Attacks Framework

Attacks

Physical AccessAttacks

--Wiretapping

Server HackingVandalism

Dialog Attacks--

EavesdroppingImpersonation

Message Alteration

PenetrationAttacks

Social Engineering--

Opening AttachmentsPassword Theft

Information Theft

Scanning(Probing) Break-in

Denial ofService

Malware--

VirusesWorms

Social Engineering Attacks and Defenses

Social Engineering

Tricking an employee into giving out information or taking an action that reduces security or harms a system

Opening an e-mail attachment that may contain a virus

Asking for a password claiming to be someone with rights to know it

Asking for a file to be sent to you

Social Engineering Attacks and Defenses

Social Engineering Defenses

Training

Enforcement through sanctions (punishment)

Eavesdropping on a Dialog

Client PCBob Server

Alice

Dialog

Attacker (Eve) interceptsand reads messages

Hello

Hello

Impersonation and Authentication

Client PCBob

ServerAlice

Attacker(Eve)

I’m Bob

Prove it!(Authenticate Yourself)

Message Alteration

Client PCBob

ServerAlice

Dialog

Attacker (Eve) interceptsand alters messages

Balance =$1

Balance =$1 Balance =

$1,000,000

Balance =$1,000,000

Scanning (Probing) Attacks

Probe Packets to172.16.99.1, 172.16.99.2, etc.

Internet

Attacker

Corporate Network

Host172.16.99.1

No Host172.16.99.2 No Reply

Reply from172.16.99.1

Results172.16.99.1 is reachable172.16.99.2 is not reachable…

Denial-of-Service (DoS) Flooding Attack

Message Flood

ServerOverloaded ByMessage Flood

Attacker

Network Penetration Attacks and Firewalls

AttackPacket

Internet

Attacker

HardenedClient PC

HardenedServer Internal

CorporateNetwork

Passed Packet

DroppedPacket

InternetFirewall

Log File