Professional Documents
Culture Documents
Chapter 1 Introduction To Computer Security and Security Trends - Pps
Chapter 1 Introduction To Computer Security and Security Trends - Pps
Introduction to Computer
Security and Security Trends
Marks 14
Ganesh N. Jorvekar
Need for security
Information is a strategic resource
A significant portion of organizational budget
is spent on managing information
Have several security related objectives
• Confidentiality (secrecy) - protect info value
• Integrity - protect info accuracy
• Availability - ensure info delivery
Virus 85%
Intrusion 40%
• Prevention
• Detection
• Re-action
• Prevention
• Detection
• Re-action
Modifies data
Attacker
Availability
Ideal Information
Security
Integrity Confidentiality
Worm does not infect other files but it Virus infect files
occupies memory space by
replication
Worm does not need any trigger. Virus may need trigger for execution
68 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
SYN Flooding Attack
• Used to prevent to prevent services to the system.
• Takes advantage of trusted relationship of TCP
SYN
SYN+ACK
ACK
69 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
SYN Flooding Attack
• The attacker sends fake request of communication
• Each of these requests will be answered by the
target system, which then waits for the third part of
the handshake.
• Since the requests are fake the target will wait for
responses that will never come.
• The target system will drop these connections after
a specific time-out period
70 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
SYN Flooding Attack
Target
Attacker
SYN Reserve
With Fake IP address Connection
C K Wait for
A
YN+ ACK
S
Response to
Fake IP address SYN Flooding Attack
71 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
SYN Flooding Attack
• If the attacker sends requests faster than the time-
out period eliminates them, the system will quickly
be filled with requests.
• The number of connections a system can support is
finite, when more requests come in than can be
processed, the system will soon be reserving all its
connections for fake requests.
• Any further requests are simply dropped
72 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
Ping of Death (POD) Attack
• In the POD attack, the attacker sends an Internet
Control Message Protocol (ICMP) ping packet
equal to, or exceeding 64KB.
• Certain systems were not able to handle this size of
packet, and the system would hang or crash.
73 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
Distributed Denial of Service
Attack
• DoS attacks are conducted using single system
• A DOS attack employing multiple attacking
systems is known as a distributed denial of service
(DDOS) attack
• The goal of a DDOS attack is the same: to deny
the use of or access to a specific service or system.
• Aim of DDOS is to overwhelm the target with
traffic from many different systems.
74 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
Distributed Denial of Service
Attack
75 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
Distributed Denial of Service
Attack
• A network of attack agents (Zombies) created by
attacker.
• When zombies/agent receives command attacker,
the agents commence sending a specific type of
traffic against the target.
• Systems are compromised and DDOS S/W agent is
installed
• Sleep zombies are activated after receiving attack
command.
76 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
Sniffing
• It is software or hardware that is used to observe
traffic as it passes through a network on shared
broadcast media.
• used to view all traffic or target specific protocol,
service, or string of characters like logins.
• Some network sniffers are not just designed to
observe the all traffic but also modify the traffic.
• Network administrators use sniffers for monitoring
traffic.
77 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
Sniffing
• used for network bandwidth analysis
Attacker
R
78 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
Man_In_The_Middle Attack (MITM)
• A Man_in_The_Middle attack generally occurs when
attacker are able to place themselves in the middle of
two other hosts that are communicating in order to view
and/or modify the traffic.
Communication appears to be direct
Host 1 Host 2
Attacker
79 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
Man_In_The_Middle Attack (MITM)
This is done by ensuring that all communication going to
or from the target host routed through the attacker host.
The attacker can observe all traffic before relaying it and
can actually modify or block traffic.
To the target host it appears that communication is
occurring normally, since all expected replies are
received
A MITM attack can only be successful when the attacker
can impersonate each endpoint to the satisfaction of the
other.
80 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
Replay Attack
A replay attack is a form of network attack in which a
valid data transmission is maliciously or fraudulently
repeated or delayed.
A replay attack is an attack where the attacker captures a
portion of a comm. between two parties and retransmits
it after some time.
A best way to prevent replay attacks is with encryption,
cryptographic authentication and time stamps .
81 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
Replay Attack
82 Dheeraj
GaneshS..N.Jorvekar
Sadawarte April 22, 2024
Malware
• The term malware also known as malicious code.
• Malware refers to S/W that has been designed for some
nefarious purpose.
• Designed to cause damage to a system such as deleting
all files,
• It may be designed to create a backdoor in the system in
order to grant access to unauthorized users.
• Different types of malicious S/W, such as viruses,
worms, Trojan horse, logic bomb.
• Malicious code runs under the users authority.
• Malicious code can read, write, modify, append or even
delete data or files without users permission.
83 Ganesh .N.Jorvekar April 22, 2024
Virus
• A virus attaches itself to program and
propagates copies of itself to other programs.
• The essential component of virus is set of
instruction which, when executed, spreads
itself to other, previously unaffected, programs
or files.
• performs two functions:
I. It copies itself into previously uninfected programs
or files.
II. it executes whatever other instructions the virus
author included in.
84 Ganesh .N.Jorvekar April 22, 2024
Virus
• It may damage by replicating itself and taking up
system resources, disk space, CPU time, or network
connection.
• A virus is a program that can pass on malicious code
to other non-malicious program by modifying them.
• The term ‘virus’ was coined acts like biological virus
• A virus can be either transient or resident.
– A transient virus has a life that depends on the life of its
host;
– The virus runs when its attached program executes and
terminates when its attached program ends.
– A resident virus locates itself in memory, then it can
remain active or be activated as a stand alone program,
85 even after its attached program
Ganesh ends.
.N.Jorvekar April 22, 2024
Virus types
• Two main classes
1. File infectors
– Which attach themselves to ordinary program files.
– These usually infect arbitrary .COM and/or .EXE files. though
some can infect any program for which execution is requested,
such as .SYS, .OVL, .PRG and .MNU files.
– File infectors can be either DIRECT ACTION or RESIDENT.
– A DIRECT ACTION Virus selects one or more other programs
to infect each time the program which contains it is executed.
– A RESIDENT virus hides itself somewhere in memory the first
time an infected program is executed, and thereafter infects
other programs when they are executed.
86 Ganesh .N.Jorvekar April 22, 2024
Virus types
2. SYSTEM or BOOT-RECORD INFECTORS
Virus Code
+ Virus Code =
Original
Program
Original
Program
Virus code
Original Original
Program Program
Virus code
Part (b)