The need for security - PowerPoint PPT Presentation

1 / 29
About This Presentation

The need for security


Hoax is another form of an attack in which a real virus is attached to ... Mail bombing involves sending large volumes of email to the target, as in DoS attack ... – PowerPoint PPT presentation

Number of Views:95
Avg rating:3.0/5.0
Slides: 30
Provided by: Sri672
Tags: hoax | need | security


Transcript and Presenter's Notes

Title: The need for security

The need for security
Need for security
  • Business needs
  • Technology needs
  • Different types of threats
  • Different types of attacks

Business needs
  • Evaluate the organizations dependence on
    information system
  • Protect the organizations ability to function
  • Facilitate the running of necessary applications
  • Protect data storage
  • Safeguard technology assets

Business needs
  • Commitment should be from both the top level
    management as well as the IT management
  • Protecting information is more a management issue
    than a technology issue
  • Develop InfoSec policies that will not hinder
    business functions
  • Develop applications that can be integrated with
    the business functions (e.g., use of IM in
    addition to email)

Business needs
  • Protect data in motion as well as data in rest
  • Protection might involve using encryption for all
    communications. This could lead to the use of
    digital certificates and digital signatures as an
    optional authentication mechanism

Technology needs
  • IT needs physical security for its equipments
  • IT works with many different units of the
    organization with differing needs and so it must
    have input in selecting hardware needs of units
    at a general level in order to provide security
    across the network
  • IT should be the principal agent in providing
    outside connectivity to any unit within the

  • Different types of threats faced by an
    information system are
  • Inadvertent acts
  • Deliberate acts
  • Acts of God
  • Technical failures
  • Management failures

  • Inadvertent acts constitute actions that are
  • E.g., an employee forwards the email to the wrong
    person because names are very similar in the
    distribution list
  • Accidental erasure of a file
  • Misplacement of information stored in a disk or

  • Deliberate acts involve actions by disgruntled
    employees who want to disrupt the workflow
  • Information leak or theft by an employee because
    they do not agree with organizational policy
  • Unauthorized access by internal as well as
    external people to computer systems
  • Acts of espionage for monetary gain
  • Blackmail
  • Vandalism
  • Sabotage

  • Acts of God include natural disasters such as
    tornado, lightning, earthquake, and flood
  • Fire would be considered under this category even
    though it is not an act of God in most cases.
    The types of fires that happen due to electrical
    or other malfunctions would fall under this
    category where as vandalism would not.

Technical Failures
  • Hardware failures
  • Intel Pentium II chip had a known flaw that Intel
    tried to suppress but failed
  • Intel Xeon chip also had bugs
  • Software failures
  • This is the most common kind today
  • Microsoft added to the lexicon the word service
    pack for a while and now it is called patch as it
    has become an almost daily routine as new bugs in
    software are detected based on some form of attack

Management Failures
  • Lack of planning for technology upgrade for
  • Lack of foresight for potential vulnerabilities
    in organizations information system security
  • E.g., Symantec discontinued a version of its
    legacy system anti-virus software with sufficient
    advance notice. Failure to plan to upgrade
    anti-virus software could cause the organization
    great harm

  • An exploit is a technique to compromise a system
  • A vulnerability is an identified weakness of a
    controlled system
  • An attack is a deliberate act that exploits
  • A malicious code is one that intentionally
    destroys or steals information
  • Examples of malicious code are
  • Virus
  • Worm
  • Trojan horse
  • Active web scripts (cookies)
  • Nimda virus of September 2001

  • There are six attack vectors. Nimda virus used
    five of these six vectors for a very rapid spread
    of the virus
  • Attack replication vectors
  • 1. IP scan and attack
  • Infected system scans random or local range of IP
    addresses and launches attacks based on known
    vulnerabilities in applications such as SQL Server

  • 2. Web browsing
  • Any web system with write access privilege
    infects files of type .html, .asp, .cgi, etc and
    in turn infect other systems that access these
  • 3. Virus
  • One infected machine infects certain common
    executable or script files
  • Spreads by user activation without their
  • Exploit known vulnerabilities in file systems by
    accessing all drives to which it has share access
    and copy the viral component

  • 5. Mass mail
  • Send email attachments containing the virus to
    all addresses in the distribution list of the
    infected system
  • Outlook Express has been exploited this way
  • 6. SNMP
  • SNMP buffer overflow vulnerability has been
    exploited by application software errors
  • Hoax is another form of an attack in which a real
    virus is attached to a message that identifies a
    particular virus information as a hoax

  • Back door
  • Exploit a software designer feature to access a
    system remotely
  • Designer intentionally blocks logging of access
    information through the back door
  • Difficult to locate back door access because of
    lack of audit trail
  • Password crack
  • Reverse engineering a password validation
    mechanism to find the password from captured data
  • The Service Account Manager (SAM) file contains a
    hashed value of the password. User tries several
    hashing algorithms by taking known value and
    hashing it to compare with the hashed value in SAM

  • Brute force
  • Commonly applied to guess passwords of accounts
    with more administrative privileges
  • Narrow the field of attack to certain user IDs
    only for maximum impact
  • The SANS/FBI report covers potential
    countermeasures to brute force attack in its list
    of Top 20 most critical Internet vulnerabilities
  • NISTs ICAT provides a short description of each
    vulnerability, a list of the characteristics of
    each vulnerability (e.g. associated attack range
    and damage potential), a list of the vulnerable
    software names and version numbers, and links to
    vulnerability advisory and patch information

  • Common Vulnerabilities and Exposures (CVE) is a
    list managed by Mitre corporation for the benefit
    of the Internet community of all known
    vulnerabilities around the world on all software
    and hardware
  • CAN number is a pre-CVE classification once a
    vulnerability comes to light. CAN is an
    abbreviation for Candidate to indicate that it is
    being investigated as a possible CVE

  • Dictionary attack is a variation of brute force
    attack. This targets accounts with higher
    administrative privileges. Unlike a brute force
    attack, it does not use an exhaustive list but a
    predefined list of words to guess passwords
  • Denial of Service (DoS) attack simply sends out a
    large number of requests for service to the
    target machine to overwhelm its capacity to
    handle other legitimate requests
  • Distributed DoS (DDoS) attack involves using
    remotely located computers to launch a
    simultaneous DoS attack on a target system. The
    machines that participate in the DoS attack are
    called Zombies.
  • DDoS is considered a weapon of mass destruction
    on the Internet

  • A countermeasure for DDoS attack has been
    developed by an industry and academic consortia,
    called the Consensus Roadmap for Defeating
    Distributed Denial of Service Attacks. Partners
    include CERT, SANS, CERIAS at Purdue University,
    and Microsoft
  • Code Red worm was a DDoS attack aimed at the site. Today, Akamai
    corporation filters all traffic going to site.

  • Spoofing technique enables the user to pretend to
    be someone that they are not
  • Spoofing occurs in multiple types
  • Email spoofing
  • Web spoofing
  • IP spoofing
  • In email spoofing, the recipient sees the spoofed
    address but the mail server has the original
  • Easy to accomplish.

  • In web spoofing, the web link is modified from
    what it should be.
  • Example a link for Microsoft could be
  • Easy to accomplish
  • In IP spoofing, the original IP address is
    replaced by a different IP address
  • The spoofer has the malicious intent of fooling
    the firewall with a trusted IP
  • IP spoofing costs corporations billions of
    dollars every year

  • Man-in-the-middle attack involves
  • sniffing packets in transit to identify the
    encryption method
  • remove the original message content and
    substitute new content without senders knowledge
  • Receiver will not know the content change because
    the received packets will have the right checksum
    or CRC value

  • Mail bombing involves sending large volumes of
    email to the target, as in DoS attack
  • Mail bombs take advantage of SMTP flaws
  • Sniffer is a program or device that monitors data
    in transit
  • Sniffer converts sequence of bits into readable
  • Snort is one of many sites that have free sniffer

  • Social engineering involves convincing the target
    to part with confidential information
  • Involves primarily people (unsuspecting)
  • Occurs over phone (most common), in person
    (rare), or via email
  • Overcomes all other preventive methods such as
  • Buffer overflow attack causes great havoc
  • Mostly caused by applications such as SQL Server

  • Buffer overflow attacks continue to be the
    biggest problem
  • Examples
  • SQL injection by web address exceeding 63
  • res//an URL longer than 256 characters in IE 4.0
  • Execute codes such as FooF that crash Pentium
    chips via buffer overflow

  • SANS Top 20 vulnerabilities list
  • Common Vulnerabilities and Exposures (CVE) number
  • NIST glossary of vulnerabilities
  • CAN listing (Candidate for CVE) of 2004 on a
    possible Denial of Service attack

  • DDoS Countermeasure http//
  • Sniffer software http//
  • Social engineering http//
Write a Comment
User Comments (0)