Web attacks

Attacks andVulnerabilitiesVulnerabilities

Topics of Discussion

• ReconnaissanceGain information about a system

• VulnerabilitiesAttributes of a system that can be maliciously

exploited• Attacks

Procedures to exploit vulnerabilities

Reference 1


Reconnaissance – War Dialing– War Driving– Port Scanning– Probing– Packet Sniffing

War Dialing (Reconnaissance)

• MethodDial a range of phone

numbers searching for modem

• MotivationLocate potential targets

• DetectionDetection impossible

outside of the telephony infrastructure

• DefenseDisconnect unessential

modems from outgoing phone lines

Reference 2

War Driving (Reconnaissance)

• MethodSurveillance of wireless

signals in a region

• MotivationFind wireless traffic

• DetectionCan only be detected by

physical surveillance

• DefenseLimit geographic access to

wireless signal

Reference 3

Port Scanning (Reconnaissance)

• MethodSend out a SYN packet,

check for response

• MotivationFind potential targets

• DetectionTraffic analysis

• DefenseClose/silence ports

Reference 4

Probing (Reconnaissance)

• MethodSend packets to ports

• MotivationFind specific port

information

• DetectionTraffic analysis

• DefenseClose/silence ports

Packet Sniffing (Reconnaissance)

• MethodCapture and analyze

packets traveling across a network interface

• MotivationGain access to information

traveling on the network

• DetectionNone

• DefenseUse encryption to

minimize cleartext on the network

Reference 5


Vulnerabilities– Backdoors– Code Exploits– Eavesdropping– Indirect Attacks– Social Engineering

Backdoors (Vulnerabilities)

• Bypass normal means of authentication• Hidden from casual inspection• Installed separately or integrated into

software

Reference 6

Code Exploits (Vulnerabilities)

• Use of poor coding practices left uncaught by testing

• Defense: In depth unit and integration testing

Eavesdropping (Vulnerability)

• Data transmitted without encryption can be captured and read by parties other than the sender and receiver

• Defense: Use of strong cryptography to minimize cleartext on the network

Indirect Attacks (Vulnerabilities)

• Internet users’ machines can be infected with zombies and made to perform attacks

• The puppet master is left undetected

• Defense: Train internet users to prevent zombies and penalize zombie owners

Social Engineering (Vulnerability)

• Manipulate the weakest link of cybersecurity – the user – to gain access to otherwise prohibited resources

• Defense: Train personnel to resist the tactics of software engineering

Reference 7

Topics of DiscussionAttacks

– Password Cracks– Web Attacks– Physical Attacks– Worms & Viruses– Logic Bomb– Buffer Overflow– Phishing– Bots, and Zombies– Spyware, Adware, and Malware– Hardware Keyloggers– Eavesdropping & Playback attacks– DDoS

Password Cracks: Brute Force

• MethodTrying all combinations of

legal symbols as username/password pairs

• MotivationGain access to system

• DetectionFrequent attempts to

authenticate

• DefenseLockouts – temporary and

permanent

Reference 8

Password Cracks: Dictionary Attack

• MethodTrying all entries in a

collection of strings

• MotivationGain access to system,

faster than brute force


authenticate

• Defense– Lockouts – temporary

and permanent – Complex passwords

Reference 8

Password Cracks: Hybrid Attack

• MethodTrying all entries in a collection

of strings adding numbers and symbols concatenating them with each other and or numbers

• MotivationGain access to system, faster

than brute force, more likely than just dictionary attack


authenticate

• DefenseLockouts – temporary and

permanent

Reference 8

Password Cracks: l0phtcrack

• MethodGain access to operating

system’s hash table and perform cracking remotely

• MotivationGain access to system,

cracking elsewhere – no lockouts

• DetectionDetecting reading of hash

table

• DefenseLimit access to system

Reference 8

Web Attacks: Source Viewing

• MethodRead source code for

valuable information

• MotivationFind passwords or

commented out URL

• DetectionNone

• DefenseNone

Web Attacks: URL Modification

• MethodManipulating URL to find

pages not normally accessible

• MotivationGain access to normally

private directories or pages

• DetectionCheck website URL logs

• DefenseAdd access requirements

Web Attacks: Post Data

• MethodChange post data to get

desired results

• MotivationChange information being

sent in your favor

• DetectionNone

• DefenseVerify post data on

receiving end

Web Attacks: Database Attack

• MethodSending dangerous queries

to database

• MotivationDenial of service

• DetectionCheck database for strange

records

• DefenseFilter database queries

Reference 9

Web Attacks: Database Insertion

• MethodForm multiple queries to a

database through forms

• MotivationInsert information into a

table that might be unsafe

• DetectionCheck database logs

• DefenseFilter database queries,

make them quotesafe

Reference 9

Web Attacks: Meta Data

• MethodUse meta characters to

make malicious input

• MotivationPossibly reveal script or

other useful information

• DetectionWebsite logs

• DefenseFilter input of meta

characters

Reference 10

Physical Attack: Damage

• MethodAttack the computer with

an axe

• MotivationDisable the computer

• DetectionVideo Camera

• DefenseLocked doors and placed

security guards

Physical Attack: Disconnect

• MethodInterrupt connection

between two elements of the network

• MotivationDisable the network

• DetectionPings


security guards

Physical Attack: Reroute

• MethodPass network signal

through additional devices

• MotivationMonitor traffic or spoof a

portion of the network

• DetectionCamera


security guards

Physical Attack: Spoof MAC & IP

• MethodIdentify MAC address of

target and replicate

• MotivationDeny target from receiving

traffic

• DetectionMonitoring ARP requests

and checking logs

• DefenseNone as of now

Worms & Virus: File Infectors

• MethodInfects executables by

inserting itself into them

• MotivationDamage files and spread

• DetectionVirus scan or strange

computer behavior

• DefenseAntivirus, being cautious

on the internet

Reference 10

Worms & Virus: Partition-sector Infectors

• Method– Moves partition sector– Replaces with self– On boot executes and

calls original information



computer behavior


on the internet

Reference 10

Worms & Virus: Boot-sector virus

• MethodReplaces boot loader, and

spreads to hard drive and floppies



computer behavior


on the internet

Reference 10

Worms & Virus: Companion Virus

• MethodLocates executables and

mimics names, changing the extensions



computer behavior


on the internet

Reference 10

Worms & Virus: Macro Virus

• MethodInfects documents, when

document is accessed, macro executes in application



computer behavior


on the internet

Reference 10

Worms & Virus: Worms

• MethodReplicates

• MotivationVariable motivations


computer behavior


on the internet

Reference 11

Logic Bomb

• MethodDiscreetly install “time bomb”

and prevent detonation if necessary

• MotivationRevenge, synchronized attack,

securing get away

• DetectionStrange computer behavior

• Defense– Keep and monitor logs– Monitor computer systems

closely

Buffer Overflow

• MethodPass too much information to

the buffer with poor checking

• MotivationModify to information and/or

execute arbitrary code

• DetectionLogs

• Defense– Check input size before

copying to buffer– Guard return address against

overwrite– Invalidate stack to execute

instructions

Reference 12 & 13

Phishing

• MethodRequest information from a

mass audience, collect response from the gullible

• MotivationGain important information

• DetectionCareful examination of requests

for information

• DefenseDistribute on a need to know

basis

Bots & Zombies

• MethodInstalled by virus or worm, allow

remote unreserved access to the system

• MotivationGain access to additional

resources, hiding your identity

• Detection– Network analysis– Virus scans– Notice unusual behavior

• DefenseInstall security patches and be

careful what you download

Spyware, Adware, and Malware

• MethodInstalled either willingly by the

user via ActiveX or as part of a virus package

• Motivation– Gain information about the

user– Serve users advertisements

• Detection– Network analysis– Abnormal computer behavior

• DefenseVirus / adware / spyware /

malware scans

Hardware Keyloggers

• MethodAttach it to a computer

• MotivationRecord user names,

passwords, and other private information

• DetectionCheck physical connections

• DefenseCameras and guards

Eavesdropping

• Method– Record packets to the

network– Attempt to decrypt encrypted

packets

• MotivationGain access to user data

• DetectionNone

• DefenseStrong cryptography

Playback Attack

• Method– Record packets to the

network– Resend packets without

decryption

• MotivationMimic legitimate commands

• DetectionNetwork analysis

• DefenseTime stamps

DDoS: CPU attack

• MethodSend data that requires

cryptography to process

• MotivationOccupy the CPU preventing

normal operations


• DefenseNone

Reference 14

DDoS: Memory attack

• MethodSend data that requires the

allocation of memory

• MotivationTake up resources, crashing the

server when they are exhausted


• DefenseNone

Reference 14

Web attacks

Technology