security & threats presentation => (presenter: komal mehfooz)
TRANSCRIPT
GROUP MEMBERSNames:
Komal Mehfooz
Rafia Khalid
Hazeema Mateen
Iqra Sohail
The state of being free from danger or threat.
The system is designed to provide maximum security against toxic spills.
Or another definition is:
In the context of computer science, security is the prevention of, or
protection against, access to information by unauthorized recipients, and. intentional but unauthorized destruction or alteration of that
information.
Security violations (or misuse) of the system can be
categorized as intentional (malicious) or accidental.
It is easier to protect against accidental misuse than
against malicious misuse. For the most part, protection
mechanisms are the core of protection from accidents.
Note: In discussion of security , we use the terms intruder
and cracker for those attempting to breach security.
A threat is the potential for a security violation, such as
the discovery of a vulnerability, whereas an attack is the
attempt to break security.
This type of violation involves unauthorized reading of data (or
theft of information). Typically, a breach of confidentiality is the
goal of an intruder. Capturing secret data from a system or a
data stream, such as credit-card information or identity
information for identity theft, can result directly in money for the
intruder.
Breach of
confidentiality:
Breach of integrity:
This violation involves unauthorized modification of data. Such attacks can, for
example, result in passing of liability to an innocent party or modification of the source
code of an important commercial application.
Breach of availability:
This violation involves unauthorized destruction of data. Some crackers would rather
wreak havoc and gain status or bragging rights than gain financially. Web-site
defacement is a common example of this type of security breach.
Theft of service:
This violation involves unauthorized use of resources.
For example, an intruder (or intrusion program) may install a daemon on
a system that acts as a file server.
Denial of service: (DOS)
This violation involves preventing legitimate use of the system. Denial-of-
service, or DOS , attacks are sometimes accidental. The original Internet worm
turned into a DOS attack when a bug failed to delay its rapid spread.
Attackers use several standard methods in their attempts to breach security.
The most common is masquerading, in which one participant in a
communication pretends to be someone else (another host or another
person).
By masquerading, attackers breach authentication, the correctness of
identification; they can then gain access that they would not normally be
allowed or escalate their privileges—obtain privileges to which they would not
normally be entitled. Another common attack is to replay a captured
exchange of data.
A replay attack consists of the malicious or fraudulent repeat of a valid data
transmission. Sometimes the replay comprises the entire attack—for example,
in a repeat of a request to transfer money. But frequently it is done along
with message modification, again to escalate privileges.
Physical:
The site or sites containing the computer systems must be physically
secured against armed or surreptitious entry by intruders. Both the machine rooms
and the terminals or workstations that have access to the machines must be
secured.
Human:
Authorization must be done carefully to assure that only appropriate
users have access to the system. Even authorized users, however, may be
“encouraged” to let others use their access (in exchange for a bribe, for example).
They may also be tricked into allowing access via social engineering. One type of social- engineering attack is phishing.
To protect a system, we must take security measures at
four levels:
Operating system:
The system must protect itself from
accidental or purposeful security breaches. A runaway process
could constitute an accidental denial-of-service attack. A query
to a service could reveal passwords. A stack overflow could
allow the launching of an unauthorized process. The list of
possible breaches is almost endless.
Network:
Much computer data in modern systems travels
over private Leased lines, shared lines like the Internet , wireless
connections , or dial-up lines. Intercepting these data could be
just as harmful as breaking into a Computer ; and interruption of
communications could constitute a remote denial-of service
attack, diminishing users use of and trust in the system.
In computer security a threat is a possible danger
that might exploit a vulnerability to breach security
and thus cause possible harm.
A threat can be either "intentional" (i.e., intelligent;
e.g., an individual cracker or a criminal organization)
or "accidental" (e.g., the possibility of a computer
malfunctioning, or the possibility of a natural disaster
such as an earthquake, a fire, or a tornado) or
otherwise a circumstance, capability, action, or
event.
What is Malware ?
Malware is a malicious software. This software include the program
that exploit the vulnerabilities in computing system. The purpose of
malicious software is harm you or steal the information from you.
Types of Threats:
In computing, a Trojan horse is a program
which purports to do some benign task, but
secretly performs some additional malicious
task. A classic example is a password-
grabbing login program which prints
authentic-looking "username“ and
"password" prompts, and waits for a
user to type in the information.
When this happens, the password grabber
stashes the information away for its creator,
then prints out an "invalid password" message before running the real login
program. The unsuspecting user thinks they
made a typing mistake and reenters the
information, none the wiser.
TROJAN HORSE
Spyware is software which collects information
from a computer and transmits it to someone
else. The exact information spyware gathers may
vary, but can include anything which potentially has value:
1. Usernames and passwords. These might be harvested from files on the machine, or by recording what the user types using a key logger. A key logger differs from a Trojan horse in that a key logger passively captures key strokes only; no active deception is involved.
2. Email addresses, which would have value to a spammer.
3. Bank account and credit card numbers.
4. Software license keys, to facilitate software pirating.
Different Ways:
The oldest type of malicious software. This program is
embedded with some other program. When certain
condition meets, the logic bomb will destroy your pc.
It also crash at particular date which is
fixed by attacker. It will be included in
legitimate or authorized person like this:legitimate codeif date is Friday the 13th: crash_computer legitimate code
E.g.:
if some antivirus trying to delete or
clean the logic bomb. The logic bomb will
destroy the pc.
One special kind of
back door is a RAT, which stands for Remote AdministrationTool or Remote Access Trojan, depending on who's
asked. These
programs allow a
computer to be
monitored and
controlled remotely;e l s e:
return DENY^LOGIN
if username and password are valid:
return ALLOW_LOGIN
username = read_username()
password = read_password()
if tisername i s "133t h4ck0r": return ALLOW^LOGIN
A virus is malware that, when executed, tries to replicate itself into
other executable code; when it succeeds, the code is said to be
infected. The infected code, when run, can infect new code in turn.
This self-replication into existing executable code is the key defining
characteristic of a virus.
Types of Viruses:
1. Parasitic virus:
Traditional and common virus. This will be attached with EXE files
and search for other EXE file to infect them.
2. Memory Resident Virus:
Present in your system memory as a system program. From here
onwards it will infects all program that executes.
3. Boot Sector Virus:
Infects the boot record and spread when the system is booted
from
the disk containing the virus.
4. Stealth Virus:
This virus hides itself from detection of antivirus scanning.
A worm shares several characteristics
with a Virus.
The most important characteristic is
that worms are self-replicating too,
but self-replication of a worm is
distinct in two ways. First, worms
are standalone, and do not rely on
other executable code. Second,
worms spread from machine to
machine across networks.
The stack- or buffer-overflow attack is the most common way for
an attacker outside the system, on a network or dial-up
connection, to gain unauthorized access to the target system. An authorized user of the system may also use this exploit for privilege
escalation.
Essentially, the attack exploits a bug in a program. The
bug can be a simple case of poor programming , in
which the programmer neglected to code bounds
checking on an input field. In this case, the attacker sends
more data than the program was expecting. By using trial and
error, or by examining the source code of the attacked program if it is available, the attacker determines the vulnerability and
writes a program to do the following:
Three Steps:
1. Overflow an input field, command-line
argument, or input buffer—for example, on a
network daemon—until it writes into the stack.
2. Overwrite the current return address on the
stack with the address of the exploit code
loaded in step 3.
3. Write a simple set of code for the next
space in the stack that includes the
commands that the attacker wishes to
execute—for instance, spawn a shell.
Note: that a
careful
programmer
could have
performed
bounds checking
on the sizeof
argv[1] by using
the strncpy()
function rather
than strcpy(),
replacing the line
“ strcpy(buffer,
argv[1]); ” with “
strncpy(buffer,
argv[1],
sizeof(buffer)-1);
”. Unfortunately,
good bounds
checking is
the exception
rather than the
norm.
#include < stdio.h >
#define BUFFER SIZE 256
int main(int argc, char *argv[])
{
char buffer[BUFFER SIZE];
if (argc < 2) return -1;
else {
strcpy(buffer,argv[1]);
return 0;
} }
Example: C program with buffer-overflow condition.
Code Segment:
A cracker could execute a buffer-overflow attack. Her goal is to replace
the return address in the stack frame so that it now points to the code
segment containing the attacking program.
The programmer first writes a short code segment such as the following:
#include <stdio.h>
int main(int argc, char *argv[])
{
execvp(‘‘ \ bin \ sh’’,‘‘ \ bin \ sh’’, NULL);
return 0;
}
Using the execvp() system call, this code segment creates a shell process.
THANK YOU