Network Security Part II: Attacks Network Security Part II: Attacks Web Attacks.
Web attacks
-
Upload
husnara-mohammad -
Category
Technology
-
view
188 -
download
0
Transcript of Web attacks
Attacks andVulnerabilitiesVulnerabilities
Topics of Discussion
• ReconnaissanceGain information about a system
• VulnerabilitiesAttributes of a system that can be maliciously
exploited• Attacks
Procedures to exploit vulnerabilities
Reference 1
Topics of Discussion
Reconnaissance – War Dialing– War Driving– Port Scanning– Probing– Packet Sniffing
War Dialing (Reconnaissance)
• MethodDial a range of phone
numbers searching for modem
• MotivationLocate potential targets
• DetectionDetection impossible
outside of the telephony infrastructure
• DefenseDisconnect unessential
modems from outgoing phone lines
Reference 2
War Driving (Reconnaissance)
• MethodSurveillance of wireless
signals in a region
• MotivationFind wireless traffic
• DetectionCan only be detected by
physical surveillance
• DefenseLimit geographic access to
wireless signal
Reference 3
Port Scanning (Reconnaissance)
• MethodSend out a SYN packet,
check for response
• MotivationFind potential targets
• DetectionTraffic analysis
• DefenseClose/silence ports
Reference 4
Probing (Reconnaissance)
• MethodSend packets to ports
• MotivationFind specific port
information
• DetectionTraffic analysis
• DefenseClose/silence ports
Packet Sniffing (Reconnaissance)
• MethodCapture and analyze
packets traveling across a network interface
• MotivationGain access to information
traveling on the network
• DetectionNone
• DefenseUse encryption to
minimize cleartext on the network
Reference 5
Topics of Discussion
Vulnerabilities– Backdoors– Code Exploits– Eavesdropping– Indirect Attacks– Social Engineering
Backdoors (Vulnerabilities)
• Bypass normal means of authentication• Hidden from casual inspection• Installed separately or integrated into
software
Reference 6
Code Exploits (Vulnerabilities)
• Use of poor coding practices left uncaught by testing
• Defense: In depth unit and integration testing
Eavesdropping (Vulnerability)
• Data transmitted without encryption can be captured and read by parties other than the sender and receiver
• Defense: Use of strong cryptography to minimize cleartext on the network
Indirect Attacks (Vulnerabilities)
• Internet users’ machines can be infected with zombies and made to perform attacks
• The puppet master is left undetected
• Defense: Train internet users to prevent zombies and penalize zombie owners
Social Engineering (Vulnerability)
• Manipulate the weakest link of cybersecurity – the user – to gain access to otherwise prohibited resources
• Defense: Train personnel to resist the tactics of software engineering
Reference 7
Topics of DiscussionAttacks
– Password Cracks– Web Attacks– Physical Attacks– Worms & Viruses– Logic Bomb– Buffer Overflow– Phishing– Bots, and Zombies– Spyware, Adware, and Malware– Hardware Keyloggers– Eavesdropping & Playback attacks– DDoS
Password Cracks: Brute Force
• MethodTrying all combinations of
legal symbols as username/password pairs
• MotivationGain access to system
• DetectionFrequent attempts to
authenticate
• DefenseLockouts – temporary and
permanent
Reference 8
Password Cracks: Dictionary Attack
• MethodTrying all entries in a
collection of strings
• MotivationGain access to system,
faster than brute force
• DetectionFrequent attempts to
authenticate
• Defense– Lockouts – temporary
and permanent – Complex passwords
Reference 8
Password Cracks: Hybrid Attack
• MethodTrying all entries in a collection
of strings adding numbers and symbols concatenating them with each other and or numbers
• MotivationGain access to system, faster
than brute force, more likely than just dictionary attack
• DetectionFrequent attempts to
authenticate
• DefenseLockouts – temporary and
permanent
Reference 8
Password Cracks: l0phtcrack
• MethodGain access to operating
system’s hash table and perform cracking remotely
• MotivationGain access to system,
cracking elsewhere – no lockouts
• DetectionDetecting reading of hash
table
• DefenseLimit access to system
Reference 8
Web Attacks: Source Viewing
• MethodRead source code for
valuable information
• MotivationFind passwords or
commented out URL
• DetectionNone
• DefenseNone
Web Attacks: URL Modification
• MethodManipulating URL to find
pages not normally accessible
• MotivationGain access to normally
private directories or pages
• DetectionCheck website URL logs
• DefenseAdd access requirements
Web Attacks: Post Data
• MethodChange post data to get
desired results
• MotivationChange information being
sent in your favor
• DetectionNone
• DefenseVerify post data on
receiving end
Web Attacks: Database Attack
• MethodSending dangerous queries
to database
• MotivationDenial of service
• DetectionCheck database for strange
records
• DefenseFilter database queries
Reference 9
Web Attacks: Database Insertion
• MethodForm multiple queries to a
database through forms
• MotivationInsert information into a
table that might be unsafe
• DetectionCheck database logs
• DefenseFilter database queries,
make them quotesafe
Reference 9
Web Attacks: Meta Data
• MethodUse meta characters to
make malicious input
• MotivationPossibly reveal script or
other useful information
• DetectionWebsite logs
• DefenseFilter input of meta
characters
Reference 10
Physical Attack: Damage
• MethodAttack the computer with
an axe
• MotivationDisable the computer
• DetectionVideo Camera
• DefenseLocked doors and placed
security guards
Physical Attack: Disconnect
• MethodInterrupt connection
between two elements of the network
• MotivationDisable the network
• DetectionPings
• DefenseLocked doors and placed
security guards
Physical Attack: Reroute
• MethodPass network signal
through additional devices
• MotivationMonitor traffic or spoof a
portion of the network
• DetectionCamera
• DefenseLocked doors and placed
security guards
Physical Attack: Spoof MAC & IP
• MethodIdentify MAC address of
target and replicate
• MotivationDeny target from receiving
traffic
• DetectionMonitoring ARP requests
and checking logs
• DefenseNone as of now
Worms & Virus: File Infectors
• MethodInfects executables by
inserting itself into them
• MotivationDamage files and spread
• DetectionVirus scan or strange
computer behavior
• DefenseAntivirus, being cautious
on the internet
Reference 10
Worms & Virus: Partition-sector Infectors
• Method– Moves partition sector– Replaces with self– On boot executes and
calls original information
• MotivationDamage files and spread
• DetectionVirus scan or strange
computer behavior
• DefenseAntivirus, being cautious
on the internet
Reference 10
Worms & Virus: Boot-sector virus
• MethodReplaces boot loader, and
spreads to hard drive and floppies
• MotivationDamage files and spread
• DetectionVirus scan or strange
computer behavior
• DefenseAntivirus, being cautious
on the internet
Reference 10
Worms & Virus: Companion Virus
• MethodLocates executables and
mimics names, changing the extensions
• MotivationDamage files and spread
• DetectionVirus scan or strange
computer behavior
• DefenseAntivirus, being cautious
on the internet
Reference 10
Worms & Virus: Macro Virus
• MethodInfects documents, when
document is accessed, macro executes in application
• MotivationDamage files and spread
• DetectionVirus scan or strange
computer behavior
• DefenseAntivirus, being cautious
on the internet
Reference 10
Worms & Virus: Worms
• MethodReplicates
• MotivationVariable motivations
• DetectionVirus scan or strange
computer behavior
• DefenseAntivirus, being cautious
on the internet
Reference 11
Logic Bomb
• MethodDiscreetly install “time bomb”
and prevent detonation if necessary
• MotivationRevenge, synchronized attack,
securing get away
• DetectionStrange computer behavior
• Defense– Keep and monitor logs– Monitor computer systems
closely
Buffer Overflow
• MethodPass too much information to
the buffer with poor checking
• MotivationModify to information and/or
execute arbitrary code
• DetectionLogs
• Defense– Check input size before
copying to buffer– Guard return address against
overwrite– Invalidate stack to execute
instructions
Reference 12 & 13
Phishing
• MethodRequest information from a
mass audience, collect response from the gullible
• MotivationGain important information
• DetectionCareful examination of requests
for information
• DefenseDistribute on a need to know
basis
Bots & Zombies
• MethodInstalled by virus or worm, allow
remote unreserved access to the system
• MotivationGain access to additional
resources, hiding your identity
• Detection– Network analysis– Virus scans– Notice unusual behavior
• DefenseInstall security patches and be
careful what you download
Spyware, Adware, and Malware
• MethodInstalled either willingly by the
user via ActiveX or as part of a virus package
• Motivation– Gain information about the
user– Serve users advertisements
• Detection– Network analysis– Abnormal computer behavior
• DefenseVirus / adware / spyware /
malware scans
Hardware Keyloggers
• MethodAttach it to a computer
• MotivationRecord user names,
passwords, and other private information
• DetectionCheck physical connections
• DefenseCameras and guards
Eavesdropping
• Method– Record packets to the
network– Attempt to decrypt encrypted
packets
• MotivationGain access to user data
• DetectionNone
• DefenseStrong cryptography
Playback Attack
• Method– Record packets to the
network– Resend packets without
decryption
• MotivationMimic legitimate commands
• DetectionNetwork analysis
• DefenseTime stamps
DDoS: CPU attack
• MethodSend data that requires
cryptography to process
• MotivationOccupy the CPU preventing
normal operations
• DetectionNetwork analysis
• DefenseNone
Reference 14
DDoS: Memory attack
• MethodSend data that requires the
allocation of memory
• MotivationTake up resources, crashing the
server when they are exhausted
• DetectionNetwork analysis
• DefenseNone
Reference 14