SlideShare a Scribd company logo

Security Attacks.ppt

Download as PPT, PDF
Z
Zaheer720515

This document discusses different types of cyber attacks including passive attacks like eavesdropping and masquerading, active attacks like denial of service, and methods attackers use like spoofing, backdoors, brute force attacks, and dictionary attacks. It provides details on how each attack compromises security through unauthorized access, modification of data, denial of service, or repudiation.

Related slideshows

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
1 of 33
 Types of Attacks  Passive Attacks  Active Attacks Attacks
Attacks
Passive Attacks
Masquerade 4 * These images are copied from the textbook (Cryptography and Network Security, by William Stallings). Masquerade takes place when one entity pretends to be an another entity.
Replay 5 Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
Modification of message 6 Means that some portion of a legitimate message is altered.
Denial of service 7 A denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service.
Anatomy of an attack  Attacker  Some one outside your network perimeter who is trying to break in  Regular user has an inside view, so overwhelming majority originate from inside  Collecting information  Probing the network  Launching an attack
Collecting information  XYZ is the user that wants to attack your network.  Question: Where to start?  In order to get it he has to do some investigative work about your network.  The first thing it can do is to run the “whois” query.  Live and authoritative
 Whois  Query to the interNIC.  It maintains the publicly accessible database of all registered domains  Can be searched with simple query “whois domainname”  “Whois pugc.edu.pk”
 The organizational domain name  The organizational location  The organization’s administrative contact  The phone no and fax number for the administrator  A valid subnet address within the organization
Organization domain name  It is important because anyone can use it to collect further information  Any host associated with this name will be an extra information  www.pugc.edu.pk  mail.pugc.eud.pk  Now this host will be used as keyword to use when forming future queries
Physical location  Knowing physical location of Organization  Might get temp job, offer his consulting services  Once he is in, he might be granted certain level of permission to resources  Might try to backdoor into network  Wants to do dumpster diving (Who, What, When, Where and Why )  Dump sensitive information in trash  Write passwords at temp places  Not separating trash from rest for recycling
Admin contact  Individual responsible for maintaining network.  This is very useful for physical hacking  For example, he calls as member of help desk and asks, “hey! You have asked me to check for your certain account, there is some problems, whats ur passwd”  Dangerous for such organizations who don’t have the tendency to change passwds frequently  Email is also a valid attack for this contact, for sending spoofed mail that contains some hostile code, if email is activated then ………
Valid subnet mask  Last information of whois is an ip address entry for domain.  Getting an ip address of same subnet, ensures that others will be at the same place  So ip spoofing attack can be send
Four Categories of Attacks  Access  Modification  Denial of Service  Repudiation
1. Access Attack  An access attack is an attempt to gain information that the attacker is unauthorized to see.  This attack can occur wherever the information resides or may exist during transmission.  This type of attack is an attack against the confidentiality of the information.  Examples:  Snooping  Eavesdropping  Interception
Cont…  Confidentiality can be compromised through:  Snooping  Snooping, in a security context, is unauthorized access to another person's or company's data  Not necessarily limited to gaining access to data during its transmission  Casual observance of an e-mail that appears on another's computer screen or watching what someone else is typing  Eavesdropping  Being invisible on a public channel can be considered eavesdropping  To gain unauthorized access to information, an attacker must position himself at a location where the information of interest is likely to pass by.
 Confidentiality can be compromised through:  Interception  Unlike eavesdropping, interception is an active attack against the information  When an attacker intercepts information, he is interesting himself in the path of information and capturing it before it reaches its destination  After examining the information, the attacker may allow the information to continue to its destination or not.
Modification Attacks  A modification attack is an attempt to modify information that an attacker is not authorized to modify.  This type of attack is an attack against the integrity of the information.  Integrity can be compromised through:  Changes  Insertion  Deletion
Denial of Service Attacks  DoS attacks are attacks that deny the use of resources to legitimate users of the system, information, or capabilities.
Dos methods  flooding a network, thereby preventing legitimate network traffic;  disrupting a server by sending more requests than it can possibly handle, thereby preventing access to a service;  preventing a particular individual from accessing a service;  disrupting service to a specific system or person.
Cont…  DoS attacks can be done against the:  Information  Applications  Systems  Communications
Repudiation Attacks  Repudiation is an attack against the accountability of the information.  Repudiation is an attempt to give false information or to deny that a real event or transaction should have occurred.  An example of this type of attack would be a user performing a prohibited operation in a system that lacks the ability to trace.
Back Doors  A backdoor is a method of bypassing normal authentication or encryption in a computer system  A hardware or software-based hidden entrance to a computer system that can be used to bypass the system's security policies.  Using a known or through newly discovered access mechanism, an attacker can gain access to a system or network resource through a backdoor.
Cont..  There are several ways that back doors can be placed on a computer:  Opening an infected e-mail attachment (they are often combined with viruses and worms)  Exploiting a vulnerable, unpatched software application or operating system service  Active FTP server on the computer (especially one that allows "anonymous" sessions)
Brute Force  Also known as exhaustive key search and password attack.  Try every possible combination of options of a password.
Determining the Difficulty of a Brute Force Attack  The difficulty of a brute force attack depends on several factors, such as:  How long can the key be?  How many possible values can each component of the key have?  How long will it take to attempt each key?  Is there a mechanism which will lock the attacker out after a number of failed attempts?
Dictionary  Another form of the brute force attack.  Dictionary attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords (the dictionary) with which to guess, instead of random combinations.
Spoofing  Is an attempt to gain access to a system by pretending as an authorized user.  By gaining the IP address of the trusted host and then modify the packet headers so that it appears that the packets are coming from that host.  IP spoofing  ARP spoofing  Email spoofing
IP Spoofing Inserting the IP address of an authorized user into the transmission of an unauthorized user in order to gain illegal access to a computer system. Routers and other firewall implementations can be programmed to identify this discrepancy
ARP Poisoning  The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. Generally, the aim is to associate the attacker's MAC address with the IP address of another node (such as the default gateway).  Any traffic meant for that IP address would be mistakenly sent to the attacker instead. The attacker could then choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack).  The attacker could also launch a Denial of Service attack against a victim by associating a nonexistent MAC address to the IP address of the victim's default gateway.
Email Spoofing  Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust. Example:  a spoofed email may pretend to be from a well-known shopping website, asking the recipient to provide sensitive data, such as a password or credit card number.

More Related Content

Security Attacks.ppt

  • 1.  Types of Attacks  Passive Attacks  Active Attacks Attacks
  • 4. Masquerade 4 * These images are copied from the textbook (Cryptography and Network Security, by William Stallings). Masquerade takes place when one entity pretends to be an another entity.
  • 5. Replay 5 Involves the passive capture of a data unit and its subsequent retransmission to produce an unauthorized effect.
  • 6. Modification of message 6 Means that some portion of a legitimate message is altered.
  • 7. Denial of service 7 A denial-of-service (DoS) is any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing the service.
  • 8. Anatomy of an attack  Attacker  Some one outside your network perimeter who is trying to break in  Regular user has an inside view, so overwhelming majority originate from inside  Collecting information  Probing the network  Launching an attack
  • 9. Collecting information  XYZ is the user that wants to attack your network.  Question: Where to start?  In order to get it he has to do some investigative work about your network.  The first thing it can do is to run the “whois” query.  Live and authoritative
  • 10.  Whois  Query to the interNIC.  It maintains the publicly accessible database of all registered domains  Can be searched with simple query “whois domainname”  “Whois pugc.edu.pk”
  • 11.  The organizational domain name  The organizational location  The organization’s administrative contact  The phone no and fax number for the administrator  A valid subnet address within the organization
  • 12. Organization domain name  It is important because anyone can use it to collect further information  Any host associated with this name will be an extra information  www.pugc.edu.pk  mail.pugc.eud.pk  Now this host will be used as keyword to use when forming future queries
  • 13. Physical location  Knowing physical location of Organization  Might get temp job, offer his consulting services  Once he is in, he might be granted certain level of permission to resources  Might try to backdoor into network  Wants to do dumpster diving (Who, What, When, Where and Why )  Dump sensitive information in trash  Write passwords at temp places  Not separating trash from rest for recycling
  • 14. Admin contact  Individual responsible for maintaining network.  This is very useful for physical hacking  For example, he calls as member of help desk and asks, “hey! You have asked me to check for your certain account, there is some problems, whats ur passwd”  Dangerous for such organizations who don’t have the tendency to change passwds frequently  Email is also a valid attack for this contact, for sending spoofed mail that contains some hostile code, if email is activated then ………
  • 15. Valid subnet mask  Last information of whois is an ip address entry for domain.  Getting an ip address of same subnet, ensures that others will be at the same place  So ip spoofing attack can be send
  • 16. Four Categories of Attacks  Access  Modification  Denial of Service  Repudiation
  • 17. 1. Access Attack  An access attack is an attempt to gain information that the attacker is unauthorized to see.  This attack can occur wherever the information resides or may exist during transmission.  This type of attack is an attack against the confidentiality of the information.  Examples:  Snooping  Eavesdropping  Interception
  • 18. Cont…  Confidentiality can be compromised through:  Snooping  Snooping, in a security context, is unauthorized access to another person's or company's data  Not necessarily limited to gaining access to data during its transmission  Casual observance of an e-mail that appears on another's computer screen or watching what someone else is typing  Eavesdropping  Being invisible on a public channel can be considered eavesdropping  To gain unauthorized access to information, an attacker must position himself at a location where the information of interest is likely to pass by.
  • 19.  Confidentiality can be compromised through:  Interception  Unlike eavesdropping, interception is an active attack against the information  When an attacker intercepts information, he is interesting himself in the path of information and capturing it before it reaches its destination  After examining the information, the attacker may allow the information to continue to its destination or not.
  • 20. Modification Attacks  A modification attack is an attempt to modify information that an attacker is not authorized to modify.  This type of attack is an attack against the integrity of the information.  Integrity can be compromised through:  Changes  Insertion  Deletion
  • 21. Denial of Service Attacks  DoS attacks are attacks that deny the use of resources to legitimate users of the system, information, or capabilities.
  • 22. Dos methods  flooding a network, thereby preventing legitimate network traffic;  disrupting a server by sending more requests than it can possibly handle, thereby preventing access to a service;  preventing a particular individual from accessing a service;  disrupting service to a specific system or person.
  • 23. Cont…  DoS attacks can be done against the:  Information  Applications  Systems  Communications
  • 24. Repudiation Attacks  Repudiation is an attack against the accountability of the information.  Repudiation is an attempt to give false information or to deny that a real event or transaction should have occurred.  An example of this type of attack would be a user performing a prohibited operation in a system that lacks the ability to trace.
  • 25. Back Doors  A backdoor is a method of bypassing normal authentication or encryption in a computer system  A hardware or software-based hidden entrance to a computer system that can be used to bypass the system's security policies.  Using a known or through newly discovered access mechanism, an attacker can gain access to a system or network resource through a backdoor.
  • 26. Cont..  There are several ways that back doors can be placed on a computer:  Opening an infected e-mail attachment (they are often combined with viruses and worms)  Exploiting a vulnerable, unpatched software application or operating system service  Active FTP server on the computer (especially one that allows "anonymous" sessions)
  • 27. Brute Force  Also known as exhaustive key search and password attack.  Try every possible combination of options of a password.
  • 28. Determining the Difficulty of a Brute Force Attack  The difficulty of a brute force attack depends on several factors, such as:  How long can the key be?  How many possible values can each component of the key have?  How long will it take to attempt each key?  Is there a mechanism which will lock the attacker out after a number of failed attempts?
  • 29. Dictionary  Another form of the brute force attack.  Dictionary attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords (the dictionary) with which to guess, instead of random combinations.
  • 30. Spoofing  Is an attempt to gain access to a system by pretending as an authorized user.  By gaining the IP address of the trusted host and then modify the packet headers so that it appears that the packets are coming from that host.  IP spoofing  ARP spoofing  Email spoofing
  • 31. IP Spoofing Inserting the IP address of an authorized user into the transmission of an unauthorized user in order to gain illegal access to a computer system. Routers and other firewall implementations can be programmed to identify this discrepancy
  • 32. ARP Poisoning  The principle of ARP spoofing is to send fake, or 'spoofed', ARP messages to an Ethernet LAN. Generally, the aim is to associate the attacker's MAC address with the IP address of another node (such as the default gateway).  Any traffic meant for that IP address would be mistakenly sent to the attacker instead. The attacker could then choose to forward the traffic to the actual default gateway (passive sniffing) or modify the data before forwarding it (man-in-the-middle attack).  The attacker could also launch a Denial of Service attack against a victim by associating a nonexistent MAC address to the IP address of the victim's default gateway.
  • 33. Email Spoofing  Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust. Example:  a spoofed email may pretend to be from a well-known shopping website, asking the recipient to provide sensitive data, such as a password or credit card number.

Editor's Notes

  1. A cyber attack is any type of offensive action that targets computer information systems, infrastructures, computer networks or personal computer devices, using various methods to steal, alter or destroy data or information systems.
  2. * Traffic analysis is enclosed in eavesdropping
  3. Masquerade (masking, disguise) A masquerade may be attempted through the use of stolen logon IDs and passwords (Keylogger) Weak authentication provides one of the easiest points of entry for a masquerade
  4. Technique that could be used to avoid a replay attack is by creating random session keys which are time bound and process bound. The other popular technique is to use one-time passwords for each request. This method of prevention is very often used for banking operations.
  5. An eavesdropping attack, also known as a sniffing or snooping attack, is a theft of information as it is transmitted over a network by a computer, smartphone, or another connected device. The attack takes advantage of unsecured network communications to access data as it is being sent or received by its user. Eavesdropping attacks can be prevented by using a personal firewall, keeping antivirus software updated, and using a virtual private network (VPN). Avoiding public Wi-Fi networks and adopting strong passwords are other ways to prevent eavesdropping attacks.