institute of southern punjab, multan - wordpress.com · 2016-04-11 · dumpster diving google,...
TRANSCRIPT
![Page 1: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/1.jpg)
Mazhar Hussain
E-mail: [email protected]
Network Security
Lecture#2
Institute of Southern Punjab, Multan
Security Architecture
![Page 2: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/2.jpg)
Lecture 2: Security Architecture
Security Attacks
A Model for Network Security
Phases of Hacking
Hacktivism
2
![Page 3: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/3.jpg)
Security Attacks
3
![Page 4: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/4.jpg)
Security Attacks
Any action that compromises the security of information ofan organization
4
![Page 5: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/5.jpg)
A passive attack attempts to learn or make use of information from the system but does not affect system resources.
An active attack attempts to alter system resources or affect their operation.
5
Continued…
![Page 6: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/6.jpg)
Passive attacks are in the nature of spying on, or monitoring of transmissions.
The goal of the opponent is to obtain information that is being transmitted.
Two types of passive attacks are:
1. The release of message contents
2. Traffic Analysis6
Passive Attack
![Page 7: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/7.jpg)
The release of message contents is easilyunderstood by the Figure in next page.
A telephone conversation, an electronic mailmessage, and a transferred file may containsensitive or confidential information.
We would like to prevent an opponent from learningthe contents of these transmissions.
7
The Release of Message Contents
![Page 8: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/8.jpg)
8
Continued…
![Page 9: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/9.jpg)
A second type of passive attack is traffic analysis.
Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message.
The common technique for masking contents is ???
9
Traffic Analysis
![Page 10: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/10.jpg)
10
Continued…
![Page 11: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/11.jpg)
Passive attacks are very difficult to detect????
11
Continued…
![Page 12: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/12.jpg)
Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:
1. Masquerade
2. Replay
3. Modification of Messages
4. Denial of Service
12
Active Attack
![Page 13: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/13.jpg)
A masquerade takes place when one entity pretends to be a different entity.
13
Masquerade
![Page 14: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/14.jpg)
Replay involves the passive capture of a data unit and later retransmission to produce an unauthorized effect.
14
Replay
![Page 15: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/15.jpg)
Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect.
15
Modification of Messages
![Page 16: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/16.jpg)
The denial of service prevents the normal use or management of communications facilities.
16
Denial Of Services
![Page 17: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/17.jpg)
A Model for Network Security
17
![Page 18: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/18.jpg)
18
A Model for Network Security
![Page 19: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/19.jpg)
Phases of Hacking
19
![Page 20: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/20.jpg)
20
Continued…
![Page 21: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/21.jpg)
Hacking NetworksPhase 1: Reconnaissance
Physical Break-In Dumpster Diving Google, Newsgroups,
Web sites Social Engineering
Phishing: fake email Pharming: fake web
pages
WhoIs Database & arin.net
Domain Name Server Interrogations
Registrant:Microsoft CorporationOne Microsoft WayRedmond, WA 98052US
Domain name: MICROSOFT.COM
Administrative Contact:Administrator, Domain [email protected] Microsoft WayRedmond, WA 98052US+1.4258828080
Technical Contact:Hostmaster, MSN [email protected] Microsoft WayRedmond, WA 98052 US+1.4258828080
Registration Service Provider:DBMS VeriSign, [email protected] x4Please contact DBMS VeriSign for domain updates,
DNS/Nameserverchanges, and general domain support questions.
Registrar of Record: TUCOWS, INC.Record last updated on 27-Aug-2006.Record expires on 03-May-2014.Record created on 02-May-1991.
Domain servers in listed order:NS3.MSFT.NET 213.199.144.151NS1.MSFT.NET 207.68.160.190NS4.MSFT.NET 207.46.66.126NS2.MSFT.NET 65.54.240.126NS5.MSFT.NET 65.55.238.126
21
![Page 22: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/22.jpg)
Hacking NetworksPhase 2: Scanning
War Driving: Can I find a wireless network?
War Dialing: Can I find a modem to connect to?
Network Mapping: What IP addresses exist, and what ports are open on them?
Vulnerability-Scanning Tools: What versions of software are implemented on devices?
22
![Page 23: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/23.jpg)
Passive Attacks
Eavesdropping: Listen to packets from other parties = Sniffing
Traffic Analysis: Learn about network from observing traffic patterns
Footprinting: Test to determine software installed on system = Network Mapping
Bob
JennieCarl
23
![Page 24: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/24.jpg)
Hacking Networks:Phase 3: Gaining Access
Network Attacks:
Sniffing (Eavesdropping)
IP Address Spoofing
Session Hijacking
System Attacks:
Buffer Overflow
Password Cracking
SQL Injection
Web Protocol Abuse
Denial of Service
Trap Door
Virus, Worm, Trojan horse, Login: Ginger Password: Snap
24
![Page 25: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/25.jpg)
Some Active Attacks
Denial of Service: Message did not make it; or service could not run
Masquerading or Spoofing: The actual sender is not the claimed sender
Message Modification: The message was modified in transmission
Packet Replay: A past packet is transmitted again in order to gain access or otherwise cause damage
Denial of ServiceJoe
Ann
Bill Spoofing
Joe (Actually Bill)
Ann
Bill
MessageModificationJoe
Ann
Packet ReplayJoe
Ann
Bill
Bill
25
![Page 26: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/26.jpg)
Man-in-the-Middle Attack
10.1.1.1
10.1.1.2
10.1.1.3
(1) Login
(3) Password
(2) Login
(4) Password
26
![Page 27: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/27.jpg)
SQL Injection Java Original: “SELECT * FROM
users_table WHERE username=” + “‟” + username + “‟” + “ AND password = “ + “‟” + password + “‟”;
Inserted Password: Aa‟ OR „‟=‟ Java Result: “SELECT * FROM users_table
WHERE username=‟anyname‟ AND password = „Aa‟ OR „ „ = „ „;
Inserted Password: foo‟;DELETE FROM users_table WHERE username LIKE „%
Java Result: “SELECT * FROM users_table WHERE username=‟anyname‟ AND password = „foo‟; DELETE FROM users_table WHERE username LIKE „%‟
Inserted entry: „|shell(“cmd /c echo “ & char(124) & “format c:”)|‟
Login:
Password:
Welcome to My System
27
![Page 28: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/28.jpg)
Password Cracking:Dictionary Attack & Brute Force
Pattern Calculation Result Time to Guess
(2.6x1018/month)
Personal Info: interests, relatives 20 Manual 5 minutes
Social Engineering 1 Manual 2 minutes
American Dictionary 80,000 < 1 second
4 chars: lower case alpha 264 5x105
8 chars: lower case alpha 268 2x1011
8 chars: alpha 528 5x1013
8 chars: alphanumeric 628 2x1014 3.4 min.
8 chars alphanumeric +10 728 7x1014 12 min.
8 chars: all keyboard 958 7x1015 2 hours
12 chars: alphanumeric 6212 3x1021 96 years
12 chars: alphanumeric + 10 7212 2x1022 500 years
12 chars: all keyboard 9512 5x1023
16 chars: alphanumeric 6216 5x102828
![Page 29: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/29.jpg)
Hacking Networks:Phase 4: Exploit/Maintain Access
Backdoor
Trojan Horse
Spyware/AdwareBots
User-Level Rootkit
Kernel-Level Rootkit
Replaces systemexecutables: e.g. Login, ls, du
Replaces OS kernel:e.g. process or filecontrol to hide
Control system:system commands,log keystrokes, pswd
Useful utility actuallycreates a backdoor.
Slave forwards/performscommands; spreads,list email addrs, DOSattacks
Spyware: Collect info:keystroke logger,collect credit card #s,AdWare: insert ads,filter search results
29
![Page 30: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/30.jpg)
Botnets
Attacker
Handler
Bots: Host illegal movies,music, pornography, criminal web sites, …Forward Spam for financial gain
ChinaHungary
Botnets: Bots
Zombies
30
![Page 31: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/31.jpg)
Distributed Denial of ServiceZombies
VictimAttacker
Handler
Can barrage a victimserver with requests,causing the networkto fail to respond to anyone
RussiaBulgaria United
States
Zombies
31
![Page 32: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/32.jpg)
Hacktivism
32
![Page 33: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/33.jpg)
Hacktivism refers to hacking for a cause!
– Political Agenda
33
Hacktivism
![Page 34: Institute of Southern Punjab, Multan - WordPress.com · 2016-04-11 · Dumpster Diving Google, Newsgroups, Web sites Social Engineering Phishing: fake email Pharming: fake web pages](https://reader034.vdocuments.mx/reader034/viewer/2022042309/5ed7126b62136e72fb7bc870/html5/thumbnails/34.jpg)
END OF LECTURE 2
34