0% found this document useful (0 votes)
54 views29 pages

Network Security: Presented By: Dr. Munam Ali Shah

The document summarizes different types of network security attacks including viruses, worms, Trojan horses, denial of service (DoS) attacks, and distributed denial of service (DDoS) attacks. It describes key characteristics of each type of attack such as how viruses infect programs, how worms spread automatically, and how Trojan horses disguise themselves as legitimate programs. The document also discusses different categories of DoS attacks including those that stop services locally or remotely and those that exhaust system resources. Great programming skills are needed to understand the techniques attackers use and develop resilient defenses.

Uploaded by

Nadeem Shoukat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
54 views29 pages

Network Security: Presented By: Dr. Munam Ali Shah

The document summarizes different types of network security attacks including viruses, worms, Trojan horses, denial of service (DoS) attacks, and distributed denial of service (DDoS) attacks. It describes key characteristics of each type of attack such as how viruses infect programs, how worms spread automatically, and how Trojan horses disguise themselves as legitimate programs. The document also discusses different categories of DoS attacks including those that stop services locally or remotely and those that exhaust system resources. Great programming skills are needed to understand the techniques attackers use and develop resilient defenses.

Uploaded by

Nadeem Shoukat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 29

Network Security

Lecture 5

Presented by: Dr. Munam Ali Shah


Summary of the previous lecture

 In Previous lecture, we talked about security through


obscurity
 We have seen the X.800 Security architecture
 We also learnt about active and passive attacks
 And importantly, we discussed the difference between
Security and Protection. How access matrix is used to
classify objects, Domains and access-rights
Part 2(a)
Analysis of the N/W Security
Outlines
 Different types of security attacks in a computing
environment
 Viruses, Worms, Trojan Horses
 DoS attacks and its types
Objectives

 To be able to distinguish between different types of

security attacks
 To identify and classify which security attacks leads to

which security breach category


Different Types of Attacks and Threats
 Virus
 Worms
 Trojan Horse
 Botnet
 Trap doors
 Logic Bomb
 Spyware
Viruses
 A Virus infects executable programs by appending
its own code so that it is run every time the program
runs.
 Viruses
 may be destructive (by destroying/altering data)
 may be designed to “spread” only
 Although they do not carry a dangerous “payload”, they consume
resources and may cause malfunctions in programs if they are badly
written and should therefore be considered dangerous!

 Viruses have been a major threat in the past


decades but have nowadays been replaced by self-
replicating worms, spyware and adware as the no.
1 threat!
7
Virus Types
 Boot Sector Virus
 Spreads by passing of floppy disks
 Substitutes its code for DOS boot sector or Master Boot
Record
 Used to be very common in 1980ies and 1990ies

8
 An Example of Boot Sector Virus
 Polymorphic Virus
 Virus that has the ability to “change” its own code to
avoid detection by signature scanners
 Macro Virus
 Is based on a macro programming language of a
popular application (e.g. MS Word/Excel, etc.)
 Stealth Virus
 Virus that has the ability to hide its presence from the
user. The virus may maintain a copy of the original,
uninfected data and monitor system activity

10
Example of Macro Virus
 Visual Basic Macro to reformat hard drive
Sub AutoOpen()
Dim oFS
Set oFS =
CreateObject(’’Scripting.FileSystemObject’’
)
vs = Shell(’’c:command.com /k format
c:’’,vbHide)
End Sub
Trap Door
 Trap Door
Trap doors, also referred to as backdoors, are
bits of code embedded in programs by the
programmer(s) to quickly gain access at a later
time.
A programmer may purposely leaves this code in
or simply forgets to remove it, a potential security
hole is introduced. Hackers often plant a backdoor
on previously compromised systems to gain later
access
Worms
 A Worm is a piece of software that uses computer
networks (and security flaws) to create copies of itself
 First Worm in 1988: “Internet Worm“
 propagated via exploitation of several BSD and sendmail-
bugs
 infected large number of computers on the Internet
 Some “successful“ Worms
 Code Red in 2001
 Infected hundreds of thousands of systems by exploiting a vulnerability in
Microsoft‘s Internet Information Server
 Blaster in 2003
 Infected hundreds of thousands of systems by exploiting a vulnerability in
Microsoft‘s RPC service
13
Trojan Horse
Trojan Horses
 A Trojan is (non-self-replicating program) that appears to
perform a desirable function for the user but instead facilitates
unauthorized access to the user's computer system
 It is embedded within or disguised as legitimate software
 Trojans may look interesting to the unsuspecting user, but are
harmful when actually executed
 Two types of Trojan Horses
 Useful software that has been corrupted by an attacker to
execute malicious code when the program is run
 Standalone program that masquerades as something else
(like a game, or a neat little utility) to trick the user into
running it
 Trojan Horses do not operate autonomously
15
Types of Trojan Horses (1/2)

 Remote Access Trojans / Remote Control


Trojans
 Most dangerous types of trojans
 Enable the attacker to read every keystroke of the
victim, recover passwords, etc.
 Examples: NetBus, Sub7, BackOrifice, BO2K, …
 Proxy Trojans
 Provide a relay for an attacker so that he is able to
disguise the origin of his activities
 DDoS Zombies
 Are used for large-scale Distributed Denial of Service
attacks 16
Types of Trojan Horses (2/2)

 Data-Sending Trojans
 Are used by attackers to gather certain data
 Passwords
 E-banking credentials
 Gathered data is often transferred to a location on the
Internet where the attacker can harvest the data later
on
 Destructive Trojans
 Trojans that perform directly harmful activity
 Altering data
 Encrypting files

17
Phishing

 It is process of attempting to acquire sensitive


information such as usernames, password and
credit card details by masquerading as a
trustworthy entity in an electronic communication
 Defenses Against Phishing
 Number one defense is raising user awareness and user education
 Very few effective technical countermeasures to completely stop phishing

18
Denial of Service (DoS) Attacks

 Denial of Service attacks are an attempt to make


computer resources unavailable to their intended
users
 DoS attacks are (normally) not highly
sophisticated, but merely bothersome
 Force administrator to restart service or reboot machine
 DoS attacks are dangerous for businesses that rely
on availability (e.g. Webshops, eGovernment
platforms, etc.)

19
Categories of Denial of Service Attacks

Stopping Exhausting
services resources
Attack Locally - Process killing - Forking process to
is - System fill process table
Launch reconfiguring - Filling up the file
system
Remotely - Malfunction - Packet flood (e.g.
packet attack SYN flood, Smurf )

20
DoS: Stopping Services (locally)

 Easy if an attacker has already gained root-


access, he could simply …
 shutdown the service
 reconfigure the service
 If an attacker has a “normal“ account on the
system, he could
 try to “become root“ using an exploit to perform any of
the activities listed above

21
DoS: Exhausting Resources (Locally )

 An attacker might try to run a program that grabs


resources on the target machine itself
 Most operating systems attempt to isolate users to
prevent one user from grabbing all system resources
 Intruders often find ways around these attempts (or
may try to “become root“ by using an exploit)
 Common methods of exhausting resources
– Filling up the process table
– Filling up the file system
– Sending traffic that fills up the communications
list
22
DoS: Stopping Services (Remotely)
 Much more popular than local DoS attacks, because the
attacker does not need a local account on the target
machine
 Often a “malformed packet“ attack, that relies on errors
in the TCP/IP stack or network protocol of an application
and causes the remote machine (or just the application)
to crash

23
DoS: Exhausting Resources
(Remotely)
 An attacker tries tying up all resources of the
target system (particularly the communications
link)
 Popular example: SYN-Flood
 During a SYN-Flood an attacker will send a lot of SYN
packets with a spoofed (and unresponsive) source
address to the target and never complete the
handshake to fill up the connection queue or the
communication link (and cause a DoS)

24
DDoS
 DDoS attack terminology
 Attacking machines are called daemons, slaves,
zombies or agents.
 “Zombies” are usually poorly secured machines that
are exploited (Also called agents)
 Machines that control and command the zombies are
called masters or handlers.
 Attacker would like to hide trace: He hides himself
behind machines that are called stepping stones.

25
Great Programming Required?
 Remember !!
 The hackers and attackers are expert level
programmers
 They now most of the programming concepts
 They simply find the loopholes in the system to exploit
the opportunity to break-in the system.
 To become resilient against threats and to know the
programming level of attackers, and to determine the
bug,
YES great programming is required.
Summary of today’s lecture
 In today’s lecture, we discussed in detail about different
types of security attacks that a computer system is/can
be vulnerable to.
 Our discussion included some famous attacks such as
virus, worms, DoS, Trojan horse etc.
Next lecture topics
 We will have our discussion continued on DoS attacks.
 We will see how DoS attacks can cost million of $$$$ to
a company
 We will explore more types and sub-types of DoS
attacks.
The End

You might also like