1 / 46

Attacks and

Attacks and. Vulnerabilities. Ilya Chalyt Nicholas Egebo. March 7 2005. Topics of Discussion. Reconnaissance Gain information about a system Vulnerabilities Attributes of a system that can be maliciously exploited Attacks Procedures to exploit vulnerabilities. Reference 1.

ipo
Télécharger la présentation

Attacks and

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Attacks and Vulnerabilities Ilya Chalyt Nicholas Egebo March 7 2005

  2. Topics of Discussion • Reconnaissance Gain information about a system • Vulnerabilities Attributes of a system that can be maliciously exploited • Attacks Procedures to exploit vulnerabilities Reference 1

  3. Topics of Discussion Reconnaissance • War Dialing • War Driving • Port Scanning • Probing • Packet Sniffing

  4. Method Dial a range of phone numbers searching for modem Motivation Locate potential targets Detection Detection impossible outside of the telephony infrastructure Defense Disconnect unessential modems from outgoing phone lines War Dialing (Reconnaissance) Reference 2

  5. Method Surveillance of wireless signals in a region Motivation Find wireless traffic Detection Can only be detected by physical surveillance Defense Limit geographic access to wireless signal War Driving (Reconnaissance) Reference 3

  6. Method Send out a SYN packet, check for response Motivation Find potential targets Detection Traffic analysis Defense Close/silence ports Port Scanning (Reconnaissance) Reference 4

  7. Method Send packets to ports Motivation Find specific port information Detection Traffic analysis Defense Close/silence ports Probing (Reconnaissance)

  8. Method Capture and analyze packets traveling across a network interface Motivation Gain access to information traveling on the network Detection None Defense Use encryption to minimize cleartext on the network Packet Sniffing (Reconnaissance) Reference 5

  9. Topics of Discussion Vulnerabilities • Backdoors • Code Exploits • Eavesdropping • Indirect Attacks • Social Engineering

  10. Backdoors (Vulnerabilities) • Bypass normal means of authentication • Hidden from casual inspection • Installed separately or integrated into software Reference 6

  11. Code Exploits (Vulnerabilities) • Use of poor coding practices left uncaught by testing • Defense: In depth unit and integration testing

  12. Eavesdropping (Vulnerability) • Data transmitted without encryption can be captured and read by parties other than the sender and receiver • Defense: Use of strong cryptography to minimize cleartext on the network

  13. Indirect Attacks (Vulnerabilities) • Internet users’ machines can be infected with zombies and made to perform attacks • The puppet master is left undetected • Defense: Train internet users to prevent zombies and penalize zombie owners

  14. Social Engineering (Vulnerability) • Manipulate the weakest link of cybersecurity – the user – to gain access to otherwise prohibited resources • Defense: Train personnel to resist the tactics of software engineering Reference 7

  15. Topics of Discussion Attacks • Password Cracks • Web Attacks • Physical Attacks • Worms & Viruses • Logic Bomb • Buffer Overflow • Phishing • Bots, and Zombies • Spyware, Adware, and Malware • Hardware Keyloggers • Eavesdropping & Playback attacks • DDoS

  16. Method Trying all combinations of legal symbols as username/password pairs Motivation Gain access to system Detection Frequent attempts to authenticate Defense Lockouts – temporary and permanent Password Cracks: Brute Force Reference 8

  17. Method Trying all entries in a collection of strings Motivation Gain access to system, faster than brute force Detection Frequent attempts to authenticate Defense Lockouts – temporary and permanent Complex passwords Password Cracks: Dictionary Attack Reference 8

  18. Method Trying all entries in a collection of strings adding numbers and symbols concatenating them with each other and or numbers Motivation Gain access to system, faster than brute force, more likely than just dictionary attack Detection Frequent attempts to authenticate Defense Lockouts – temporary and permanent Password Cracks: Hybrid Attack Reference 8

  19. Method Gain access to operating system’s hash table and perform cracking remotely Motivation Gain access to system, cracking elsewhere – no lockouts Detection Detecting reading of hash table Defense Limit access to system Password Cracks: l0phtcrack Reference 8

  20. Method Read source code for valuable information Motivation Find passwords or commented out URL Detection None Defense None Web Attacks: Source Viewing

  21. Method Manipulating URL to find pages not normally accessible Motivation Gain access to normally private directories or pages Detection Check website URL logs Defense Add access requirements Web Attacks: URL Modification

  22. Method Change post data to get desired results Motivation Change information being sent in your favor Detection None Defense Verify post data on receiving end Web Attacks: Post Data

  23. Method Sending dangerous queries to database Motivation Denial of service Detection Check database for strange records Defense Filter database queries Web Attacks: Database Attack Reference 9

  24. Method Form multiple queries to a database through forms Motivation Insert information into a table that might be unsafe Detection Check database logs Defense Filter database queries, make them quotesafe Web Attacks: Database Insertion Reference 9

  25. Method Use meta characters to make malicious input Motivation Possibly reveal script or other useful information Detection Website logs Defense Filter input of meta characters Web Attacks: Meta Data Reference 10

  26. Method Attack the computer with an axe Motivation Disable the computer Detection Video Camera Defense Locked doors and placed security guards Physical Attack: Damage

  27. Method Interrupt connection between two elements of the network Motivation Disable the network Detection Pings Defense Locked doors and placed security guards Physical Attack: Disconnect

  28. Method Pass network signal through additional devices Motivation Monitor traffic or spoof a portion of the network Detection Camera Defense Locked doors and placed security guards Physical Attack: Reroute

  29. Method Identify MAC address of target and replicate Motivation Deny target from receiving traffic Detection Monitoring ARP requests and checking logs Defense None as of now Physical Attack: Spoof MAC & IP

  30. Method Infects executables by inserting itself into them Motivation Damage files and spread Detection Virus scan or strange computer behavior Defense Antivirus, being cautious on the internet Worms & Virus: File Infectors Reference 10

  31. Method Moves partition sector Replaces with self On boot executes and calls original information Motivation Damage files and spread Detection Virus scan or strange computer behavior Defense Antivirus, being cautious on the internet Worms & Virus: Partition-sector Infectors Reference 10

  32. Method Replaces boot loader, and spreads to hard drive and floppies Motivation Damage files and spread Detection Virus scan or strange computer behavior Defense Antivirus, being cautious on the internet Worms & Virus: Boot-sector virus Reference 10

  33. Method Locates executables and mimics names, changing the extensions Motivation Damage files and spread Detection Virus scan or strange computer behavior Defense Antivirus, being cautious on the internet Worms & Virus: Companion Virus Reference 10

  34. Method Infects documents, when document is accessed, macro executes in application Motivation Damage files and spread Detection Virus scan or strange computer behavior Defense Antivirus, being cautious on the internet Worms & Virus: Macro Virus Reference 10

  35. Method Replicates Motivation Variable motivations Detection Virus scan or strange computer behavior Defense Antivirus, being cautious on the internet Worms & Virus: Worms Reference 11

  36. Method Discreetly install “time bomb” and prevent detonation if necessary Motivation Revenge, synchronized attack, securing get away Detection Strange computer behavior Defense Keep and monitor logs Monitor computer systems closely Logic Bomb

  37. Method Pass too much information to the buffer with poor checking Motivation Modify to information and/or execute arbitrary code Detection Logs Defense Check input size before copying to buffer Guard return address against overwrite Invalidate stack to execute instructions Buffer Overflow Reference 12 & 13

  38. Method Request information from a mass audience, collect response from the gullible Motivation Gain important information Detection Careful examination of requests for information Defense Distribute on a need to know basis Phishing

  39. Method Installed by virus or worm, allow remote unreserved access to the system Motivation Gain access to additional resources, hiding your identity Detection Network analysis Virus scans Notice unusual behavior Defense Install security patches and be careful what you download Bots & Zombies

  40. Method Installed either willingly by the user via ActiveX or as part of a virus package Motivation Gain information about the user Serve users advertisements Detection Network analysis Abnormal computer behavior Defense Virus / adware / spyware / malware scans Spyware, Adware, and Malware

  41. Method Attach it to a computer Motivation Record user names, passwords, and other private information Detection Check physical connections Defense Cameras and guards Hardware Keyloggers

  42. Method Record packets to the network Attempt to decrypt encrypted packets Motivation Gain access to user data Detection None Defense Strong cryptography Eavesdropping

  43. Method Record packets to the network Resend packets without decryption Motivation Mimic legitimate commands Detection Network analysis Defense Time stamps Playback Attack

  44. Method Send data that requires cryptography to process Motivation Occupy the CPU preventing normal operations Detection Network analysis Defense None DDoS: CPU attack Reference 14

  45. Method Send data that requires the allocation of memory Motivation Take up resources, crashing the server when they are exhausted Detection Network analysis Defense None DDoS: Memory attack Reference 14

  46. References • Amoroso, Edward. Intrusion Detection. Sparta, New Jersey: AT&T Laboratories, 1999. • Gunn, Michael. War Dialing. SANS Institute, 2002. • Schwarau, Winn. “War-driving lessons,” Network World, 02 September 2002. • Bradley, Tony. Introduction to Port Scanning. 2005. <http://netsecurity.about.com/cs/hackertools/a/aa121303.htm> (04 March 2005). • Bradley, Tony. Introduction to Packet Sniffing. 2005. <http://netsecurity.about.com/cs/hackertools/a/aa121403.htm> (05 March 2005). • Thompson, Ken. “Reflections on Trusting Trust.” Communications of the ACM, Vol. 27, No. 8, August 1985. • Mitnick, Kevin. The Art of Deception. Indianapolis, Indiana, 2002. • Coyne, Sean. Password Crackers: Types, Process and Tools. ITS Research Labs, 2004 • Friel, Steve. SQL Injection Attacks by Example. 2005 <http://www.unixwiz.net/techtips/sql-injection.html> (05 March 2005) • Lucas, Julie. The Effective Incident Response Team. Chapter 4. 2003 • Worms versus Viruses. 2004. <http://viruses.surferbeware.com/worms-vs-viruses.htm> (06 March 2005) • Grove, Sandeep. “Buffer Overflow Attacks and Their Countermeasures.” Linux Journal. 10 March 2003 • Levy, Elias. “Smashing the Stack for Fun and Profit”. Phrack Magazine Issue49, Fall 1997. • Distributed Denial of Service. 2002 <http://www.tla.org/talks/ddos-ntua.pdf> (05 March 2005)

More Related