Lec 2
Lec 2
Lecture 2
Identifying Potential Security threats
Dr. Eman Zahran
Identifying Potential Security threats
The main goal of this part is to help you Identify the different types of
security threats.
1- Software Treats
2- Hardware Threats
3- Data Threats
Software Threats
Software threats include theft, exploits, and malware.
Software or license theft is the unauthorized copy or use of copyright-
protected software. This includes pirating software and counterfeiting
activation codes.
Exploits are pieces of code that use vulnerabilities in hardware or
software to get into a system.
• Lock it in a secured area with card readers on doors to limit access (Only
trusted, authorized personnel should have physical access to information
systems and only for the specific systems they are responsible for).
1- An access attack
someone who should not be able to access your resources.
2- During a modification and repudiation attack,
someone wants to modify information in your systems.
3- A denial-of-service (DoS) attack
It is an attempt to disrupt your network and services
can prevent authorized users from having access because the system is busy
responding to illegitimate requests
Understanding Access Attack Types
• They occur either internally or externally; they might also occur when
physical access to the information is possible.
Access Attack Types
1- Dumpster diving
Eavesdropping
Snooping
Interception
Understanding Access Attack Types
Eavesdropping
Eavesdropping (or packet-sniffing) attacks occur on wireless, wired, and phone
connections. A packet sniffer is a tool that intercepts everything transmitted on a
network. Anything your device sends on an unencrypted network can be viewed
with a packet sniffer. This gives hackers an opportunity to intercept, alter, or delete
data transmitted between devices.
If a network is encrypted, packet sniffers will only be able to see things like the
origin and destination of a packet, but not the data inside it
Eavesdropping
For example,
Snooping
Hackers use snooping attacks to intercept data between devices. These
attacks can reveal, logins, credit card numbers, intellectual property, and
more.
Snooping occurs when someone looks through your files hoping to find
something interesting.
Snooping
to look around a place secretly, in order to discover things or find out
information about someone or something
Snooping
is unauthorized access to another person's or company's data
Interception
any situation where a hacker intercepts and changes communication between
two parties without their knowledge. To do that, the attacker may place
themselves between the sender and the receiver — this is called a man-in-the-
middle attack.
In a networked environment,
A passive interception would involve someone who routinely monitors
network traffic.
An active interception might include putting a computer system between
the sender and receiver to capture information as it’s sent. The process is
usually secret.
Understanding Access Attack Types
Intercept missions can occur for years without the knowledge of the
parties being monitored.
Modification and Repudiation Attacks
These attacks are often widely publicized in the media. Most simple
DoS attacks occur from a single system, and a specific server or
organization is the target.
Identifying Denial-of-Service and Distributed Denial-of-
Service Attacks Cont.
There isn’t a single type of DoS attack, but a variety of similar methods
depending on resources that could be attacked which are:
• Network bandwidth
Network bandwidth relates to the capacity of the network links
connecting a server to the wider Internet
It’s easiest to think of a DoS attack by imagining that your servers are so
busy responding to false requests that they don’t have time to service
legitimate requests. Not only can the servers be physically busy, but the
same result can occur if the attack consumes all the available bandwidth.
Identifying Denial-of-Service and Distributed Denial-of-
Service Attacks Cont.
A DoS attack against a network is designed to fill the communications
channel and prevent access by authorized users.
A common DoS attack involves opening as many TCP sessions as
possible; this type of attack is called a TCP SYN flood DoS attack.
Identifying Denial-of-Service and Distributed Denial-of-
Service Attacks Cont.
• System resources
A DoS attack targeting system resources typically aims to overload or
crash its network handling software. Rather than consuming bandwidth
with large volumes of traffic, specific types of packets (poison packet)
are sent that consume the limited resources available on the system.
Code Red, Slapper, and Slammer are all attacks that took advantage of
buffer overflows.
Identifying Denial-of-Service and Distributed Denial-of-
Service Attacks Cont.
• Application resources
An attack on a specific application, such as a Web server, typically
involves a number of valid requests, each of which consumes significant
resources. This then limits the ability of the server to respond to requests
from other users.
For example, a Web server might include the ability to make database
queries. If a large, costly query can be constructed, then an attacker
could generate a large number of these that severely load the server
A DoS attack on an application may bring down a website while the
communications and systems continue to operate.
Defenses against DoS attacks
There are several techniques to limit the consequences a DoS
attack which are:
• Network segmentation - Segmenting networks into smaller, more
manageable pieces, can limit the impact of a DoS attack. This can be
done by creating VLANs, and firewalls can limit the spread of an
attack.
• Load balancing - Distributing traffic across multiple servers, a DoS
attack can be prevented from overwhelming a single server or
resource. Load balancing can be achieved using hardware or software
solutions.
Defenses against DoS attacks Cont.
It's harder to identify a DDoS attack’s origin, which makes it harder to shut
down
Distributed Denial-of-Service Attacks Cont.
The attack program lies dormant on these computers until they get an
attack signal from a master computer.
The signal triggers the systems, which launch an attack simultaneously
on the target network or system.
Distributed Denial-of-Service Attacks Cont.
Botnet:
A large collection of
zombies, or bots,
controlled by a bot
herder.
Distributed Denial-of-Service Attacks Cont.
The previous figure shows an attack occurring and the master controller
orchestrating the attack. The master controller may be another
unsuspecting user. The systems taking direction from the master control
computer are referred to as zombies. These systems merely carry out the
instruction they’ve been given by the master computer.
Distributed Denial-of-Service Attacks Cont.
The nasty part of DDoS attack is that the machines used to carry out the
attack belong to normal computer users.
The attack gives no special warning to those users.
When the attack is complete, the attack program may remove itself from
the system or infect the unsuspecting user’s computer with a virus that
destroys the hard drive, thereby wiping out the evidence.
Defenses against DDoS attacks
Four lines of defense against DDoS attacks: