tutorial 1 - philadelphia university · 2015. 5. 10. · example which from the following attacks...
TRANSCRIPT
-
Tutorial 1
April 6, 2015
-
I. Basic Notions
-
Review Questions Chapter 2 & 3
Fill-in the blank
Multiple-choice
-
Chapter 2
-
Example
A _____ attack exploits previously unknown vulnerabilities.
a. virus resource
b. shock and awe
c. surprise
d. zero day
-
Example
Which from the following attacks exploit previously unknown vulnerabilities.
a. virus resource
b. shock and awe
c. surprise
d. zero day
-
Example
Which from the following attacks exploit previously unknown vulnerabilities.
a. virus resource
b. shock and awe
c. surprise
zero day
d
-
Malware That Conceals
• Rootkits
• Removal of a rootkit can be difficult
– Reformat hard drive and reinstall operating system
-
Malware That Profits
• Spyware
– Software that gathers information without user consent
– Usually used for:
• Advertising
• Collecting personal information
• Changing computer configurations
9
-
Malware That Profits (cont’d.)
• Keyloggers
– Program that captures user’s keystrokes
– Information later retrieved by attacker
– Attacker searches for useful information
• Passwords
• Credit card numbers
• Personal information
10
-
Malware That Profits (cont’d.)
• Keyloggers (cont’d.)
– Can be a small hardware device
• Inserted between computer keyboard and connector
• Unlikely to be detected
• Attacker physically removes device to collect information
11
-
12
Figure 2-6 Hardware keylogger © Cengage Learning 2012
Malware That Profits (cont’d.)
-
Malware That Profits (cont’d.)
• Botnets
– Computer is infected with program that allows it to be remotely controlled by attacker
• Often payload of Trojans, worms, and viruses
– Infected computer called a zombie
– Groups of zombie computers together called botnet
• Early botnet attackers used Internet Relay Chat to remotely control zombies
– HTTP is often used today
13
-
Social Engineering Attacks
• Spam – Unsolicited e-mail
– Primary vehicles for distribution of malware
– Sending spam is a lucrative business
• Spim: targets instant messaging users
• Image spam – Uses graphical images of text
– Circumvents text-based filters
– Often contains nonsense text
14
-
Social Engineering Attacks (cont’d.)
• Spammer techniques – GIF layering
• Image spam divided into multiple images
• Layers make up one complete legible message
– Word splitting • Horizontally separating words
• Can still be read by human eye
– Geometric variance • Uses speckling and different colors so no two emails
appear to be the same
15
-
Social Engineering Attacks (cont’d.)
• Hoaxes
– False warning or claim
– May be first step in an attack
16
-
Chapter 3
-
18
Figure 3-2 Web application security © Cengage Learning 2012
Traditional network security devices ignore the content of HTTP
traffic, which is the vehicle of Web application attacks.
-
Application Attacks
• Attacks that target applications
– Category continues to grow
– Web application attacks
– Client-side attacks
– Buffer overflow attacks
• Zero day attacks
– Exploit previously unknown vulnerabilities
– Victims have no time to prepare or defend
19
-
II. Familiar Problems Solving
-
SQL Injection
• Forgotten password example
– This submitted e-mail address is compared to an address that is stored with the user’s profile
– If the submitted e-mail address matches with the stored e-mail address, a password is e-mailed to the submitted address
21
-
SQL Injection (cont’d). • Forgotten password example (cont’d.)
SELECT fieldlist
FROM table
WHERE field =‘ ’;
SELECT fieldlist
FROM table
WHERE field =‘ ’;
22
-
SQL Injection (cont’d).
• Forgotten password example (cont’d.) – If the message “e-mail address is
unknown” is displayed, it indicates that user input is being properly filtered and a SQL attack cannot be rendered on the site
23
-
SQL Injection (cont’d).
• Forgotten password example (cont’d.) – However, if the message “server failure” is displayed,
it means that the user input is not being filtered
– Instead, all user input is sent directly to the database
– Armed with the knowledge that input is sent unfiltered to the database, the attacker can begin his SQL attack on the site.
(the SQL parser found the extra quote mark ’ and aborted
with a syntax error; the exact message form depends on the application’s internal error-recovery procedures)
24
-
• Directory traversal attack : Takes advantage of vulnerability in the Web application program or the Web server software – Attacker moves from root directory to restricted
directories
• Command injection : The ability to move to another directory could allow: – Unauthorized user to view confidential files
– Inject commands to execute on a server
25
Directory Traversal /Command Injection
-
Directory Traversal /Command Injection(Cont’d.)
• Example: a browser requesting a dynamic page
(dynamic.asp) from a Web server (www.server.net) to retrieve a file (display.html) in order to display it, would
generate the request using the URL http://www.server.net/dynamic.asp?view=dis
play.html.
• However, vulnerability in the application code could allow an attacker to launch a directory traversal attack
• The attacker could create the URL http://www.server.net/dynamic.asp?view=../
../../../../document.docx
• This could display the contents of document
26
-
III. Unfamiliar Problems Solving