Security Threats Mmj
Embed Size (px)
Transcript of Security Threats Mmj
PROF. M. M. JADHAV
CYBER SECURITY AND INFORMATION SECURITY
CHAPTER NO. 3 (MODULE 1)
SECURITY THREATS And VULNERABILITIESPurpose to protect assets
1 Overview of Security Threats
2 Weak / Strong Password and Password cracking
3 Insecure network connections
4 Malicious code
5 Programming Bugs
6 Cyber crime and Cyber Terrorism
7 Information Warfare and Surveillance
Information Warfare Surveillance
Unethical so Crime Ethical so used for
Figure 2.16 TCP/IP and OSI model
IP (Internetworking Protocol)ARP (Address Resolution Protocol)RARP (Reverse Address Resolution Protocol) ICMP (Internet Control Message Protocol) IGMP (Internet Group Message Protocol)
UDP (User Datagram Protocol)
TCP (Transmission Control Protocol)
SCTP (Stream Control Transmission Protocol)
Jobs to be done
Movements of individual bits from one node to nextTo provide mechanical and electrical specificationsTo arrange / organize bits into framesMoving frames from one node to next nodeTo arrange frames into packetsTo move packets from source to destinationTo provide internetworkingTo deliver a message from one process to anotherTo establish, manage and terminate communication between twoprocesses
To provide synchronizationTo check syntax and semantics of the information exchangedbetween two systems
To provide compression and encryptionTo provide services to user or access to network resources
Brief Summary of layers
Vulnerability - A WEAKNESS THAT IS INHERENT IN EVERY NETWORK AND DEVICE.
Vulnerability Results due to :
1. Weakness in the technology
2. Weakness in the Network Configuration
3. Weakness in Network Policy
TCP/IP Protocol Weakness Insecure protocol structure
Operating System Weakness Linux , Windows have security problems
Network Equipment Weakness Equipments must be protected from Password , Lack of authentication, routing and firewall holes
Unsecured user accounts Exposing usernames and passwords to snoopers is transmitted
System accounts with easily guessed passwords Common problem of easily and poorly selected password
Misconfigured Internet services To turn on scripts in web browsers
Unsecured default settings within products Products have default settings enabling security holes.
Misconfigured network equipment Misconfiguration of devices cause security problems
Lack of written security policy Unwritten policy cannot be applied
Politics Political battles make difficult to implement security policy
Lack of continuity Easily cracked and default password allow unauthorized access
Logical access controls not applied Inadequate monitoring allows attack & unauthorized use
S/w & H/w installation & changes dont follow policy Unauthorized topology changes /Installation of unapproved application create
Disaster recovery plan nonexistent When someone attacks, creates confusion and panic
Threats - THE PEOPLE WILLING TO TAKE ADVANTAGE OF EACH SECURITY WEAKNESS AND THEY CONTINUALLY SEARCH FORNEW WEAKNESS.
Inexperienced individuals execute with intent of testing & challenging hackers skill. Can do serious damage to a company. Use available hacking tools such as password crackers.
Technically competent individuals execute with intent of creating fraud within network. Can do serious damage to a company. Understand, Develop & use sophisticated hacking tools to penetrate unsuspecting business.
Technically competent individuals execute with intent of creating fraud working outside of a company. Donot have authorized access to the network. Work from the Internet or dialup access services.
Technically competent individuals execute with intent of creating fraud working inside of a company. Have authorized physical access to the network or have account on a server. Work from the Internet or dialup access services.
TERMS WE UNDERSTAND / USE
Hacker Describe a computer programming expert
Cracker Describe an individual who attempts to gain unauthorised access to network resources
with malicious intent
Phreaker Describe an individual who manipulates the network to cause it to perform a function
that is normally not allowed.
Spammer Describe an individual who sends large numbers of unsolicited e-mail messages.
Phisher Uses e-mail in an attempt to trick others into providing sensitive information.
White hat Describe an individual who use his/her knowledge to search vulnerabilities in system
/Network and report to the owners to fix those .
Black hat Describe an individual who use his/her knowledge to search vulnerabilities in breaking
system /Network that they are not authorized for use.
Reconnaissance Unauthorised discovery and mapping systems, services or vulnerabilities.
1. Packet sniffers 2. Ping sweeps
3. Port scans 4. Internet information queries
Access - Ability for an unauthorised intruder to gain access to a device for which the intruder doesn't have an account or password.
1. Password attacks 2. Phishing
3. Social Engineering 4. Port redirection
Denial of service Implies that an attacker disables or corrupts networks, systems or services with the intent to deny services to intended users.
1. Ping of death 2. Misconfiguring routers
3. E-mail bombs 4. CPU hogging
Worms, Viruses and Trojan horse Malicious software is inserted onto a host to damage a system, corrupt a system, replicate itself or deny services or access to networks , systems or services.
Trojan horse An application written to look like something else that in fact is an attack.
Worm An application that executes arbitrary code and installs copies of itself in the
memory of the infected computer, which then infects other hosts.
Virus - Malicious software that is attached to another program to execute a particular
unwanted function on the user workstation.
2. WEAK/STRONG PASSWORDS AND PASSWORD CRACKING Two types of Password vulnerabilities
1. ORGANIZATIONAL VULNERABILITIES
Weak and easy to guess passwords
Reused for many security points
Written down in non-secure place
2. TECHNICAL VULNERABILITIES
Weak password encryption schemes
Software that stores passwords in easily accessible database
Applications that display passwords on screen while typing.
OLD FASHIONED WAY HIGH-TECH PASSWORD CRACKING
Password cracking software's
Brute force attacks
General password hacking counter measures
Use upper and lower case letters, special characters and numbers.
Never use only numbers. These passwords are very easy to crack
Misspell words or create acronyms from a quote or a sentence
Use punctuation characters to separate words
Change passwords every 6 to 12 months
Use different passwords for each system for large network infrastructure
Dont share passwords
Avoid storing user passwords in a central place such as an unsecured spreadsheet on a hard drive
3. Insecure network connections
Characteristics of information
1. It has substance 2. It can be recorded 3. It has value 4. It can exist in many forms
Two ways of hiding in cyberspace -Hiding information
Hidden files Compression
Anonymous remailers Anonymous browsing
Computer penetration and looping Cell phone cloning
Cell phone prepaid cards
Information technology can be used in two ways
1. As a tool 2. As a weapon
INFORMATION SECURITY OFFENSES
ISO CODE OF PRACTICE FOR INFORMATION SECURITY
1. Security policy 2. Security organization
3. Asset classification and control 4. Personnel security
5. Physical and environmental security 6. Communications and operations management
7. Access control
4. MALICIOUS CODECode in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system
2. TROJAN HORSE
VIRUSES Trojan horse Worms
Code that is loaded onto your computer without your knowledge and runs against your wishes
Viruses can also replicate themselves
All computer viruses are man-made
Dangerous because it will quickly use all available memory and bring the system to a halt