institute of southern punjab, multan - wordpress.com · 2016-04-11 · dumpster diving google,...

Mazhar Hussain

E-mail: mazhar.hussain@isp.edu.pk

Network Security

Lecture#2

Institute of Southern Punjab, Multan

Security Architecture

Lecture 2: Security Architecture

Security Attacks

A Model for Network Security

Phases of Hacking

Hacktivism

2

Security Attacks

3

Security Attacks

Any action that compromises the security of information ofan organization

4

A passive attack attempts to learn or make use of information from the system but does not affect system resources.

An active attack attempts to alter system resources or affect their operation.

5

Continued…

Passive attacks are in the nature of spying on, or monitoring of transmissions.

The goal of the opponent is to obtain information that is being transmitted.

Two types of passive attacks are:

1. The release of message contents

2. Traffic Analysis6

Passive Attack

The release of message contents is easilyunderstood by the Figure in next page.

A telephone conversation, an electronic mailmessage, and a transferred file may containsensitive or confidential information.

We would like to prevent an opponent from learningthe contents of these transmissions.

7

The Release of Message Contents

8

Continued…

A second type of passive attack is traffic analysis.

Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message.

The common technique for masking contents is ???

9

Traffic Analysis

10

Continued…

Passive attacks are very difficult to detect????

11

Continued…

Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:

1. Masquerade

2. Replay

3. Modification of Messages

4. Denial of Service

12

Active Attack

A masquerade takes place when one entity pretends to be a different entity.

13

Masquerade

Replay involves the passive capture of a data unit and later retransmission to produce an unauthorized effect.

14

Replay

Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect.

15

Modification of Messages

The denial of service prevents the normal use or management of communications facilities.

16

Denial Of Services

A Model for Network Security

17

18

A Model for Network Security

Phases of Hacking

19

20

Continued…

Hacking NetworksPhase 1: Reconnaissance

Physical Break-In Dumpster Diving Google, Newsgroups,

Web sites Social Engineering

Phishing: fake email Pharming: fake web

pages

WhoIs Database & arin.net

Domain Name Server Interrogations

Registrant:Microsoft CorporationOne Microsoft WayRedmond, WA 98052US

Domain name: MICROSOFT.COM

Administrative Contact:Administrator, Domain domains@microsoft.comOne Microsoft WayRedmond, WA 98052US+1.4258828080

Technical Contact:Hostmaster, MSN msnhst@microsoft.comOne Microsoft WayRedmond, WA 98052 US+1.4258828080

Registration Service Provider:DBMS VeriSign, dbms-support@verisign.com800-579-2848 x4Please contact DBMS VeriSign for domain updates,

DNS/Nameserverchanges, and general domain support questions.

Registrar of Record: TUCOWS, INC.Record last updated on 27-Aug-2006.Record expires on 03-May-2014.Record created on 02-May-1991.

Domain servers in listed order:NS3.MSFT.NET 213.199.144.151NS1.MSFT.NET 207.68.160.190NS4.MSFT.NET 207.46.66.126NS2.MSFT.NET 65.54.240.126NS5.MSFT.NET 65.55.238.126

21

Hacking NetworksPhase 2: Scanning

War Driving: Can I find a wireless network?

War Dialing: Can I find a modem to connect to?

Network Mapping: What IP addresses exist, and what ports are open on them?

Vulnerability-Scanning Tools: What versions of software are implemented on devices?

22

Passive Attacks

Eavesdropping: Listen to packets from other parties = Sniffing

Traffic Analysis: Learn about network from observing traffic patterns

Footprinting: Test to determine software installed on system = Network Mapping

Bob

JennieCarl

23

Hacking Networks:Phase 3: Gaining Access

Network Attacks:

Sniffing (Eavesdropping)

IP Address Spoofing

Session Hijacking

System Attacks:

Buffer Overflow

Password Cracking

SQL Injection

Web Protocol Abuse

Denial of Service

Trap Door

Virus, Worm, Trojan horse, Login: Ginger Password: Snap

24

Some Active Attacks

Denial of Service: Message did not make it; or service could not run

Masquerading or Spoofing: The actual sender is not the claimed sender

Message Modification: The message was modified in transmission

Packet Replay: A past packet is transmitted again in order to gain access or otherwise cause damage

Denial of ServiceJoe

Ann

Bill Spoofing

Joe (Actually Bill)

Ann

Bill

MessageModificationJoe

Ann

Packet ReplayJoe

Ann

Bill

Bill

25

Man-in-the-Middle Attack

10.1.1.1

10.1.1.2

10.1.1.3

(1) Login

(3) Password

(2) Login

(4) Password

26

SQL Injection Java Original: “SELECT * FROM

users_table WHERE username=” + “‟” + username + “‟” + “ AND password = “ + “‟” + password + “‟”;

Inserted Password: Aa‟ OR „‟=‟ Java Result: “SELECT * FROM users_table

WHERE username=‟anyname‟ AND password = „Aa‟ OR „ „ = „ „;

Inserted Password: foo‟;DELETE FROM users_table WHERE username LIKE „%

Java Result: “SELECT * FROM users_table WHERE username=‟anyname‟ AND password = „foo‟; DELETE FROM users_table WHERE username LIKE „%‟

Inserted entry: „|shell(“cmd /c echo “ & char(124) & “format c:”)|‟

Login:

Password:

Welcome to My System

27

Password Cracking:Dictionary Attack & Brute Force

Pattern Calculation Result Time to Guess

(2.6x1018/month)

Personal Info: interests, relatives 20 Manual 5 minutes

Social Engineering 1 Manual 2 minutes

American Dictionary 80,000 < 1 second

4 chars: lower case alpha 264 5x105

8 chars: lower case alpha 268 2x1011

8 chars: alpha 528 5x1013

8 chars: alphanumeric 628 2x1014 3.4 min.

8 chars alphanumeric +10 728 7x1014 12 min.

8 chars: all keyboard 958 7x1015 2 hours

12 chars: alphanumeric 6212 3x1021 96 years

12 chars: alphanumeric + 10 7212 2x1022 500 years

12 chars: all keyboard 9512 5x1023

16 chars: alphanumeric 6216 5x102828

Hacking Networks:Phase 4: Exploit/Maintain Access

Backdoor

Trojan Horse

Spyware/AdwareBots

User-Level Rootkit

Kernel-Level Rootkit

Replaces systemexecutables: e.g. Login, ls, du

Replaces OS kernel:e.g. process or filecontrol to hide

Control system:system commands,log keystrokes, pswd

Useful utility actuallycreates a backdoor.

Slave forwards/performscommands; spreads,list email addrs, DOSattacks

Spyware: Collect info:keystroke logger,collect credit card #s,AdWare: insert ads,filter search results

29

Botnets

Attacker

Handler

Bots: Host illegal movies,music, pornography, criminal web sites, …Forward Spam for financial gain

ChinaHungary

Botnets: Bots

Zombies

30

Distributed Denial of ServiceZombies

VictimAttacker

Handler

Can barrage a victimserver with requests,causing the networkto fail to respond to anyone

RussiaBulgaria United

States

Zombies

31

Hacktivism

32

Hacktivism refers to hacking for a cause!

– Political Agenda

33

Hacktivism

END OF LECTURE 2

34