Chapter 1 Introduction and Security Trends
-
Upload
chinmay-wankar -
Category
Documents
-
view
262 -
download
0
Transcript of Chapter 1 Introduction and Security Trends
Chapter 1
Introduction and security Trends
Threats to Security
• Virus and worms• Intruders• Insiders• Criminal organization• Terrorist and information warfare• Avenues of Attack• Steps in Attack
Virus and Worms
• Set of code runs on your computer without permission
• All virus are manmade• Make copy of itself over and over• Its uses available memory and system
halt.• Worms also a type of virus that make a
duplicate copy of itself but does not attach itself to other program.
Intruders
• Accessing computer system without authorization in different angle.• It include scanning of individual system• Two types of intruders– Insider –Outsider
Insider • Insider are more dangerous than outsider• It has a necessary knowledge about
organization and their security system.• Its has all access.• Carry out all criminal activity..(fraud) .• it has better knowledge to avoid detection.• Physical access to facilities like
contractors, partners and also access to computer and n/w
Criminal Organization
• Dependent on computer system and networks.
• Amount of transaction conducted via internet.
• Criminal physical activity like fraud, extortion, theft.
• All this criminal activity done via internet.
Terrorist and Information Warfare
• It is the process conducted against information and information processing equipment used by opponent.
• Nation is dependent on computer system and networks.
• It includes longer period of preparation, large financial banking and large organized group of attackers
• Military forces are key target.• Critical infrastructure of nation are water,
electricity, oil, gas refineries distribution, banking, finance and telecommunication .
• This infrastructure are dependent on computer and n/w–Ex: railways
• Several country are capable of conducting such type of warfare–Ex: attack on world trade center
Avenues of Attack• Two reasons for computer system attack–Specifically targeted by attacker •Attacking government system.
–It is an opportunistic target.•Attack against a target of opportunity & it is conducted against a site that has h/w or s/w that is vulnerable to a specific exploit.
• In second case attacker not targeting the organization but they learn about the vulnerability and how to exploit.• Targeted attack are more difficult and
required more time than target of opportunity.
Steps in attack
• Need more & more information.–Ex: about organization.
Collect info. Like studying own web site, their consulting resources, IP address, phone no. name of individuals and what n/w organization maintain
• Step 1: determine what target system are available & active–Ex: ping command is used get the
information.• Step 2: port scan –To determine which port is open –Gives the indication of which service is
available.–Which operating system is running–Which application is running
• Different technique can be applied to get the information by sending formatted packet to get a clue• Ex: online lottery
• Collecting the information to carry out the next step.
• Decide which tools is used to exploit the vulnerability.–Ex: guessing of userID and Password
combination.–Called as brute-force attack
• By different way system can be attack.General process is :
gathering the information about target
gathering the information about possible exploit to the system.
attempting each exploit .
Types of attack
• Attack on software like OS• Attack on service or protocol
Different types of attack• DOS (Denial of service)• Backdoors and Trapdoors• Sniffing• Spoofing• Man in the middle• Reply• TCP/IP hijacking• Encryption attack• Malware• Viruses• Logic bombs
Denial of services
• It can exploit the vulnerability in a– Specific application– Operating system– Attack on features– Attack on weaknesses in a specific services.
• By attack it block the authorized user to get the specific information or computer system or network
• DOS example is ping-of-death (POD)• Attacker send Internet Control Message
Protocol (ICMP) “ping” packet which is equal to or exceeding 64 kb.
• If system is not able to handle such large size of packet the system is hang or crash.
• DOS attack normally single attacking system.• If DOS attacks using multiple attacking system
, called as DDOS (Distributed Denial of Service)
• The goal of DDOS is to access or deny of a specific service.
• A N/W attack agents called as zombies.• One important thing about DDOS attack
is that with just few message to the agent, the attacker can have a flood of message sent against the targeted system.
• To stop effect of DOS or DDOS attack upgrade system and application running on your system.
Fig. Distributed Denial of services Attack
• Backdoors and Trapdoors:–Method used by software developer–To gain access of application even
if prevent normal access method.–Backdoors are used to initial access
of the blocked data/application
Sniffer • It is a S/W or H/W device used by
software developer.• Used to observe the N/W traffic passes
through it and also used to view all traffic.
• Normal N/W device are user friendly & generally ignore all traffic.
• N/W sniffer ignore this friendly agreement & observe all traffic.
Characteristics of sniffer
• To view all traffic• Modify the traffic• Type of traffic• Which segment is used
– (data segment, index segment, rollback segment, temporary segment)
• Bandwidth • Troubleshoot problem• List duplicate MAC address
Spoofing
• Spoofing is a technique used by computer hackers to gain unauthorized access to our computers by sending a message with an IP address & email
• Types of spoofing
IP Spoofing
Email Spoofing
Man in the Middle
• Attacker place themselves between the two host that are communicating.• All the traffic or message/data are
passing through the attacker.
Host A
Host B
Attacker
Direct Communications
Communication Send to Attacker
Attacker relays message to Destination
Host
Fig. Man In Middle Attack
Replay
• Attacker capture the portion of communication between two parties and retransmit after some time–Ex. Financial transaction
• To avoid such type of attack use encryption.
TCP/IP hijacking
• It is the process of taking the control of already existing session between client and server.
• Advantage for Attacker:–No need of authentication
Such type of attack generally used against web.
Encryption Attack
• It is the process of writing the secrete message.• In this process plain text is converted into
encrypted form which is unreadable.• In this process key used and according to the key
text is encrypted.• To convert the encrypted text into actual text is
called as decryption.• To decrypt the text key is used.• Cryptanalysis is a process of attempting to break
the cryptographic system.• This attack on specific method.
• To decrypt the text key is used.• Cryptanalysis is a process of attempting to
break the cryptographic system.• This attack on specific method.
Symmetric DES ( Digital Encryption Standard)
Asymmetric ( Public Key Cryptography)
RSA (Rivest Shamir Adleman)
Restriction for Encryption
• In the encryption method the key should not be weak.
• If the algorithm contains a weak key then this is called as poor algorithm.
• If the key is longer the it is hard to attack.
Indirect Attack
• Find out the weakness mechanism in algorithm.
• Unprotected key.• The attack who target such type of
weakness, it is not a cryptographic algorithm.
Malware
• It is also called as malicious code.• Specially design to damage all the files of
system.• Also used to create backdoor in system.• Every time the purpose of malware is not same .• Different types of malicious software– Trojan horse– Logic bomb– worm
Viruses
• Vital Information Resources Under Siege–Boot sector virus–Program virus• It is attach itself to the executable file like .exe or .com
Micro virus–A macro virus is a computer virus that
"infects" a application and causes a sequence of actions to be performed automatically when the application is started– A macro virus is often spread as an e-
mail virus. A well-known example in March, 1999 was the Melissa virus virus.
Logic bomb
• A logic bomb is a piece of code intentionally inserted into a software system • It will set off a malicious function
when specified conditions are met.
Security Basics
• Network Security• Some of the information are more important
and private like medical information, financial information, data relating to the type of purchase.
• Data security–We don’t want to secure software but want to
secure data
Goal of Computer Security
• CIA–Confidentially – Integrity (generation & modification)–Availability (system is available to
authorized person)
Operational Model Security
• Protection is equated with prevention.• We use some prevention technique to
address the problems.• Prevention technique is nothing but a
alert system that signals us when prevention is failed.
• Original security systemDetection + response
But now :- Protection = Prevention + ( Detection + Response)
Called as Operational Model Security.
Layer of security
• Administrative • Logical : (use s/w & data to monitor the access)
– Ex. Password, firewalls, access control list, data encryption…
• Physical :– It control the environment of the workplace and
computing facility.– Ex: doors, lock, heating and air conditioning,
smoke and fire alarm, camera, security guard, cable lock.
• Those layers should include the following:
• Firewalls:- Firewalls protect the computer from outside intruders. According to Microsoft, there are multiple options for firewall: hardware, software and wireless router firewalls.
• A traditional scanner, such as antivirus, antimalware, and antispyware software:- This protects computers from viruses, Trojans, worms, rootkits and similar attacks.
• A specialized Web-scanning layer to block most of the attacks immediately. The Web application scanner tests Web servers for dangerous files and other problems.
• A behavior-monitoring layer:- A new program that installs itself so that it survives a reboot
• Newest version of your favorite browser:- IE8 might not be perfect, but it is a lot safer than IE6.
• Network-based restrictions and user management software.:-One infected computer can destroy the network.
• Data encryption software:- Keep your data safe by encrypting it.
• Online backup system:- This gives you access to your data in case of theft or computer malfunctions.
Access control• Access control is a system which enables
an authority to control access to areas and resources in a given physical facility or computer–Ex: accessing the file, Read/write/execute
the file, accessing the printer and so on….–Different Access Controls Are:• Discretionary Access Control (DAC)• Mandatory Access Control (MAC)• Role-Based Access Control (RBAC)
Discretionary Access Control (DAC)
• In which a user has complete control over all the programs
• Determines the permissions other users have files and programs
• It also assigned the permission to those who need access & provide sharing facility.
• It also provide restriction to the file, database, directory, device.
Mandatory Access Control (MAC)
• It is much more restrictive of what a user is allowed to do.
• It restricting access to objects based on the sensitive of the information.– Ex:- Military – All the information in military are much more
sensitive and top secrete– Only individuals with a top secret clearance may
view top secrete files
Role-based Access Control (RBAC)
• It is an alternative method of controlling user access to file system objects
• Instead of access being controlled by user permissions, the system administrator establishes Roles based on business functional requirements.
• Before user can interact with files, directories, devices they must be member of RBAC
Certificate
• It is the method of establish authenticity of specific object such as an individual public key or downloaded software.
• Ex:– License key– Driving license– Library card
Tokens
• It is a hardware device which is used in a challenge/response authentication process.
• The user want to enter into system will first enter their personal authentication.
• Then system will provide a challenge to enter a functional key.
Multifactor
• It is used to describe the use of more than one authentication mechanism at the same time.
• Ex. ATM• The benefit of multifactor is to increase
the level of security.
The End