Attack Strategies - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

Attack Strategies

Description:

Smurf attack. 7. DDoS (Distributed DoS) 8. Conducting DDoS Attacks ... Smurf. Non-OS specific attack that uses the network to amplify its effect on the victim ... – PowerPoint PPT presentation

Number of Views:74
Avg rating:3.0/5.0
Slides: 33
Provided by: anned168
Category:

less

Transcript and Presenter's Notes

Title: Attack Strategies


1
Attack Strategies
  • Widyawan

2
Learning Objectives
  • Explain different kinds of attack strategies
  • Explain denial-of-service (DoS) attacks
  • Explain common attack
  • Discuss TCP/IP and Security Concern
  • Detail three types of social-engineering attacks
    and explain why they can be incredibly damaging

continued
3
Attack Strategies
  • Attack occur when an individual or a group of
    individuals attempts to access, modify or damage
    your systems and environment
  • Generally try to accomplish one or more of the
    three goals
  • Access attack, someone who wants access to your
    network
  • Modification and repudiation attack, someone who
    want modify information
  • Denial of Service Attack, disrupting network and
    services

4
Access Attack
  • Access attack are an attempt to gain access to
    information that the attacker dont have
    authorization to have
  • Physical access method dumpster diving
  • Access attack in network
  • Eavesdropping
  • Snooping
  • Interception

5
Modification and Repudiation Attack
  • Modification attack change or modify information
    in an unauthorized manner. Done after access
    attack
  • Example Web Deface
  • Repudiation Attack make data or information that
    is used invalid or misleading
  • Someone accessing your email server and sending
    fake information to others
  • Customer who claims that they never received a
    service that they were billed

6
Denial-of-Service (DoS) Attacks
  • Any malicious act that causes a system to be
    unusable by its real user(s)
  • Prevent access to the resources by unauthorized
    used of the resources
  • Major types
  • SYN flood
  • Smurf attack

7
DDoS (Distributed DoS)
8
Conducting DDoS Attacks
9
Common Attacks
  • Back Door Attack
  • Spoofing Attack
  • Man In the Middle Attack
  • Replay Attack
  • Password Guessing Attack

10
Spoofing IP Address
  • Used to exploit trust relationships between two
    hosts
  • Involves creating an IP address with a forged
    source address

11
(No Transcript)
12
To Thwart Spoofing Attacks
  • IP spoofing
  • Disable source routing on all internal routers
  • Filter out packets entering local network from
    the Internet that have a source address of the
    local network

continued
13
Man in the Middle
  • Class of attacks in which the attacker places
    himself between two communicating hosts and
    listens in on their session
  • To protect against
  • Configure routers to ignore ICMP redirect packets

14
Man-in-the-Middle Attacks
15
Man-in-the-Middle Applications
  • TCP session hijacking
  • Information theft
  • Other attacks (denial-of-service attacks,
    corruption of transmitted data, traffic analysis
    to gain information about victims network)

16
Replay Attacks
  • Attempts to circumvent authentication mechanisms
    by
  • Recording authentication messages from a
    legitimate user
  • Reissuing those messages in order to impersonate
    the user and gain access to systems

17
Replay Attack
18
TCP/IP and Security
19
TCP Three-Way Handshake
20
TCP/IP Attack
  • TCP SYN
  • Attacker keep sent ACK Packet without respond
    packet accepting connection

21
  • Network Sniffers
  • Port Scan
  • TCP/IP Hijacking

22
ICMP Attack
  • Smurf
  • Non-OS specific attack that uses the network to
    amplify its effect on the victim
  • Floods a host with ICMP
  • Saturates Internet connection with bogus traffic
    and delays/prevents legitimate traffic from
    reaching its destination

23
(No Transcript)
24
IP Fragmentation Attacks
  • Uses IP packet fragmentation techniques to crash
    remote systems

25
Social Engineering
  • Class of attacks that uses trickery on people
    instead of computers
  • Goals
  • Fraud
  • Network intrusion
  • Industrial espionage
  • Identity theft
  • Desire to disrupt the system or network

26
Dumpster Diving
27
Social Engineering Countermeasures
  • Take proper care of trash and discarded items
  • Ensure that all system users have periodic
    training about network security

28
Attacks Against Encrypted Data
  • Weak keys
  • Mathematical attacks
  • Birthday attack
  • Password guessing
  • Brute force
  • Dictionary

29
Password Guessing
  • Tricks authentication mechanisms by determining a
    users password using techniques such as brute
    force or dictionary attacks

30
Brute Force
  • Method of breaking passwords that involves
    computation of every possible combination of
    characters for a password of a given character
    length

31
Dictionary
  • Method of breaking passwords by using a
    predetermined list of words as input to the
    password hash
  • Only works against poorly chosen passwords

32
Software Exploitation
  • Utilizes software vulnerabilities to gain access
    and compromise systems
  • Example
  • Buffer overflow attach
  • To stop software exploits
  • Stay appraised of latest security patches
    provided by software vendors
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Attack Strategies" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!