Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Hackers.

Published bySamuel Mervin McGee Modified over 6 years ago

Similar presentations

Presentation on theme: "Computer Security Hackers."— Presentation transcript:

1 Computer Security Hackers

2 Topics Crisis Computer Crimes Hacker Attacks
Modes of Computer Security Password Security Network Security Web Security Distributed Systems Security Database Security Prevention: locks at doors, window bars, walls round the property Detection: stolen items are missing, burglar alarms, closed circuit TV Reaction: call the police, replace stolen items, make an insurance claim … Prevention: encrypt your orders, rely on the merchant to perform checks on the caller, don’t use the Internet (?) … Detection: an unauthorized transaction appears on your credit card statement Reaction: complain, ask for a new card number, etc.

3 Crisis Internet has grown very fast and security has lagged behind.
Legions of hackers have emerged as impedance to entering the hackers club is low. It is hard to trace the perpetrator of cyber attacks since the real identities are camouflaged It is very hard to track down people because of the ubiquity of the network. Large scale failures of internet can have a catastrophic impact on the economy which relies heavily on electronic transactions

4 Computer Crime – The Beginning
In 1988 a "worm program" written by a college student shut down about 10 percent of computers connected to the Internet. This was the beginning of the era of cyber attacks. Today we have about 10,000 incidents of cyber attacks which are reported and the number grows. Some stories about hackings

5 Computer Crime A 16-year-old music student called Richard Pryce, better known by the hacker alias Datastream Cowboy, is arrested and charged with breaking into hundreds of computers including those at the Griffiths Air Force base, Nasa and the Korean Atomic Research Institute. His online mentor, "Kuji", is never found. Also this year, a group directed by Russian hackers broke into the computers of Citibank and transferred more than $10 million from customers' accounts. Eventually, Citibank recovered all but $400,000 of the pilfered money. Some stories about hackings

6 Computer Crime In February, Kevin Mitnick is arrested for a second time. He is charged with stealing 20,000 credit card numbers. He eventually spends four years in jail and on his release his parole conditions demand that he avoid contact with computers and mobile phones. On November 15, Christopher Pile becomes the first person to be jailed for writing and distributing a computer virus. Mr Pile, who called himself the Black Baron, was sentenced to 18 months in jail. The US General Accounting Office reveals that US Defense Department computers sustained 250,000 attacks in 1995.

7 Computer Crime In March, the Melissa virus goes on the rampage and wreaks havoc with computers worldwide. After a short investigation, the FBI tracks down and arrests the writer of the virus, a 29-year-old New Jersey computer programmer, David L Smith. More than 90 percent of large corporations and government agencies were the victims of computer security breaches in 1999 The Computer Security Institute's fifth Computer Crime and Security Survey also found that the total reported financial losses have tripled. The annual survey is conducted with the participation of the San Francisco FBI Computer Intrusion Squad and aims to increase awareness of security. This year's survey was based on responses from 643 computer-security professionals in U.S. corporations, government agencies, financial institutions, medical institutions and universities. Only 42 percent of those answering the survey could put a dollar figure on their financial losses - reporting the total at $265 million. The average annual total over the last three years was $120 million.

8 Computer Crime In February, some of the most popular websites in the world such as Amazon and Yahoo are almost overwhelmed by being flooded with bogus requests for data. In May, the ILOVEYOU virus is unleashed and clogs computers worldwide. Over the coming months, variants of the virus are released that manage to catch out companies that didn't do enough to protect themselves. In October, Microsoft admits that its corporate network has been hacked and source code for future Windows products has been seen.

9 Why Security? Some of the sites which have been compromised
U.S. Department of Commerce NASA CIA Greenpeace Motorola UNICEF Church of Christ … Some sites which have been rendered ineffective Yahoo Microsoft Amazon … Get some stories about hackings

10 Why do Hackers Attack? Because they can Financial Gain Espionage
A large fraction of hacker attacks have been pranks Financial Gain Espionage Venting anger at a company or organization Terrorism

11 Types of Hacker Attack Active Attacks Passive Attacks
Denial of Service Breaking into a site Intelligence Gathering Resource Usage Deception Passive Attacks Sniffing Passwords Network Traffic Sensitive Information Information Gathering An active attack involves a deliberate action on the part of the attacker to gain information that he is after. Like trying to telnet to port 25 on a company server to break into the mail server. This is like a burglar trying to pick a lock. This is fairly easy to detect. Passive attacks are mainly information gathering attacks and precede the active attacks.

12 Modes of Hacker Attack Over the Internet Over LAN Locally Offline
Theft Deception Get some stories about hackings

13 Spoofing Definition: Types of Spoofing:
An attacker alters his identity so that some one thinks he is some one else , User ID, IP Address, … Attacker exploits trust relation between user and networked machines to gain access to machines Types of Spoofing: IP Spoofing: Spoofing Web Spoofing 1. Normally users log on to one machine and have access to a number of computers.

14 IP Spoofing – Flying-Blind Attack
Definition: Attacker uses IP address of another computer to acquire information or gain access Replies sent back to Spoofed Address John 1. Normally users log on to one machine and have access to a number of computers. From Address: To Address: Attacker changes his own IP address to spoofed address Attacker can send messages to a machine masquerading as spoofed machine Attacker can not receive messages from that machine Attacker

15 IP Spoofing – Source Routing
Definition: Attacker spoofs the address of another machine and inserts itself between the attacked machine and the spoofed machine to intercept replies Attacker intercepts packets as they go to From Address: To Address: Replies sent back to Spoofed Address 1. Normally users log on to one machine and have access to a number of computers. Attacker John The path a packet may change can vary over time To ensure that he stays in the loop the attacker uses source routing to ensure that the packet passes through certain nodes on the network

16 Email Spoofing Definition: Types of Email Spoofing:
Attacker sends messages masquerading as some one else What can be the repercussions? Types of Spoofing: Create an account with similar address A message from this account can perplex the students Modify a mail client Attacker can put in any return address he wants to in the mail he sends Telnet to port 25 Most mail servers use port 25 for SMTP. Attacker logs on to this port and composes a message for the user. Repercussions:

17 Web Spoofing Basic Man-in-the-Middle Attack URL Rewriting
Attacker registers a web address matching an entity e.g. votebush.com, geproducts.com, gesucks.com Man-in-the-Middle Attack Attacker acts as a proxy between the web server and the client Attacker has to compromise the router or a node through which the relevant traffic flows URL Rewriting Attacker redirects web traffic to another site that is controlled by the attacker Attacker writes his own web site address before the legitimate link Tracking State When a user logs on to a site a persistent authentication is maintained This authentication can be stolen for masquerading as the user Potential Damages: 1. Change orders placed by the client (Instead of 500 widgets he can make the order 50,000 widgets) 2. Change meeting venues to send people on wild goose chases

18 Web Spoofing – Tracking State
Web Site maintains authentication so that the user does not have to authenticate repeatedly Three types of tracking methods are used: Cookies: Line of text with ID on the users cookie file Attacker can read the ID from users cookie file URL Session Tracking: An id is appended to all the links in the website web pages. Attacker can guess or read this id and masquerade as user Hidden Form Elements ID is hidden in form elements which are not visible to user Hacker can modify these to masquerade as another user Potential Damages: 1. Change orders placed by the client (Instead of 500 widgets he can make the order 50,000 widgets) 2. Change meeting venues to send people on wild goose chases

19 Session Hijacking Definition: Modus Operandi:
Process of taking over an existing active session Modus Operandi: User makes a connection to the server by authenticating using his user ID and password. After the users authenticate, they have access to the server as long as the session lasts. Hacker takes the user offline by denial of service Hacker gains access to the user by impersonating the user Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have

20 Session Hijacking Attacker can monitor the session
Bob telnets to Server Bob authenticates to Server Server Bob Die! Hi! I am Bob Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have Attacker Attacker can monitor the session periodically inject commands into session launch passive and active attacks from the session

21 Session Hijacking – How Does it Work?
Attackers exploit sequence numbers to hijack sessions Sequence numbers are 32-bit counters used to: tell receiving machines the correct order of packets Tell sender which packets are received and which are lost Receiver and Sender have their own sequence numbers When two parties communicate the following are needed: IP addresses Port Numbers Sequence Number IP addresses and port numbers are easily available so once the attacker gets the server to accept his guesses sequence number he can hijack the session. Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have

22 Denial of Service (DOS) Attack
Definition: Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. Types: Crashing the system or network Send the victim data or packets which will cause system to crash or reboot. Exhausting the resources by flooding the system or network with information Since all resources are exhausted others are denied access to the resources Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have

23 Denial of Service (DOS) Attack
Types: Ping of Death SSPing Land Smurf SYN Flood CPU Hog Win Nuke RPC Locator Jolt2 Bubonic Microsoft Incomplete TCP/IP Packet Vulnerability HP Openview Node Manager SNMP DOS Vulneability Netscreen Firewall DOS Vulnerability Checkpoint Firewall DOS Vulnerability Session Hijacking allows hackers to bypass the authentication process of the computer and gain access to the machine. After users authenticate and log on to a machine the authentication is valid for as long as the session lasts. After the users authenticate they have

24 Buffer Overflow Attacks
This attack takes advantage of the way in which information is stored by computer programs An attacker tries to store more information on the stack than the size of the buffer How does it work? Buffer 2 Local Variable 2 Buffer 1 Local Variable 1 Return Pointer Function Call Arguments Fill Direction Bottom of Memory Top of Normal Stack Buffer 2 Local Variable 2 Machine Code: execve(/bin/sh) New Pointer to Exec Code Function Call Arguments Fill Direction Bottom of Memory Top of Smashed Stack Return Pointer Overwritten Buffer 1 Space Overwritten Page 245 (Chapter 7 – Hackers Beware by Eric Cole) When a program calls a subroutine, the function variables and the subroutine return address pointers are stored in a logical data structure known as a stack. A stack is a portion of memory that stores information the current program needs. A return pointer contains the address of the point in the program to return to after the subroutine has completed execution. The variable space is filled LIFO I.e. higher address to lower address. When variable space is exceeded the data goes to neighboring variable space. To cause code to be executed an attacker takes advantage of this by precisely tuning the amount and content of data necessary to cause the buffer to over flow and the operating system stack to crash. The data that the attacker sends usually consists of machine specific byte code to execute a command, plus a new address of the return pointer. This address points back into the address space of the stack, causing the program to run the attacker’s instructions when it attempts to return from the subroutine. The attackers code will run at whatever privileges the host code is running. So normally hackers try to use programs which run with root privileges.

25 Buffer Overflow Attacks
Programs which do not do not have a rigorous memory check in the code are vulnerable to this attack Simple weaknesses can be exploited If memory allocated for name is 50 characters, someone can break the system by sending a fictitious name of more than 50 characters Can be used for espionage, denial of service or compromising the integrity of the data Examples NetMeeting Buffer Overflow Outlook Buffer Overflow AOL Instant Messenger Buffer Overflow SQL Server 2000 Extended Stored Procedure Buffer Overflow

26 Password Attacks A hacker can exploit a weak passwords & uncontrolled network modems easily Steps Hacker gets the phone number of a company Hacker runs war dialer program If original number is he runs all numbers in the xx range When modem answers he records the phone number of modem Hacker now needs a user id and password to enter company network Companies often have default accounts e.g. temp, anonymous with no password Often the root account uses company name as the password For strong passwords password cracking techniques exist Get some stories about hackings

27 Password Security Password hashed and stored
Client Server Hash Function Hashed Password Compare Password Hashed Password Password Salt Stored Password Allow/Deny Access Get some stories about hackings Password hashed and stored Salt added to randomize password & stored on system Password attacks launched to crack encrypted password

28 Password Attacks - Process
Find a valid user ID Create a list of possible passwords Rank the passwords from high probability to low Type in each password If the system allows you in – success ! If not, try again, being careful not to exceed password lockout (the number of times you can guess a wrong password before the system shuts down and won’t let you try any more) Get some stories about hackings

29 Password Attacks - Types
Dictionary Attack Hacker tries all words in dictionary to crack password 70% of the people use dictionary words as passwords Brute Force Attack Try all permutations of the letters & symbols in the alphabet Hybrid Attack Words from dictionary and their variations used in attack Social Engineering People write passwords in different places People disclose passwords naively to others Shoulder Surfing Hackers slyly watch over peoples shoulders to steal passwords Dumpster Diving People dump their trash papers in garbage which may contain information to crack passwords Get some stories about hackings

30 Conclusions Computer Security is a continuous battle Very high stakes
As computer security gets tighter hackers are getting smarter Very high stakes Get some stories about hackings

Download ppt "Computer Security Hackers."

Similar presentations

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Computer Security MIS 604 – IT Solutions to Business Problems Spring 2002 Hackers.

Computer Security MIS 604 – IT Solutions to Business Problems Spring 2002 Hackers.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Threats and Attacks Principles of Information Security, 2nd Edition

Threats and Attacks Principles of Information Security, 2nd Edition
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.

Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
An Introduction to Information Assurance COEN 150 Spring 2007.

An Introduction to Information Assurance COEN 150 Spring 2007.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
ISEC0511 Programming for Information System Security

ISEC0511 Programming for Information System Security

Similar presentations

Ads by Google