lecture 14. lecture’s outline privacy the sender and the receiver expect confidentiality. the...
TRANSCRIPT
![Page 1: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/1.jpg)
Network Security
Lecture 14
![Page 2: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/2.jpg)
A brief history of the world
![Page 3: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/3.jpg)
Security Attacks
a.Malware---attacks on integrity and privacy
Viruses, Trojan Horses, Spyware and Key-loggers
b.Spoofing attacks---attacks on authenticity
URL, DNS, IP, MAC, Email/ Caller ID spoofing
c.Network-based attacks---attacks on availability
DoS attack, worms
d.Social engineering attacks
Phishing, greetings card, lottery win, etc.
Lecture’s outline
![Page 4: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/4.jpg)
Security Attacks
![Page 5: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/5.jpg)
• PrivacyThe sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended receiver and should be unintelligible to all others.
• AuthenticationThe receiver is sure of the sender’s identity and that an imposter has not sent the message.
Security Attacks
![Page 6: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/6.jpg)
• IntegrityThe data must arrive at the receiver exactly as it was sent by the original sender. There must be no changes in transmission, either accidental or malicious.
• Non-repudiation:A receiver must be able to prove that a received message came from a specified sender. The sender must not be able to deny sending a message that it has, in fact, sent.
Security Attacks
![Page 7: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/7.jpg)
Motivation for security attacks
Source: “Computer Networks” by Andrew Tanenbaum
![Page 8: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/8.jpg)
Malware aThe software that is written for malicious purposes
VirusesWormsTrojan HorsesSpywareKeyloggers
![Page 9: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/9.jpg)
Reproduced with permission. Please visit www.SecurityCartoon.com for more material
![Page 10: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/10.jpg)
Viruses
• A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels.
![Page 11: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/11.jpg)
Designing A Virus
• Locate the first executable instruction in the target program
• Replace the instruction with an instruction to jump to the memory location next to the last instruction of the target system
• Insert the virus code for execution at the end• Insert an instruction after virus code that simulates
the first instruction • Then jump to the second instruction of original code
![Page 12: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/12.jpg)
Brain Virus (Pakistani Flu) 1986
Credit: http://en.wikipedia.org/wiki/Brain_(computer_virus)
The first computer virus
![Page 13: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/13.jpg)
Virus vs. Worm
![Page 14: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/14.jpg)
Credit: Yashar Ganjali; www.caida.org
Propagation effect of worms
Before slammer
worm
After slammer
worm
![Page 15: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/15.jpg)
Key-loggers and Spyware
![Page 16: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/16.jpg)
Spoofing Attacksbwhere the attacker impersonates some one elseEmail spoofingURL spoofingDNS spoofingIP spoofingMAC spoofing
![Page 17: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/17.jpg)
Email Spoofing (phishing)
b.1
![Page 18: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/18.jpg)
![Page 19: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/19.jpg)
![Page 20: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/20.jpg)
![Page 21: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/21.jpg)
URL Spoofing (phishing)
b.2
![Page 22: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/22.jpg)
Genuine URL; Site: niit.edu.pk;
directory: src; file: login.php
https://webmail.niit.edu.pk/src/login.php
1
![Page 23: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/23.jpg)
https://webmail.niit.org.pk/src/login.php
HACKED
Victim.ID
**************HACKEDHACKED
The second-level domain is .org and not
.edu; faked website
https://webmail.niit.org.pk/src/login.php
2
![Page 24: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/24.jpg)
https://webmail.niit.edu.tk/src/login.php
3The first-level domain
is .tk and not .pk; faked website
https://webmail.niit.edu.tk/src/login.php
HACKED
Victim.ID
**************HACKEDHACKED
![Page 25: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/25.jpg)
https://202.125.111.57/src/login.php
The IP address does not correspond to
webmail.niit.edu.pk; faked website
https://202.128.111.87/src/login.php
4 HACKED
Victim.ID
**************HACKEDHACKED
![Page 26: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/26.jpg)
DNS Spoofing
b.3
IP Spoofingb.4
MAC Spoofingb.5
![Page 28: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/28.jpg)
WWW
Reply
The IP address of www. niit.edu.pk is 110.125.157.198
DNS spoofingWWW
DNS
The IP address of www.niit.edu.pk is 110.125.157.198 Fake NIIT site
![Page 29: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/29.jpg)
Private network
192.168.1.0/24
MAC/ IP spoofing
.254
00:aa:bb:cc:dd:ee:ff
.1
.25400:aa:bb:cc:dd:ee:ff
Malicious node
A malicious node can pretend to be another
node
![Page 30: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/30.jpg)
Network-based attackscwhere the attacker pretends to be something he/she/it is not
WormsDenial of Service attacks
![Page 31: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/31.jpg)
Denial of Service attacks
![Page 32: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/32.jpg)
Social EngineeringdTargets the weakest component of a security system---the users
![Page 33: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/33.jpg)
Non-technical hacking
![Page 34: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/34.jpg)
Greeting card phishing
![Page 35: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/35.jpg)
Lottery winning phishing
![Page 36: Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended](https://reader036.vdocuments.us/reader036/viewer/2022062801/56649e175503460f94b0274c/html5/thumbnails/36.jpg)
??? Questions/
Confusions?