Attack and Malicious Code Andrew Anaruk
Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software Exploitation Security Threats
Denial of Service • SYN Floods • Smurf • Ping of Death • DDoS
Spoofing • IP Address Spoofing • ARP poisoning • Web Spoofing • Man in the middle attacks • Social Engineering • DNS Spoofing
“Thwart” Spoofing • Filter packets entering your network that have a source address of the local network • MAC Binding – Switches store the first MAC Address that appears on a port and it cannot be changed without authentication. • Educate users about Web Spoofing. Set home pages to secure sites. • DNS spoofing is prevented via securing DNS servers.
Social Engineering • Occurs in the “World of People” • Try to by-pass the “what you know” aspect of authentication. • Dumpster Diving • Online Attacks • Web spoofing • E-mails prompting authentication information
Social Engineering Countermeasures • Take Care of Trash • Paper Shredders or Locked Recycle Bins. • Bulk erase Magnetic Media before discarding. • Keep dumpsters in secure areas. • Train system users periodically • Educate users about Social Engineering Scams • Inform about the password policy. • Yada yada yada . . . User’s will still mess up.
Attacks on Encrypted Data • Weak Keys • Mathematical Attacks • Password Guessing • Brute Force • Dictionary
Software Exploitation • Malicious Software or Malware. • Almost an anagram for Walmart????? • Viruses • Backdoors • Trojan Horse • Logic Bombs • Worms