Network Security

Lecture 14

A brief history of the world

Security Attacks

a.Malware---attacks on integrity and privacy

Viruses, Trojan Horses, Spyware and Key-loggers

b.Spoofing attacks---attacks on authenticity

URL, DNS, IP, MAC, Email/ Caller ID spoofing

c.Network-based attacks---attacks on availability

DoS attack, worms

d.Social engineering attacks

Phishing, greetings card, lottery win, etc.

Lecture’s outline

Security Attacks

• PrivacyThe sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended receiver and should be unintelligible to all others.

• AuthenticationThe receiver is sure of the sender’s identity and that an imposter has not sent the message.

Security Attacks

• IntegrityThe data must arrive at the receiver exactly as it was sent by the original sender. There must be no changes in transmission, either accidental or malicious.

• Non-repudiation:A receiver must be able to prove that a received message came from a specified sender. The sender must not be able to deny sending a message that it has, in fact, sent.

Security Attacks

Motivation for security attacks

Source: “Computer Networks” by Andrew Tanenbaum

Malware aThe software that is written for malicious purposes

VirusesWormsTrojan HorsesSpywareKeyloggers

Reproduced with permission. Please visit www.SecurityCartoon.com for more material

Viruses

• A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels.

Designing A Virus

• Locate the first executable instruction in the target program

• Replace the instruction with an instruction to jump to the memory location next to the last instruction of the target system

• Insert the virus code for execution at the end• Insert an instruction after virus code that simulates

the first instruction • Then jump to the second instruction of original code

Brain Virus (Pakistani Flu) 1986

Credit: http://en.wikipedia.org/wiki/Brain_(computer_virus)

The first computer virus

Virus vs. Worm

Credit: Yashar Ganjali; www.caida.org

Propagation effect of worms

Before slammer

worm

After slammer

worm

Key-loggers and Spyware

Spoofing Attacksbwhere the attacker impersonates some one elseEmail spoofingURL spoofingDNS spoofingIP spoofingMAC spoofing

Email Spoofing (phishing)

b.1

URL Spoofing (phishing)

b.2

Genuine URL; Site: niit.edu.pk;

directory: src; file: login.php

https://webmail.niit.edu.pk/src/login.php

1

https://webmail.niit.org.pk/src/login.php

HACKED

Victim.ID

**************HACKEDHACKED

The second-level domain is .org and not

.edu; faked website

https://webmail.niit.org.pk/src/login.php

2

https://webmail.niit.edu.tk/src/login.php

3The first-level domain

is .tk and not .pk; faked website

https://webmail.niit.edu.tk/src/login.php

HACKED

Victim.ID

**************HACKEDHACKED

https://202.125.111.57/src/login.php

The IP address does not correspond to

webmail.niit.edu.pk; faked website

https://202.128.111.87/src/login.php

4 HACKED

Victim.ID

**************HACKEDHACKED

DNS Spoofing

b.3

IP Spoofingb.4

MAC Spoofingb.5

DNS spoofing

WWW

Tell me the IP address of www.niit.edu.pk?

WWW

DNS

Request

WWW

Reply

The IP address of www. niit.edu.pk is 110.125.157.198

DNS spoofingWWW

DNS

The IP address of www.niit.edu.pk is 110.125.157.198 Fake NIIT site

Private network

192.168.1.0/24

MAC/ IP spoofing

.254

00:aa:bb:cc:dd:ee:ff

.1

.25400:aa:bb:cc:dd:ee:ff

Malicious node

A malicious node can pretend to be another

node

Network-based attackscwhere the attacker pretends to be something he/she/it is not

WormsDenial of Service attacks

Denial of Service attacks

Social EngineeringdTargets the weakest component of a security system---the users

Non-technical hacking

Greeting card phishing

Lottery winning phishing

??? Questions/

Confusions?