Security Threats Mmj

download Security Threats Mmj

of 24

  • date post

    08-Dec-2015
  • Category

    Documents

  • view

    215
  • download

    0

Embed Size (px)

description

sdfghdfvzvczxdvxbxvcx

Transcript of Security Threats Mmj

  • PROF. M. M. JADHAV

    CYBER SECURITY AND INFORMATION SECURITY

    CHAPTER NO. 3 (MODULE 1)

    SECURITY THREATS And VULNERABILITIESPurpose to protect assets

  • Session Outline

    1 Overview of Security Threats

    2 Weak / Strong Password and Password cracking

    3 Insecure network connections

    4 Malicious code

    5 Programming Bugs

    6 Cyber crime and Cyber Terrorism

    7 Information Warfare and Surveillance

  • Vulnerabilities

    Secured

    Un-Secured

    Threats Attackers

    weak

    Strong

    Information Warfare Surveillance

    Unethical so Crime Ethical so used for

    monitoring Misuse

  • Figure 2.16 TCP/IP and OSI model

    TCP/IP Protocol

    Suite

    IP (Internetworking Protocol)ARP (Address Resolution Protocol)RARP (Reverse Address Resolution Protocol) ICMP (Internet Control Message Protocol) IGMP (Internet Group Message Protocol)

    UDP (User Datagram Protocol)

    TCP (Transmission Control Protocol)

    SCTP (Stream Control Transmission Protocol)

  • Jobs to be done

    Movements of individual bits from one node to nextTo provide mechanical and electrical specificationsTo arrange / organize bits into framesMoving frames from one node to next nodeTo arrange frames into packetsTo move packets from source to destinationTo provide internetworkingTo deliver a message from one process to anotherTo establish, manage and terminate communication between twoprocesses

    To provide synchronizationTo check syntax and semantics of the information exchangedbetween two systems

    To provide compression and encryptionTo provide services to user or access to network resources

  • Brief Summary of layers

    Layers

  • Vulnerability - A WEAKNESS THAT IS INHERENT IN EVERY NETWORK AND DEVICE.

    Vulnerability Results due to :

    1. Weakness in the technology

    2. Weakness in the Network Configuration

    3. Weakness in Network Policy

    TCP/IP Protocol Weakness Insecure protocol structure

    Operating System Weakness Linux , Windows have security problems

    Network Equipment Weakness Equipments must be protected from Password , Lack of authentication, routing and firewall holes

    Unsecured user accounts Exposing usernames and passwords to snoopers is transmitted

    System accounts with easily guessed passwords Common problem of easily and poorly selected password

    Misconfigured Internet services To turn on scripts in web browsers

    Unsecured default settings within products Products have default settings enabling security holes.

    Misconfigured network equipment Misconfiguration of devices cause security problems

    Lack of written security policy Unwritten policy cannot be applied

    Politics Political battles make difficult to implement security policy

    Lack of continuity Easily cracked and default password allow unauthorized access

    Logical access controls not applied Inadequate monitoring allows attack & unauthorized use

    S/w & H/w installation & changes dont follow policy Unauthorized topology changes /Installation of unapproved application create

    security holes

    Disaster recovery plan nonexistent When someone attacks, creates confusion and panic

  • Threats - THE PEOPLE WILLING TO TAKE ADVANTAGE OF EACH SECURITY WEAKNESS AND THEY CONTINUALLY SEARCH FORNEW WEAKNESS.

    UNSTRUCTURED THREATS

    STRUCTURED THREATS

    EXTERNAL THREATS

    INTERNAL THREATS

    Inexperienced individuals execute with intent of testing & challenging hackers skill. Can do serious damage to a company. Use available hacking tools such as password crackers.

    Technically competent individuals execute with intent of creating fraud within network. Can do serious damage to a company. Understand, Develop & use sophisticated hacking tools to penetrate unsuspecting business.

    Technically competent individuals execute with intent of creating fraud working outside of a company. Donot have authorized access to the network. Work from the Internet or dialup access services.

    Technically competent individuals execute with intent of creating fraud working inside of a company. Have authorized physical access to the network or have account on a server. Work from the Internet or dialup access services.

  • TERMS WE UNDERSTAND / USE

    Hacker Describe a computer programming expert

    Cracker Describe an individual who attempts to gain unauthorised access to network resources

    with malicious intent

    Phreaker Describe an individual who manipulates the network to cause it to perform a function

    that is normally not allowed.

    Spammer Describe an individual who sends large numbers of unsolicited e-mail messages.

    Phisher Uses e-mail in an attempt to trick others into providing sensitive information.

    White hat Describe an individual who use his/her knowledge to search vulnerabilities in system

    /Network and report to the owners to fix those .

    Black hat Describe an individual who use his/her knowledge to search vulnerabilities in breaking

    system /Network that they are not authorized for use.

  • ATTACKS :

    Reconnaissance Unauthorised discovery and mapping systems, services or vulnerabilities.

    1. Packet sniffers 2. Ping sweeps

    3. Port scans 4. Internet information queries

    Access - Ability for an unauthorised intruder to gain access to a device for which the intruder doesn't have an account or password.

    1. Password attacks 2. Phishing

    3. Social Engineering 4. Port redirection

    Denial of service Implies that an attacker disables or corrupts networks, systems or services with the intent to deny services to intended users.

    1. Ping of death 2. Misconfiguring routers

    3. E-mail bombs 4. CPU hogging

    Worms, Viruses and Trojan horse Malicious software is inserted onto a host to damage a system, corrupt a system, replicate itself or deny services or access to networks , systems or services.

    Trojan horse An application written to look like something else that in fact is an attack.

    Worm An application that executes arbitrary code and installs copies of itself in the

    memory of the infected computer, which then infects other hosts.

    Virus - Malicious software that is attached to another program to execute a particular

    unwanted function on the user workstation.

  • 2. WEAK/STRONG PASSWORDS AND PASSWORD CRACKING Two types of Password vulnerabilities

    1. ORGANIZATIONAL VULNERABILITIES

    Weak and easy to guess passwords

    Seldom changed

    Reused for many security points

    Written down in non-secure place

    2. TECHNICAL VULNERABILITIES

    Weak password encryption schemes

    Software that stores passwords in easily accessible database

    Applications that display passwords on screen while typing.

    CRACKING PASSWORDS

    OLD FASHIONED WAY HIGH-TECH PASSWORD CRACKING

    Social engineering

    Shoulder surfing

    Inference

    Weak authentication

    Password cracking software's

    Dictionary attacks

    Brute force attacks

  • General password hacking counter measures

    Use upper and lower case letters, special characters and numbers.

    Never use only numbers. These passwords are very easy to crack

    Misspell words or create acronyms from a quote or a sentence

    Use punctuation characters to separate words

    Change passwords every 6 to 12 months

    Use different passwords for each system for large network infrastructure

    Dont share passwords

    Avoid storing user passwords in a central place such as an unsecured spreadsheet on a hard drive

  • 3. Insecure network connections

    Characteristics of information

    1. It has substance 2. It can be recorded 3. It has value 4. It can exist in many forms

    Two ways of hiding in cyberspace -Hiding information

    Hidden files Compression

    Steganography Passwords

    Encryption

    Anonymity

    Anonymous remailers Anonymous browsing

    Computer penetration and looping Cell phone cloning

    Cell phone prepaid cards

    Information technology can be used in two ways

    1. As a tool 2. As a weapon

    INFORMATION SECURITY OFFENSES

    Network related

    Data related

    Access related

    Computer related

    ISO CODE OF PRACTICE FOR INFORMATION SECURITY

    1. Security policy 2. Security organization

    3. Asset classification and control 4. Personnel security

    5. Physical and environmental security 6. Communications and operations management

    7. Access control

  • 4. MALICIOUS CODECode in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system

    TYPES

    1. VIRUSES

    2. TROJAN HORSE

    3. WORMS

    VIRUSES Trojan horse Worms

    Code that is loaded onto your computer without your knowledge and runs against your wishes

    Viruses can also replicate themselves

    All computer viruses are man-made

    Dangerous because it will quickly use all available memory and bring the system to a halt

    Non-replicating pr