Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
Download as PPTX, PDF2 likes2,269 views
This chapter discusses various types of network and computer attacks, including malicious software like viruses, worms, and trojans. It also covers denial of service attacks, buffer overflows, and session hijacking on networks. Additionally, the chapter emphasizes the importance of physical security measures to protect against keyloggers and restrict access to computer servers through locks and security cards.
Ethical hacking Chapter 3 - Network and Computer Attacks - Eric Vanderburg
- 1. Ethical Hacking CHAPTER 3 – NETWORK AND COMPUTER ATTACKS ERIC VANDERBURG
- 2. Objectives Describe the different types of malicious software Describe methods of protecting against malware attacks Describe the types of network attacks Identify physical security attacks and vulnerabilities
- 3. Malicious Software (Malware) Network attacks prevent a business from operating Malicious software (Malware) includes Virus Worms Trojan horses Goals Destroy data Corrupt data Shutdown a network or system
- 4. Viruses Virus attaches itself to an executable file Can replicate itself through an executable program Does not stand on its own Needs a host program No foolproof method of preventing them Use antivirus programs for detection Detection based on virus signatures Must update signature database periodically Use automatic update feature if available
- 5. Viruses (continued) Encoding base 64 used to reduce size of e-mail attachments Represents 0 to 63 using six bits A is 000000 … Z is 011001 Converting base 64 strings to decimal equivalent Create groups of 4 characters, for each group Convert decimal value of each letter to binary Rewrite as three groups of eight bits Convert the binary into decimal
- 6. Viruses (continued) Commercial base 64 decoders Shell Executable piece of programming code Should not appear in an e-mail attachment
- 7. Macro Viruses Virus encoded as a macro Macro Lists of commands Can be used in destructive ways Example: Melissa Appeared in 1999 Even nonprogrammers can create macro viruses Instructions posted on Web sites Security professionals can learn from thinking like attackers
- 8. Worms Worm Replicates and propagates without a host Infamous examples Code Red Nimda Can infect every computer in the world in a short time At least in theory Actual examples Cyberattacks against ATM machines Slammer and Nachi worms
- 9. Trojan Programs Insidious attack against networks Disguise themselves as useful programs Hide malicious content in program Backdoors Rootkits Allow attackers remote access Firewalls Identify traffic on uncommon ports Can block this type of attack Trojan programs can use known ports HTTP (TCP 80) or DNS (UDP 53)
- 10. Spyware Sends information from the infected computer to the attacker Confidential financial data Passwords PINs Any other stored data Can registered each keystroke entered Prevalent technology Educate users about spyware
- 11. Adware Similar to spyware Can be installed without the user being aware Sometimes displays a banner Main goal Determine user’s online purchasing habits Tailored advertisement Main problem Slows down computers
- 12. Protecting Against Malware Attacks Difficult task New viruses, worms, Trojan programs appear daily Malware detected using antivirus solutions Educate your users about these types of attacks
- 13. Educating Your Users Structural training Most effective measure Includes all employees and management E-mail monthly security updates Simple but effective training method Recommend that users update virus signature database Activate automatic updates
- 14. Educating Your Users SpyBot and Ad-Aware Help protect against spyware and adware Firewalls Hardware (enterprise solution) Software (personal solution) Can be combined Intrusion Detection System (IDS) Monitors your network 24/7
- 15. Avoiding Fearing Tactics Avoid scaring users into complying with security measures Sometimes used by unethical security testers Against the OSSTMM’s Rules of Engagement Promote awareness rather than instilling fear Users should be aware of potential threats During training Build on users’ knowledge Make training easier
- 16. Intruder Attacks on Networks and Computers Attack Any attempt by an unauthorized person to access or use network resources Network security Concern with security of network resources Computer security Concerned with the security of a computer not part of a network infrastructure Computer crime Fastest growing type of crime worldwide
- 17. Denial-of-Service Attacks Denial-of-Service (DoS) attack Prevents legitimate users from accessing network resources Some forms do not involve computers Attacks do not attempt to access information Cripple the network Make it vulnerable to other type of attacks Performing an attack yourself is not wise Only need to prove attack could be carried out
- 18. Distributed Denial-of-Service Attacks Attack on a host from multiple servers or workstations Network could be flooded with billions of requests Loss of bandwidth Degradation or loss of speed Often participants are not aware they are part of the attack Attacking computers could be controlled using Trojan programs
- 19. Buffer Overflow Attacks Vulnerability in poorly written code Code does not check predefined size of input field Goal Fill overflow buffer with executable code OS executes this code Code elevates attacker’s permission Administrator Owner of running application Train your programmer in developing applications with security in mind
- 20. Ping of Death Attacks Type of DoS attack Not as common as during the late 1990s How it works Attacker creates a large ICMP packet More than 65,535 bytes Large packet is fragmented at source network Destination network reassembles large packet Destination point cannot handle oversize packet and crashes
- 21. Session Hijacking Enables attacker to join a TCP session Attacker makes both parties think he or she is the other party
- 22. Addressing Physical Security Protecting a network also requires physical security Inside attacks are more likely than attacks from outside the company
- 23. Keyloggers Used to capture keystrokes on a computer Hardware Software Software Behaves like Trojan programs Hardware Easy to install Goes between the keyboard and the CPU KeyKatcher and KeyGhost
- 24. Keyloggers (continued) Protection Software-based Antivirus Hardware-based Random visual tests
- 25. Behind Locked Doors Lock up your servers Average person can pick deadbolt locks in less than five minutes After only a week or two of practice Experienced hackers can pick deadbolt locks in under 30 seconds Rotary locks are harder to pick Keep a log of who enters and leaves the room Security cards can be used instead of keys for better security
- 26. Summary Be aware of attacks on network infrastructures and standalone computers Attacks can be perpetrated by insiders or remote attackers Malicious software Virus Worm Trojan programs Spyware Adware
- 27. Summary (continued) Attacks Denial-of-Service (DoS) Distributed Denial-of-Service (DDoS) Buffer overflow Ping of Death Session hijacking
- 28. Summary (continued) Physical security As important as network or computer security Keyloggers Software-based Hardware-based Locks Choose hard-to-pick locks Security cards