Types of network exploitation

Denial of service(DOS)
• Distributed System and remote access
• Target
o Network bandwidth (for network) or memory storage and processor
capacity (for computer)
• CAPTCHA
o Use as protection against DOS
▪ Bots or automated system cannot read distorted image thus
can differentiate human or bot
Viruses, worms and trojan
• Most common form of electronic attack
Intrusion and XSS

Authentication
• 3 Bases of Authentication
o Something you have
▪ An access card
o Something you know
▪ Password
o Something you are
▪ Fingerprint
• False Acceptance Rate (FAR)
o Proportion of authentication or detection attempts resulting in false
acceptances
• False Rejection Rate (FRR)
o Proportion of authentication or detection attempts resulting in false
rejection
Password
• Common attack
 o Dictionary attack
▪ Uses a “dictionary” of all known or common words
o Brute force attack
▪ Try all possible combination of password
o Hybrid attack
▪ Uses both dictionary and brute force attack, it take variants on
each words tests from dictionary
• Tailored Dictionary Attack
o Tailored to specifically target a particular person
• Rainbow Tables
o Table if passwords salted with corresponding hash value
o When obtain a hash value, looking it up in the table
Protecting Password
• In UNIX
o Passwords are not stored
o Instead, Hashes of the password is stored
o Passwords are stored in 2 files
▪ Password file: /etc/passwd
• Stores username
▪ Shadow file: /etc/shadow
• Stores encrypted hashed passwords
o Salting
▪ Password and salt(a value randomly generated) combined then
hashed
▪ Salt is stored somewhere else
▪ Thus 2 person with same password with not have same hash
• Hard-coded password/credentials
o Sensitive credential like passwords are hard coded into software
used for internal authentication. Creates a loophole for adversary to
bypass the authentication process.
• One-time password
o User and system have “a list” of valid passwords and each is valid
only once
o Problems: Number of passwords to be stored
 • Lamport’s One-time password
o Relies on using hash function that are one-way collision resistant
Beyond Basic Password
• Master passwords and passwords master
o Master password
▪ Typically used as the main password used to protect sensitive
information such as other passwords and certificates
▪ Apply the appropriate rules
• Two-factor and two-channel Authentication
o Two-factor authentication
▪ Uses password/pin and a token which produce a OTP
o Two-channel authentication
▪ Uses 2 diff channel
• Client to server
• Server to client
o Phone to give targeted authentication
Access Control
• Access Control Matrices
Subject/object Trees walls Doors Fences Alice
Alice Climb Push
Bob Climb Push Jump
Chris Climb Open Push
Object | Subject | Right
Trees | Alice, Bob | Climb
Walls | Alice | Push
Walls | Chris | Climb
Doors | Bob | Push
Doors | Chris |Open
Alice | Chris | Push
 Attribute-based access control is performing access control based on
attributes associated with the subject or object. For example, Alice is a
employee at the HR department. The access control system looks at the
attribute of which department she belongs to and the time of login. If Alice
is logging in during work hours and assigned to the HR department, she will
be allowed into into the HR system. If she tries to login after work hours,
the access will be denied. This is to prevent malicious actors who are using
her credentials after work hours to prevent being noticed by the user.
• Multilevel Access Control
o Based on clearance and classification levels
• Biba
o Purpose is for Integrity access control
o Policy is no read down and no write up
• BLP
o Purpose is for data confidentiality
Buffer Overflow
• Buffer Overflow Attacks
o Cause an attack by running a Denial of service attack (DOS)
o Crash the application denying service to legitimate users or run their
own shellcode that allow attacker to take over system as privileged
user such as root or domain admin
▪ Such privilege allows them to reach and attack area they could
not reach normally
o Gaining access
▪ Attacker can overwrite the stack which overwrite the return
pointer to point to attacker’s code instead of actual program
• Prevention of buffer overflows
o Ensure secure code
o Adding a guard value before return address
Mobile Code
• Cross site Scripting (XSS)
o Exploits vulnerabilities of dynamic web content
 ▪ Particularly uses the vulnerabilities to gather data from user
o Allow attackers to inject client-side scripts into web pages viewed by
others
Malicious code or Malware
• Types of malware
o Viruses
▪ Infect files on infected host
o Trojan horses
▪ Non-replicating program that exhibit desirable behavior like a
game
▪ Program with hidden intent
▪ Could be to open ports machine which allow attackers to
access
o Worms
▪ Replicate themselves to spread
▪ Minimal user interaction
▪ Exploit application like email to spread
• Virus
o Can infect other programs before triggering
o Encrypted Viruses
▪ Avoid detection by anti-virus software as code is hidden
▪ How?
• Virus code is encrypted
• Decryption routine and key is not encrypted
• Trojan Horses
o Hidden in a program that can be used (eg game)
• Defence
o Sandbox
▪ Suspicious code are quarantined in isolated system area
▪ Run the code and monitor its behavior
o Reducing rights
▪ When running suspected program, user can reduce their rights
▪ Preventing
• Detection
 o System behavior usually different when infected
▪ Virus monitors monitor known methods of virus activity
• Attempts to write to boot sector
• Modify interrupt vectors
• Write to system files
• Detect abnormal behavior of system
o Signature Scanning
▪ Signature of file is checked against large library of programs
▪ Can be used against trojan horses
Intrusion Detection System (IDS)
• Categories of attackers
o Clandestine
▪ Try to avoid IDS or auditing system
o Masqueraders
▪ Pretend to be legitimate user
o Misfeasors
▪ Legitimate users that misuse privileges they have
• Honeypots (Trap)
o Divert attacker from critical system
o Collect information of the attacker’s activity
Firewalls
• Firewall
o Provide a choke point to protect network from outside
o Monitor traffic especially security breaches
SQL
• Direct vs indirect inferential attack
o Direct inferential attack
▪ Attack issues a query that directly yields sensitive data
▪ Example is finding out which department Alice belongs
o Indirect inferential attack
▪ Attacker infer sensitive data from statistical results
▪ Example is having access to reports that state an average
salary of a male employee in HR department is $3000. As Bob
is the only male employee, attacker can infer bob earns $3000