L9 Computer Network Security
L9 Computer Network Security
Security
Lecture#09
Prepared by Sana Khattak
Sana Khattak ([email protected])
• Introduction
• Hacking
Lecture
• Malware
Overview
• Cyber crime and cyber attacks
• Online voting
Introduction
• Computers getting faster and less
expensive
• Utility of networked computers
increasing
• Shopping and banking
• Managing personal information
• Controlling industrial processes
• Increasing use of computers ® growing
importance of computer security
• Simply looking over the shoulder of a computer user to learn his login name
and password.
Dumpster Diving
Social engineering
Case Study:
users to easily sidejack Web sessions
• More than 500,000 downloads in first week
Firesheep • Attracted great deal of media attention
• Early 2011: Facebook and Twitter announced
options to use their sites securely
• Was Firesheep release good?
• There are other ways Butler could have achieved his goal.
• For example, he could have gone on a popular television show and hacked into
Sana Khattak
• Self-contained program
• Spreads through a computer network
• Exploits security holes in networked
computers
Conficker Worm
• Conficker (a.k.a. Downadup) worm appeared in 2008 on Windows
computers
• Designed to exploit vulnerabilities in the Windows operating system
• Spread primarily through network connections and by infecting computers
connected to shared networks or by utilizing infected USB drives.
• Millions of copies of worm are circulating
• Purpose of worm still unknown
Cross-site Scripting
Rootkits
user’s activity
• Backdoor Trojans often used to deliver spyware and adware
Sana Khattak
• Bot: A kind of backdoor Trojan that responds
to commands sent by a command-and-control
program on another computer
• First bots supported legitimate activities
• Internet Relay Chat
Bots • Multiplayer Internet games
• Other bots support illegal activities
• Distributing spam
• Collecting person information for ID theft
• Denial-of-service attacks
• One spammer (PharmaMaster) started sending Blue Frog users 10-20 times
more spam
• PharmaMaster then launched DDoS attacks on Blue Security and its business
customers
• Blue Security could not protect its customers from DDoS attacks and virus-
laced emails
• Blue Security reluctantly terminated its anti-spam activities
Georgia (2008)
Anonymous
© p77/ZUMA Press/Newscom
AP Photo/Gary I. Rothstein