1 / 42

Network Security

Network Security. Dr. Pipat Sookavatana Department of Computer Engineering Mahanakorn University of Technology. T he methodology of the attackers. S urveillance find hosts (IP address search) find type of host (os fingerprint), firewalls too F ind KNOWN bugs (known to them)

ranae
Télécharger la présentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Dr. Pipat Sookavatana Department of Computer Engineering Mahanakorn University of Technology

  2. The methodology of the attackers • Surveillance • find hosts (IP address search) • find type of host (os fingerprint), firewalls too • Find KNOWN bugs (known to them) • Exploitation post break-in • escalation of privilege, user attacks root • Hiding their tracks post Or pre break-in • root shells on UNIX

  3. Scanning is one basic methodology • Finding ip dst addresses • single source • multiple sources • Scanning one ip dst • for tcp ports/udp ports open • single source • multiple sources • Then launch an exploit • launcher may be human or program

  4. Finding ip dst addresses • There are many tool on the internet you may download and use to find available IP in one subnet work • www.foundstone.com • sectools.org • SuperScan, LaySurveror, IPScan, etc.

  5. Scanning one ip dst • Right after discover a target IP, port scanning software can be employed. • i.e. nmap, NetworkActivPortScann, etc • Or nessus

  6. Malware & Internet Security Malware = malicious software

  7. Malware and Security • Most of the security threatens came form Malware (More than 90%) • Why ? • User or workforce • Lack of understanding security • Easy to attack

  8. Different Types of Spyware • Virus • Spyware • Adware • Embedded Programs • Trojan Horse • Browser Hijackers • Dialers • Malware

  9. Why do people make Malware? • Profit • A challenge • Malice • Boredom • Business

  10. How do I know if I’ve got Malware? • Computer is running slower than normal • Popups (on or off the internet) • New toolbars • Home page changes • Search results look different • Error messages when accessing the web •  Using Special tools

  11. Virus • A virus is a piece of malicious software code written to cause some kind of damage to a computer system or network or even the Internet itself. • Viruses spread, similar to their biological namesake, from one machine to another and can spread havoc wherever they go. • They are most commonly spread by sharing files with others or through email attachments where they can be set up to send themselves to all the addresses in your email address book.

  12. Adware • Adware is usually downloaded and installed along with some other program without your knowledge and unlike a virus doesn't spread by itself. • Very often you click "OK" without reading the terms and conditions and by doing so you agree to have the files installed. An example is you see a "free" program on offer that you think might be useful and download it without thinking. • Even some anti-spyware programs install adware and the website earns money from the ads that are clicked on.

  13. Spyware • Spyware is more malicious and evil intentioned and is designed to steal something from you. • It can be downloaded by visiting the wrong types of websites or along with other files the same way as adware. • Spyware can often be hard to remove as it can continually recreate itself and hide somewhere on your hard drive.

  14. What does Spyware look like?

  15. What does Spyware look like?

  16. What does Spyware look like?

  17. What does Spyware look like?

  18. What does Spyware look like?

  19. What does Spyware look like?

  20. What does Spyware look like?

  21. What does Spyware look like?

  22. What does Spyware look like?

  23. What does Spyware look like?

  24. How do I get rid of Spyware? • Use a legitimate spyware removal program • We suggest Spybot Search and Destroy in combination with Microsoft Antispyware (now called Defender) • Ad-aware is a good program and is free for home use but is no longer free for educational use.

  25. Steps in Spyware Adware and Virus Removal • Shutdown and take out your hard disk • Plug in to a clean installed antimalware machine • Scan the hard disk and remove them

  26. How do I prevent Spyware? • Be conscious of what you are clicking on/downloading • Some pop-ups have what appears to be a close button, but will actually try to install spyware when you click on it. Always look for the topmost right red X. • Remember that things on the internet are rarely free. “Free” Screensavers etc. generally contain ads or worse that pay the programmer for their time.

  27. Weatherbug (GAIN or Claria) Hotbar 180 Search Assistant MyWebSearch Popular Screensavers Comet Cursors A Better Internet (Aurora) Kazaa / Morpheus GameSpy Arcade WhenUSave New.Net Starware Toolbar MySearch Begin2Search 180Solutions Zango CoolWebSearch DyFuCA BonzaiBuddy BargainBuddy Dashbar Gator WeatherScope Best Offers Network Precision Time FunWeb The Least Wanted List

  28. How secure do you need to be? • Be Prudent not Paranoid • Did you initiate the action? • Why is this free? • Is the source trustworthy? • When in doubt Google it

  29. Safer Alternatives • Download.com – All programs are adware/spyware free • Freesaver.com – Screensavers from this site are safe DO NOT click on ads • KFOR or News9 • Cleansoftware.org

  30. The Bottom Line • It is safe to install these programs: • Microsoft AntiSpyware (Defender) • Spybot Search & Destroy • SpywareBlaster • SpywareGuard • If you are running a different Spyware program contact your Technology Specialist to make sure it is not a rogue

  31. Email: another methodology • send program via email • user naively executes attachment • or perhaps it is auto-launched in some cases • social engineering may be of use • » “hi handsome ...” • » “I love u …” • malware uses address book to launch itself at next targets • possibly with fake email sender • Phishing

  32. Phishing • Most commonly an Email stating your account Information needs updating • Watch for URL’s that are numeric or different from the link you clicked on • Best thing to do is to type in the URL and check your account directly without following any links in the Email • Many legitimate emails no longer contain a link (Paypal)

  33. Phishing Examples

  34. Phishing Examples

  35. Phishing Examples

  36. Phishing Examples

  37. Phishing Examples

  38. Phishing Examples

  39. Define some terms (Must Know) • exploit - a piece of code that exploits a software bug leading to a security hole • virus - a malware program that somehow rides on the back of another vehicle • but doesn’t move itself • worm - a malware program that provides its own transit • trojan-horse - a malware program that somehow appears as something else entirely • Spyware – a malware program that spy on your information

  40. Define some terms (Must Know)cont. • footprint/signature: some log entry or other trace left behind by an attack • signature(in IDS sense): some way to identity a particular virus/worm/exploit attack • perhaps use pattern matching to id that a file/email/packet has a known attack in it • forensics: the process of figuring out just how an attack occured after the attack succeeded • possibly may include collecting evidence for criminal case against criminal defendent

  41. Define some terms (Must Know)cont. • forensics again: • important idea: if we can’t figure out how they got in, how can we keep them out next time? • counter-measures: just what the whitehats do to keep the blackhats out • or what you do to WATCH for them • » on your network or hosts • what did you do to make your webserver safer? • Honey Pod concept

  42. Define some terms (Must Know)cont. • define “secure” !! • maybe we should all say: “safer” • backdoor • social engineering attack • buffer overflow • dictionary attack • oh wait, we have the Morris worm for those terms

More Related