Professional Documents
Culture Documents
Anonymity
Targets
Origins
All the hosts may not in the control of administrator
Sharing
Access
Complexity of system
Deferent networks
Deferent Systems
Not visible- abstraction
Unknown path
Routing
Unsecure paths
Unknown perimeter
Network boundary
Wireless
Accessibility
Malicious users
Earn in illegally
Prove themselves with challenge
Organized criminals
Steel information
Sabotage
Terrorists
Script kiddies
Reconnaissance / Investigation
Port Scan
Social Engineering
Intelligence
eavesdropping
Documentation
Eavesdropping
Interception
Impersonation
Denial of Service
Connection Flooding
ICMP
Wiretap
Passive wiretapping
Active wiretapping
Inductance
Radiation
Microwave interception
Satellite, wireless
Impersonate
Interfere
Optical fiber
Completely exposed
Visible code
Able to download
Buffer overflow
Incomplete mediation
Editors & utilities
Code errors
Server side programs
Denial of Service
Flood
Smurf
Teardrop
datagrams that cannot fit together
Traffic Redirection
DNS Attacks
Same time
Cookies
Scripts
Common Gateway Interface (CGI)
Active server pages (ASP)
Bots
Malicious code under remote control
network of bots, called a botnet
distributed denial-of-service attacks
Good principles of
System analysis
Design
Implementation
Maintenance
Architecture Design
Segmentation
Redundancy
Multiple Servers
If one fails, the other takes over processing
Application / DB
Encryption
Link Encryption
Data are encrypted just before send to physical link
Link Encryption
End-to-End Encryption
Software
Hardware
End-to-End Encryption
Link Encryption
End-to-End Encryption
Implementation concerns
Requires one key per user pair
Provides user authentication
Tunnel mode
SSH Encryption
Provides an authenticated and encrypted path
SSL Encryption
TLS
Encrypted channel between client and server
SSL Encryption
Client requests an SSL session
Server responds with its public key certificate
Server authenticity
IP Security
Version 6 of the IP protocol suite
Spoofing
Eavesdropping
Session hijacking
Similar to SSL
Encapsulated security payload
Attracting
Monitoring the actions of an attacker
Actual system should be safe
Host based
Network based
Stealth Mode
Functions
Anomaly based
Model of expected behavior
Unexpected behaviors are flagged
Administrator can change the flags