After studying this chapter you should be able to differentiate among various systems’ security threats: Privilege escalation, virus, Worm, Trojan, Spyware, Spam, Adware, Rootkits, Botnets, Logic bomb,... For further information, inviting you to refer lecture.
Identifying Potential Risks Contents v Differentiate among various systems’ security threats: v Privilege escalation v Virus v Worm v Trojan v Spyware v Spam v Adware v Rootkits v Botnets v Logic bomb 10 Index v Attack Strategies v Recognizing Common Attacks v Identifying TCP/IP Security Concerns v Understanding Software Exploitation v Surviving Malicious Code v Other Attacks and Frauds Null Sessions v Connections to a Microsoft Windows 2000 or Windows NT computer with a blank username and password v Attacker can collect a lot of data from a vulnerable system v Cannot be fixed by patches to the operating systems v Much less of a problem with modern Windows versions, Win XP SP2, Vista, or Windows Domain Name Kiting v Check kiting v A type of fraud that involves the unlawful use of checking accounts to gain additional time before the fraud is detected v Domain Name Kiting v Registrars are organizations that are approved by ICANN to sell and register Internet domain names v A five-day Add Grade Period (AGP) permits registrars to delete any newly registered Internet domain names and receive a full refund of the registration fee Domain Name Kiting v Unscrupulous registrars register thousands of Internet domain names and then delete them v Recently expired domain names are indexed by search engines v Visitors are directed to a re-registered site v Which is usually a single page Web with paid advertisement links v Visitors who click on these links generate money for the registrar SNMP (Simple Network Management Protocol) v Used to manage switches, routers, and other network devices v Early versions did not encrypt passwords, and had other security flaws v But the old versions are still commonly used DNS (Domain Name System) v DNS is used to resolve domain names like www.ccsf.edu to IP addresses like 147.144.1.254 v DNS has many vulnerabilities v It was never designed to be secure DNS Poisoning Local DNS Poisoning v Put false entries into the Hosts file v C:\Windows\System32\Drivers\etc\hosts DNS Cache Poisoning v Attacker sends many spoofed DNS responses v Target just accepts the first one it gets Sending Extra DNS Records DNS Transfers v Intended to let a new DNS server copy the records from an existing one v Can be used by attackers to get a list of all the machines in a company, like a network diagram v Usually blocked by modern DNS servers Protection from DNS Attacks v Antispyware software will warn you when the hosts file is modified v Using updated versions of DNS server software prevents older DNS attacks against the server v But many DNS flaws cannot be patched v Eventually: Switch to DNSSEC (Domain Name System Security Extensions) v But DNSSEC is not widely deployed yet, and it has its own problems ARP (Address Resolution Protocol) v ARP is used to convert IP addresses like 147.144.1.254 into MAC addresses like 00-30-48-82-11-34 ARP Cache Poisoning v Attacker sends many spoofed ARP responses v Target just accepts the first one it gets Results of ARP Poisoning Attacks ... to gain access to information that the attacker isn’t authorized to have v Modification and repudiation attack, someone wants to modify information in your systems v Denial-of-service (DoS) attack... mitigation techniques v Antiquated protocols v TCP/IP hijacking v Null sessions v Spoofing v Man-in-the-middle v Replay v DoS v DDoS Contents v Explain the vulnerabilities and mitigations associated... Differentiate among various systems security threats: v Privilege escalation v Virus v Worm v Trojan v Spyware v Spam v Adware v Rootkits v Botnets v Logic bomb 10 11 Contents v Implement security applications