Part Two

Security Threats, Attacks and Vulnerabilities

Information Security
(BIS 321)
Introduction
 Information is the key asset in most organizations.

 Companies gain a competitive advantage by knowing how to use that

information.
 The threat comes from others who would like to acquire the information or

limit business opportunities by interfering with normal business processes.

 The object of security is to protect valuable or sensitive organizational

information while making it readily available.

 Attackers trying to harm a system or disrupt normal business operations

exploit vulnerabilities by using various techniques, methods, and tools.

 Attackers generally have motives or goals—for example, to disrupt normal

business operations or steal information.

 To achieve these motives or goals, they use various methods, tools, and

techniques to exploit vulnerabilities in a computer system or security policy

2
and controls.
Methods used by attackers
1. Deleting and altering Information:- Malicious attackers who delete
or alter information normally do this to prove a point or take revenge
for something that has happened to them.
 Inside attackers normally do this to spite the organization because
they are disgruntled about something.
 Outside attackers might want to do this to prove that they can get in
to the system or for the fun of it.
2. Committing Information Theft and Fraud:- Information technology
is increasingly used to commit fraud and theft.
 Computer systems are exploited in numerous ways, both by
automating traditional methods of fraud and by using new methods.
 Some of the systems which are subjected to fraud include: Financial
systems, systems that control access to any resources, such as time
and attendance systems, inventory systems, school grading systems,
3 or long-distance telephone systems
 Contd.

3. Disrupting Normal Business Operations:- Attackers may want

to disrupt normal business operations.

 In any circumstance like this, the attacker has a specific goal to

achieve.

 Attackers use various methods for denial-of-service attacks; the

section on methods, tools, and techniques will discuss these.

4
 Security Threats
Security Threats

Human Natural Disasters

Malicious Non-Malicious
Floods
Fires
Earthquakes
Hurricanes
Outsiders like …
Insiders like
Crackers Ignorant
Disgruntled
and Employees
Employees
Hackers

5
Contd.

1. Natural Disaster:- Nobody can stop nature from taking its course.
 Earthquakes, hurricanes, floods, lightning, and fire can cause
severe damage to computer systems.
 Information can be lost, downtime or loss of productivity can
occur, and damage to hardware can disrupt other essential services.
 Few safeguards can be implemented against natural disasters.
 The best approach is to have disaster recovery plans and
contingency plans in place.
 Other threats such as riots, wars, and terrorist attacks could be
included here.

6
 Although they are human-caused threats, they are classified as
 Contd.
2. Human Threats:- Malicious threats consist of inside attacks by
disgruntled or malicious employees and outside attacks by non-
employees just looking to harm and disrupt an organization.
 Insiders are the most dangerous attackers, because they know
many of the codes and security measures that are already in place .
 Insiders can plant viruses, Trojan horses, or worms, and they can
browse through the file system.
 By browsing through a system, an insider can learn confidential
information.
 Trojan horses are a threat to both the integrity and confidentiality
of information in the system.
 Insiders can affect availability by overloading the system's
7
processing or storage capacity, or by causing the system to crash.
 Contd.
 Disgruntled employees can create both mischief and sabotage on a
computer system.
 Common examples of computer-related employee sabotage include:
i. Changing/Deleting Data
ii. Destroying data or programs with logic bombs
iii. Crashing systems
iv. Holding data hostage
v. Destroying hardware or facilities
vi. Entering data incorrectly.

 Outsiders like hackers and crackers are also some of the

security human threats.
A. Hackers are people who either break in to systems for which they
have no authorization or Intentionally overstep their bounds on
8
systems for which they don’t have legitimate access.
 Contd.
 Hacker usually is a programmer who constantly seeks further

knowledge, freely share what they have discovered, and never

intentionally damage data.
B. Crackers are people who breaks into or otherwise violates system
integrity with malicious intent.
 They destroy vital data or cause problems for their targets.
 Common methods for gaining access to a system include
password cracking, exploiting known security weaknesses,
network spoofing, and social engineering.
 Malicious attackers normally will have a specific goal, objective,
or motive for an attack on a system:
 Denial of Service
9
 Stealing Information or hardware (Resources).
 Ways to gain Access or deny Services
 Malicious attackers can gain access or deny services in
numerous ways. Here are some of them:-
1. Viruses:- Attackers can develop harmful codes, called viruses, and
plant them into systems.
 Viruses can also be spread via e-mail and disks.

2. Trojan horses:- are malicious programs or software code hidden

inside what looks like a normal program.
 When a user runs the normal program, the hidden code runs as
well.
 It can then start deleting files and causing other damage to the
10
computer.
 Contd.
3. Worms:- are programs that copy themselves from one system to
another over a network, without the assistance of a human being.
 Worms usually propagate themselves by transferring from
computer to computer via e-mail.
4. Password cracking:- is a technique attackers use to
surreptitiously gain system access through another user's
account.
 This is possible because users often select weak passwords.
 The two major problems with passwords is:
i. when they are easy to guess based on knowledge of the user (for
example, wife's maiden name) and
ii. when they are susceptible to dictionary attacks (that is, using a
11 dictionary as the source of guesses).
 Contd.
5. Denial of Services (DoS) attacks:- This attack exploits the need
to have a service available.
 It is a growing trend on the Internet because Web sites in general
are open doors ready for abuse.
 People can easily flood the Web server with communication in
order to keep it busy.
 Therefore, companies connected to the Internet should prepare for
(DoS) attacks.
 They also are difficult to trace and allow other types of attacks to
be subdued.

12
 DoS attacks are designed to prevent legitimate use of a service.
 Contd.
 Attackers achieve this by flooding a network with more traffic than it

can handle. Examples of this include:

1. Saturating network resources, thereby preventing users from using
network resources.
2. Disrupting connections between two computers, preventing
communications between services.
3. Preventing a particular individual from accessing a service.
4. Disrupting services to a specific system or client.
 DoS attacks flood a remote network with an enormous amount of

protocol packets.
 Routers and servers eventually become overloaded by attempting to

13
route or handle each packet.
 Contd.
 Computers use certain core resources, such as network bandwidth,
memory, CPU time, and hard drive space, to operate and function
correctly.
 The operating system and applications than run on the system play
an important role in managing these resources correctly.
 When the operating system or the resources are overrun by
malicious attacks, one or more of these core resources breaks
down, causing the system to crash or stop responding.
 An attacker can cause resources to be overrun by various means,
including consuming server resources, saturating network
14
resources, and mail bombing.
 Contd.
6. E-mail hacking:- With access to Internet e-mail, someone can

potentially correspond with any one of millions of people worldwide.

 The most common mail transfer protocols (SMTP, POP3, IMAP4)

do not typically include provisions for reliable authentication as

part of the core protocol, allowing e-mail messages to be easily

forged.

 Nor do these protocols require the use of encryption that could

ensure the privacy or confidentiality of e-mail messages.

15
 Threats associated with e-mail
1. Impersonation:- The sender address on Internet e-mail cannot be
trusted because the sender can create a false return address.
 Someone could have modified the header in transit, or the sender
could have connected directly to the Simple Mail Transfer Protocol
(SMTP) port on the target computer to enter the e-mail.

2. Eavesdropping:- E-mail headers and contents are transmitted in the

clear text if no encryption is used.
 As a result, the contents of a message can be read or altered in
transit.
 The header can be modified to hide or change the sender, or to

16
redirect the message
 Eavesdropping on a Dialog

Dialog

Hello
Client PC
Server
Bob
Alice

Hello

Attacker (Eve) intercepts

and reads messages
17
 Contd.
3. Network Spoofing(passive eavesdropping):- is when a user creates a
packet that appears to be something else or from someone else.
 Here, a system presents itself to the network as though it were a different
system (computer A impersonates computer B by sending B's address
instead of its own).

4. Packet replay:- refers to the recording and retransmission of

message packets in the network.
 Packet replay is a significant threat for programs that require
authentication sequences, because an intruder could replay
legitimate authentication sequence messages to gain access to a
system.
18
 It is frequently undetectable, but can be prevented by using packet
 Contd.
5. Ping Storm:- is a condition in which the Internet Ping program is
used to send a flood of packets to a server to test its ability to handle
a high amount of traffic or, maliciously, to make the server
inoperable.
6. E-mail Bombing:- here, a user sends an excessive amount of
unwanted e-mail to someone.
7. Snoffing:- here, an attacker forges network data, appearing to come
from a different network address than he actually comes from.
 This sort of attack can be used to thwart systems that authenticate
based on host information (e.g., an IP address).

8. Intrusion Attacks:- In these attacks, a hacker uses various

hacking tools to gain access to systems.
19
 These can range from password-cracking tools to protocol hacking
 Contd.
9. Social Engineering:- is a common form of cracking. It can be
used by outsiders and by people within an organization.
 Social engineering is a hacker term for tricking people into
revealing their password or some form of security information.
 A common example of social engineering would be where a hacker
sends e-mail to an employee, claiming to be an administrator who
needs the employee's password to do some administrative work.
 The normal user who has not been taught about security might not
know the difference between the actual administrator and the
imposter administrator, especially in a large organization.
20
 Contd.
10. Packet Modification:- involves one system intercepting and
modifying a packet destined for another system.
 Packet information may not only be modified, it could also be
destroyed.
Dialog

Balance =
Balance = $1
Client PC $1,000,000 Server
Bob Alice

Balance =$1
Balance =
$1,000,000
Attacker (Eve) intercepts
21
and alters messages
 Contd.
3. Non-Malicious Threats:- The primary threat to data integrity comes
from authorized users who are not aware of the actions they are
performing.
 Errors and omissions can cause valuable data to be lost, damaged,
or altered.
 Non-malicious threats usually come from employees who are
untrained in computers and are unaware of security threats and
vulnerabilities.
 Note that ignorant employees usually have no motives and goals
for causing damage. The damage is accidental.
 Malicious attackers can deceive ignorant employees by using
"social engineering" to gain entry.
 The attacker could masquerade as an administrator and ask for
22 passwords and user names
 Contd.

 Users, data entry clerks, system operators, and programmers

frequently make unintentional errors that contribute to security
problems, directly or/and indirectly.
 Error can be a threat, such as a data entry error or a programming
error that crashes a system.
 They can also create vulnerabilities, which is a weakness which
allows an attacker to reduce a system's information assurance.
 Programming and development errors, often called "bugs," range
in severity from irritating to catastrophic.
 Errors and omissions are important threats to data integrity.
23