Mazhar Hussain
E-mail: [email protected]
Network Security
Lecture#2
Institute of Southern Punjab, Multan
Security Architecture
Lecture 2: Security Architecture
Security Attacks
A Model for Network Security
Phases of Hacking
Hacktivism
2
Security Attacks
3
Security Attacks
Any action that compromises the security of information ofan organization
4
A passive attack attempts to learn or make use of information from the system but does not affect system resources.
An active attack attempts to alter system resources or affect their operation.
5
Continued…
Passive attacks are in the nature of spying on, or monitoring of transmissions.
The goal of the opponent is to obtain information that is being transmitted.
Two types of passive attacks are:
1. The release of message contents
2. Traffic Analysis6
Passive Attack
The release of message contents is easilyunderstood by the Figure in next page.
A telephone conversation, an electronic mailmessage, and a transferred file may containsensitive or confidential information.
We would like to prevent an opponent from learningthe contents of these transmissions.
7
The Release of Message Contents
8
Continued…
A second type of passive attack is traffic analysis.
Suppose that we had a way of masking the contents of messages or other information traffic so that opponents, even if they captured the message, could not extract the information from the message.
The common technique for masking contents is ???
9
Traffic Analysis
10
Continued…
Passive attacks are very difficult to detect????
11
Continued…
Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:
1. Masquerade
2. Replay
3. Modification of Messages
4. Denial of Service
12
Active Attack
A masquerade takes place when one entity pretends to be a different entity.
13
Masquerade
Replay involves the passive capture of a data unit and later retransmission to produce an unauthorized effect.
14
Replay
Modification of messages simply means that some portion of a legitimate message is altered, or that messages are delayed or reordered, to produce an unauthorized effect.
15
Modification of Messages
The denial of service prevents the normal use or management of communications facilities.
16
Denial Of Services
A Model for Network Security
17
18
A Model for Network Security
Phases of Hacking
19
20
Continued…
Hacking NetworksPhase 1: Reconnaissance
Physical Break-In Dumpster Diving Google, Newsgroups,
Web sites Social Engineering
Phishing: fake email Pharming: fake web
pages
WhoIs Database & arin.net
Domain Name Server Interrogations
Registrant:Microsoft CorporationOne Microsoft WayRedmond, WA 98052US
Domain name: MICROSOFT.COM
Administrative Contact:Administrator, Domain [email protected] Microsoft WayRedmond, WA 98052US+1.4258828080
Technical Contact:Hostmaster, MSN [email protected] Microsoft WayRedmond, WA 98052 US+1.4258828080
Registration Service Provider:DBMS VeriSign, [email protected] x4Please contact DBMS VeriSign for domain updates,
DNS/Nameserverchanges, and general domain support questions.
Registrar of Record: TUCOWS, INC.Record last updated on 27-Aug-2006.Record expires on 03-May-2014.Record created on 02-May-1991.
Domain servers in listed order:NS3.MSFT.NET 213.199.144.151NS1.MSFT.NET 207.68.160.190NS4.MSFT.NET 207.46.66.126NS2.MSFT.NET 65.54.240.126NS5.MSFT.NET 65.55.238.126
21
Hacking NetworksPhase 2: Scanning
War Driving: Can I find a wireless network?
War Dialing: Can I find a modem to connect to?
Network Mapping: What IP addresses exist, and what ports are open on them?
Vulnerability-Scanning Tools: What versions of software are implemented on devices?
22
Passive Attacks
Eavesdropping: Listen to packets from other parties = Sniffing
Traffic Analysis: Learn about network from observing traffic patterns
Footprinting: Test to determine software installed on system = Network Mapping
Bob
JennieCarl
23
Hacking Networks:Phase 3: Gaining Access
Network Attacks:
Sniffing (Eavesdropping)
IP Address Spoofing
Session Hijacking
System Attacks:
Buffer Overflow
Password Cracking
SQL Injection
Web Protocol Abuse
Denial of Service
Trap Door
Virus, Worm, Trojan horse, Login: Ginger Password: Snap
24
Some Active Attacks
Denial of Service: Message did not make it; or service could not run
Masquerading or Spoofing: The actual sender is not the claimed sender
Message Modification: The message was modified in transmission
Packet Replay: A past packet is transmitted again in order to gain access or otherwise cause damage
Denial of ServiceJoe
Ann
Bill Spoofing
Joe (Actually Bill)
Ann
Bill
MessageModificationJoe
Ann
Packet ReplayJoe
Ann
Bill
Bill
25
Man-in-the-Middle Attack
10.1.1.1
10.1.1.2
10.1.1.3
(1) Login
(3) Password
(2) Login
(4) Password
26
SQL Injection Java Original: “SELECT * FROM
users_table WHERE username=” + “‟” + username + “‟” + “ AND password = “ + “‟” + password + “‟”;
Inserted Password: Aa‟ OR „‟=‟ Java Result: “SELECT * FROM users_table
WHERE username=‟anyname‟ AND password = „Aa‟ OR „ „ = „ „;
Inserted Password: foo‟;DELETE FROM users_table WHERE username LIKE „%
Java Result: “SELECT * FROM users_table WHERE username=‟anyname‟ AND password = „foo‟; DELETE FROM users_table WHERE username LIKE „%‟
Inserted entry: „|shell(“cmd /c echo “ & char(124) & “format c:”)|‟
Login:
Password:
Welcome to My System
27
Password Cracking:Dictionary Attack & Brute Force
Pattern Calculation Result Time to Guess
(2.6x1018/month)
Personal Info: interests, relatives 20 Manual 5 minutes
Social Engineering 1 Manual 2 minutes
American Dictionary 80,000 < 1 second
4 chars: lower case alpha 264 5x105
8 chars: lower case alpha 268 2x1011
8 chars: alpha 528 5x1013
8 chars: alphanumeric 628 2x1014 3.4 min.
8 chars alphanumeric +10 728 7x1014 12 min.
8 chars: all keyboard 958 7x1015 2 hours
12 chars: alphanumeric 6212 3x1021 96 years
12 chars: alphanumeric + 10 7212 2x1022 500 years
12 chars: all keyboard 9512 5x1023
16 chars: alphanumeric 6216 5x102828
Hacking Networks:Phase 4: Exploit/Maintain Access
Backdoor
Trojan Horse
Spyware/AdwareBots
User-Level Rootkit
Kernel-Level Rootkit
Replaces systemexecutables: e.g. Login, ls, du
Replaces OS kernel:e.g. process or filecontrol to hide
Control system:system commands,log keystrokes, pswd
Useful utility actuallycreates a backdoor.
Slave forwards/performscommands; spreads,list email addrs, DOSattacks
Spyware: Collect info:keystroke logger,collect credit card #s,AdWare: insert ads,filter search results
29
Botnets
Attacker
Handler
Bots: Host illegal movies,music, pornography, criminal web sites, …Forward Spam for financial gain
ChinaHungary
Botnets: Bots
Zombies
30
Distributed Denial of ServiceZombies
VictimAttacker
Handler
Can barrage a victimserver with requests,causing the networkto fail to respond to anyone
RussiaBulgaria United
States
Zombies
31
Hacktivism
32
Hacktivism refers to hacking for a cause!
– Political Agenda
33
Hacktivism
END OF LECTURE 2
34