide 11 What we learned • Security vulnerabilities result from flaws and these will always be with us. Problems can be fixed but new problems can arise with new versions of software. • Diversity is good - we need a heterogeneous not a homogeneous network. • Isolationism is not the answer - those sites that disconnected from the network were amongst the last to resume service.
Internet work case study., 2012 Slide 12 The perpetrator • The perpetrator was a student at Cornell University • He was discovered fairly quickly and charged. • His sentence was for a period of community service and a $10, 000 fine – This was relatively light as the major thrust of his defence was that the program explicitly did not cause deliberate damage and, in fact, he had tried (but failed) to ensure that too many processes would not be generated on host machines • Now a professor at MIT (not working in security)
Internet work case study., 2012 Slide 13 Warning • Students before and since this infection have been curious about security and have written experimental programs. Few of these students are wicked and many of them are very competent programmers. • However, the consequences of experiments that go wrong are now so great that network authorities do not distinguish between stupidity and malice. There are severe penalties for any experiments that compromise system security.
Internet work case study., 2012 Slide 14 Finding out more • Communications of the ACM, 32 (6), June 1989 has a number of articles on the Internet worm. • Computer-related Risks. P. G. Neumann, Addison Wesley 1995. A compendium of information about system failures that have compromised safety, security and reliability. • See Intranet web pages for links.

Recommended

Computer Worms
Computer WormsComputer Worms
Computer Worms
sadique_ghitm
 
Phishing Website Detection by Machine Learning Techniques Presentation.pdf
Phishing Website Detection by Machine Learning Techniques Presentation.pdfPhishing Website Detection by Machine Learning Techniques Presentation.pdf
Phishing Website Detection by Machine Learning Techniques Presentation.pdf
VaralakshmiKC
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Sam Bowne
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's types
Aakash Baloch
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
G Prachi
 
Zap vs burp
Zap vs burpZap vs burp
Zap vs burp
Tomasz Fajks
 

Recommended

Computer Worms
Computer WormsComputer Worms
Computer Worms
sadique_ghitm
 
Phishing Website Detection by Machine Learning Techniques Presentation.pdf
Phishing Website Detection by Machine Learning Techniques Presentation.pdfPhishing Website Detection by Machine Learning Techniques Presentation.pdf
Phishing Website Detection by Machine Learning Techniques Presentation.pdf
VaralakshmiKC
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Sam Bowne
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's types
Aakash Baloch
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
Sam Bowne
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
Sunny Neo
 
Malicious software and software security
Malicious software and software securityMalicious software and software security
Malicious software and software security
G Prachi
 
Zap vs burp
Zap vs burpZap vs burp
Zap vs burp
Tomasz Fajks
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Sanu Subham
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Vivek Mohbe
 
Snort
SnortSnort
Snort
Fadwa Gmiden
 
Program security
Program securityProgram security
Program security
G Prachi
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
Teymur Kheirkhabarov
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
What is malware
What is malwareWhat is malware
What is malwareMalcolm York
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensics
Sreekanth Narendran
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
securityxploded
 
QR code event attendence application system
QR code event attendence application systemQR code event attendence application system
QR code event attendence application system
amirshazmil
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
zero day exploits
zero day exploitszero day exploits
zero day exploitsAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Malware Detection using Machine Learning
Malware Detection using Machine Learning Malware Detection using Machine Learning
Malware Detection using Machine Learning
Cysinfo Cyber Security Community
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 
Internet worms definitions and strategies to avoid it.
Internet worms definitions and strategies to avoid it.Internet worms definitions and strategies to avoid it.
Internet worms definitions and strategies to avoid it.
SinisaSremac
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 

More Related Content

What's hot

01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Sanu Subham
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
Lionel Faleiro
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Vivek Mohbe
 
Snort
SnortSnort
Snort
Fadwa Gmiden
 
Program security
Program securityProgram security
Program security
G Prachi
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
Teymur Kheirkhabarov
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
IkramSabir4
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensics
Sreekanth Narendran
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
securityxploded
 
QR code event attendence application system
QR code event attendence application systemQR code event attendence application system
QR code event attendence application system
amirshazmil
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
Zoho Corporation
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Malware Detection using Machine Learning
Malware Detection using Machine Learning Malware Detection using Machine Learning
Malware Detection using Machine Learning
Cysinfo Cyber Security Community
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
 

What's hot (20)

01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Snort
SnortSnort
Snort
 
Program security
Program securityProgram security
Program security
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
 
Malware
MalwareMalware
Malware
 
What is malware
What is malwareWhat is malware
What is malware
 
Ransomware Attack.pptx
Ransomware Attack.pptxRansomware Attack.pptx
Ransomware Attack.pptx
 
Network Miner Network forensics
Network Miner Network forensicsNetwork Miner Network forensics
Network Miner Network forensics
 
Basic malware analysis
Basic malware analysisBasic malware analysis
Basic malware analysis
 
QR code event attendence application system
QR code event attendence application systemQR code event attendence application system
QR code event attendence application system
 
WannaCry Ransomware
WannaCry Ransomware WannaCry Ransomware
WannaCry Ransomware
 
User authentication
User authenticationUser authentication
User authentication
 
zero day exploits
zero day exploitszero day exploits
zero day exploits
 
Malware Detection using Machine Learning
Malware Detection using Machine Learning Malware Detection using Machine Learning
Malware Detection using Machine Learning
 
Introduction to Malware Analysis
Introduction to Malware AnalysisIntroduction to Malware Analysis
Introduction to Malware Analysis
 

Similar to Internet worm-case-study

Internet worms definitions and strategies to avoid it.
Internet worms definitions and strategies to avoid it.Internet worms definitions and strategies to avoid it.
Internet worms definitions and strategies to avoid it.
SinisaSremac
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpur
Mohsin Dahar
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
Yury Chemerkin
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
Setia Juli Irzal Ismail
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
Pruthvi Monarch
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security Issues
Pace IT at Edmonds Community College
 
Enchaning system effiency through process scanning
Enchaning system effiency through process scanningEnchaning system effiency through process scanning
Enchaning system effiency through process scanning
sai kiran
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applications
eightbit
 
Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)
TzahiArabov
 
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptxU11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
14941
 
Application security
Application securityApplication security
Application security
Hagar Alaa el-din
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
GooglePay16
 
Fight fire with fire draft
Fight fire with fire draftFight fire with fire draft
Fight fire with fire draft
Nishant Agrawal
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
Nikhil Mittal
 

Similar to Internet worm-case-study (20)

Internet worms definitions and strategies to avoid it.
Internet worms definitions and strategies to avoid it.Internet worms definitions and strategies to avoid it.
Internet worms definitions and strategies to avoid it.
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpur
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
 
Advanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security ManagementAdvanced Persistent Threats (APTs) - Information Security Management
Advanced Persistent Threats (APTs) - Information Security Management
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch Virus and its CounterMeasures -- Pruthvi Monarch
Virus and its CounterMeasures -- Pruthvi Monarch
 
PACE-IT: Common Network Security Issues
PACE-IT: Common Network Security IssuesPACE-IT: Common Network Security Issues
PACE-IT: Common Network Security Issues
 
Enchaning system effiency through process scanning
Enchaning system effiency through process scanningEnchaning system effiency through process scanning
Enchaning system effiency through process scanning
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
AusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS ApplicationsAusCERT - Developing Secure iOS Applications
AusCERT - Developing Secure iOS Applications
 
Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)Software Supply Chain Attacks (June 2021)
Software Supply Chain Attacks (June 2021)
 
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptxU11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
U11..All.Past papers.TaskA.Activity1.RiskAssessment.pptx
 
Application security
Application securityApplication security
Application security
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
Fight fire with fire draft
Fight fire with fire draftFight fire with fire draft
Fight fire with fire draft
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 

More from Ian Sommerville

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
Ian Sommerville
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
Ian Sommerville
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
Ian Sommerville
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
Ian Sommerville
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
Ian Sommerville
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITS
Ian Sommerville
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
Ian Sommerville
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
Ian Sommerville
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
Ian Sommerville
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
Ian Sommerville
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflowIan Sommerville
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureIan Sommerville
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterIan Sommerville
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1Ian Sommerville
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2Ian Sommerville
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureIan Sommerville
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachIan Sommerville
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsIan Sommerville
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013Ian Sommerville
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013Ian Sommerville
 

More from Ian Sommerville (20)

Ultra Large Scale Systems
Ultra Large Scale SystemsUltra Large Scale Systems
Ultra Large Scale Systems
 
Resp modellingintro
Resp modellingintroResp modellingintro
Resp modellingintro
 
Resilience and recovery
Resilience and recoveryResilience and recovery
Resilience and recovery
 
LSCITS-engineering
LSCITS-engineeringLSCITS-engineering
LSCITS-engineering
 
Requirements reality
Requirements realityRequirements reality
Requirements reality
 
Dependability requirements for LSCITS
Dependability requirements for LSCITSDependability requirements for LSCITS
Dependability requirements for LSCITS
 
Conceptual systems design
Conceptual systems designConceptual systems design
Conceptual systems design
 
Requirements Engineering for LSCITS
Requirements Engineering for LSCITSRequirements Engineering for LSCITS
Requirements Engineering for LSCITS
 
An introduction to LSCITS
An introduction to LSCITSAn introduction to LSCITS
An introduction to LSCITS
 
Designing software for a million users
Designing software for a million usersDesigning software for a million users
Designing software for a million users
 
Security case buffer overflow
Security case buffer overflowSecurity case buffer overflow
Security case buffer overflow
 
CS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failureCS5032 Case study Ariane 5 launcher failure
CS5032 Case study Ariane 5 launcher failure
 
CS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disasterCS5032 Case study Kegworth air disaster
CS5032 Case study Kegworth air disaster
 
CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1CS5032 L19 cybersecurity 1
CS5032 L19 cybersecurity 1
 
CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2CS5032 L20 cybersecurity 2
CS5032 L20 cybersecurity 2
 
L17 CS5032 critical infrastructure
L17 CS5032 critical infrastructureL17 CS5032 critical infrastructure
L17 CS5032 critical infrastructure
 
CS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breachCS5032 Case study Maroochy water breach
CS5032 Case study Maroochy water breach
 
CS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systemsCS 5032 L18 Critical infrastructure 2: SCADA systems
CS 5032 L18 Critical infrastructure 2: SCADA systems
 
CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013CS5032 L9 security engineering 1 2013
CS5032 L9 security engineering 1 2013
 
CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013CS5032 L10 security engineering 2 2013
CS5032 L10 security engineering 2 2013
 

Recently uploaded

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 

Internet worm-case-study

  • 1. Internet work case study., 2012 Slide 1 The Internet Worm – Compromising the availability and reliability of systems through security failure
  • 2. Internet work case study., 2012 Slide 2 What happened • In November 1988, a program was deliberately released that spread itself throughout Digital VAX and Sun workstations across the Internet. It exploited security vulnerabilities in Unix systems. • In itself, the program did no damage but it’s replication and threat of damage caused extensive loss of system service and reduced system responsiveness in thousands of host computers. • This program has become known as the Internet Worm. • This was the first widely distributed Internet security threat.
  • 3. Internet work case study., 2012 Slide 3 Terminology • A worm – This is a program that can autonomously spread itself across a network of computers. • A virus – This is a program that can spread itself across a network of computers by attaching itself to some other program or document. • A trapdoor – This is a vulnerability in a program that allows normal security controls to be bypassed.
  • 4. Internet work case study., 2012 Slide 4 Consequences of the worm • Strange files appeared in systems that were infected. • Strange log messages appeared in certain programs. • Each infection caused a number of processes to be generated. As systems were constantly re-infected, the number of processes grew and systems became overloaded. • Some systems (1000s) were shut down because of the problems and because of the unknown threat of damage.
  • 5. Internet work case study., 2012 Slide 5 Worm description • Program was made up of two parts – A main program that looked for other machines that might be infected and that tried to find ways of getting into these machines; – A vector program (99 lines of C) that was compiled and run on the infected machine and which then transferred the main program to continue the process of infection. • Security vulnerabilities – fingerd - an identity program in Unix that runs in the background; – sendmail - the principal mail distribution program; – Password cracking; – Trusted logins.
  • 6. Internet work case study., 2012 Slide 6 fingerd • Written in C and runs continuously. • C does NOT have bound checking on arrays. fingerd expects an input string but the writer of the worm noticed that if a longer string than was allowed for was presented, this overwrote part of memory. • By designing a string that included machine instructions and that overwrote a return address, the worm could invoke a remote shell (a Unix facility) that allowed priviledged commands to be executed.
  • 7. Internet work case study., 2012 Slide 7 sendmail • sendmail routes mail and the worm took advantage of a debug facility that was often left on and which allowed a set of commands to be issued to the sendmail program. • This allowed the worm to specify that information should be transferred to new hosts through the mail system without having to process normal mail messages.
  • 8. Internet work case study., 2012 Slide 8 Password cracking • Unix passwords are encrypted and, in the encrypted form, are publicly available in /etc/passwd. • The worm encrypted lists of possible passwords and compared them with the password file to discover user passwords. • It used a list of about 400 common words that were known to be used as passwords. • It exploited fast versions of the encryption algorithm that were not envisaged when the Unix scheme was devised.
  • 9. Internet work case study., 2012 Slide 9 Trusted logins • On Unix, tasks can be executed on remote machines. • To support this, there is the notion of a trusted login so that if a login command is issued to machine Z from user Y in machine X then Z assumes that X has carried out the authentication and that Y is trusted; no password is required. • The worm exploited this by looking for machines that might be trusted. It did this by examining files that listed machines trusted by the current machine and then assumed reciprocal trust.
  • 10. Internet work case study., 2012 Slide 10 Killing the worm • The main effects of the worm were in the US and system managers worked for several days to devise ways of stopping the worm. • These involved devising modifications to the programs affected so that the worm could not propagate itself, distributing these changes, installing them then rebooting infected machines to remove worm processes. • The process took several days before the net was cleared of infection.
  • 11. Internet work case study., 2012 Slide 11 What we learned • Security vulnerabilities result from flaws and these will always be with us. Problems can be fixed but new problems can arise with new versions of software. • Diversity is good - we need a heterogeneous not a homogeneous network. • Isolationism is not the answer - those sites that disconnected from the network were amongst the last to resume service.
  • 12. Internet work case study., 2012 Slide 12 The perpetrator • The perpetrator was a student at Cornell University • He was discovered fairly quickly and charged. • His sentence was for a period of community service and a $10, 000 fine – This was relatively light as the major thrust of his defence was that the program explicitly did not cause deliberate damage and, in fact, he had tried (but failed) to ensure that too many processes would not be generated on host machines • Now a professor at MIT (not working in security)
  • 13. Internet work case study., 2012 Slide 13 Warning • Students before and since this infection have been curious about security and have written experimental programs. Few of these students are wicked and many of them are very competent programmers. • However, the consequences of experiments that go wrong are now so great that network authorities do not distinguish between stupidity and malice. There are severe penalties for any experiments that compromise system security.
  • 14. Internet work case study., 2012 Slide 14 Finding out more • Communications of the ACM, 32 (6), June 1989 has a number of articles on the Internet worm. • Computer-related Risks. P. G. Neumann, Addison Wesley 1995. A compendium of information about system failures that have compromised safety, security and reliability. • See Intranet web pages for links.