Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
DEFENSE
Chapter 3
Network and Computer Attacks
OBJECTIVES
Goals
Destroy data
Corrupt data
Shutdown a network or system
VIRUSES
ANTIVIRUS SOFTWARE
Detects and removes viruses
Detection based on virus signatures
Must update signature database periodically
Use automatic update feature
VIRUSES (CONTINUED)
Shell
Executable piece of programming code
Should not appear in an e-mail attachment
MACRO VIRUSES
Macro
Lists of commands
Can be used in destructive ways
Example: Melissa
Appeared in 1999
It is very simple see link source code http://www.havenofbliss.com/famousbugs.html
WRITING VIRUSES
Even nonprogrammers
can create macro viruses
Instructions posted on
Web sites
Virus creation kits available for download (see link Ch 3d)
WORMS
Worm
Replicates and propagates without a host
Infamous examples
Code Red
Nimda
10
11
12
13
TROJAN PROGRAMS
14
FIREWALLS
Can block this type of attack, if your firewall filters outgoing traffic
Windows XP SP2s firewall does not filter outgoing traffic
Vistas firewall doesnt either (by default), according to link Ch 3l and 3m
15
16
TROJAN DEMONSTRATION
Save it as
C:\Documents and Settings\
username\cmd.bat
17
IMPROVED TROJAN
18
SPYWARE
Sends information from the infected computer to the attacker
19
20
ADWARE
Similar to spyware
Can be installed without the user being aware
Main goal
Determine users online purchasing habits
Tailored advertisement
Main problem
Slows down computers
21
Difficult task
22
23
24
Structural training
Most effective measure
Includes all employees and management
25
Firewalls
Hardware (enterprise solution)
Software (personal solution)
Can be combined
26
27
Attack
Network security
Computer security
Computer crime
28
DENIAL-OF-SERVICE ATTACKS
29
30
Often participants are not aware they are part of the attack
Attacking computers could be controlled using Trojan programs
31
Goal
Fill overflow buffer with executable code
OS executes this code
Can elevate attackers permission to Administrator or even Kernel
32
33
34
How it works
35
SESSION HIJACKING
36
Inside attacks are more likely than attacks from outside the company
37
KEYLOGGERS
Software
Behaves like Trojan programs
Hardware
Easy to install
Goes between the keyboard and the CPU
KeyKatcher and KeyGhost
38
39
40
KEYLOGGERS (CONTINUED)
Protection
Software-based
Antivirus
Hardware-based
Random visual tests
Look for added hardware
Superglue keyboard connectors in
41
42
LOCKPICKING
Average person can pick deadbolt locks in less than five minutes
After only a week or two of practice
43
44