Professional Documents
Culture Documents
❑ Viruses spread in e-mails via the transfer of infected files that travels across the network.
❑ Trojan programs are also sent through mail with computer owners as accomplices, compromising
hundreds of machines everyday.
❑ Worms are pieces of malicious code that use automated methods to spread.
❑ Hoax e-mails are e-mails that travel from user to user because of the compelling story contained in
them.
Email Protocol
❑ allowsthe users to attach files to e-mail messages that enable the
viruses travel by e-mail from one local network to another anywhere in
the Internet
S/MIME
secure implementation of the MIME protocol specification
process of encrypting e-mails provides integrity, privacy, and authentication
supports several e-mail programs (i.e., Outlook and Outlook Express)
allows user to select low strength encryption
PGP (Pretty Good Privacy)
encrypts and decrypts e-mail and files
provides the ability to digitally sign a message so the receiver can be certain of the sender’s identity
has plug-ins for many popular e-mail programs (Outlook, Outlook Express, and Qualcomm’s Eudora)
Two broad categories of attacks on computer systems and network:
❑ Attacks on specific software
❑ Attacks on a specific protocol or service
SYN
Internet
Rou t er
Internal
n et w ork
At t acker
list en in g
to all
traffic
Spoofing
❑ type of attack in which data is made to look like it
has come from a different source
❑ two forms of spoofing:
• E-mail spoofing – the forgery of an e-mail header so
that the message appears to have originated from
someone or somewhere other than the actual source
• IP spoofing – technique used to gain unauthorized
access to computers, whereby the intruder sends
messages to a computer with an IP address indicating
that the message is coming from a trusted host
Man-in-the-Middle Attacks
❑ type of attack that generally occurs when attackers are able
to place themselves in the middle of two other hosts that are
communicating, thus allowing the attacker to view and/or
modify the traffic
❑ various defenses against man-in-the-middle attacks use
authentication techniques that are based on:
• Public keys
• Stronger mutual authentication
• Secret keys (high information entropy secrets)
• Passwords (low information entropy secrets)
Man-in-the-Middle Attacks
Communication appears to be direct
Host 2 Host 1
At t a ck er
Replay Attacks
❑ attacks in which the attacker captures a portion of network traffic between two parties
and retransmits it at a later time
❑ can be avoided with encryption, cryptographic authentication, and time stamps
TCP/IP Hijacking
❑ also called session hijacking
❑ refers to attacks designed to take control of an already existing session between a
client and a server
❑ used against web and telnet sessions
❑ to prevent this type of attack is to re-authenticate the user before performing important
actions and to create unique session cookies (for web servers)
Weak Keys Password Guessing
❑ key which when used with a ❑ A dictionary attack is a method used to
specific cipher, makes the break password-based security
cipher behave in some systems, in which the attacker
undesirable way systematically tests all possible
❑ usually represent a very small passwords beginning with words that
fraction of the overall keyspace, have a higher possibility of being used,
which usually means that if one such as names and places.
generates a random key to ❑ A brute-force attack is a type of password
encrypt a message weak keys attack that does not attempt to decrypt
are very unlikely to give rise to any information but simply continue to
a security problem try different passwords.
❑ A birthday attack is a special type of
brute-force attack that exploits the
mathematics behind the birthday
paradox, making use of a space-time
tradeoff.
Software Exploitation Wardialing and WarDriving
❑ attack that takes ❑ Wardialing is the term used to
describe an attacker’s attempt to
advantages of bugs or
discover unprotected
weaknesses (poor design, modem connections to computer
poor testing, or poor systems and
coding practices) in networks
software ❑ WarDriving refers to the activity where
❑ particular type of software the attackers wander throughout an
area (often in a car) toting a computer
exploitation is buffer
with wireless capability as they search
overflow for wireless networks they can access
Social Engineering
❑ attack based on deceiving users or administrators at the target site
❑ typically carried out by telephoning users or operators and pretending to be an
authorized user, to attempt to gain illicit access to systems
Malware
❑ also known as malicious code
❑ refers to software that has been designed for some nefarious purpose
❑ designed to cause damage to a system (such as by deleting all files) or to create
a backdoor in the system in order to grant access to unauthorized individuals
❑ includes viruses, worms, Trojan horses, logic bombs, and hostile mobile code
❑ A virus is a piece of malicious code that replicates by attaching itself to another piece of
executable code.
• Boot sector virus – infects the boot sector portion of either a floppy disk or a hard drive
• Program virus – attaches itself to executable files (files ending in .exe or .com on Windows-based systems)
❑ A Trojan horse is a piece of software that appears to do one thing (and may, in fact, actually
do that thing) but which hides some other functionality.
• It is attached to a particular executable file, and typically isn’t capable of replicating and attaching itself to
other files on system.
❑ Logic bombs are a type of malicious software that is deliberately installed, generally by an
authorized user.
• It is a piece of code that sits dormant for a period
of time until some event invokes its payload.
❑ Worms are pieces of code that attempt to propagate through penetration of
networks and computer systems.
• include the Morris worm, Code-Red, and Slammer
used for tasks from e-commerce, e-mail, chatting, games, and file and
information sharing
❑ SSL/TLS is a series of functions that exist in the OSI model between the application
layer and the TCP/IP implementation in the transport and network layers.
❑ SSL/TLS adds message integrity and authentication functionality to TCP through the
use of cryptographic methods.
SSL Handshake
❑ anexchange of information that takes place between the client and
the server when a connection is established
❑ have been defined through industry standardization around a series of specifications, including XML
Schema and Web Services Description Language (WDSL)
❑ invoked over the World Wide Web using Simple Object Access Protocol (SOAP) request over an
HTTP connection
❑ Authenticode
• a system that uses digital signatures and allows Windows users to determine
who produced a specific piece of code and whether or not the code has been
altered
• provides limited accountability at the time of download and assures that the code
has not been changed since the time of signing
Common Gateway Interface (CGI)
❑ standard for the exchange of information between a Web server and
computer programs that are external to it
❑ CGI programs can be written in different languages, such as
Perl
❑ include the full functionality of a server, allowing access to
databases, UNIX commands, other programs
❑ due to unrestrained capability, poorly written scripts can cause
unintended consequences at runtime
❑ has been replaced with newer server-side scripting technologies
such as Java, Active Server Pages (ASP), and PHP
Cookies
❑ small chunks of ASCII text passed within an HTML stream to temporarily store data in a web
browser instance
❑ provides a means for a Web server to induce a client to store information about itself which can
subsequently be called up by the Web server when required
❑ defined as a series of name-value pairs that is stored in memory during a browser instance
❑ specified set of name-value pairs include the following:
• Expires - specifies when the cookie expires
• Domain - specifies the domain where the cookie is used
• Path - resolves the applicability of the cookie into a specific path within a domain
• Secure - indicates that it is only to be used when
connected in an SSL/TLS session
❑ specific cookie functions to be enabled in browsers, specifically:
• The ability to turn on and off cookie usage
• An indicator as to whether cookies are in use
• A means of specifying cookie domain values and lifetimes
Signed Applets
❑ technique of adding a digital signature to an applet to prove that it came
untampered from a particular trusted author
❑ have the power to potentially damage a machine,
e.g. erase all files or format hard disk, or even post a diary on
LiveJournal
❑ concerns on signed applets can be mitigated
through proper system setup and code signing
❑ two ways an attacker can hijack a signed control:
• by in-line access
• republishing it
❑ In-liningis using an embedded control from another site with or without
the other site’s permission
Browser Plug-Ins
❑ software pieces that extend the capabilities of a World Wide Web
browser, such as Netscape Communicator or Internet Explorer
❑ can be sometimes in the form of ActiveX components that allows a
browser to manipulate various Office files, such as pivot tables from
Excel over the Web
❑ Examples include Apple QuickTime movies, Adobe Acrobat PDF
documents Macromedia Director presentations
❑ Flash and Shockwave plug-ins
❑ have security concerns that can be lessen through proper system
setup and code signing.