system protection & security
TRANSCRIPT
-
8/3/2019 System Protection & Security
1/52
SYSTEM PROTECTION &SECURITY
System and Network Threats
-
8/3/2019 System Protection & Security
2/52
Threats
-
8/3/2019 System Protection & Security
3/52
System and Network Threats
Virus
Laptop & mobile theft
Ddos attack
Unauthorized access of information Abuse of wireless network
System protection
Telecom fraud
Misuse of web application
Website defacement
Worms
Port scanning
-
8/3/2019 System Protection & Security
4/52
Worms
-
8/3/2019 System Protection & Security
5/52
Talk Outline
What are worms?
The life cycle of a simple worm:
scanning for a victim
exploiting the victim
cloning itself onto the victim
running the clone to further spread infection
stealth techniques used to hide itself
-
8/3/2019 System Protection & Security
6/52
What are worms?
A worm is a self replicating program
Self-replicating => it makes copies of itself andsends them over to hosts across a network
All copies have the same functionality and generallylack any sort of synchronization among themselves
Worms are hated because: Bandwidth consumption
Might crash computers they infect Infected computers may be used for other attacks such as DDoS,
Phishing attacks etc
-
8/3/2019 System Protection & Security
7/52
Types of worms
Network worms generally exploits a servicespreads
Email worms use mass emails to spread and either
target the email client (Outlook) or rely on userintervention (a click) to spread
IRC worms
IM worms File sharing worms
XSS worms MySpace ??
-
8/3/2019 System Protection & Security
8/52
The life cycle of a simple worm
Scanning for a victim
Exploiting the victim
Cloning itself onto the victim
Running the clone to further spread infection
Stealth techniques used to hide itself
-
8/3/2019 System Protection & Security
9/52
The life of a worm
(1)
(2)
(2)
(2)
Victim
Victim
Victim
Victim
-
8/3/2019 System Protection & Security
10/52
The life of a worm
Worm created
Victim found
Scans for Victim
Send Exploit
Get a copy
Scan
Rooted !!
-
8/3/2019 System Protection & Security
11/52
Scanning for a victim
Random scan random IP
Selective random scan IP from global and localrouting addresses
Full scan scan all IP addresses Divide and conquer scan divide IP addresses
among child worms
Subnet scan detect and scan local subnet
Etc etc
-
8/3/2019 System Protection & Security
12/52
Exploiting the victim
What is an exploit? simply put: a piece of code whichprovides access to a victim computer by utilizing some flaw inthe logic of a program running on the victim computer
By access I mean the ability to run commands/programs onthe remote computer
Network worms use what is called a remote exploit an
exploit which can be launched remotely and which gives somecode running privileges on the victim
Find a suitable exploit to use in the worm
-
8/3/2019 System Protection & Security
13/52
Cloning itself onto the victim
Once the victim has been exploited the worm needsto get a copy of itself on the victim
Tftp?? Blaster worm
Http server ??
Ftp server ??
Compile source??
Include worm in the shellcode??
-
8/3/2019 System Protection & Security
14/52
Running the clone to further spread
infection
Once the clone has been downloaded run it
Make it a service??
Add a registry entry for startup??
Clone starts scanning again
Clone finds a victim
Cycle continues
-
8/3/2019 System Protection & Security
15/52
Stealth techniques used to hide itself
Hide process
Hide files
Hide activity Delete logs
rootkit??
-
8/3/2019 System Protection & Security
16/52
The life of a worm
Worm created
Victim found
Scans for Victim
Send Exploit
Get a copy
Scan
Rooted !!
-
8/3/2019 System Protection & Security
17/52
Examples of worms
Slammer Worm
Code Red worm
MyDoom.B
-
8/3/2019 System Protection & Security
18/52
Port Scanning
Three way handshaking
Stealth Scan
Xmas Scan
FIN Scan
NULL Scan
Ideal Scan
-
8/3/2019 System Protection & Security
19/52
Tools
Nmap
Softperfect network scanner
Port scanner ActiveX contro
l
Acunetix
Nessus
Etc etc..
-
8/3/2019 System Protection & Security
20/52
DOS (distributed denial of service)
-
8/3/2019 System Protection & Security
21/52
What is Ddos attack??
The flood of incoming messages to the target systemessentially forces it to shut down, thereby denyingservice to the system to legitimate users.
-
8/3/2019 System Protection & Security
22/52
Contd..
A denial of service attack (DoS) is an attackthrough which a person can make a systemunusable, or slow it down for users by overloading
its resources.
If an attacker is unable to gain access to a machine,
the attacker most probably will crash the machine
to accomplish a den
ialof serv
ice attack.
-
8/3/2019 System Protection & Security
23/52
Why DoS attack??
Attempt to flood a network, to increase networktraffic.
Attempt to disrupt connections between twomachines.
Attempt to prevent a particular individual fromaccessing a service.
-
8/3/2019 System Protection & Security
24/52
Types of Ddos attack
Smurf
Buffer overflow attack
Ping of death
Teardrop
SYN
Tribal flood Attack
-
8/3/2019 System Protection & Security
25/52
Tools for DoS Attack
Jolt2
Bubonic.c
Land and LaTierra
Targa
-
8/3/2019 System Protection & Security
26/52
Authentication
-
8/3/2019 System Protection & Security
27/52
What is Authentication?
Authentication is any process by which a systemverifies the identity of a user who wishes to accessit.
Authentication exists to establish trust between twoparties, or authentication entities. These entities
consist of an identity and a key.
-
8/3/2019 System Protection & Security
28/52
Types of Authentication
User Authentication-
User Authentication is the process of determiningthat a user is who he/she claims to be
HTTP Basic, SSL & TLC
EntityAuthentication-
Entity authentication is the process of determining if
an entity is who it claims to be.Cookies etc
-
8/3/2019 System Protection & Security
29/52
Password Based Authentication System
Usernames
Storing Usernames and Passwords
Ensuring Password Quality
Password Lockout
Password Aging and Password History
Automated Password Reset Systems
Sending Out Passwords
Single Sign-On Across Multiple DNS Domains
-
8/3/2019 System Protection & Security
30/52
Password maintenance
Do NOT share your User ID(s) and password(s) with ANYONE
Do NOT store your User ID(s) and password(s) on any loose bits of paper, sticky
notes.
Do NOT hide your User ID(s) and password(s) under the keyboard, or at any other
would be "secret" hiding place. Do change your password(s) after time interval.
Before entering your User ID and password, make sure no one is watching you
Before using your User ID and password on a third-party computer, make sure it iswell protected, and free of trojans and key loggers.
- Passwords must be made up of a mixture of lower-case letters, upper case letters,numbers, and at least one special character, such as (!@#$%^&*()_+|)
at least 7 characters
Do not enter your emailid or account no in cyber caf.
-
8/3/2019 System Protection & Security
31/52
Password maintenance Contd..
System Access
Password Creation Best Practices
Virus Protection
Malicious Code Best Practices
Software Installation
Encryption
Web Browsing
E-mail Use
-
8/3/2019 System Protection & Security
32/52
Password Vulnerability
Organizational or end-user vulnerabilities:
This includes lack of password awareness on thepart of end users and the lack of password policies
that are enforced within the organization.
Technical vulnerabilities:
This includes weak encryption methods and
insecure storage of passwords on computer systems.
-
8/3/2019 System Protection & Security
33/52
Cracking password
Social engineering
Shoulder sniffing
Interference
Weak authentication
Bypassing authentication
Password cracking software (Brutus, John the ripper)
Dictionary attacks
Brute-force attacks
-
8/3/2019 System Protection & Security
34/52
Other ways to crack passwords
Keystroke logging
Weak password storage
Network analyzer
-
8/3/2019 System Protection & Security
35/52
Encrypted passwords
SSL
HTTPS
SSH/TLS
Stelnet
-
8/3/2019 System Protection & Security
36/52
BIOMETRICES
The password you never forget
-
8/3/2019 System Protection & Security
37/52
-
8/3/2019 System Protection & Security
38/52
INTRUSION DETECTION
An IDS inspects allinbound and outbound networkactivity and identifies suspicious pattern thatindicates an attack to compromise a system.
Example: Snort, symantic manhunt etc
-
8/3/2019 System Protection & Security
39/52
Firewall
A firewallis simply a program or hardware devicethat protects the resources of a private networkfrom user of other network.
-
8/3/2019 System Protection & Security
40/52
Honeypot
A honeypot is a device intended to becompromised. The goal of setting up a honeypot isto have the system probed, attack and potentially
exploited.
-
8/3/2019 System Protection & Security
41/52
Cryptography as a Security Tool
FOR MORE SECURITY
-
8/3/2019 System Protection & Security
42/52
Encryption Basics
Encryption is yet another process by whichinformation is protected from unauthorized access.
It is normally accomplished by rendering the originalinformation unreadable by using a reversibletechnique known only to the authorized entities.
-
8/3/2019 System Protection & Security
43/52
Types of Encryption
Private/Symmetric Key Cryptography :
Same key is used for encryption and decryption.
Public/Asymmetric Key Cryptography :Different keys are used for encryption and
decryption.
-
8/3/2019 System Protection & Security
44/52
RC4 Basics
A symmetric key encryption algo. Invented by RonRivest.
Normally uses 64 bit and 128 bit key sizes.
Most popular implementation is in WEP for 802.11wireless networks and in SSL.
Cryptographically very strong yet very easy to
implement. Consists of 2 parts: Key Scheduling Algorithm (KSA) &
Pseudo-Random Generation Algorithm
-
8/3/2019 System Protection & Security
45/52
RC4 Block Diagram
Plain Text
Secret Key
RC4
+Encrypted
Text
Keystream
-
8/3/2019 System Protection & Security
46/52
RC4 break up
Initialize an array of 256 bytes.
Run the KSA on them
Run the PRGA on the KSA output to generate
keystream.
XOR the data with the keystream.
-
8/3/2019 System Protection & Security
47/52
Array Initialization
C Code:
char S[256];
Int i;For(i=0; i< 256; i++)
S[i] = i;
After this the array would like this :
S[] = { 0,1,2,3, , 254, 255}
-
8/3/2019 System Protection & Security
48/52
Encryption using RC4
Choose a secret key
Run the KSA and PRGA using the key to generate akeystream.
XOR keystream with the data to generatedencrypted stream.
Transmit Encrypted stream.
-
8/3/2019 System Protection & Security
49/52
Decryption using RC4
Use the same secret key as during the encryption phase.
Generate keystream by running the KSA and PRGA.
XOR keystream with the encrypted text to generate the plaintext.
Logic is simple :
(A xor B) xor B = A
A = Plain Text or DataB = KeyStream
-
8/3/2019 System Protection & Security
50/52
Making of a RC4 File Encryptor
Using a secret key generate the RC4 keystreamusing the KSA and PRGA.
Read the file and xor each byte of the file with the
corresponding keystream byte.
Write this encrypted output to a file.
Transmit file over an insecure channel.
-
8/3/2019 System Protection & Security
51/52
Making of a RC4 File Decryptor
Using the same secret key used to encrypt generatethe RC4 keystream.
Read the encrypted file and Xor every byte of this
encrypted stream with the corresponding byte ofthe keystream.
This will yield the original plaintext
-
8/3/2019 System Protection & Security
52/52
For more detail
Contact me:Email: [email protected]
Web: http://www.hackersreloaded.com
Thanking you..