Chapter 2 - Introduction Vulnerabilities, Threats and Attack

7/30/2019 Chapter 2 - Introduction Vulnerabilities, Threats and Attack

1/23

INTRODUCTION VULNERABILITIES,

THREATS AND ATTACKCHAPTER 2


2/23

VULNERABILITIES

A vulnerability is an inherent weakness in thedesign, configuration, or implementation of anetwork or system that renders it susceptible toa threat.

Most vulnerabilities can usually be traced back

to one of three sources: Poor design

Poor implementation

Poor management


3/23

Poor Design (Technology Weaknesses)

Hardware and software system that containdesign flaws that can be exploited.

Example: the sendmail flaws in early versionof Unix.


4/23

Poor Implementation (ConfigurationWeaknesses) System that are incorrectly configured, and

therefore vulnerable to attack.

Example: system that does not have restricted-access privileges on critical executable files,thereby allowing these files to be altered by

unauthorized users.


5/23

Poor Management (Security PolicyWeaknesses) Inadequate procedures or insufficient checks

and balances.


6/23

THREATS

A threat is anything that can disrupt theoperation, functioning, integrity, or availabilityof a network or system.

There are different categories of threats:

Natural threats (floods, earthquakes, or storms)

Unintentional threats (result of accident orstupidity)

Intentional threats (result of malicious indent)


7/23

THREATS Unstructured threats

created by an inexperienced person who is trying to

gain access to your network Structured threats implemented by a technically skilled person who is

trying to gain access to a network Internal threats

occurs when someone from inside your networkcreates a security threat to your network. External threats

occurs when someone outside your network creates asecurity threat to your network.


8/23

ATTACK

An attack is a specific technique used to exploit avulnerability.

There are two categories of attack:-

Passive attack

very difficult to detect because there is no overtactivity that can be monitored or detected.

Example: packet sniffing or traffic analysis.

Active attack

Employ more overt action on the network or system.

Example: denial-of-service.


9/23

ATTACK

Reconnaissance attack

Access attack

Distributed Denial of service attack

Malicious code attack


10/23

Reconnaissance Attack Reconnaissance attacks are the first step in the

process of intrusion and involve unauthorized

discovery and mapping of systems, services, orvulnerabilities. These discovery and mapping techniques are

commonly known as scanning and enumeration. Common tools, commands, and utilities that are

used for scanning and enumeration include ping,Telnet, nslookup, finger, rpcinfo, File Explorer,srvinfo, and dumpacl.

Other third-party public tools include Sniffer,SATAN, SAINT, NMAP, and netcat.


11/23

Access Attack

Access attack are an attempt to gain access toinformation that the attacker dont haveauthorization to have.

Access attack in network Snooping

Eavesdropping Interception


12/23

Snooping

Snooping is looking through information files inthe hopes of finding something interesting.

If the files are on paper, an attacker may do thisby opening a file drawer and searching throughfiles.

If the files are on a computer system, an attackermay attempt to open one file after another untilinformation is found.


13/23

Eavesdropping

Eavesdropping is when someone listens in on aconversation that they are not a part of.

To gain unauthorized access to information, anattacker must position himself at a locationwhere information of interest is likely to pass by.

The introduction of wireless networks hasincreased the opportunity to performeavesdropping.


14/23


15/23

Interception

Unlike eavesdropping, interception is an activeattack against the information.

When an attacker intercepts information, he isinserting herself in the path of the informationand capturing it before it reaches its destination.

After examining the information, the attackermay allow the information to continue to itsdestination or not


16/23


17/23

Distributed Denial of Service

Distributed Denial of Service (DDoS) attack is aDoS attack that occurs from more than one

source, and/or from more than one location, atthe same time.

Purpose of DDoS attack is exhaust the victim'sresources

network bandwidth, computing power, or operatingsystem data structures


18/23


19/23


20/23

Malicious Code Attack

Malicious code is an auto-executableapplication.

It can take the form of Java Applets, ActiveXcontrols, plug-ins, pushed content, scriptinglanguages, or a number of new programming

languages designed to enhance Web pages andemail.


21/23

WHERE MALICIOUS CODE HIDE?

Email

Web content

File downloads

Legitimate sites

Pushed contents


22/23

VIRUS vs WORMS vs TROJANVirus Worms Trojan Horse

Require human action. Spread from computer tocomputer, but unlike a virus,

it has the capability to travelwithout any human action.

Appear to be useful softwarebut will actually do damage

once installed or run on yourcomputer.

Spreading of computer virus,mostly by sharing infectingfiles or sending e-mails withviruses as attachments in thee-mail.

Replicate itself on yoursystem, creating a hugedevastating effect.

Designed to be annoying andmalicious (like changingyour desktop, adding sillyactive desktop icons) or cancause serious damage(create a backdoor, deletingfiles)

It also passing the infectionfrom one infected system toanother (attach toexecutable file)

Do not need to infect otherfile in order to reproduce.

Do not reproduces byinfecting other files

Example: Brain virus Example: Morris worm Example: Beast


23/23

Others Attack

Logic Bombs

Port Scanning

Man-in-the-middle

Traps Door

Replay Attack

Back Door Attack Spoofing Attack

Chapter 2 - Introduction Vulnerabilities, Threats and Attack

Documents

Transcript of Chapter 2 - Introduction Vulnerabilities, Threats and Attack