Chapter 2 - Introduction Vulnerabilities, Threats and Attack
-
Upload
pabburahati -
Category
Documents
-
view
274 -
download
1
Transcript of Chapter 2 - Introduction Vulnerabilities, Threats and Attack
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
1/23
INTRODUCTION VULNERABILITIES,
THREATS AND ATTACKCHAPTER 2
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
2/23
VULNERABILITIES
A vulnerability is an inherent weakness in thedesign, configuration, or implementation of anetwork or system that renders it susceptible toa threat.
Most vulnerabilities can usually be traced back
to one of three sources: Poor design
Poor implementation
Poor management
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
3/23
Poor Design (Technology Weaknesses)
Hardware and software system that containdesign flaws that can be exploited.
Example: the sendmail flaws in early versionof Unix.
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
4/23
Poor Implementation (ConfigurationWeaknesses) System that are incorrectly configured, and
therefore vulnerable to attack.
Example: system that does not have restricted-access privileges on critical executable files,thereby allowing these files to be altered by
unauthorized users.
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
5/23
Poor Management (Security PolicyWeaknesses) Inadequate procedures or insufficient checks
and balances.
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
6/23
THREATS
A threat is anything that can disrupt theoperation, functioning, integrity, or availabilityof a network or system.
There are different categories of threats:
Natural threats (floods, earthquakes, or storms)
Unintentional threats (result of accident orstupidity)
Intentional threats (result of malicious indent)
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
7/23
THREATS Unstructured threats
created by an inexperienced person who is trying to
gain access to your network Structured threats implemented by a technically skilled person who is
trying to gain access to a network Internal threats
occurs when someone from inside your networkcreates a security threat to your network. External threats
occurs when someone outside your network creates asecurity threat to your network.
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
8/23
ATTACK
An attack is a specific technique used to exploit avulnerability.
There are two categories of attack:-
Passive attack
very difficult to detect because there is no overtactivity that can be monitored or detected.
Example: packet sniffing or traffic analysis.
Active attack
Employ more overt action on the network or system.
Example: denial-of-service.
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
9/23
ATTACK
Reconnaissance attack
Access attack
Distributed Denial of service attack
Malicious code attack
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
10/23
Reconnaissance Attack Reconnaissance attacks are the first step in the
process of intrusion and involve unauthorized
discovery and mapping of systems, services, orvulnerabilities. These discovery and mapping techniques are
commonly known as scanning and enumeration. Common tools, commands, and utilities that are
used for scanning and enumeration include ping,Telnet, nslookup, finger, rpcinfo, File Explorer,srvinfo, and dumpacl.
Other third-party public tools include Sniffer,SATAN, SAINT, NMAP, and netcat.
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
11/23
Access Attack
Access attack are an attempt to gain access toinformation that the attacker dont haveauthorization to have.
Access attack in network Snooping
Eavesdropping Interception
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
12/23
Snooping
Snooping is looking through information files inthe hopes of finding something interesting.
If the files are on paper, an attacker may do thisby opening a file drawer and searching throughfiles.
If the files are on a computer system, an attackermay attempt to open one file after another untilinformation is found.
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
13/23
Eavesdropping
Eavesdropping is when someone listens in on aconversation that they are not a part of.
To gain unauthorized access to information, anattacker must position himself at a locationwhere information of interest is likely to pass by.
The introduction of wireless networks hasincreased the opportunity to performeavesdropping.
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
14/23
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
15/23
Interception
Unlike eavesdropping, interception is an activeattack against the information.
When an attacker intercepts information, he isinserting herself in the path of the informationand capturing it before it reaches its destination.
After examining the information, the attackermay allow the information to continue to itsdestination or not
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
16/23
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
17/23
Distributed Denial of Service
Distributed Denial of Service (DDoS) attack is aDoS attack that occurs from more than one
source, and/or from more than one location, atthe same time.
Purpose of DDoS attack is exhaust the victim'sresources
network bandwidth, computing power, or operatingsystem data structures
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
18/23
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
19/23
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
20/23
Malicious Code Attack
Malicious code is an auto-executableapplication.
It can take the form of Java Applets, ActiveXcontrols, plug-ins, pushed content, scriptinglanguages, or a number of new programming
languages designed to enhance Web pages andemail.
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
21/23
WHERE MALICIOUS CODE HIDE?
Email
Web content
File downloads
Legitimate sites
Pushed contents
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
22/23
VIRUS vs WORMS vs TROJANVirus Worms Trojan Horse
Require human action. Spread from computer tocomputer, but unlike a virus,
it has the capability to travelwithout any human action.
Appear to be useful softwarebut will actually do damage
once installed or run on yourcomputer.
Spreading of computer virus,mostly by sharing infectingfiles or sending e-mails withviruses as attachments in thee-mail.
Replicate itself on yoursystem, creating a hugedevastating effect.
Designed to be annoying andmalicious (like changingyour desktop, adding sillyactive desktop icons) or cancause serious damage(create a backdoor, deletingfiles)
It also passing the infectionfrom one infected system toanother (attach toexecutable file)
Do not need to infect otherfile in order to reproduce.
Do not reproduces byinfecting other files
Example: Brain virus Example: Morris worm Example: Beast
-
7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack
23/23
Others Attack
Logic Bombs
Port Scanning
Man-in-the-middle
Traps Door
Replay Attack
Back Door Attack Spoofing Attack