Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
Types of Attacks and Malicious Software
Transcript of Types of Attacks and Malicious Software
Describe various types of computer and network attacks, including DoS, spoofing, hijacking, and password guessing.
Identify the different types of malicious software that exist, including viruses, worms, Trojan horses, logic bombs, time bombs, and rootkits.
Describe the importance of auditing and what should be audited.
Avenues of Attack
Distributed Denial-of-Service Attack (DDoS)
Used to deny access or service to users
Uses other systems' resources to attack a network
Overwhelms target system
Ping of Death
Targets of opportunity
DoS attack which targets a specific protocol or operating system
Attacker sends ICMP > 64KB
Some systems cannot handle the packet and crash
1. Conducting reconnaissance
3. Researching vulnerabilities
4. Performing the attack
5. Creating a backdoor
6. Covering tracks
Ensure necessary patches and upgrades are current
Change time-out period for TCP connections
Distribute workload across several systems
Block external ICMP packets at border
Hard-coded access built into the program
Gather as much information as possible
Don't worry about whether it is relevant or not.
Are implanted in compromised systems
Installed with a Trojan
Ensures access in the future even if Trojan is removed
Identify target systems that are active and accessible.
Identify the operating system and other specific application programs running on system.
A connection to a Windows IPC$
Systems prior to XP and Server 2003 are vulnerable
No patch is available
Must upgrade to XP or newer
Restrict access to ports 139 & 445
Wealth of information available through the World Wide Web
Performing the Attack
Matching an attack to an identified vulnerability.
Attacker can observe all network traffic
Software, hardware or combination of the two
Ability to target specific protocol, service, string of characters, etc.
May be used by network administrators to monitor the network
Physical security is key in preventing introduction of sniffers
Creating a Backdoor
Provides future access to the attacker.
Phishing and Pharming
Covering Their Tracks
In an effort to remain undetected, attackers endeavor to cover their tracks.
From address differs from sending system
Recipients rarely question authenticity
fraudulent emails that are used to gain confidential info
Websites that assume to be authentic in order to retrieve user info
Smurf Attack (IP Address Spoofing)
Attacks on Encryption
Steps in an Attack
An attempt to crack encryption
Exhaustive search of key space
Combination of a user ID and a password is the common form of system authentication
Compromised passwords occur due to not adhering to password procedures
Attacking Computer Systems
Spoofing and Trusted Relationships
Limit trust relationships
Firewalls should be configured to discard packets from outside that have spoofed addresses indicating that it was originated from inside
Attacks on specific software
Attacks on a specific protocol or service
Exploit known identified vulnerabilities.
Purpose is to prevent normal system operations for authorized users.
Spoofing and Sequence Numbers
Attacker must use correct sequence number:
TCP packet sequence numbers are 32-bit
Incremented by 1
Very difficult to guess
Insider attacks vs. external attacks
SYN Flood Attack
An example of a DoS attack targeting a specific protocol or service
Exploit a weakness inherent to the function of the TCP/IP protocol
Take advantage of software bugs/weakness
Buffer overflow attack
Replicate and attach to executable code
Attacker intercepts part of an exchange between two hosts and retransmits message later
Used to bypass authentication mechanisms
Prevented by encrypting traffic, cryptographic authentication, and time-stamping messages
Some of the worst viruses known:
The Klez Virus (2001)
acted like anti-virus software
SQL Slammer (2003)
Crashed BoA atm systems
Continental Airlines suffered through e-tickets and check-ins
Attacker assumes control of existing session
Allows attacker to circumvent authentication
Can be masked with DoS attack
Used against web and Telnet sessions
Drive-by Download Attack
Software that appears to do one thing but contains a hidden agenda
Do not run software of unknown origins
Always keep virus protection running at all times!
Unsolicited malware downloads
Hidden in legitimate ads or hosted from web sites that prey o unaware users
The Storm Worm Trojan horse virus of 2006 enticed users to download malicious software through emails with subjects that were linked to current events. Once downloaded, the malicious software seized control of users' computers and used them to send millions of spam emails.
Software that is capable of recording and reporting user's actions
system monitoring and use
installed without user's knowledge
Triggered by a specified future event
Authorized user installation
Reinforces need for backups
Time bomb is similar except that it delivers payload at a predetermined time/date
Malware that modifies the OS kernel and supporting functions
Types of Rootkits:
Code that penetrates and replicates on systems
no need to attach to other files or code
spread through a variety of ways
e-mail, P2P sharing networks, infected sites
Morris worm, Love Bug, Code Red, and Samy
Fastest growing worm to date!
used MySpace's XSS (cross-site script)
“but most of all, Samy is my hero”
at end of profile
replicated by viewing the infected person's profile
Approach e-mail attachments with caution
Implement an intrusion detection system
Eliminate unnecessary services
Zombies and Botnets
Malware installed on machines creates zombies under the control of the attacker
Large networks of zombies are called botnets
Attacker's botnets have 1M+ zombies
Responsible for millions of spam messages daily
Conducted on a regular basis
Mandated depending on the industry
May be contracted out to another party
Policies, procedures, and guidelines governing security