security attacks
DESCRIPTION
Security Attacks. Objectives. Identify attacker profiles Describe basic attacks Describe identity attacks Identify denial of service attacks Define malicious code (malware). Attacker Profiles. Understanding Basic Attacks. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/1.jpg)
cs490ns - cotter 1
Security Attacks
![Page 2: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/2.jpg)
cs490ns - cotter 2
Objectives
• Identify attacker profiles
• Describe basic attacks
• Describe identity attacks
• Identify denial of service attacks
• Define malicious code (malware)
![Page 3: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/3.jpg)
cs490ns - cotter 3
Attacker Profiles
Attacker Skill Level Motivation
Hacker High Improve Security
Cracker High Harm Systems
Script Kiddie Low Gain Recognition
Spy High Earn Money
Employee Varies Varies
Cyberterrorist High Support Ideology
![Page 4: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/4.jpg)
cs490ns - cotter 4
• Today, the global computing infrastructure is most likely target of attacks
• Basic Attacks– Physical Attacks– Social Engineering– Password Attacks– Weak Cryptographic Keys– Mathematical Attacks– Birthday Attacks
Understanding Basic Attacks
![Page 5: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/5.jpg)
cs490ns - cotter 5
Environmental Attacks
• Electricity. Computing equipment requires electricity to function; hence, it is vital that such equipment has a steady uninterrupted power supply.
• Temperature. Computer chips have a natural operating temperature and exceeding that temperature significantly can severely damage them.
• Limited conductance. Because computing equipment is electronic, it relies on there being limited conductance in its environment. If random parts of a computer are connected electronically, then that equipment could be damaged by a short circuit (e.g., in a flood).
5
![Page 6: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/6.jpg)
cs490ns - cotter 6
Eavesdropping
• Eavesdropping is the process of secretly listening in on another person’s conversation.
• Protection of sensitive information must go beyond computer security and extend to the environment in which this information is entered and read.
• Simple eavesdropping techniques include – Using social engineering to allow the attacker to read information over the
victim’s shoulder
– Installing small cameras to capture the information as it is being read
– Using binoculars to view a victim’s monitor through an open window.
• These direct observation techniques are commonly referred to as shoulder surfing.
6
![Page 7: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/7.jpg)
cs490ns - cotter 7
Wiretapping• Many communication networks employ the use of inexpensive coaxial
copper cables, where information is transmitted via electrical impulses that travel through the cables.
• Relatively inexpensive means exist that measure these impulses and can reconstruct the data being transferred through a tapped cable, allowing an attacker to eavesdrop on network traffic.
• These wiretapping attacks are passive, in that there is no alteration of the signal being transferred, making them extremely difficult to detect.
7
![Page 8: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/8.jpg)
cs490ns - cotter 8
Signal Eminations
• Computer screens emit radio frequencies that can be used to detect what is being displayed.
• Visible light reflections can also be used to reconstruct a display from its reflection on a wall, coffee mug, or eyeglasses.
• Both of these require the attacker to have a receiver close enough to detect the signal.
8
![Page 9: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/9.jpg)
cs490ns - cotter 9
Acoustic Emissions
9
• Dmitri Asonov and Rakesh Agrawal published a paper in 2004 detailing how an attacker could use an audio recording of a user typing on a keyboard to reconstruct what was typed.
microphone to capture keystrokesounds
sound recordingdevice
– Each keystroke has minute differences in the sound it produces, and certain keys are known to be pressed more often than others.
– After training an advanced neural network to recognize individual keys, their software recognized an average 79% of all keystrokes.
![Page 10: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/10.jpg)
cs490ns - cotter 10
Hardware Keyloggers
• A keylogger is any means of recording a victim’s keystrokes, typically used to eavesdrop passwords or other sensitive information.
• Hardware keyloggers are typically small connectors that are installed between a keyboard and a computer.
• For example, a USB keylogger is a device containing male and female USB connectors, which allow it to be placed between a USB port on a computer and a USB cable coming from a keyboard.
10
USB Keylogger
![Page 11: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/11.jpg)
cs490ns - cotter 11
TEMPEST
• TEMPEST is a U.S. government code word for a set of standards for limiting information-carrying electromagnetic emanations from computing equipment.
• TEMPEST establishes three zones or levels of protection:1. An attacker has almost direct contact with the equipment, such
as in an adjacent room or within a meter of the device in the same room.
2. An attacker can get no closer than 20 meters to the equipment or is blocked by a building to have an equivalent amount of attenuation.
3. An attacker can get no closer than 100 meters to the equipment or is blocked by a building to have an equivalent amount of attenuation.
11
![Page 12: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/12.jpg)
cs490ns - cotter 12
Emanation Blockage
• To block visible light emanations, we can enclose sensitive equipment in a windowless room.
• To block acoustic emanations, we can enclose sensitive equipment in a room lined with sound-dampening materials.
• To block electromagnetic emanations in the electrical cords and cables, we can make sure every such cord and cable is well grounded and insulated.
12
![Page 13: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/13.jpg)
cs490ns - cotter 13
Faraday Cages
• To block electromagnetic emanations in the air, we can surround sensitive equipment with metallic conductive shielding or a mesh of such material, where the holes in the mesh are smaller than the wavelengths of the electromagnetic radiation we wish to block.
• Such an enclosure is known as a Faraday cage.
13
![Page 14: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/14.jpg)
cs490ns - cotter 14
• Not limited to telephone calls or dated credentials • Dumpster diving: digging through trash receptacles to
find computer manuals, printouts, or password lists that have been thrown away
• Phishing: sending people electronic requests for information that appear to come from a valid source. Now includes social networking sites (Facebook, Twitter, etc.)– Often generated by organized attackers. In 2009, ¼ of all
phishing believed to be done by “Avalanche”.
Social Engineering
![Page 15: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/15.jpg)
cs490ns - cotter 15
Social Engineering
• Unauthorized access to offices– Proper preparation.– Fake credentials– “Tailgating”– Build Relationships (cookies & chocolate)– USB Drops– Reflections off of nearby objects
![Page 16: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/16.jpg)
cs490ns - cotter 16
• Develop strong instructions or company policies regarding:– When passwords are given out– Who can enter the premises– What to do when asked questions by another
employee that may reveal protected information
• Educate all employees about the policies and ensure that these policies are followed
Social Engineering (soln.)
![Page 17: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/17.jpg)
cs490ns - cotter 17
How a password is stored?
Password fileUser
Butch:ASDSA 21QW3R50E ERWWER323 … …
hash function
Dog124
![Page 18: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/18.jpg)
cs490ns - cotter 1818
Strong Passwords• What is a strong password
– UPPER/lower case characters– Special characters– Numbers
• When is a password strong?– Seattle1– M1ke03– P@$$w0rd– TD2k5secV
![Page 19: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/19.jpg)
cs490ns - cotter 19
Password Complexity• A fixed 6 symbols password:
– Numbers 106 = 1,000,000
– UPPER or lower case characters 266 = 308,915,776
– UPPER and lower case characters 526 = 19,770,609,664
– 32 special characters (&, %, $, @, “, |, ^, }, etc.)326 = 1,073,741,824
• 94 practical symbols available– 946 = 689,869,781,056
• ASCII standard 7 bit 27 =128 symbols– 1286 = 4,398,046,511,104
19
Odd characters make passwords safer
![Page 20: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/20.jpg)
cs490ns - cotter 2020
Password Length• 26 UPPER/lower case characters = 52 characters• 10 numbers• 32 special characters • => 94 characters available • 5 characters: 945 = 7,339,040,224• 6 characters: 946 = 689,869,781,056• 7 characters: 947 = 64,847,759,419,264• 8 characters: 948 = 6,095,689,385,410,816• 9 characters: 949 = 572,994,802,228,616,704
Longer passwords are better
![Page 21: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/21.jpg)
cs490ns - cotter 2121
Password Validity: Brute Force Test
• Password does not change for 60 days• how many passwords should I try for each second?
– 5 characters: 1,415 PW /sec– 6 characters: 133,076 PW /sec– 7 characters: 12,509,214 PW /sec– 8 characters: 1,175,866,008 PW /sec– 9 characters: 110,531,404,750 PW /sec
![Page 22: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/22.jpg)
cs490ns - cotter 22
Secure Passwords• A strong password includes characters from at
least three of the following groups:
• Use pass phrases eg. "I re@lly want to buy 11 Dogs!"
22
![Page 23: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/23.jpg)
cs490ns - cotter 23
• Software exploitation: takes advantage of any weakness in software to bypass security requiring a password– Buffer overflow: occurs when a computer program
attempts to stuff more data into a temporary storage area than it can hold
Bypass Password
![Page 24: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/24.jpg)
cs490ns - cotter 24
• Science of transforming information so it is secure while being transmitted or stored
• Does not attempt to hide existence of data; “scrambles” data so it cannot be viewed by unauthorized users
• Encryption: changing the original text to a secret message using cryptography
• Success of cryptography depends on the process used to encrypt and decrypt messages
• Process is based on algorithms
Cryptography
![Page 25: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/25.jpg)
cs490ns - cotter 25
• Algorithm is given a key that it uses to encrypt the message
• Any mathematical key that creates a detectable pattern or structure (weak keys) provides an attacker with valuable information to break the encryption
Weak Keys
![Page 26: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/26.jpg)
cs490ns - cotter 26
• Cryptanalysis: process of attempting to break an encrypted message
• Mathematical attack: analyzes characters in an encrypted text to discover the keys and decrypt the data
Mathematical Attacks
![Page 27: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/27.jpg)
cs490ns - cotter 27
• Birthday paradox:– When you meet someone for the first time, you
have a 1 in 365 chance (0.027%) that he has the same birthday as you
– If you meet 60 people, the probability leaps to over 99% that you will share the same birthday with one of these people
• Birthday attack: attack on a cryptographical system that exploits the mathematics underlying the birthday paradox
Birthday Attacks
![Page 28: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/28.jpg)
cs490ns - cotter 28
• Category of attacks in which the attacker attempts to assume the identity of a valid user– Man-in-the-middle– Replay
Examining Identity Attacks
![Page 29: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/29.jpg)
cs490ns - cotter 29
• Make it seem that two computers are communicating with each other, when actually they are sending and receiving data with a computer between them
• Can be active or passive:– Passive attack: attacker captures sensitive data
being transmitted and sends it to the original recipient without his presence being detected
– Active attack: contents of the message are intercepted and altered before being sent on
Man-in-the-Middle Attacks
![Page 30: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/30.jpg)
cs490ns - cotter 30
• Similar to an active man-in-the-middle attack• Whereas an active man-in-the-middle attack
changes the contents of a message before sending it on, a replay attack only captures the message and then sends it again later
• Takes advantage of communications between a network device and a file server
Replay
![Page 31: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/31.jpg)
cs490ns - cotter 31
TCP/IP Hijacking
• With wired networks, TCP/IP hijacking uses spoofing, which is the act of pretending to be the legitimate owner
• One particular type of spoofing is Address Resolution Protocol (ARP) spoofing
• Computers on a network keep a table that links an IP address with the corresponding MAC address
• In ARP spoofing, a hacker changes the table so packets are redirected to his computer
![Page 32: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/32.jpg)
cs490ns - cotter 32
Identifying Denial of Service Attacks
• Denial of service (DoS) attack attempts to make a server or other network device unavailable by flooding it with requests
• After a short time, the server runs out of resources and can no longer function
• SYN attack – Exploits the SYN/ACK “handshake”
![Page 33: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/33.jpg)
cs490ns - cotter 33
Identifying Denial of Service Attacks (cont)
• Another DoS attack tricks computers into responding to a false request
• An attacker can send a request to all computers on the network making it appear a server is asking for a response
• Each computer then responds to the server, overwhelming it, and causing the server to crash or be unavailable to legitimate users
![Page 34: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/34.jpg)
cs490ns - cotter 34
Identifying Denial of Service Attacks (cont)
![Page 35: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/35.jpg)
cs490ns - cotter 35
Identifying Denial of Service Attacks (cont)
• Distributed denial-of-service (DDoS) attack:– Instead of using one computer, a DDoS may use
hundreds or thousands of computers – DDoS works in stages
![Page 36: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/36.jpg)
cs490ns - cotter 36
Understanding Malicious Code (Malware)
• Consists of computer programs designed to break into computers or to create havoc on computers
• Most common types:– Viruses– Worms– Logic bombs– Trojan horses– Back doors
![Page 37: Security Attacks](https://reader035.vdocument.in/reader035/viewer/2022062422/56813648550346895d9dc766/html5/thumbnails/37.jpg)
cs490ns - cotter 37
Summary
• Attackers– Hacker– Cracker– Script Kiddie– Spy– Employee– Cyberterrorist
• Attacks– Physical Attacks– Password Guessing– Cryptography– Identity Attacks– DoS Attacks– Malware