SlideShare a Scribd company logo

Security Attacks.ppt

Download as PPT, PDF
Z
Zaheer720515

This document discusses different types of cyber attacks including passive attacks like eavesdropping and masquerading, active attacks like denial of service, and methods attackers use like spoofing, backdoors, brute force attacks, and dictionary attacks. It provides details on how each attack compromises security through unauthorized access, modification of data, denial of service, or repudiation.

Internet
1 of 33
 Types of Attacks  Passive Attacks  Active Attacks Attacks
Attacks
Passive Attacks
Masquerade 4 * These images are copied from the textbook (Cryptography and Network Security, by William Stallings). Masquerade takes place when one entity pretends to be an another entity.
Replay 5 Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
Modification of message 6 Means that some portion of a legitimate message is altered.
Denial of service 7 A denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service.
Anatomy of an attack  Attacker  Some one outside your network perimeter who is trying to break in  Regular user has an inside view, so overwhelming majority originate from inside  Collecting information  Probing the network  Launching an attack
Collecting information  XYZ is the user that wants to attack your network.  Question: Where to start?  In order to get it he has to do some investigative work about your network.  The first thing it can do is to run the “whois” query.  Live and authoritative
 Whois  Query to the interNIC.  It maintains the publicly accessible database of all registered domains  Can be searched with simple query “whois domainname”  “Whois pugc.edu.pk”
 The organizational domain name  The organizational location  The organization’s administrative contact  The phone no and fax number for the administrator  A valid subnet address within the organization
Organization domain name  It is important because anyone can use it to collect further information  Any host associated with this name will be an extra information  www.pugc.edu.pk  mail.pugc.eud.pk  Now this host will be used as keyword to use when forming future queries
Physical location  Knowing physical location of Organization  Might get temp job, offer his consulting services  Once he is in, he might be granted certain level of permission to resources  Might try to backdoor into network  Wants to do dumpster diving (Who, What, When, Where and Why )  Dump sensitive information in trash  Write passwords at temp places  Not separating trash from rest for recycling
Admin contact  Individual responsible for maintaining network.  This is very useful for physical hacking  For example, he calls as member of help desk and asks, “hey! You have asked me to check for your certain account, there is some problems, whats ur passwd”  Dangerous for such organizations who don’t have the tendency to change passwds frequently  Email is also a valid attack for this contact, for sending spoofed mail that contains some hostile code, if email is activated then ………
Valid subnet mask  Last information of whois is an ip address entry for domain.  Getting an ip address of same subnet, ensures that others will be at the same place  So ip spoofing attack can be send
Four Categories of Attacks  Access  Modification  Denial of Service  Repudiation
1. Access Attack  An access attack is an attempt to gain information that the attacker is unauthorized to see.  This attack can occur wherever the information resides or may exist during transmission.  This type of attack is an attack against the confidentiality of the information.  Examples:  Snooping  Eavesdropping  Interception
Cont…  Confidentiality can be compromised through:  Snooping  Snooping, in a security context, is unauthorized access to another person's or company's data  Not necessarily limited to gaining access to data during its transmission  Casual observance of an e-mail that appears on another's computer screen or watching what someone else is typing  Eavesdropping  Being invisible on a public channel can be considered eavesdropping  To gain unauthorized access to information, an attacker must position himself at a location where the information of interest is likely to pass by.
 Confidentiality can be compromised through:  Interception  Unlike eavesdropping, interception is an active attack against the information  When an attacker intercepts information, he is interesting himself in the path of information and capturing it before it reaches its destination  After examining the information, the attacker may allow the information to continue to its destination or not.
Modification Attacks  A modification attack is an attempt to modify information that an attacker is not authorized to modify.  This type of attack is an attack against the integrity of the information.  Integrity can be compromised through:  Changes  Insertion  Deletion
Denial of Service Attacks  DoS attacks are attacks that deny the use of resources to legitimate users of the system, information, or capabilities.
Dos methods  flooding a network, thereby preventing legitimate network traffic;  disrupting a server by sending more requests than it can possibly handle, thereby preventing access to a service;  preventing a particular individual from accessing a service;  disrupting service to a specific system or person.
Cont…  DoS attacks can be done against the:  Information  Applications  Systems  Communications
Repudiation Attacks  Repudiation is an attack against the accountability of the information.  Repudiation is an attempt to give false information or to deny that a real event or transaction should have occurred.  An example of this type of attack would be a user performing a prohibited operation in a system that lacks the ability to trace.
Back Doors  A backdoor is a method of bypassing normal authentication or encryption in a computer system  A hardware or software-based hidden entrance to a computer system that can be used to bypass the system's security policies.  Using a known or through newly discovered access mechanism, an attacker can gain access to a system or network resource through a backdoor.
Cont..  There are several ways that back doors can be placed on a computer:  Opening an infected e-mail attachment (they are often combined with viruses and worms)  Exploiting a vulnerable, unpatched software application or operating system service  Active FTP server on the computer (especially one that allows "anonymous" sessions)
Brute Force  Also known as exhaustive key search and password attack.  Try every possible combination of options of a password.
Determining the Difficulty of a Brute Force Attack  The difficulty of a brute force attack depends on several factors, such as:  How long can the key be?  How many possible values can each component of the key have?  How long will it take to attempt each key?  Is there a mechanism which will lock the attacker out after a number of failed attempts?
Dictionary  Another form of the brute force attack.  Dictionary attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords (the dictionary) with which to guess, instead of random combinations.
Spoofing  Is an attempt to gain access to a system by pretending as an authorized user.  By gaining the IP address of the trusted host and then modify the packet headers so that it appears that the packets are coming from that host.  IP spoofing  ARP spoofing  Email spoofing
IP Spoofing Inserting the IP address of an authorized user into the transmission of an unauthorized user in order to gain illegal access to a computer system. Routers and other firewall implementations can be programmed to identify this discrepancy
ARP Poisoning  The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. Generally, the aim is to associate the attacker's MAC address with the IP address of another node (such as the default gateway).  Any traffic meant for that IP address would be mistakenly sent to the attacker instead. The attacker could then choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack).  The attacker could also launch a Denial of Service attack against a victim by associating a nonexistent MAC address to the IP address of the victim's default gateway.
Email Spoofing  Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust. Example:  a spoofed email may pretend to be from a well-known shopping website, asking the recipient to provide sensitive data, such as a password or credit card number.

Recommended

Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
Dr Naim R Kidwai
 

Recommended

Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security Chapter 1 Introduction of Cryptography and Network security
Chapter 1 Introduction of Cryptography and Network security
Dr. Kapil Gupta
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
Vivek Gandhi
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
Dr Naim R Kidwai
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
DarshanPatil82
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
Pawan Arya
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
Rajapriya82
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
Sachin Darekar
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
IP Security
IP SecurityIP Security
IP Security
Dr.Florence Dayana
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric keyTriad Square InfoSec
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
Mohsin Ali
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
gangadhar9989166446
 
Intruders
IntrudersIntruders
Intruders
Dr.Florence Dayana
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
ahmad abdelhafeez
 
Topic1 substitution transposition-techniques
Topic1 substitution transposition-techniquesTopic1 substitution transposition-techniques
Topic1 substitution transposition-techniques
MdFazleRabbi18
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
Dr.Florence Dayana
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
Dr.Florence Dayana
 
Network security model.pptx
Network security model.pptxNetwork security model.pptx
Network security model.pptx
ssuserd24233
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
Prateek Singh Bapna
 
CNS unit -1.docx
CNS unit -1.docxCNS unit -1.docx
CNS unit -1.docx
Padamata Rameshbabu
 
Types of Cyber Security Attacks- Active & Passive Attak
Types of Cyber Security Attacks- Active & Passive AttakTypes of Cyber Security Attacks- Active & Passive Attak
Types of Cyber Security Attacks- Active & Passive Attak
Souma Maiti
 

More Related Content

What's hot

MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
DarshanPatil82
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
Pawan Arya
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
Rajapriya82
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
Niloy Biswas
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
Sachin Darekar
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
BharathiKrishna6
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
sarhadisoftengg
 
IP Security
IP SecurityIP Security
IP Security
Dr.Florence Dayana
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
Mohsin Ali
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
gangadhar9989166446
 
Intruders
IntrudersIntruders
Intruders
Dr.Florence Dayana
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
ahmad abdelhafeez
 
Topic1 substitution transposition-techniques
Topic1 substitution transposition-techniquesTopic1 substitution transposition-techniques
Topic1 substitution transposition-techniques
MdFazleRabbi18
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
Dr.Florence Dayana
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
Dr.Florence Dayana
 
Network security model.pptx
Network security model.pptxNetwork security model.pptx
Network security model.pptx
ssuserd24233
 
Operating system security
Operating system securityOperating system security
Operating system security
Ramesh Ogania
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
Prateek Singh Bapna
 

What's hot (20)

MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Cryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipherCryptography - Block cipher & stream cipher
Cryptography - Block cipher & stream cipher
 
Information security and Attacks
Information security and AttacksInformation security and Attacks
Information security and Attacks
 
Network security - OSI Security Architecture
Network security - OSI Security ArchitectureNetwork security - OSI Security Architecture
Network security - OSI Security Architecture
 
DES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentationDES (Data Encryption Standard) pressentation
DES (Data Encryption Standard) pressentation
 
IP Security
IP SecurityIP Security
IP Security
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
 
Intruders
IntrudersIntruders
Intruders
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
 
Topic1 substitution transposition-techniques
Topic1 substitution transposition-techniquesTopic1 substitution transposition-techniques
Topic1 substitution transposition-techniques
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Network security model.pptx
Network security model.pptxNetwork security model.pptx
Network security model.pptx
 
Operating system security
Operating system securityOperating system security
Operating system security
 
Internet Key Exchange Protocol
Internet Key Exchange ProtocolInternet Key Exchange Protocol
Internet Key Exchange Protocol
 

Similar to Security Attacks.ppt

CNS unit -1.docx
CNS unit -1.docxCNS unit -1.docx
CNS unit -1.docx
Padamata Rameshbabu
 
Types of Cyber Security Attacks- Active & Passive Attak
Types of Cyber Security Attacks- Active & Passive AttakTypes of Cyber Security Attacks- Active & Passive Attak
Types of Cyber Security Attacks- Active & Passive Attak
Souma Maiti
 
Computer security 7.pptx
Computer security 7.pptxComputer security 7.pptx
Computer security 7.pptx
Khappiyo
 
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaInformation Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons Bulgaria
New Horizons Bulgaria
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Nitesh Dubey
 
Network security
Network securityNetwork security
Network security
nafisarayhana1
 
Introduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinIntroduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam hussein
Eslam Hussein
 
why security is needed
why security is neededwhy security is needed
why security is neededsourov_das
 
Wireless Intrusion Techniques
Wireless Intrusion TechniquesWireless Intrusion Techniques
Wireless Intrusion Techniques
Cadis1
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz)
Komal Mehfooz
 
Security Threats
Security ThreatsSecurity Threats
Security Threats
Yasmeen Shaikh
 
Cyber security
Cyber security Cyber security
Cyber security
ankit yadav
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review
INFOGAIN PUBLICATION
 
The Maple County court is redesigning its network to ensure more secu.docx
The Maple County court is redesigning its network to ensure more secu.docx The Maple County court is redesigning its network to ensure more secu.docx
The Maple County court is redesigning its network to ensure more secu.docx
Komlin1
 
Impacts of spoofing- why it’s a serious cybersecurity concern
Impacts of spoofing- why it’s a serious cybersecurity concernImpacts of spoofing- why it’s a serious cybersecurity concern
Impacts of spoofing- why it’s a serious cybersecurity concern
deorwine infotech
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2
Education
 

Similar to Security Attacks.ppt (20)

CNS unit -1.docx
CNS unit -1.docxCNS unit -1.docx
CNS unit -1.docx
 
Types of Cyber Security Attacks- Active & Passive Attak
Types of Cyber Security Attacks- Active & Passive AttakTypes of Cyber Security Attacks- Active & Passive Attak
Types of Cyber Security Attacks- Active & Passive Attak
 
Computer security 7.pptx
Computer security 7.pptxComputer security 7.pptx
Computer security 7.pptx
 
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaInformation Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons Bulgaria
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Network security
Network securityNetwork security
Network security
 
Introduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam husseinIntroduction Ethical hacking by eslam hussein
Introduction Ethical hacking by eslam hussein
 
why security is needed
why security is neededwhy security is needed
why security is needed
 
Wireless Intrusion Techniques
Wireless Intrusion TechniquesWireless Intrusion Techniques
Wireless Intrusion Techniques
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz)
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Security Threats
Security ThreatsSecurity Threats
Security Threats
 
Cyber security
Cyber security Cyber security
Cyber security
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review
 
The Maple County court is redesigning its network to ensure more secu.docx
The Maple County court is redesigning its network to ensure more secu.docx The Maple County court is redesigning its network to ensure more secu.docx
The Maple County court is redesigning its network to ensure more secu.docx
 
Impacts of spoofing- why it’s a serious cybersecurity concern
Impacts of spoofing- why it’s a serious cybersecurity concernImpacts of spoofing- why it’s a serious cybersecurity concern
Impacts of spoofing- why it’s a serious cybersecurity concern
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2
 

Recently uploaded

Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
VivekSinghShekhawat2
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 

Recently uploaded (20)

Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 

Security Attacks.ppt

  • 1.  Types of Attacks  Passive Attacks  Active Attacks Attacks
  • 4. Masquerade 4 * These images are copied from the textbook (Cryptography and Network Security, by William Stallings). Masquerade takes place when one entity pretends to be an another entity.
  • 5. Replay 5 Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
  • 6. Modification of message 6 Means that some portion of a legitimate message is altered.
  • 7. Denial of service 7 A denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service.
  • 8. Anatomy of an attack  Attacker  Some one outside your network perimeter who is trying to break in  Regular user has an inside view, so overwhelming majority originate from inside  Collecting information  Probing the network  Launching an attack
  • 9. Collecting information  XYZ is the user that wants to attack your network.  Question: Where to start?  In order to get it he has to do some investigative work about your network.  The first thing it can do is to run the “whois” query.  Live and authoritative
  • 10.  Whois  Query to the interNIC.  It maintains the publicly accessible database of all registered domains  Can be searched with simple query “whois domainname”  “Whois pugc.edu.pk”
  • 11.  The organizational domain name  The organizational location  The organization’s administrative contact  The phone no and fax number for the administrator  A valid subnet address within the organization
  • 12. Organization domain name  It is important because anyone can use it to collect further information  Any host associated with this name will be an extra information  www.pugc.edu.pk  mail.pugc.eud.pk  Now this host will be used as keyword to use when forming future queries
  • 13. Physical location  Knowing physical location of Organization  Might get temp job, offer his consulting services  Once he is in, he might be granted certain level of permission to resources  Might try to backdoor into network  Wants to do dumpster diving (Who, What, When, Where and Why )  Dump sensitive information in trash  Write passwords at temp places  Not separating trash from rest for recycling
  • 14. Admin contact  Individual responsible for maintaining network.  This is very useful for physical hacking  For example, he calls as member of help desk and asks, “hey! You have asked me to check for your certain account, there is some problems, whats ur passwd”  Dangerous for such organizations who don’t have the tendency to change passwds frequently  Email is also a valid attack for this contact, for sending spoofed mail that contains some hostile code, if email is activated then ………
  • 15. Valid subnet mask  Last information of whois is an ip address entry for domain.  Getting an ip address of same subnet, ensures that others will be at the same place  So ip spoofing attack can be send
  • 16. Four Categories of Attacks  Access  Modification  Denial of Service  Repudiation
  • 17. 1. Access Attack  An access attack is an attempt to gain information that the attacker is unauthorized to see.  This attack can occur wherever the information resides or may exist during transmission.  This type of attack is an attack against the confidentiality of the information.  Examples:  Snooping  Eavesdropping  Interception
  • 18. Cont…  Confidentiality can be compromised through:  Snooping  Snooping, in a security context, is unauthorized access to another person's or company's data  Not necessarily limited to gaining access to data during its transmission  Casual observance of an e-mail that appears on another's computer screen or watching what someone else is typing  Eavesdropping  Being invisible on a public channel can be considered eavesdropping  To gain unauthorized access to information, an attacker must position himself at a location where the information of interest is likely to pass by.
  • 19.  Confidentiality can be compromised through:  Interception  Unlike eavesdropping, interception is an active attack against the information  When an attacker intercepts information, he is interesting himself in the path of information and capturing it before it reaches its destination  After examining the information, the attacker may allow the information to continue to its destination or not.
  • 20. Modification Attacks  A modification attack is an attempt to modify information that an attacker is not authorized to modify.  This type of attack is an attack against the integrity of the information.  Integrity can be compromised through:  Changes  Insertion  Deletion
  • 21. Denial of Service Attacks  DoS attacks are attacks that deny the use of resources to legitimate users of the system, information, or capabilities.
  • 22. Dos methods  flooding a network, thereby preventing legitimate network traffic;  disrupting a server by sending more requests than it can possibly handle, thereby preventing access to a service;  preventing a particular individual from accessing a service;  disrupting service to a specific system or person.
  • 23. Cont…  DoS attacks can be done against the:  Information  Applications  Systems  Communications
  • 24. Repudiation Attacks  Repudiation is an attack against the accountability of the information.  Repudiation is an attempt to give false information or to deny that a real event or transaction should have occurred.  An example of this type of attack would be a user performing a prohibited operation in a system that lacks the ability to trace.
  • 25. Back Doors  A backdoor is a method of bypassing normal authentication or encryption in a computer system  A hardware or software-based hidden entrance to a computer system that can be used to bypass the system's security policies.  Using a known or through newly discovered access mechanism, an attacker can gain access to a system or network resource through a backdoor.
  • 26. Cont..  There are several ways that back doors can be placed on a computer:  Opening an infected e-mail attachment (they are often combined with viruses and worms)  Exploiting a vulnerable, unpatched software application or operating system service  Active FTP server on the computer (especially one that allows "anonymous" sessions)
  • 27. Brute Force  Also known as exhaustive key search and password attack.  Try every possible combination of options of a password.
  • 28. Determining the Difficulty of a Brute Force Attack  The difficulty of a brute force attack depends on several factors, such as:  How long can the key be?  How many possible values can each component of the key have?  How long will it take to attempt each key?  Is there a mechanism which will lock the attacker out after a number of failed attempts?
  • 29. Dictionary  Another form of the brute force attack.  Dictionary attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords (the dictionary) with which to guess, instead of random combinations.
  • 30. Spoofing  Is an attempt to gain access to a system by pretending as an authorized user.  By gaining the IP address of the trusted host and then modify the packet headers so that it appears that the packets are coming from that host.  IP spoofing  ARP spoofing  Email spoofing
  • 31. IP Spoofing Inserting the IP address of an authorized user into the transmission of an unauthorized user in order to gain illegal access to a computer system. Routers and other firewall implementations can be programmed to identify this discrepancy
  • 32. ARP Poisoning  The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. Generally, the aim is to associate the attacker's MAC address with the IP address of another node (such as the default gateway).  Any traffic meant for that IP address would be mistakenly sent to the attacker instead. The attacker could then choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack).  The attacker could also launch a Denial of Service attack against a victim by associating a nonexistent MAC address to the IP address of the victim's default gateway.
  • 33. Email Spoofing  Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust. Example:  a spoofed email may pretend to be from a well-known shopping website, asking the recipient to provide sensitive data, such as a password or credit card number.

Editor's Notes

  1. A cyber attack is any type of offensive action that targets computer information systems, infrastructures, computer networks or personal computer devices, using various methods to steal, alter or destroy data or information systems.
  2. * Traffic analysis is enclosed in eavesdropping
  3. Masquerade (masking, disguise) A masquerade may be attempted through the use of stolen logon IDs and passwords (Keylogger) Weak authentication provides one of the easiest points of entry for a masquerade
  4. Technique that could be used to avoid a replay attack is by creating random session keys which are time bound and process bound. The other popular technique is to use one-time passwords for each request. This method of prevention is very often used for banking operations.
  5. An eavesdropping attack, also known as a sniffing or snooping attack, is a theft of information as it is transmitted over a network by a computer, smartphone, or another connected device. The attack takes advantage of unsecured network communications to access data as it is being sent or received by its user. Eavesdropping attacks can be prevented by using a personal firewall, keeping antivirus software updated, and using a virtual private network (VPN). Avoiding public Wi-Fi networks and adopting strong passwords are other ways to prevent eavesdropping attacks.