Security Threats Mmj
description
Transcript of Security Threats Mmj
PROF. M. M. JADHAV
CYBER SECURITY AND INFORMATION SECURITY
CHAPTER NO. 3 (MODULE 1)
SECURITY THREATS And VULNERABILITIESPurpose to protect assets
Session Outline
1 Overview of Security Threats
2 Weak / Strong Password and Password cracking
3 Insecure network connections
4 Malicious code
5 Programming Bugs
6 Cyber crime and Cyber Terrorism
7 Information Warfare and Surveillance
Vulnerabilities
Secured
Un-Secured
Threats Attackers
weak
Strong
Information Warfare Surveillance
Unethical so Crime Ethical so used for
monitoring Misuse
Figure 2.16 TCP/IP and OSI model
TCP/IP Protocol
Suite
•IP (Internetworking Protocol)
•ARP (Address Resolution Protocol)
•RARP (Reverse Address Resolution Protocol)
• ICMP (Internet Control Message Protocol)
• IGMP (Internet Group Message Protocol)
UDP (User Datagram Protocol)
TCP (Transmission Control Protocol)
SCTP (Stream Control Transmission Protocol)
Jobs to be done
•Movements of individual bits from one node to next
•To provide mechanical and electrical specifications
•To arrange / organize bits into frames
•Moving frames from one node to next node
•To arrange frames into packets
•To move packets from source to destination
•To provide internetworking
•To deliver a message from one process to another
•To establish, manage and terminate communication between two
processes
•To provide synchronization
•To check syntax and semantics of the information exchanged
between two systems
•To provide compression and encryption
•To provide services to user or access to network resources
Brief Summary of layers
Layers
Vulnerability - A WEAKNESS THAT IS INHERENT IN EVERY NETWORK AND DEVICE.
Vulnerability Results due to :
1. Weakness in the technology
2. Weakness in the Network Configuration
3. Weakness in Network Policy
TCP/IP Protocol Weakness Insecure protocol structure
Operating System Weakness Linux , Windows have security problems
Network Equipment Weakness Equipments must be protected from Password , Lack of authentication, routing and firewall holes
Unsecured user accounts Exposing usernames and passwords to snoopers is transmitted
System accounts with easily guessed passwords Common problem of easily and poorly selected password
Misconfigured Internet services To turn on scripts in web browsers
Unsecured default settings within products Products have default settings enabling security holes.
Misconfigured network equipment Misconfiguration of devices cause security problems
Lack of written security policy Unwritten policy cannot be applied
Politics Political battles make difficult to implement security policy
Lack of continuity Easily cracked and default password allow unauthorized access
Logical access controls not applied Inadequate monitoring allows attack & unauthorized use
S/w & H/w installation & changes don’t follow policy Unauthorized topology changes /Installation of unapproved application create
security holes
Disaster recovery plan nonexistent When someone attacks, creates confusion and panic
Threats - THE PEOPLE WILLING TO TAKE ADVANTAGE OF EACH SECURITY WEAKNESS AND THEY CONTINUALLY SEARCH FORNEW WEAKNESS.
UNSTRUCTURED THREATS
STRUCTURED THREATS
EXTERNAL THREATS
INTERNAL THREATS
• Inexperienced individuals execute with intent of testing & challenging hacker’s skill.
• Can do serious damage to a company.
• Use available hacking tools such as password crackers.
• Technically competent individuals execute with intent of creating fraud within network.
• Can do serious damage to a company.
• Understand, Develop & use sophisticated hacking tools to penetrate unsuspecting business.
• Technically competent individuals execute with intent of creating fraud working outside of a company.
• Donot have authorized access to the network.
• Work from the Internet or dialup access services.
• Technically competent individuals execute with intent of creating fraud working inside of a company.
• Have authorized physical access to the network or have account on a server.
• Work from the Internet or dialup access services.
TERMS WE UNDERSTAND / USE
Hacker Describe a computer programming expert
Cracker Describe an individual who attempts to gain unauthorised access to network resources
with malicious intent
Phreaker Describe an individual who manipulates the network to cause it to perform a function
that is normally not allowed.
Spammer Describe an individual who sends large numbers of unsolicited e-mail messages.
Phisher Uses e-mail in an attempt to trick others into providing sensitive information.
White hat Describe an individual who use his/her knowledge to search vulnerabilities in system
/Network and report to the owners to fix those .
Black hat Describe an individual who use his/her knowledge to search vulnerabilities in breaking
system /Network that they are not authorized for use.
ATTACKS :
Reconnaissance – Unauthorised discovery and mapping systems, services or vulnerabilities.
1. Packet sniffers 2. Ping sweeps
3. Port scans 4. Internet information queries
Access - Ability for an unauthorised intruder to gain access to a device for which the intruder doesn't have an account or password.
1. Password attacks 2. Phishing
3. Social Engineering 4. Port redirection
Denial of service – Implies that an attacker disables or corrupts networks, systems or services with the intent to deny services to intended users.
1. Ping of death 2. Misconfiguring routers
3. E-mail bombs 4. CPU hogging
Worms, Viruses and Trojan horse – Malicious software is inserted onto a host to damage a system, corrupt a system, replicate itself or deny services or access to networks , systems or services.
Trojan horse – An application written to look like something else that in fact is an attack.
Worm – An application that executes arbitrary code and installs copies of itself in the
memory of the infected computer, which then infects other hosts.
Virus - Malicious software that is attached to another program to execute a particular
unwanted function on the user workstation.
2. WEAK/STRONG PASSWORDS AND PASSWORD CRACKING
Two types of Password vulnerabilities –
1. ORGANIZATIONAL VULNERABILITIES
Weak and easy to guess passwords
Seldom changed
Reused for many security points
Written down in non-secure place
2. TECHNICAL VULNERABILITIES
Weak password encryption schemes
Software that stores passwords in easily accessible database
Applications that display passwords on screen while typing.
CRACKING PASSWORDS
OLD FASHIONED WAY HIGH-TECH PASSWORD CRACKING
Social engineering
Shoulder surfing
Inference
Weak authentication
Password cracking software's
Dictionary attacks
Brute force attacks
General password hacking counter measures
Use upper and lower case letters, special characters and numbers.
Never use only numbers. These passwords are very easy to crack
Misspell words or create acronyms from a quote or a sentence
Use punctuation characters to separate words
Change passwords every 6 to 12 months
Use different passwords for each system for large network infrastructure
Don’t share passwords
Avoid storing user passwords in a central place such as an unsecured spreadsheet on a hard drive
3. Insecure network connections
Characteristics of information –
1. It has substance 2. It can be recorded 3. It has value 4. It can exist in many forms
Two ways of hiding in cyberspace -Hiding information
Hidden files Compression
Steganography Passwords
Encryption
Anonymity
Anonymous remailers Anonymous browsing
Computer penetration and looping Cell phone cloning
Cell phone prepaid cards
Information technology can be used in two ways –
1. As a tool 2. As a weapon
INFORMATION SECURITY OFFENSES
Network related
Data related
Access related
Computer related
ISO CODE OF PRACTICE FOR INFORMATION SECURITY
1. Security policy 2. Security organization
3. Asset classification and control 4. Personnel security
5. Physical and environmental security 6. Communications and operations management
7. Access control
4. MALICIOUS CODECode in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system
TYPES –
1. VIRUSES
2. TROJAN HORSE
3. WORMS
VIRUSES Trojan horse Worms
Code that is loaded onto your computer without your knowledge and runs against your wishes
Viruses can also replicate themselves
All computer viruses are man-made
Dangerous because it will quickly use all available memory and bring the system to a halt
Non-replicating program that appears legitimate, but actually performs malicious and illicit activities when executed
Used to steal a user's password information
Hard to detect as it is designed to conceal its presence by performing its functions properly
Self-replicating program
Particular to networked computers
Carry out pre-programmed attacks to jump across the network
More destructive in comparison with viruses
5. PROGRAMMING BUGS - Error in a computer program that causes it to produce an incorrect
result or to behave in unintended way
Most bugs arise from mistakes and errors made by people in either a program's source
code
Few are caused by compilers producing incorrect code
Wide range of impact on the software's end-user –
1. Less severe – Takes more time to run the program
2. More severe – May cause the application to freeze or crash when performing certain
actions
In practice all of the following statements are true –
New software means new bugs
Old bugs are not always fixed
Fixes are not always installed
Fixes may contain new bugs
6. CYBER TERRIORISM - Act of internet terrorism which includes acts of large-scale disruption of
computer networks attached to the internet by the means of tools such as
computer viruses.REAL TIME EXAMPLE
In 1998, ethnic tamil guerrillas attempted to disrupt sri lankan embassies by sending large volumes of e-mail. The embassies
received 800 e-mails a day over a two-week period. The messages read "we are the internet black tigers and we're doing this to
disrupt your communications
CYBER CRIME : 1) Combination of crime and computer2) In simple terms - offence or crime in which a computer is used
Major areas-
1. Sending threatening e-mails 2. Online harassment3. Cyber-stalking 4. E-fraud5. Phishing
Types
Simple-unstructured - Capability to conduct basic hacks against individual systems
Advanced-structured - Capability to conduct more sophisticated attacks against multiple systems or networks
Complex-coordinated - Capability for a coordinated attack capable of causing mass-disruption against integrated
heterogeneous defences such as cryptography
CYBER laws in india
In India regulation is done through information technology act, 2000
Important sections under this act
Section Offense Penalty
66 Hacking with computer system Imprisonment up to three years, or/and
with fine up to Rs 500,000
66C Using password of another person Imprisonment up to three years, or/and
fine up to Rs. 1,00,000
67 Publishing information which
is obscene in electronic form
Imprisonment up to five years, or/and
with fine up to Rs 10,00,000
69 Power of government to decrypt
and monitor any data harmful to the
integrity of nation
Imprisonment up to seven years
7. INFORMATION WARFARE
Concept involving the use and management of information and communication technology in pursuit of a
competitive advantage over an opponent
It may involve collection of tactical information from other countries about their future plans and propaganda
Corporate organization may steal the information about other organization’s upcoming product and use it for
own benefit.
Forms of INFORMATION WARFARE
Television and radio transmission can be hijacked or Television and radio transmission can be jammed
Enemy communications networks can be disabled
Stock exchange transactions can be sabotaged, either with electronic intervention, by leaking sensitive information or by placing disinformation
Drones and other surveillance robotsSurveillance
Central Monitoring System (CMS) – Indian Surveillance Agency
Organization of the Government responsible for global monitoring, collection and processing of information for
foreign intelligence
Responsible for warrantless surveillance
Keep tapping phones, emails and text messages of leaders of foreign countries
Vulnerabilities
Secured
Un-Secured
Threats Attackers
Networks are plug with 3
•Technology weaknesses
• Configuration weaknesses
• Security policy weaknesses
Strong
Information Warfare Surveillance
Unethical so Crime Ethical so used for
monitoring Misuse
Vulnerability – A inherent weakness in every
Network and device.
Threats – Qualified People eager and willing taking
advantage of weakness s to exploit the network.
Attacks –
Tools, Scripts,
and programs
to launch attack
against networks
and network
devices.
• UNSTRUCTURED THREATS
•STRUCTURED THREATS
•EXTERNAL THREATS
•INTERNAL THREATS
Reconnaissance
Access
Denial of service
Worms, Viruses & Trojan horse
Threats Motives/Goals Methods Security Policies
• Employees
• Malicious
• Ignorant
• Non-employees
• Outside attackers
• Natural disasters
• Floods
• Earthquakes
• Hurricanes
• Riots and wars
• Deny services
• Steal information
• Alter information
• Damage information
• Delete information
• Make a joke
• Show off
• Social engineering
• Viruses, Trojan horses, worms
• Packet replay
• Packet modification
• IP spoofing
• Mail bombing
• Various hacking tools
• Password cracking
• Vulnerabilities
• Assets
• Information and data
• Productivity
• Hardware
• Personnel
Computer security means to protect information.
• Prevention and detection of unauthorized actions by users of a computer
Prevention—Take measures that prevent your information from being damaged, altered, or stolen.
Detection— Take measures that allow you to detect when & How information has been damaged,
altered, or stolen, and who has caused the damage.
Reaction— Take measures that allow recovery of information, even if information is lost or damaged.
• Also include privacy, confidentiality, and integrity.
SECURITY THREATS
Need for network security
Only purpose is to protect valuable assets
Historical example
Models of network security
Open access
Restricted access
Closed access
Particulars Open access Restrictive access Closed access
Implementation Easy Moderate Difficult
Firewalls Absent Present Present
Security Least Medium Highest
Cost Minimum Moderate Maximum
OPEN ACCESS MODEL
Easiest model to implement
No firewalls and intrusion detection systems
Reduced cost
RESTRICTEIVE ACCESS MODEL
Difficult to implement
Firewalls and intrusion detection systems are present
Increased cost