SlideShare a Scribd company logo

Isys20261 lecture 08

Download as PPT, PDF
Wiliam Ferraciolli
Wiliam Ferraciolli

This document discusses various OS-based attacks and password attacks that can be used by attackers once they have exploited vulnerabilities in operating systems or application software. It describes buffer overflows, stack smashing attacks, dangling and wild pointers, and different types of password attacks like guessing, dictionary attacks, and brute-force attacks. The document is divided into multiple pages and provides details on how these attacks work, including diagrams of call stacks and processes in memory.

1 of 19
Computer Security Management (ISYS20261) Lecture 8 - Network-based Attacks (3) Module Leader: Dr Xiaoqi Ma School of Science and Technology
Last week … • IP address spoofing • Man-in-the-middle attack • Denial-of-service attack (DoS) – SYN flooding – Smurf attack – Distributed Denial of Service attack (DDoS) Computer Security Management Page 2
Today ... • OS-based attacks • Buffer overflows • Stack smashing • Dangling and wild pointers • Password attacks Computer Security Management Page 3
OS-based attacks • Attackers often look for – Unpatched operating systems – Badly designed application software • Why? – known vulnerabilities can easily be exploited • Attacker can then steal, copy, or manipulate data • Once the OS and services running on the system have been identified the attacker can mount a number of attacks: – Stack smashing – Buffer overflows – Password attacks – Etc. Computer Security Management Page 4
Buffer overflows • Program tries to write data beyond the bounds of allocated memory • If not detected and managed by the program data is written in an unexpected location, causing unexpected results • Problems: – Often the program will abort – The overflow can cause data to be written to a memory-mapped file – Overflow can cause security problems through stack-smashing attacks • Example: // ... int *ptr; int idx=500; ptr = new int[500]; ptr[idx]=255; // ... Computer Security Management Page 5
Processes in memory Computer Security Management Page 6
Heap attacks • Buffer overflow occurs in the dynamically allocated data in the heap at runtime • Memory on the heap is dynamically allocated by the application at run-time and typically contains program data • Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures • Can be used for example to mount a denial-of-service attack Computer Security Management Page 7
Stacks • Stack: data structure that works on the last-in-first-out (LIFO) principle push pop 17 17 17 Storage for n 255 data 166 items 45 0 99 Computer Security Management Page 8
Stack overflow • Trying to push a data item onto a stack that is full: push 17 128 0 17 Storage for n 255 data 166 items 45 0 99 Computer Security Management Page 9
Stack underflow • Trying to pop a data item from an empty stack: push Storage for n data items Computer Security Management Page 10
Call stack (1) • Stores information about the active subroutines (functions) of a computer program • Keeps track of the point to which each active subroutine should return control when it finishes executing • Stores also local variables and parameters (arguments) • Implementation is machine dependent • Stores special data structures called stack frames or activation records Computer Security Management Page 11
Call stack (2) stack pointer local variables frame pointer return address stack frame for function n+1 parameters local variables return address stack frame for function n parameters Computer Security Management Page 12
Stack smashing attack • Tries to insert arbitrary code into the program to be executed • Attacker purposely overflows a stack to get access to forbidden regions of computer memory • Often used to redirect thread of control to shell, which can then be used to execute commands on the target system Computer Security Management Page 13
Dangling and wild pointers • Pointers that do not point to a valid object of the appropriate type • Dangling pointers arise when an object is deleted or deallocated, without modifying the value of the pointer, so that the pointer still points to the memory location of the deallocated memory • If system reallocate the previously freed memory to another process and the original program dereferences the dangling pointer, unpredictable behaviour may result, as the memory may now contain completely different data • Wild pointers arise when a pointer is used prior to initialisation to some known state • They show the same erratic behaviour as dangling pointers, though they are less likely to stay undetected Computer Security Management Page 14
Password attacks • Passwords are most common form of authentication of users to an OS • Password attacks are most common mode of attack against an OS • Often default passwords are unchanged: if known it is easy to break into system • Other methods – Guessing – Dictionary attack – Brute-force attack Computer Security Management Page 15
Password guessing • Passwords are sequences of symbols associated with a user name • Provide a mechanism for identification and authentication of a particular user • Unique and grant privileges only to the account's owner • If users can choose their own password sequences they tent to use sequences they can remember easily, e.g. pet names, birth places, etc. • Attacker can easily guess passwords! • Password policy: set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly Computer Security Management Page 16
Dictionary attack • Steal password file from the target machine • Parsing a word file (dictionary) • Encrypting or hashing that word (depending on the target system) • Comparing the result to the encrypted or hashed password from the victim machine • If the comparison matches: password found • Difficult if the correct algorithm is not known or if attacker has not access to the encrypted password file Computer Security Management Page 17
Brute-force attack • Similar to dictionary attack but uses all possible combinations of letters, numbers, and special characters • Computationally expensive • Unlikely to succeed unless password is very small Computer Security Management Page 18
Next week … … we will continue to look at web application attacks Computer Security Management Page 19

Recommended

Isys20261 lecture 03
Isys20261 lecture 03Isys20261 lecture 03
Isys20261 lecture 03
Wiliam Ferraciolli
 
Isys20261 lecture 09
Isys20261 lecture 09Isys20261 lecture 09
Isys20261 lecture 09
Wiliam Ferraciolli
 
Isys20261 lecture 06
Isys20261 lecture 06Isys20261 lecture 06
Isys20261 lecture 06
Wiliam Ferraciolli
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
Wiliam Ferraciolli
 
Lecture 5&6 corporate architecture
Lecture 5&6 corporate architectureLecture 5&6 corporate architecture
Lecture 5&6 corporate architecture
Wiliam Ferraciolli
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
InfluxEnterprise Architectural Patterns by Dean Sheehan, Senior Director, Pre...
InfluxEnterprise Architectural Patterns by Dean Sheehan, Senior Director, Pre...InfluxEnterprise Architectural Patterns by Dean Sheehan, Senior Director, Pre...
InfluxEnterprise Architectural Patterns by Dean Sheehan, Senior Director, Pre...
InfluxData
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
Raffael Marty
 

Recommended

Isys20261 lecture 03
Isys20261 lecture 03Isys20261 lecture 03
Isys20261 lecture 03
Wiliam Ferraciolli
 
Isys20261 lecture 09
Isys20261 lecture 09Isys20261 lecture 09
Isys20261 lecture 09
Wiliam Ferraciolli
 
Isys20261 lecture 06
Isys20261 lecture 06Isys20261 lecture 06
Isys20261 lecture 06
Wiliam Ferraciolli
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
Wiliam Ferraciolli
 
Lecture 5&6 corporate architecture
Lecture 5&6 corporate architectureLecture 5&6 corporate architecture
Lecture 5&6 corporate architecture
Wiliam Ferraciolli
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
InfluxEnterprise Architectural Patterns by Dean Sheehan, Senior Director, Pre...
InfluxEnterprise Architectural Patterns by Dean Sheehan, Senior Director, Pre...InfluxEnterprise Architectural Patterns by Dean Sheehan, Senior Director, Pre...
InfluxEnterprise Architectural Patterns by Dean Sheehan, Senior Director, Pre...
InfluxData
 
Workshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
Raffael Marty
 
All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!
Xavier Mertens
 
All your logs are belong to you!
All your logs are belong to you!All your logs are belong to you!
All your logs are belong to you!
Security BSides London
 
Windows XP operating system
Windows XP operating systemWindows XP operating system
Windows XP operating system
Himanshu Choudhary
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
Chris Sistrunk
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
Scott Carlson
 
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
RootedCON
 
Workshop - Linux Memory Analysis with Volatility
Workshop - Linux Memory Analysis with VolatilityWorkshop - Linux Memory Analysis with Volatility
Workshop - Linux Memory Analysis with Volatility
Andrew Case
 
InfluxEnterprise Architecture Patterns by Tim Hall & Sam Dillard
InfluxEnterprise Architecture Patterns by Tim Hall & Sam DillardInfluxEnterprise Architecture Patterns by Tim Hall & Sam Dillard
InfluxEnterprise Architecture Patterns by Tim Hall & Sam Dillard
InfluxData
 
Cyber Threat Ranking using READ
Cyber Threat Ranking using READCyber Threat Ranking using READ
Cyber Threat Ranking using READ
Zachary S. Brown
 
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLTransparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
 
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Michael Boman
 
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
Precisely
 
Advanced Windows Exploitation
Advanced Windows ExploitationAdvanced Windows Exploitation
Advanced Windows Exploitation
UTD Computer Security Group
 
Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out Session
Georg Knon
 
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesLarson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Scott K. Larson
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
Hacking - penetration tools
Hacking - penetration toolsHacking - penetration tools
Hacking - penetration tools
JenishChauhan4
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
Raffael Marty
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
Security architecture
Security architectureSecurity architecture
Security architecture
tjunicornfx
 
Lecture 12 monitoring the network
Lecture 12 monitoring the networkLecture 12 monitoring the network
Lecture 12 monitoring the network
Wiliam Ferraciolli
 
Lecture 11 managing the network
Lecture 11 managing the networkLecture 11 managing the network
Lecture 11 managing the network
Wiliam Ferraciolli
 

More Related Content

Similar to Isys20261 lecture 08

All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!
Xavier Mertens
 
All your logs are belong to you!
All your logs are belong to you!All your logs are belong to you!
All your logs are belong to you!
Security BSides London
 
Windows XP operating system
Windows XP operating systemWindows XP operating system
Windows XP operating system
Himanshu Choudhary
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
Chris Sistrunk
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
Scott Carlson
 
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
RootedCON
 
Workshop - Linux Memory Analysis with Volatility
Workshop - Linux Memory Analysis with VolatilityWorkshop - Linux Memory Analysis with Volatility
Workshop - Linux Memory Analysis with Volatility
Andrew Case
 
InfluxEnterprise Architecture Patterns by Tim Hall & Sam Dillard
InfluxEnterprise Architecture Patterns by Tim Hall & Sam DillardInfluxEnterprise Architecture Patterns by Tim Hall & Sam Dillard
InfluxEnterprise Architecture Patterns by Tim Hall & Sam Dillard
InfluxData
 
Cyber Threat Ranking using READ
Cyber Threat Ranking using READCyber Threat Ranking using READ
Cyber Threat Ranking using READ
Zachary S. Brown
 
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLTransparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQL
Masahiko Sawada
 
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Michael Boman
 
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
Precisely
 
Advanced Windows Exploitation
Advanced Windows ExploitationAdvanced Windows Exploitation
Advanced Windows Exploitation
UTD Computer Security Group
 
Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out Session
Georg Knon
 
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesLarson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Scott K. Larson
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
Hacking - penetration tools
Hacking - penetration toolsHacking - penetration tools
Hacking - penetration tools
JenishChauhan4
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
Raffael Marty
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
RootedCON
 
Security architecture
Security architectureSecurity architecture
Security architecture
tjunicornfx
 

Similar to Isys20261 lecture 08 (20)

All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!
 
All your logs are belong to you!
All your logs are belong to you!All your logs are belong to you!
All your logs are belong to you!
 
Windows XP operating system
Windows XP operating systemWindows XP operating system
Windows XP operating system
 
Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?Blackhat USA 2016 - What's the DFIRence for ICS?
Blackhat USA 2016 - What's the DFIRence for ICS?
 
You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011You Can't Correlate what you don't have - ArcSight Protect 2011
You Can't Correlate what you don't have - ArcSight Protect 2011
 
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
Sebastián Guerrero - Ke ase Android? [Rooted CON 2013]
 
Workshop - Linux Memory Analysis with Volatility
Workshop - Linux Memory Analysis with VolatilityWorkshop - Linux Memory Analysis with Volatility
Workshop - Linux Memory Analysis with Volatility
 
InfluxEnterprise Architecture Patterns by Tim Hall & Sam Dillard
InfluxEnterprise Architecture Patterns by Tim Hall & Sam DillardInfluxEnterprise Architecture Patterns by Tim Hall & Sam Dillard
InfluxEnterprise Architecture Patterns by Tim Hall & Sam Dillard
 
Cyber Threat Ranking using READ
Cyber Threat Ranking using READCyber Threat Ranking using READ
Cyber Threat Ranking using READ
 
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLTransparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQL
 
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
Blackhat USA 2011 - Cesar Cerrudo - Easy and quick vulnerability hunting in W...
 
Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i Why Disk Level Encryption is Not Enough for Your IBM i
Why Disk Level Encryption is Not Enough for Your IBM i
 
Advanced Windows Exploitation
Advanced Windows ExploitationAdvanced Windows Exploitation
Advanced Windows Exploitation
 
Getting Started with Splunk Break out Session
Getting Started with Splunk Break out SessionGetting Started with Splunk Break out Session
Getting Started with Splunk Break out Session
 
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniquesLarson Macaulay apt_malware_past_present_future_out_of_band_techniques
Larson Macaulay apt_malware_past_present_future_out_of_band_techniques
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Hacking - penetration tools
Hacking - penetration toolsHacking - penetration tools
Hacking - penetration tools
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
 
Security architecture
Security architectureSecurity architecture
Security architecture
 

More from Wiliam Ferraciolli

Lecture 12 monitoring the network
Lecture 12 monitoring the networkLecture 12 monitoring the network
Lecture 12 monitoring the network
Wiliam Ferraciolli
 
Lecture 11 managing the network
Lecture 11 managing the networkLecture 11 managing the network
Lecture 11 managing the network
Wiliam Ferraciolli
 
Lecture 10 the user experience
Lecture 10 the user experienceLecture 10 the user experience
Lecture 10 the user experience
Wiliam Ferraciolli
 
Lecture 10 the user experience (1)
Lecture 10 the user experience (1)Lecture 10 the user experience (1)
Lecture 10 the user experience (1)
Wiliam Ferraciolli
 
Lecture 9 further permissions
Lecture 9 further permissionsLecture 9 further permissions
Lecture 9 further permissions
Wiliam Ferraciolli
 
Lecture 8 permissions
Lecture 8 permissionsLecture 8 permissions
Lecture 8 permissions
Wiliam Ferraciolli
 
Lecture 7 naming and structuring objects
Lecture 7 naming and structuring objectsLecture 7 naming and structuring objects
Lecture 7 naming and structuring objects
Wiliam Ferraciolli
 
Lecture 4 client workstations
Lecture 4 client workstationsLecture 4 client workstations
Lecture 4 client workstations
Wiliam Ferraciolli
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and services
Wiliam Ferraciolli
 
Lecture 2 servers and services
Lecture 2 servers and servicesLecture 2 servers and services
Lecture 2 servers and services
Wiliam Ferraciolli
 
Lecture 1 introduction
Lecture 1 introductionLecture 1 introduction
Lecture 1 introduction
Wiliam Ferraciolli
 
Lecture 13, 14 & 15 c# cmd let programming and scripting
Lecture 13, 14 & 15 c# cmd let programming and scriptingLecture 13, 14 & 15 c# cmd let programming and scripting
Lecture 13, 14 & 15 c# cmd let programming and scripting
Wiliam Ferraciolli
 
Isys20261 lecture 14
Isys20261 lecture 14Isys20261 lecture 14
Isys20261 lecture 14
Wiliam Ferraciolli
 
Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12
Wiliam Ferraciolli
 
Isys20261 lecture 11
Isys20261 lecture 11Isys20261 lecture 11
Isys20261 lecture 11
Wiliam Ferraciolli
 
Isys20261 lecture 10
Isys20261 lecture 10Isys20261 lecture 10
Isys20261 lecture 10
Wiliam Ferraciolli
 
Isys20261 lecture 07
Isys20261 lecture 07Isys20261 lecture 07
Isys20261 lecture 07
Wiliam Ferraciolli
 
Isys20261 lecture 05
Isys20261 lecture 05Isys20261 lecture 05
Isys20261 lecture 05
Wiliam Ferraciolli
 
Isys20261 lecture 04
Isys20261 lecture 04Isys20261 lecture 04
Isys20261 lecture 04
Wiliam Ferraciolli
 
Isys20261 lecture 02
Isys20261 lecture 02Isys20261 lecture 02
Isys20261 lecture 02
Wiliam Ferraciolli
 

More from Wiliam Ferraciolli (20)

Lecture 12 monitoring the network
Lecture 12 monitoring the networkLecture 12 monitoring the network
Lecture 12 monitoring the network
 
Lecture 11 managing the network
Lecture 11 managing the networkLecture 11 managing the network
Lecture 11 managing the network
 
Lecture 10 the user experience
Lecture 10 the user experienceLecture 10 the user experience
Lecture 10 the user experience
 
Lecture 10 the user experience (1)
Lecture 10 the user experience (1)Lecture 10 the user experience (1)
Lecture 10 the user experience (1)
 
Lecture 9 further permissions
Lecture 9 further permissionsLecture 9 further permissions
Lecture 9 further permissions
 
Lecture 8 permissions
Lecture 8 permissionsLecture 8 permissions
Lecture 8 permissions
 
Lecture 7 naming and structuring objects
Lecture 7 naming and structuring objectsLecture 7 naming and structuring objects
Lecture 7 naming and structuring objects
 
Lecture 4 client workstations
Lecture 4 client workstationsLecture 4 client workstations
Lecture 4 client workstations
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and services
 
Lecture 2 servers and services
Lecture 2 servers and servicesLecture 2 servers and services
Lecture 2 servers and services
 
Lecture 1 introduction
Lecture 1 introductionLecture 1 introduction
Lecture 1 introduction
 
Lecture 13, 14 & 15 c# cmd let programming and scripting
Lecture 13, 14 & 15 c# cmd let programming and scriptingLecture 13, 14 & 15 c# cmd let programming and scripting
Lecture 13, 14 & 15 c# cmd let programming and scripting
 
Isys20261 lecture 14
Isys20261 lecture 14Isys20261 lecture 14
Isys20261 lecture 14
 
Isys20261 lecture 12
Isys20261 lecture 12Isys20261 lecture 12
Isys20261 lecture 12
 
Isys20261 lecture 11
Isys20261 lecture 11Isys20261 lecture 11
Isys20261 lecture 11
 
Isys20261 lecture 10
Isys20261 lecture 10Isys20261 lecture 10
Isys20261 lecture 10
 
Isys20261 lecture 07
Isys20261 lecture 07Isys20261 lecture 07
Isys20261 lecture 07
 
Isys20261 lecture 05
Isys20261 lecture 05Isys20261 lecture 05
Isys20261 lecture 05
 
Isys20261 lecture 04
Isys20261 lecture 04Isys20261 lecture 04
Isys20261 lecture 04
 
Isys20261 lecture 02
Isys20261 lecture 02Isys20261 lecture 02
Isys20261 lecture 02
 

Isys20261 lecture 08

  • 1. Computer Security Management (ISYS20261) Lecture 8 - Network-based Attacks (3) Module Leader: Dr Xiaoqi Ma School of Science and Technology
  • 2. Last week … • IP address spoofing • Man-in-the-middle attack • Denial-of-service attack (DoS) – SYN flooding – Smurf attack – Distributed Denial of Service attack (DDoS) Computer Security Management Page 2
  • 3. Today ... • OS-based attacks • Buffer overflows • Stack smashing • Dangling and wild pointers • Password attacks Computer Security Management Page 3
  • 4. OS-based attacks • Attackers often look for – Unpatched operating systems – Badly designed application software • Why? – known vulnerabilities can easily be exploited • Attacker can then steal, copy, or manipulate data • Once the OS and services running on the system have been identified the attacker can mount a number of attacks: – Stack smashing – Buffer overflows – Password attacks – Etc. Computer Security Management Page 4
  • 5. Buffer overflows • Program tries to write data beyond the bounds of allocated memory • If not detected and managed by the program data is written in an unexpected location, causing unexpected results • Problems: – Often the program will abort – The overflow can cause data to be written to a memory-mapped file – Overflow can cause security problems through stack-smashing attacks • Example: // ... int *ptr; int idx=500; ptr = new int[500]; ptr[idx]=255; // ... Computer Security Management Page 5
  • 6. Processes in memory Computer Security Management Page 6
  • 7. Heap attacks • Buffer overflow occurs in the dynamically allocated data in the heap at runtime • Memory on the heap is dynamically allocated by the application at run-time and typically contains program data • Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures • Can be used for example to mount a denial-of-service attack Computer Security Management Page 7
  • 8. Stacks • Stack: data structure that works on the last-in-first-out (LIFO) principle push pop 17 17 17 Storage for n 255 data 166 items 45 0 99 Computer Security Management Page 8
  • 9. Stack overflow • Trying to push a data item onto a stack that is full: push 17 128 0 17 Storage for n 255 data 166 items 45 0 99 Computer Security Management Page 9
  • 10. Stack underflow • Trying to pop a data item from an empty stack: push Storage for n data items Computer Security Management Page 10
  • 11. Call stack (1) • Stores information about the active subroutines (functions) of a computer program • Keeps track of the point to which each active subroutine should return control when it finishes executing • Stores also local variables and parameters (arguments) • Implementation is machine dependent • Stores special data structures called stack frames or activation records Computer Security Management Page 11
  • 12. Call stack (2) stack pointer local variables frame pointer return address stack frame for function n+1 parameters local variables return address stack frame for function n parameters Computer Security Management Page 12
  • 13. Stack smashing attack • Tries to insert arbitrary code into the program to be executed • Attacker purposely overflows a stack to get access to forbidden regions of computer memory • Often used to redirect thread of control to shell, which can then be used to execute commands on the target system Computer Security Management Page 13
  • 14. Dangling and wild pointers • Pointers that do not point to a valid object of the appropriate type • Dangling pointers arise when an object is deleted or deallocated, without modifying the value of the pointer, so that the pointer still points to the memory location of the deallocated memory • If system reallocate the previously freed memory to another process and the original program dereferences the dangling pointer, unpredictable behaviour may result, as the memory may now contain completely different data • Wild pointers arise when a pointer is used prior to initialisation to some known state • They show the same erratic behaviour as dangling pointers, though they are less likely to stay undetected Computer Security Management Page 14
  • 15. Password attacks • Passwords are most common form of authentication of users to an OS • Password attacks are most common mode of attack against an OS • Often default passwords are unchanged: if known it is easy to break into system • Other methods – Guessing – Dictionary attack – Brute-force attack Computer Security Management Page 15
  • 16. Password guessing • Passwords are sequences of symbols associated with a user name • Provide a mechanism for identification and authentication of a particular user • Unique and grant privileges only to the account's owner • If users can choose their own password sequences they tent to use sequences they can remember easily, e.g. pet names, birth places, etc. • Attacker can easily guess passwords! • Password policy: set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly Computer Security Management Page 16
  • 17. Dictionary attack • Steal password file from the target machine • Parsing a word file (dictionary) • Encrypting or hashing that word (depending on the target system) • Comparing the result to the encrypted or hashed password from the victim machine • If the comparison matches: password found • Difficult if the correct algorithm is not known or if attacker has not access to the encrypted password file Computer Security Management Page 17
  • 18. Brute-force attack • Similar to dictionary attack but uses all possible combinations of letters, numbers, and special characters • Computationally expensive • Unlikely to succeed unless password is very small Computer Security Management Page 18
  • 19. Next week … … we will continue to look at web application attacks Computer Security Management Page 19