Network Security
Lecture 14
A brief history of the world
Security Attacks
a.Malware---attacks on integrity and privacy
Viruses, Trojan Horses, Spyware and Key-loggers
b.Spoofing attacks---attacks on authenticity
URL, DNS, IP, MAC, Email/ Caller ID spoofing
c.Network-based attacks---attacks on availability
DoS attack, worms
d.Social engineering attacks
Phishing, greetings card, lottery win, etc.
Lecture’s outline
Security Attacks
• PrivacyThe sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended receiver and should be unintelligible to all others.
• AuthenticationThe receiver is sure of the sender’s identity and that an imposter has not sent the message.
Security Attacks
• IntegrityThe data must arrive at the receiver exactly as it was sent by the original sender. There must be no changes in transmission, either accidental or malicious.
• Non-repudiation:A receiver must be able to prove that a received message came from a specified sender. The sender must not be able to deny sending a message that it has, in fact, sent.
Security Attacks
Motivation for security attacks
Source: “Computer Networks” by Andrew Tanenbaum
Malware aThe software that is written for malicious purposes
VirusesWormsTrojan HorsesSpywareKeyloggers
Reproduced with permission. Please visit www.SecurityCartoon.com for more material
Viruses
• A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels.
Designing A Virus
• Locate the first executable instruction in the target program
• Replace the instruction with an instruction to jump to the memory location next to the last instruction of the target system
• Insert the virus code for execution at the end• Insert an instruction after virus code that simulates
the first instruction • Then jump to the second instruction of original code
Brain Virus (Pakistani Flu) 1986
Credit: http://en.wikipedia.org/wiki/Brain_(computer_virus)
The first computer virus
Virus vs. Worm
Credit: Yashar Ganjali; www.caida.org
Propagation effect of worms
Before slammer
worm
After slammer
worm
Key-loggers and Spyware
Spoofing Attacksbwhere the attacker impersonates some one elseEmail spoofingURL spoofingDNS spoofingIP spoofingMAC spoofing
Email Spoofing (phishing)
b.1
URL Spoofing (phishing)
b.2
Genuine URL; Site: niit.edu.pk;
directory: src; file: login.php
https://webmail.niit.edu.pk/src/login.php
1
https://webmail.niit.org.pk/src/login.php
HACKED
Victim.ID
**************HACKEDHACKED
The second-level domain is .org and not
.edu; faked website
https://webmail.niit.org.pk/src/login.php
2
https://webmail.niit.edu.tk/src/login.php
3The first-level domain
is .tk and not .pk; faked website
https://webmail.niit.edu.tk/src/login.php
HACKED
Victim.ID
**************HACKEDHACKED
https://202.125.111.57/src/login.php
The IP address does not correspond to
webmail.niit.edu.pk; faked website
https://202.128.111.87/src/login.php
4 HACKED
Victim.ID
**************HACKEDHACKED
DNS Spoofing
b.3
IP Spoofingb.4
MAC Spoofingb.5
WWW
Reply
The IP address of www. niit.edu.pk is 110.125.157.198
DNS spoofingWWW
DNS
The IP address of www.niit.edu.pk is 110.125.157.198 Fake NIIT site
Private network
192.168.1.0/24
MAC/ IP spoofing
.254
00:aa:bb:cc:dd:ee:ff
.1
.25400:aa:bb:cc:dd:ee:ff
Malicious node
A malicious node can pretend to be another
node
Network-based attackscwhere the attacker pretends to be something he/she/it is not
WormsDenial of Service attacks
Denial of Service attacks
Social EngineeringdTargets the weakest component of a security system---the users
Non-technical hacking
Greeting card phishing
Lottery winning phishing
??? Questions/
Confusions?