system protection & security

8/3/2019 System Protection & Security

1/52

SYSTEM PROTECTION &SECURITY

System and Network Threats


2/52

Threats


3/52

System and Network Threats

Virus

Laptop & mobile theft

Ddos attack

Unauthorized access of information Abuse of wireless network

System protection

Telecom fraud

Misuse of web application

Website defacement

Worms

Port scanning


4/52

Worms


5/52

Talk Outline

What are worms?

The life cycle of a simple worm:

scanning for a victim

exploiting the victim

cloning itself onto the victim

running the clone to further spread infection

stealth techniques used to hide itself


6/52

What are worms?

A worm is a self replicating program

Self-replicating => it makes copies of itself andsends them over to hosts across a network

All copies have the same functionality and generallylack any sort of synchronization among themselves

Worms are hated because: Bandwidth consumption

Might crash computers they infect Infected computers may be used for other attacks such as DDoS,

Phishing attacks etc


7/52

Types of worms

Network worms generally exploits a servicespreads

Email worms use mass emails to spread and either

target the email client (Outlook) or rely on userintervention (a click) to spread

IRC worms

IM worms File sharing worms

XSS worms MySpace ??


8/52

The life cycle of a simple worm

Scanning for a victim

Exploiting the victim

Cloning itself onto the victim

Running the clone to further spread infection

Stealth techniques used to hide itself


9/52

The life of a worm

(1)

(2)

(2)

(2)

Victim

Victim

Victim

Victim


10/52

The life of a worm

Worm created

Victim found

Scans for Victim

Send Exploit

Get a copy

Scan

Rooted !!


11/52

Scanning for a victim

Random scan random IP

Selective random scan IP from global and localrouting addresses

Full scan scan all IP addresses Divide and conquer scan divide IP addresses

among child worms

Subnet scan detect and scan local subnet

Etc etc


12/52

Exploiting the victim

What is an exploit? simply put: a piece of code whichprovides access to a victim computer by utilizing some flaw inthe logic of a program running on the victim computer

By access I mean the ability to run commands/programs onthe remote computer

Network worms use what is called a remote exploit an

exploit which can be launched remotely and which gives somecode running privileges on the victim

Find a suitable exploit to use in the worm


13/52

Cloning itself onto the victim

Once the victim has been exploited the worm needsto get a copy of itself on the victim

Tftp?? Blaster worm

Http server ??

Ftp server ??

Compile source??

Include worm in the shellcode??


14/52

Running the clone to further spread

infection

Once the clone has been downloaded run it

Make it a service??

Add a registry entry for startup??

Clone starts scanning again

Clone finds a victim

Cycle continues


15/52

Stealth techniques used to hide itself

Hide process

Hide files

Hide activity Delete logs

rootkit??


16/52

The life of a worm

Worm created

Victim found

Scans for Victim

Send Exploit

Get a copy

Scan

Rooted !!


17/52

Examples of worms

Slammer Worm

Code Red worm

MyDoom.B


18/52

Port Scanning

Three way handshaking

Stealth Scan

Xmas Scan

FIN Scan

NULL Scan

Ideal Scan


19/52

Tools

Nmap

Softperfect network scanner

Port scanner ActiveX contro

l

Acunetix

Nessus

Etc etc..


20/52

DOS (distributed denial of service)


21/52

What is Ddos attack??

The flood of incoming messages to the target systemessentially forces it to shut down, thereby denyingservice to the system to legitimate users.


22/52

Contd..

A denial of service attack (DoS) is an attackthrough which a person can make a systemunusable, or slow it down for users by overloading

its resources.

If an attacker is unable to gain access to a machine,

the attacker most probably will crash the machine

to accomplish a den

ialof serv

ice attack.


23/52

Why DoS attack??

Attempt to flood a network, to increase networktraffic.

Attempt to disrupt connections between twomachines.

Attempt to prevent a particular individual fromaccessing a service.


24/52

Types of Ddos attack

Smurf

Buffer overflow attack

Ping of death

Teardrop

SYN

Tribal flood Attack


25/52

Tools for DoS Attack

Jolt2

Bubonic.c

Land and LaTierra

Targa


26/52

Authentication


27/52

What is Authentication?

Authentication is any process by which a systemverifies the identity of a user who wishes to accessit.

Authentication exists to establish trust between twoparties, or authentication entities. These entities

consist of an identity and a key.


28/52

Types of Authentication

User Authentication-

User Authentication is the process of determiningthat a user is who he/she claims to be

HTTP Basic, SSL & TLC

EntityAuthentication-

Entity authentication is the process of determining if

an entity is who it claims to be.Cookies etc


29/52

Password Based Authentication System

Usernames

Storing Usernames and Passwords

Ensuring Password Quality

Password Lockout

Password Aging and Password History

Automated Password Reset Systems

Sending Out Passwords

Single Sign-On Across Multiple DNS Domains


30/52

Password maintenance

Do NOT share your User ID(s) and password(s) with ANYONE

Do NOT store your User ID(s) and password(s) on any loose bits of paper, sticky

notes.

Do NOT hide your User ID(s) and password(s) under the keyboard, or at any other

would be "secret" hiding place. Do change your password(s) after time interval.

Before entering your User ID and password, make sure no one is watching you

Before using your User ID and password on a third-party computer, make sure it iswell protected, and free of trojans and key loggers.

- Passwords must be made up of a mixture of lower-case letters, upper case letters,numbers, and at least one special character, such as (!@#$%^&*()_+|)

at least 7 characters

Do not enter your emailid or account no in cyber caf.


31/52

Password maintenance Contd..

System Access

Password Creation Best Practices

Virus Protection

Malicious Code Best Practices

Software Installation

Encryption

Web Browsing

E-mail Use


32/52

Password Vulnerability

Organizational or end-user vulnerabilities:

This includes lack of password awareness on thepart of end users and the lack of password policies

that are enforced within the organization.

Technical vulnerabilities:

This includes weak encryption methods and

insecure storage of passwords on computer systems.


33/52

Cracking password

Social engineering

Shoulder sniffing

Interference

Weak authentication

Bypassing authentication

Password cracking software (Brutus, John the ripper)

Dictionary attacks

Brute-force attacks


34/52

Other ways to crack passwords

Keystroke logging

Weak password storage

Network analyzer


35/52

Encrypted passwords

SSL

HTTPS

SSH/TLS

Stelnet


36/52

BIOMETRICES

The password you never forget


37/52


38/52

INTRUSION DETECTION

An IDS inspects allinbound and outbound networkactivity and identifies suspicious pattern thatindicates an attack to compromise a system.

Example: Snort, symantic manhunt etc


39/52

Firewall

A firewallis simply a program or hardware devicethat protects the resources of a private networkfrom user of other network.


40/52

Honeypot

A honeypot is a device intended to becompromised. The goal of setting up a honeypot isto have the system probed, attack and potentially

exploited.


41/52

Cryptography as a Security Tool

FOR MORE SECURITY


42/52

Encryption Basics

Encryption is yet another process by whichinformation is protected from unauthorized access.

It is normally accomplished by rendering the originalinformation unreadable by using a reversibletechnique known only to the authorized entities.


43/52

Types of Encryption

Private/Symmetric Key Cryptography :

Same key is used for encryption and decryption.

Public/Asymmetric Key Cryptography :Different keys are used for encryption and

decryption.


44/52

RC4 Basics

A symmetric key encryption algo. Invented by RonRivest.

Normally uses 64 bit and 128 bit key sizes.

Most popular implementation is in WEP for 802.11wireless networks and in SSL.

Cryptographically very strong yet very easy to

implement. Consists of 2 parts: Key Scheduling Algorithm (KSA) &

Pseudo-Random Generation Algorithm


45/52

RC4 Block Diagram

Plain Text

Secret Key

RC4

+Encrypted

Text

Keystream


46/52

RC4 break up

Initialize an array of 256 bytes.

Run the KSA on them

Run the PRGA on the KSA output to generate

keystream.

XOR the data with the keystream.


47/52

Array Initialization

C Code:

char S[256];

Int i;For(i=0; i< 256; i++)

S[i] = i;

After this the array would like this :

S[] = { 0,1,2,3, , 254, 255}


48/52

Encryption using RC4

Choose a secret key

Run the KSA and PRGA using the key to generate akeystream.

XOR keystream with the data to generatedencrypted stream.

Transmit Encrypted stream.


49/52

Decryption using RC4

Use the same secret key as during the encryption phase.

Generate keystream by running the KSA and PRGA.

XOR keystream with the encrypted text to generate the plaintext.

Logic is simple :

(A xor B) xor B = A

A = Plain Text or DataB = KeyStream


50/52

Making of a RC4 File Encryptor

Using a secret key generate the RC4 keystreamusing the KSA and PRGA.

Read the file and xor each byte of the file with the

corresponding keystream byte.

Write this encrypted output to a file.

Transmit file over an insecure channel.


51/52

Making of a RC4 File Decryptor

Using the same secret key used to encrypt generatethe RC4 keystream.

Read the encrypted file and Xor every byte of this

encrypted stream with the corresponding byte ofthe keystream.

This will yield the original plaintext


52/52

For more detail

Contact me:Email: [email protected]

Web: http://www.hackersreloaded.com

Thanking you..

system protection & security

Documents