VIRUS ATTACKS ON WN
What are viruses? A virus attack is when your computer's security is penetrated, and someone tries to steal your computer information and documents. Viruses can also try to plant/seed your computer by making a fake program somewhere deep in your un-used documents, which may most likely be called a "Trash bin", or an unneeded file for a game.
�Types of virus attacks on wn are Trojan horse E-mail Borne Viruses Bootsector virus Bluesnarfing etc
�Network Sniffers
intercept and log traffic passing over a digital network or part of a network. Normally a computer only looks at packets addressed to it and ignores the rest of the traffic on the network. But when a network sniffer is set up it captures all the traffic in the network. Works for both wired and wireless medium
�Positive Usage of Network Sniffers
Capturing packets Recording and analyzing traffic Maintaining network and system working Converting data to readable format Showing relevant information like IP, protocol, host or server name and so on
�Negative Usage of Network Sniffers
Catching password, which is the main reason for most illegal uses of sniffing tool. Capturing special and private information of transactions, like username, credit ID, account, and password. Recording email or instant message and resuming its content. Some Sniffers even can modify target computer's information and damage system. Disserving the security of network places or to gain higher level authority.
�Protection
SSH(Secure Shell) HTTPS(HTTP Secure or HTTP over SSL) Rejecting promiscuous mode. IPSec.
�WHAT IS FIREWALL?
Software or hardware security device The main purpose of a firewall is to separate a secure area from a less secure area and to control communications between the two.
�HOW FIREWALL WORKS
Inspects and filters each individual packet of data. Methods of packet filtering 1. Packet filtering 2. Proxy service 3. Stateful inspection
�FIREWALL ATTACKS
Port scan Network traffic flood Malformed network packets Fragmentation attacks IP spoofing Attacks through external systems Attacks through content
�FIREWALL ADD-ONS
Strong user authentication Firewall-to-firewall encryption Content screening devices. Flow control
�Denial of Service
The goal of a denial of service attack is to deny legitimate users access to a particular resource. An incident is considered an attack if a malicious user intentionally disrupts service to a computer or network resource. Resource exhaustion (consume all bandwidth, disk space)
� Denial of Service attacks are usually conducted by few types of attackers: The Fun Hackers (Because they can) Activists (Anarchists, Anti Globalization, etc.) Terrorists (Aid causes of war) Competitors (Mostly grey area industries such as gambling ) Military While some other types of DoS hackers exist but they are negligible
�Network based DoS attacks
1.
UDP bombing
Echo and chargen were used in the past for network testing. the echo was connected to the chargen generating huge amounts of traffic.
Attacker initiates a TCP connection to the server with a SYN.Server replies with a SYN-ACK. Client does not reply with an ACK causing server to allocate memory for the pending connection.
2. tcp SYN flooding
�3. PING of death
The ping of death attack sends oversized ICMP datagrams (encapsulated in IP packets) to the victim. Some systems, upon receiving the oversized packet, will crash, freeze, or reboot, resulting in denial of service. 4. SMURF attack A smurf attack consists of a host sending an ICMP echo request (ping) to a network broadcast address. Every host on the network receives the ICMP echo request and sends back an ICMP echo response inundating the initiator with network traffic.
�SOFTWARE BUGS
A flaw, error or fault in a computer program or system Incorrect, unexpected and unintended behaviour Mistakes or errors in source code or design
�COMMON TYPES OF BUGS
Arithmetic bugs Logic bugs Syntax bugs Resource bugs Multi-threading programming bugs
�FAMOUS SOFTWARE DISASTERS
Therac-25 radiation therapy(1985) Y2K(1999) Sony BMG CD copy prevention scandal(2005) AT&T long distance network crash(1990)
�BUFFER OVERFLOW
Goal-to subvert the function of a program To achieve this : Arrange for suitable codes to be available in programs address space Get the program to jump to that code
�PROTECTIVE MEASURES
Choice of programming language Use of safe libraries Buffer overflow protection Pointer protection Executable space protection Address space layout randomization
�BUFFER OVERFLOW ATTACKS
Buffer overflow in Berkeley UNIX finger daemon (Morris worm) Ping of Death Code red worm
�TCP Hijacking
TCP What is TCP hijacking
Requirements
Any TCP connection is made unique through 5 parameters. An attacker needs to know all 5; Source IP address Destination IP address Source Port Destination Port Sequence Number
The Problem with Sequence Numbers
Guessing the port
Blind hijacking and session hijacking
�TCP Hijacking Process
�TCP ACK storm
Countermeasures for TCP hijacking include.. Use strong encryption on protocols Use of a long random number or string as the session key. Use patches to ensure smaller windows and random source ports Regenerating the session id after a successful login Users may also wish to log out of websites whenever they are finished using them
�Conclusion
The Internet works only because we implicitly trust one another It is very easy to exploit this trust The same holds true for software It is important to stay on top of the latest cyber security advisories to know how to patch any security holes
