Professional Documents
Culture Documents
Firewalls :
Page 1 of 100
Page 2 of 100
Page 3 of 100
Screened Subnet firewall is most secure and act as a Perimeter network. Access o Primary Firewall Administrator o Backup Firewall Administrator o Network service Manager. Boundary Controls eg . Fences and firewalls State Packet Filter Firewall is simple , inexpensive and quick to implement. Firewall eg. Boundary access control. Static packet filter firewall low-risk computing environment. Hybrid gateway firewall- medium to high-risk computing environment. Stateful and dynamic filter firewall- high risk computing environment. A rulebase facilities implementing security controls in a firewalls. Firewall on a packet Accept/Deny and Discard. Best backup strategy Day Zero Backup. Firewalls- protected for fail-safe performance. RPC,NFS and SNMP should always be blocked and FTP should be restricted. Provide a Line of perimeter defense against attacks Traffic to and from the Internet. Firewall Compromised correct steps to rebuild the Firewll. o Bring down the primary firewall o Deploy the secondary Firewall o Reconfigure the primary Firewall o Restore the primary firewall. Packet filtering firewall are most vulnerable to attack.
Page 4 of 100
Attacks: Denial of Service Attack : DOS name Land Type Malformed Packet Description The land attack uses a spoofed SYN packet that includes the victims IP address and TCP port as both source and destination. This attack targets the TCP/IP stack of older unpatched windows system. A smurf attck involves ICMP flooding. The attacker sends ICMP Echo Request messages with spoofed source addresses of the victim to the directed broadcast address of a network known to be a Smurf amplifier. A Smurf amplifier is a public facing network that is misconfigured such that it will forward packets sent to the network broadcast address to each host in the network. Assuming a /24 Smurf amplifier, this means that for every single spoofed ICMP Echo Request sent the victim could receive up to 254 ICMP Echo Responses. As with most of resource exhaustion denial of service attack, prevention involves having infrastructure that can filter the DOS traffic Counter Measure
Smurf
Resource Exhaustion
Page 5 of 100
SYN Flood
Resource Exhaustion
Teardrop
Malformed Packet
Ping of Death
Malformed Packet
Patching the TCP/IP stacks of systems removed the vulnerability of this DOS attack.
Fraggle
Resource Exhaustion
DNS Reflection
Page 6 of 100
Computer Virus
Common virus Malicious Code A malicious code that replicates using a host program. An effective defence against computer viruses does not include Virus scanning programs. The boot sector virus works during computer booting , where the master boot sector and boot sector code are read and executed. A worm is a self-replicating program that is self-contained and does not require a host program. The worm searches the network for idle computing resources and uses them to execute the program in small segments. A multi-partite virus combines both sector and file infector virus. It raises privacy issues such as what information is collected and how it is used. Internet privacy is not enhanced when the cookies file is delted. Deleting cookies file will not protect the user since a new file is created by the browser therefore, the cookies file is a security concern on the internet. Manipulate the directory structure of the media on which they are stored pointing to the OS to virus code instead of legitimate code. Stored in a spread sheet or word processing document. Maximum number of encounters.it is difficult to detect.
Worm
Link Viruses
Macro
Asynchronous attacks
Inference
Data leakage is removal of data from a system by covert means. It might be conducted through the use of Trojan horse, logic bomb, or scavenging methods. Are indirect attacks on a computer program that act by altering legitimate data or codes at a time when the programs is idle, then causing the changes to be added to the target program at later execution. An inference attack is where a user or an
Access controls
Page 7 of 100
Trapdoor attacks
Trapdoors are entry points built into a program created by programmers for debugging purposes. Major Risks: software disconnection and hacker entry. Back door is wide open for hackers The vendor can modify the software at will without the users knowledge or permission.
Use layered protection and disable activecontent code. (e.g. Active-X and Java script) from the Web browser are effective controls against such attacks. War dialling software
Spoofing attacks TOC/TOU is an e.g. of asynchronous attacks Traffic analysis Attack CG Script vulnerable Logic bomb
Firewall It takes advantage of timing differences between two events. Applying task sequence rules. Apply encryption tools Traffic padding technique Because it can be interpreted. A time bomb is a part of a logic bomb. A time bomb is a Trojan horse set to trigger at a particular time while the logic bomb is set to trigger at a particular condition ,event or command. Is a penetration technique capitalizing on a potential weakness in an OS that does not handle asynchronous interrupts properly, thus leaving the system in an unprotected state during such interrupts. It is a program that performs a useful function and an unexpected action as well as a form of virus. DAC is most vulnerable to Trojan horse attack. Back Office is a Trojan horse in windows OS. Computer viruses affect integrity, availability and usability. e-mail server is the best place to check for computer virus.
Nak attack
Trojan horse
Malicious code
Computer Virus
Malicious code
Page 8 of 100
Antivirus Methods Polymorphic virus Malicious code defn. Stealth virus Active-X controls
Certify all disks prior to their use. Access controls , Audit trails, Least Privilege Principle. Session encryption is used to encrypt data between applications and end users. This provides strong authentication. Stream encryption encrypts and decrypts arbitrarily sized messages, not a strong authentication
Focus on Cryptographic parameters(CSPscritical security parameters) contain keys , passwords, PINs. The most common attack against cryptographic. A time-stamp ,A sequence number, An unpredictable value.
Page 9 of 100
Attacks Eavesdropping and loss of confidentiality Eavesdropping also known as sniffing or snooping of network traffic. Telephone cloning
Telephone Tumbling attack Tumbling Attack A technique used to perpetrate wireless Fraud Login Spoofing
Counter Measure Encrypting the contents of the message or encrypting the contents of the channel over which it is transmitted. Electronic Signatures Call-screening System Digital technologies Pre-Call Validation system Analog Cellular Phone Cloning Providing a secure channel between the user and the system. Installing a hardware reset button Implementing a cryptographic authentication techniques. SSL
Session hijacking and Eavesdropping (intrusion) Session hijacking : An attacker connecting a covert computer terminal to a data communication line between the authorized terminal and the computer. Eavesdropping : A source of eavesdropping on the WWW web server is : System logs E-mail Spoofing
Pretty good Privacy (PGP)for the protection of computer files and electronic mail.
Page 10 of 100
User Firewall,Disable active-content, use timestamps. Remove default accounts, install software patches, use encryption tools. Voice encryption Use secure shell protocol, apply end-to-end encryption, and Implement robust authentication techniques. Use packet filters Every possible key will be tried. This is similar to a known plain text attack. Change keys and increase in key length. Prevent and Intervenebest approach Caused by Temporary accounts setup by the ISP
Network Attack Mail bombings Tunnelling Attack To exploit a weakness in a system that exists at a level below the developers design level (such as through operating system code versus application code). Active Attack: Non Preventable and detectable E.g. Active Threats : 1.Denial of message service 2.Masquerding. 3.Modification of message service. Passive Attack: Preventable but difficult to detect e.g. 1. Listing to a system password when the user types it. 2. Release of message contents and traffic analysis. Asynchronous Attacks
Cryptography
Cryptography
Page 11 of 100
Voice hacker :
Data hacker : Voice mail fraud Voice mail fraud prevention controls can be counter productive and counter balancing. Spoofing attack :-
Is tempering activity active attack Impersonating a user or system Spoofing synonymous : Mimcking,impersonating,Masquerding
Spamming : Posting indentical messages to multiple unrelated newsgroup on the internet. Sniffing or snooping : observing packets passing by on the network. Sniffing precedes Spoofing Is a surveillance activity and is a passive attack. Scanning,snooping and sniffing are lead to penetration attacks. Sniffing is monitoring network traffic. Hiddencode,Inference and Traffice analysis are based on data and information. Bufferoverflow eg. Of input validation error. Ping of death e.g. Buffer overflow attack, a part of Denial of service attack
Page 12 of 100
MIM attacks
1.promoting education and awareness 2.preventing password guessing. 3.Asking people not to watch while password is being typed. Packet spoofing : Is the most sophisticated tool or technique that attackers use against computer systems. Packet-time stamping and packet-sequence counting.
Packet replay Impersonation :can be achieved by Forgery , Relay and Interception. Masquerading attacks
Attacks plus breach TCP Sequence number check e.g. Session hijacking attack. Piggyback attack : An intruder gains unauthorized access to a system by using a valid users
Detective controls : Reporting of the last time user accessed the system. Passive detection methods, logs are not reviewed unless there is a suspicion. A Penetration
Page 13 of 100
A worm is self replicating program that is self-contained and does not require a host program. Searches the network for the idle computing resources and executes the program in small segments.
Multi-partite virus : Combines both sector and file infector viruses. Antivirus software : eg. of both preventive and detective control. Audit Trails : Detective control Policies and procedure : directive controls Contingency plan : recovery controls. Data leakage attacks : is removal of data from a system by covert means.it might be conducted through the use of Trojan horse,logic bombs, or scavenging methods. Inference attacks are based on : Data and information Link viruses : manipulate the directory structure of the media on which they are
Page 14 of 100
Trapdoor
are stored In a spreadsheet or word processing document. Had the maximum number of encounters. It is difficult to detect. It resides in documents. Programmers frequently create entry points into a program for debugging purposes and/or insertion of new program codes at a later date.its also called as hooks and back doors. Software disconnection and hacker entry are major risk.
Time-of-check to time-ofuse(TOC/TOU) e.g. of Asynchronous attack Traffic analysis attack Data inference attacks Logic bomb(time bomb) :
1.Apply task sequence rules. 2.Apply encryption rules. Traffic padding technique Access controls A malicious unauthorized act that is triggered upon information of a predefined event or condition and resides within a computer program is known as . A time bomb is a Trojan horse set to trigger at a particular time while the logic bomb is set to trigger at a particular condition,event or command. The Logic bomb could be a computer program or a code fragment. It is a program that performs a useful function and unexpected action as well a form of virus. Discretionary access control most vulnerable to Trojan horse attack. Backoffice is a Trojan horse in a Windows operating system. Affect integrity,availability and useability. Remove and Clean are used interchangeably. Password : technical measure . Anti-virus software scans evry bootup. Best place to check for Computer virus. Used A Mutation Engine
Trojan horse
Computer Virues
Page 15 of 100
Replay attack A ciphertext-only attack Effective controls to detect attempts to replay an earlier successful authenticationexchange Common method of computer system Social engineering
Timestamps,Nonces,Kerberos
A Time-stamps, A sequence number, An unpredictable value. Password cracking, Packet sniffing Send mail e.g. Trickery or coercion techniques people into divulging their passwords. An attack in which someone compels system users or administrators into revealing information that can be used to gain access to the system for personal gain . Trojan horse, Trapdoor, time bomb, virus or worm to perform intentional harm or damage. Discarded storage media, such as Using a data destruction paper documents and reports is a process. major and common problem. Obtaining information that may be left in or around a computer system after the execution of a job. Involves changing data before or during input to computers or during out from a computer system. Theft of small amounts of assets (money) from a number of sources. Physically or electronically- both methods involve gaining access to a controlled area without authorization. Passive wiretapping Traffic padding can be used to prevent traffic analysis attack.
Computer sabotage
Dumpster driving
Scavenging
Data diddling
Page 16 of 100
Tools : 1. Packet spoofing : Is the most sophisticated tool or technique that attackers use against computer systems. 2.Nmap is a sophisticated network-scanning tool.
Ping : Tells the location of a phone user. Merit Protection : o Privacy of location and privacy of transmission of contents. Secure o Digital systems are inherently more secure that analog cellular telephony because of their digital formats and error-checking and correction protocols.
Page 17 of 100
Protocols: Protocols SSL Characteristics Session-oriented protocol Public key (digital certificates) + symmetric key(DES) cryptography to perform
Page 18 of 100
PPTP
IPSEC Ethernet X.25 TCP WAN WTLS WTP WSP WDP WAP Secure RPC ARP X.509 X3.93 X9.9 X9.17 X.25 Frame Relay X9.63 X9.44 X.75 SET TLS CHAP SLIP ICMP
Key establishment schemes that employ asymmetric techniques. Is transport of symmetric algorithm keys using reversible public key cryptography. Public packet switched communications between network hubs. Secure transactions over the internet in terms of buying and selling of goods and services. Prevent Eavesdropping , tampering or message forgery. Communication privacy and data integrity over the internet. Re-authentication Does not provide error detection or correction mechanism. Function-Redirecting messages is used to trick routers and hosts. Checking remote hosts function of ICMP of TCP/IP cause a buffer overflow on the target machine. Used by the Internet Used by IBM Used by Digital Equipment Corporation Manufacturing Automation Protocol.
Page 19 of 100
Web Server :
Page 20 of 100
Intranet:
The integration of personal computers, LAN, WAN , mainframe legacy systems, and external systems. It can be used to link employees together , thus enabling easy communication, collaboration, and workflow. Help in resolving document distribution problems and in increasing employee productivity in an organization.
Communications and Network Security : Bypass Switch Fallback Switch Crossover Switch Matrix Switch
Page 21 of 100
Page 22 of 100
Page 23 of 100
Page 24 of 100
Page 25 of 100
Page 26 of 100
Page 27 of 100
Page 28 of 100
Page 29 of 100
Page 30 of 100
Page 31 of 100
Page 32 of 100
Page 33 of 100
Page 34 of 100
Page 35 of 100
Page 36 of 100
Page 37 of 100
Page 38 of 100
Page 39 of 100
Page 40 of 100
Page 41 of 100
Page 42 of 100
Page 43 of 100
Page 44 of 100
Page 45 of 100
Page 46 of 100
Page 47 of 100
Page 48 of 100
Page 49 of 100
Page 50 of 100
Page 51 of 100
Page 52 of 100
Page 53 of 100
Page 54 of 100
Page 55 of 100
Page 56 of 100
Page 57 of 100
Page 58 of 100
Page 59 of 100
Page 60 of 100
Page 61 of 100
Page 62 of 100
Page 63 of 100
Page 64 of 100
Page 65 of 100
Page 66 of 100
Page 67 of 100
Page 68 of 100
Page 69 of 100
Page 70 of 100
Page 71 of 100
Page 72 of 100
Page 73 of 100
Page 74 of 100
Page 75 of 100
Page 76 of 100
Page 77 of 100
Page 78 of 100
Page 79 of 100
Page 80 of 100
Page 81 of 100
Page 82 of 100
Page 83 of 100
Page 84 of 100
Page 85 of 100
Page 86 of 100
Page 87 of 100
Page 88 of 100
Page 89 of 100
Page 90 of 100
Page 91 of 100
Page 92 of 100
Page 93 of 100
Page 94 of 100
Page 95 of 100
Page 96 of 100
Page 97 of 100
Page 98 of 100
Page 99 of 100