Chapter 3 - Attacks and malicious code (part 2). After studying this chapter you will be able to: Discuss man-in-the-middle attacks, replay attacks, and TCP session hijacking; detail three types of social-engineering attacks and explain why they can be incredibly damaging; list major types of attacks used against encrypted data; list major types of malicious software and identify a countermeasure for each one.
Chapter :Attacks and Malicious Code (Part 2) Man in the Middle ATHENA Class of attacks in which the attacker places himself between two communicating hosts and listens in on their session Both of the other hosts think they are communicating with each other Man-in-the-Middle Attacks ATHENA Man-in-the-Middle Applications ATHENA Web spoofing TCP session hijacking Information theft Other attacks (denial-of-service attacks, corruption of transmitted data, traffic analysis to gain information about victim’s network) Man-in-the-Middle Methods ATHENA ARP poisoning (Hunt) ICMP redirects – Router sends redirect packet to host, saying a better route exists for certain traffic See: http://www.qorbit.net/documents/icmpredirects-are-bad.pdf DNS server cache poisoning See: http://www.securityfocus.com/guest/17905 Replay Attacks Attempts to circumvent authentication mechanisms by: • Recording authentication messaghies from a legitimate user • Reissuing those messages in order to impersonate the user and gain access to systems ATHENA TCP Session Hijacking Attacker uses techniques to make the victim believe he or she is connected to a trusted host, when in fact the victim is communicating with the attacker Well-known tool • Hunt (Linux) ATHENA ATHENA Attacker Using Victim’s TCP Connection ATHENA Social Engineering ATHENA Class of attacks that uses trickery on people instead of computers Exploits trusts between people instead of machines Often the first thing a blackhat will try Can circumvent the most elaborate and expensive security system Malicious Software ATHENA Viruses ATHENA Self-replicating programs that spread by “infecting” other programs Require some action to trigger (run) Damaging and costly ATHENA Virus Databases ATHENA Evolution of Virus Propagation Techniques ATHENA Protecting Against Viruses Enterprise virus protection solutions • Desktop antivirus programs • Virus filters for e-mail servers • Network appliances that detect and remove viruses Instill good behaviors in users and system administrators • Keep security patches and virus signature databases up to date • Train users to not open unsolicited attachments • Unhide file extensions ATHENA Backdoors (Programs) Remote access program surreptitiously installed on user computers that allows attacker to control behavior of victim’s computer Also known as remote access Trojans Examples • Back Orifice 2000 (BO2K) • NetBus Detection and elimination • Up-to-date antivirus software • Intrusion detection systems (IDS) ATHENA ATHENA ATHENA Trojan Horses ATHENA Class of malware that uses social engineering to spread Appears to be one thing, but contains something else Some viruses are classified as Trojans – example “vacation pictures.jpg.vbs” A lot of “free” software contains other programs – gator, etc Logic Bombs Set of computer instructions that lie dormant until triggered by a specific event Once triggered, the logic bomb performs a malicious task Almost impossible to detect until after triggered Often the work of former employees For example: macro virus • Uses auto-execution feature of specific applications ATHENA Worms Self-contained program that uses security flaws such as buffer overflows to remotely compromise a victim and replicate itself to that system Do not infect other executable programs Account for 80% of all malicious activity on Internet Examples: Code Red, Code Red II, Nimda ATHENA Defense Against Worms ATHENA Latest security updates for all computers and network devices Filter all the traffic you can at the firewall Remove unneeded services/applications Network and host-based Intrusion Detection Systems Antivirus programs Summary Mechanisms, countermeasures, and best practices for: • Malicious software • Denial-of-service attacks • Software exploits • Social engineering • Attacks on encrypted data ATHENA Labs/Assignments ATHENA Do Project 3-1 on Page 90 of the textbook Don’t step number Do Project 3-5 on Page 93 of the textbook Assignment: Pick out one of the tools we have been using and write a short paper about what type of tool it is, why you like it, what you can with it, etc Not a step-by-step, just a short review ... with each other Man-in-the-Middle Attacks ATHENA Man-in-the-Middle Applications ATHENA Web spoofing TCP session hijacking Information theft Other attacks (denial-of-service attacks, corruption... (BO2K) • NetBus Detection and elimination • Up-to-date antivirus software • Intrusion detection systems (IDS) ATHENA ATHENA ATHENA Trojan Horses ATHENA Class of malware that uses social engineering... Software ATHENA Viruses ATHENA Self-replicating programs that spread by “infecting” other programs Require some action to trigger (run) Damaging and costly ATHENA Virus Databases ATHENA Evolution