a brief history of the world
play

A Brief History of the World 1 CIS-5373: 2.March.2020 Network - PowerPoint PPT Presentation

Sep 08, 2022 •567 likes •1.06k views

A Brief History of the World 1 CIS-5373: 2.March.2020 Network Security Week 7 2 CIS-5373: 2.March.2020 Why and Who Attack Networks ? Challenge : Hackers Money : Espionage Money : Organized Crime Ideology :

  1. A Brief History of the World 1 CIS-5373: 2.March.2020

  2. Network Security Week 7 2 CIS-5373: 2.March.2020

  3. Why and Who Attack Networks ?  Challenge : Hackers  Money : Espionage  Money : Organized Crime  Ideology : Hacktivists/Cyberterrorists  Revenge : Insiders 3 CIS-5373: 2.March.2020

  4. Intrusion Techniques  Reconnaissance  Eavesdropping and Wiretapping  Impersonation  Message confidentiality threats  Web site vulnerabilities  DOS and DDOS 4 CIS-5373: 2.March.2020

  5. Reconnaissance  Port scan  For a given address find which ports respond  OS and application fingerprinting  Certain features reveal OS/apps manufacturer and versions  Nmap: guess the OS and version, what services are offered 5 CIS-5373: 2.March.2020

  6. Reconnaissance (cont’d)  Social engineering  Use social skills  Pretend to be someone else and ask for details  Run ipconfig - all  Intelligence  Dumpster diving  Eavesdropping  Blackmail  Bulletin boards and Chats 6 CIS-5373: 2.March.2020

  7. Social Engineering  People can be just as dangerous as unprotected computer systems  People can be lied to, manipulated, bribed, threatened, harmed, tortured, etc. to give up valuable information 7 CIS-5373: 2.March.2020

  8. Social Engineering  Pretexting  Phishing  Baiting  Quid Pro Quo  Tailgating 8 CIS-5373: 2.March.2020

  9. Pretexting  Example 1:  “Hi, I’m your AT&T rep, I’m stuck on a pole. I need you to punch a bunch of buttons for me” 9 CIS-5373: 2.March.2020

  10. Pretexting  Example 2: Call in the middle of the night  “Have you been calling Egypt for the last six hours?”  “No”  “Well, we have a call that’s actually active right now, it’s on your calling card and it’s to Egypt and as a matter of fact, you’ve got about $2000 worth of charges on your card and … read off your AT&T card number and PIN and then I’ll get rid of the charge for you” 10 CIS-5373: 2.March.2020

  11. Phishing  E-mail  Appears to come from a legitimate business  Requests "verification" of information  Home address  Password, PIN, SSN, credit card number  Dire consequences if not provided  Contains a link to a fraudulent web page that seems legitimate — with company logos and content 11 CIS-5373: 2.March.2020

  12. Baiting  Physical world Trojan horse  Attacker leaves a malware infected CD, flash drive in public space  Write something appealing on front  "Executive Salary Summary Q1 2016“  Exploit finder curiosity 12 CIS-5373: 2.March.2020

  13. Intrusion Techniques  Reconnaissance  Eavesdropping and Wiretapping  Impersonation  Message confidentiality threats  Web site vulnerabilities  DOS and DDOS 13 CIS-5373: 2.March.2020

  14. Wiretapping  Cable  Packet sniffers  Inductance/radiation emitted, Cutting the cable  Satellite  Easily intercepted over large areas  Optical fiber  Harder to wiretap  Repeaters, splices and taps are vulnerable  Wireless  Easy to intercept, steal service and disrupt/interfere 14 CIS-5373: 2.March.2020

  15. Packet Sniffing  Recall how Ethernet works …  When someone wants to send a packet to someone else  Put the bits on the wire with the destination MAC address  Other hosts are listening on the wire to detect for collisions …  It couldn’t get any easier to figure out what data is being transmitted over the network! 15 CIS-5373: 2.March.2020

  16. Packet Sniffing (cont’d)  This works for wireless too!  In fact, it works for any broadcast-based medium  What kinds of data is of interest  Answer:  Anything in plain text  Passwords 16 CIS-5373: 2.March.2020

  17. Intrusion Techniques  Reconnaissance  Eavesdropping and Wiretapping  Impersonation  Message confidentiality threats  Web site vulnerabilities  DOS and DDOS 17 CIS-5373: 2.March.2020

  18. Impersonation  Access the system by pretending to be authenticated user  Password guessing/capture  Spoofing 18 CIS-5373: 2.March.2020

  19. Password Guessing  Very common attack  Attacker knows a login (from email/web page etc)  Attempts to guess password for it  Defaults, short passwords, common word searches  User info (variations on names, birthday, phone, common words/interests)  Exhaustively searching all possible passwords  Check by login or against stolen password file  Success depends on password chosen by user  Surveys show many users choose poorly 19 CIS-5373: 2.March.2020

  20. Password Capture  Watch over shoulder as password is entered  Use key logger to collect  Monitor an insecure network login  E.g. telnet, FTP, web, email 20 CIS-5373: 2.March.2020

  21. Password Capture using Sniffing  Monitor an insecure network login  Example: Microsoft LAN Manager  Hash of passwd was transmitted, not passwd  At most 14 characters  Split in blocks of 7 chars, each with a different hash !  If 7 chars or less, second hash is of nulls  If 8 chars, second hash is of single char  Vulnerable to brute force attacks 21 CIS-5373: 2.March.2020

  22. Password Collection Protection  SSH, not Telnet  Many people still use Telnet and send their password in the clear (use PuTTY instead!)  Now that I have told you this, please do not exploit this information  Packet sniffing is, by the way, prohibited by Computing Services  HTTP over SSL  Especially when making purchases with credit cards!  SFTP, not FTP  Unless you really don’t care about the password or data  IPSec  Provides network-layer confidentiality 22 CIS-5373: 2.March.2020

  23. Spoofing  Pretend to be someone else  Masquerade  Session Hijacking  Man-In-the-Middle-Attack 23 CIS-5373: 2.March.2020

  24. Masquarade  One host pretends to be someone else  Easy to confuse names or mistype  Example: BlueBank vs Blue-Bank (masquerade) 1. Blue-Bank copies web page of BlueBank 2. Attracts customers of BlueBank  Phishing, Ads, Spam, etc … 3. Ask customer to enter account name and passwd 4. Optional: redirect connection to BlueBank  Try http://www.sonicwall.com/furl/phishing/ to test your phishing nose 24 CIS-5373: 2.March.2020

  25. Session Hijack vs. MitMA  Intercept and carry on session begun by another entity  Example:  Administrator uses telnet to login to privileged account  Attacker intrudes in the communication and passes commands as if on behalf of admin  Man-In-The-Middle Attack  Similar, but…  Attacker needs to participate since session start 25 CIS-5373: 2.March.2020

  26. Intrusion Techniques  Reconnaissance  Eavesdropping and Wiretapping  Impersonation  Message confidentiality threats  Web site vulnerabilities  DOS and DDOS 26 CIS-5373: 2.March.2020

  27. Message Confidentiality Threats  Misdelivery  Mistyping the destination address  Exposure  Packets are exposed over wires and in buffers at  Switches, gateways, routers, …  Traffic Flow Analysis  The existence of communication leaks information 27 CIS-5373: 2.March.2020

  28. Intrusion Techniques  Reconnaissance  Eavesdropping and Wiretapping  Impersonation  Message confidentiality threats  Web site vulnerabilities  DOS and DDOS 28 CIS-5373: 2.March.2020

  29. Web Site Vulnerabilities  Anyone has access to the code of a web page  Also the order in which pages are accessed  Example vulnerabilities:  Web site defacement  Buffer overflows 29 CIS-5373: 2.March.2020

  30. Intrusion Techniques  Reconnaissance  Eavesdropping and Wiretapping  Impersonation  Message confidentiality threats  Web site vulnerabilities  DOS and DDOS 30 CIS-5373: 2.March.2020

  31. Denial of Service  Make a network service unusable, usually by overloading the server or network  Many different kinds of DoS attacks  SYN flooding  SMURF  Distributed attacks 31 CIS-5373: 2.March.2020

  32. TCP Three Way Handshake  SYN : Client sends a SYN to the server  The segment sequence number is a random value A  SYN-ACK : Server replies with a SYN-ACK  The acknowledgment number is set to one more than the received sequence number (A + 1)  Sequence number that the server chooses for the packet is another random number B  ACK : Client sends an ACK back to the server  The acknowledgement number is set to one more than the received sequence number B + 1  Sequence number is set to the received acknowledgement value A + 1 32 CIS-5373: 2.March.2020

  33. SYN Flooding Attack  Send SYN packets with bogus source address  Why?  Server responds with SYN+ACK and keeps state about TCP half-open connection  Eventually, server memory exhausted with state  Solution: use “SYN cookies” 33 CIS-5373: 2.March.2020

  34. SYN Cookies  In response to a SYN, create a special “cookie” for the connection, and forget everything else  Let:  t = timestamp  m = maximum segment size (MSS) value that the server would have stored in the SYN queue entry  s = H K (t, IP srv , port srv , IP cli , port cli )  SYN Cookie: initial sequence number B  First 5 bits: t mod 32  Next 3 bits: an encoded value representing m  Final 24 bits: s mod (some prime of 24 bits) 34 CIS-5373: 2.March.2020

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Welcome to GCSE History Why study GCSE History? History is continuously changing the world

Welcome to GCSE History Why study GCSE History? History is continuously changing the world

Welcome to GCSE History Why study GCSE History? History is continuously changing the world around us and historic events have helped to shape our society today. Learning about past events and the people whove influenced history will allow

578 views • 15 slides
Ancient Greece Geography of Greece Adv. World History World History Chapter 4 Chapter 5

Ancient Greece Geography of Greece Adv. World History World History Chapter 4 Chapter 5

Ancient Greece Geography of Greece Adv. World History World History Chapter 4 Chapter 5 Geography epic poems: the Iliad & the Homer !"#$%&$'())*+,$ Odyssey (each 28,000 lines) -*.$/%0,'*+,%0.$ set of values: courage &

389 views • 13 slides
World Scout Badge World Scout Badge History of Scouting History of Scouting in Singapore

World Scout Badge World Scout Badge History of Scouting History of Scouting in Singapore

World Scout Badge World Scout Badge History of Scouting History of Scouting in Singapore Scout Promise Scout Law Scout Salute Left Hand Shake Scout Uniform Badges History of Scouting It all started

725 views • 13 slides
History and HTML 2 History of the World in Just 5 Slides, Part 1 ARPANET Implemented in

History and HTML 2 History of the World in Just 5 Slides, Part 1 ARPANET Implemented in

IT350 Web and Internet Programming History and HTML 2 History of the World in Just 5 Slides, Part 1 ARPANET Implemented in late 1960s by ARPA (Advanced Research Projects Agency of DOD) Networked computer systems of a dozen

335 views • 8 slides
History Celebrations around the World History | Year 3 | Celebrations around the World |

History Celebrations around the World History | Year 3 | Celebrations around the World |

History Celebrations around the World History | Year 3 | Celebrations around the World | Independence Day | Lesson 8 Question Marks You will spot question marks at certain points in this Lesson Presentation . Clicking the question marks will

276 views • 24 slides
Introduction ECN 110B World Economic History Since the Industrial Revolution J. Parman

Introduction ECN 110B World Economic History Since the Industrial Revolution J. Parman

Introduction ECN 110B World Economic History Since the Industrial Revolution J. Parman (UC-Davis) World Economic History, Spring 2011 March 28, 2011 1 / 40 Contact info, office hours John Parman (instructor) Email: jmparman@ucdavis.edu

793 views • 40 slides
Technology: A World History Daniel R. Headrick OXFORD UNIVERSITY PRESS 2009 2 Hydraulic

Technology: A World History Daniel R. Headrick OXFORD UNIVERSITY PRESS 2009 2 Hydraulic

The New Oxford World History Technology: A World History Daniel R. Headrick OXFORD UNIVERSITY PRESS 2009 2 Hydraulic Civilizations (4000-1500 BeE) T he Book of Genesis in the Bible describes the third day of the Creation in these words:

527 views • 34 slides
The United States in the World: An International History from Colonial Times to the Cold War

The United States in the World: An International History from Colonial Times to the Cold War

The United States in the World: An International History from Colonial Times to the Cold War (Maddy in Full Flight 1814) Rough Course Schedule v Week 1: Colonial Possessions in a World at War v Week 2: New Republic, Perilous World, 1787-44

466 views • 42 slides
4. The Internet and the World Wide Web 4.1 History of the Internet 4.2 The World Wide Web and

4. The Internet and the World Wide Web 4.1 History of the Internet 4.2 The World Wide Web and

4. The Internet and the World Wide Web 4.1 History of the Internet 4.2 The World Wide Web and the Browser 4.3 What Browsers Can Do for Us 4.4 What is a Website? 4.5 Website Design 4.6 Other Creatures on the Web 4.7 Key Web Software

1.02k views • 97 slides
The United States in the World: An International History from Colonial Times to the Cold War

The United States in the World: An International History from Colonial Times to the Cold War

The United States in the World: An International History from Colonial Times to the Cold War Rough Course Schedule v Week 1: Colonial Possessions in a World at War v Week 2: New Republic, Perilous World, 1787-44 v Week 3: Manifest Destiny,

444 views • 21 slides
Mrs. Griffith s Welcome Back Presentation - with clickable links World History and Geography

Mrs. Griffith s Welcome Back Presentation - with clickable links World History and Geography

Mrs. Griffith s Welcome Back Presentation - with clickable links World History and Geography Pre-History to the 1500s Click here to view Mrs. Griffith s Classroom Students will sit in every other desk and all face the same direction

287 views • 3 slides
Guest Speaker: Ray Mondragon World History is Jewish From Eternity to Eternity Part 1 June

Guest Speaker: Ray Mondragon World History is Jewish From Eternity to Eternity Part 1 June

Guest Speaker: Ray Mondragon World History is Jewish From Eternity to Eternity Part 1 June 10, 2018 Dean Bible Ministries www.deanbibleministries.org Dr. Ray Mondragon WORLD HISTORY IS JEWISH - from Eternity to Eternity Tel Aviv Coast

743 views • 41 slides
History of Computing Hello, world!* *Warm-up: When was this term first coined? Welcome to

History of Computing Hello, world!* *Warm-up: When was this term first coined? Welcome to

History of Computing Hello, world!* *Warm-up: When was this term first coined? Welcome to CSE 490H! Melissa Hovik BS/MS Student TA/instructor in Allen School for various courses including CSE 143/154/311/332/341 Many

658 views • 21 slides
WITH BIG IDEAS TO CHANGE THE WORLD January 1, 2011 | dellchallenge.org A bit of history

WITH BIG IDEAS TO CHANGE THE WORLD January 1, 2011 | dellchallenge.org A bit of history

WERE LOOKING FOR UNIVERSITY STUDENTS WITH BIG IDEAS TO CHANGE THE WORLD January 1, 2011 | dellchallenge.org A bit of history The Dell Social Innovation Challenge (DSIC) is in its sixth year. Since its launch the global competition has

441 views • 8 slides
15-292 History of Computing Computing Advances during a Time of War (World War II) Harvard

15-292 History of Computing Computing Advances during a Time of War (World War II) Harvard

1/30/20 15-292 History of Computing Computing Advances during a Time of War (World War II) Harvard Mark I IBM Automatic Sequence Controlled Calculator Digital computer Aikens machine for makin numbers Developed by

487 views • 23 slides
KSU Teams QA System for World History Exams at the NTCIR-13 QA Lab-3 Task Tasuku Kimura, Ryo

KSU Teams QA System for World History Exams at the NTCIR-13 QA Lab-3 Task Tasuku Kimura, Ryo

KSU Teams QA System for World History Exams at the NTCIR-13 QA Lab-3 Task KSU Teams QA System for World History Exams at the NTCIR-13 QA Lab-3 Task Tasuku Kimura, Ryo Tagami and Hisashi Miyamori Kyoto Sangyo University NTCIR-13 DAY-3: Dec

469 views • 28 slides
NTA Public Transfers NTA Flow Identity Inflow = Outflow + + +

NTA Public Transfers NTA Flow Identity Inflow = Outflow + + +

NTA Public Transfers NTA Flow Identity Inflow = Outflow + + + = + + Lifecycle Deficit = Age Reallocations = +

565 views • 19 slides
I NT RODUCT I ON T he impa c t o f the Gre a t Re c e ssio n L iving unde r the

I NT RODUCT I ON T he impa c t o f the Gre a t Re c e ssio n L iving unde r the

NEW YO RK ST AT E SC HO O L BO ARDS ASSO C IAT IO N C O L L EC T IVE BARG AINING WHAT S HAPPENING O UT T HERE? Pre se nte d b y: Julie M. Sha w, E sq . & Je ffre y D. Ho ne ywe ll, E sq . Mo de ra te d b y: Ja y Wo

406 views • 7 slides
Wheelock Ch 15 Wheelock Ch. 15 Quot m lites sunt? Quot m lites sunt? Quot (adj) How many

Wheelock Ch 15 Wheelock Ch. 15 Quot m lites sunt? Quot m lites sunt? Quot (adj) How many

Wheelock Ch 15 Wheelock Ch. 15 Quot m lites sunt? Quot m lites sunt? Quot (adj) How many Quid rd hic vir est? (ab sinister ad dexter) Quid rd hic vir est? (ab sinister ad dexter) Sinister, tr (adj) left Dexter,

615 views • 22 slides
DAA DNT Hybrid Yahoo! Privacy, Trust & Safety Group 28 April 2011 Presented by: Vinay Goel

DAA DNT Hybrid Yahoo! Privacy, Trust & Safety Group 28 April 2011 Presented by: Vinay Goel

DAA DNT Hybrid Yahoo! Privacy, Trust & Safety Group 28 April 2011 Presented by: Vinay Goel (vgoel@yahoo-inc.com) Session Topic: Opt-outs, Granular Control and Multiple Mechanisms How can we provide granular controls that allow users to

1.02k views • 3 slides
U.S. Patent Examination Office of Policy and External Affairs Global IP Academy 1

U.S. Patent Examination Office of Policy and External Affairs Global IP Academy 1

U.S. Patent Examination Office of Policy and External Affairs Global IP Academy 1 Constitutional Basis for Patent Protection in the United States US Constitution, Article 1, Section 8, Clause 8 The congress shall have the powerto

832 views • 51 slides
Safeguarded Digital Identities Loretta ANANIA, EC STOA Digital Sovereign Identity Workshop Why

Safeguarded Digital Identities Loretta ANANIA, EC STOA Digital Sovereign Identity Workshop Why

Safeguarded Digital Identities Loretta ANANIA, EC STOA Digital Sovereign Identity Workshop Why safeguards are needed IN EUROPE PRIVACY IS A FUNDAMENTAL RIGHT THAT THE EU TREATY ASSIGNS TO EACH INDIVIDUAL CITIZEN EC SUCCESS STORIES: MAKE

323 views • 4 slides
STEP 3: OPTIMIZE THE TRIPWIRE OFFER An irresistible, super- WHAT IS A low-ticket offer that

STEP 3: OPTIMIZE THE TRIPWIRE OFFER An irresistible, super- WHAT IS A low-ticket offer that

STEP 3: OPTIMIZE THE TRIPWIRE OFFER An irresistible, super- WHAT IS A low-ticket offer that exists for one reason TRIPWIRE? and one reason only to convert prospects into BUYERS! In other words, Tripwires change relationships

799 views • 44 slides
Forgiveness 101 Condoning poor behavior v F or getting what happened v Minimizing the injur

Forgiveness 101 Condoning poor behavior v F or getting what happened v Minimizing the injur

Heartland Mediators Association April 26-27, 2018 Forgiveness 101 Condoning poor behavior v F or getting what happened v Minimizing the injur y v v Dependent on r eligious belief or pr ac tic e v R ec onc iling 1 v Cr eating

433 views • 20 slides

More recommend