Lecture 12

Information Security

1. Basic security terminology

2. Malware---attacks on integrity and confidentialityo Viruses, Trojan Horses, Spyware and Key-loggers

3. Spoofing attacks---attacks on authenticityo URL, DNS, IP, MAC, Email/ Caller ID spoofing

4. Network-based attacks---attacks on availabilityo DoS attack, worms

5. Social engineering attackso Phishing, greetings card, lottery win, etc.

6. How to protect/mitigate against these attacks?o Firewall, Anti-virus, Precautions, Best practices

Today’s lecture outline

Basic terminology1Security jargon

Vulnerability, threat, attack;

Hacker, cracker;

Black hats versus White hats

1. “CIA” triad of security requirements:o Confidentiality (Privacy)o Integrity (Authorization)o Availability

2. Other core security requirements:o Authenticityo Non-repudiability

Information Security Basics

Malware 2The software that is written for malicious purposesVirusesTrojan HorsesSpywareKeyloggers

Reproduced with permission. Please visit www.SecurityCartoon.com for more material

Brain Virus (Pakistani Flu) 1986

Credit: http://en.wikipedia.org/wiki/Brain_(computer_virus)

The first computer virus

Key-loggers and Spyware

Spoofing Attacks3where the attacker impersonates some one elseEmail spoofingURL spoofingDNS spoofingIP spoofingMAC spoofing

Email Spoofing (phishing)

3.a

URL Spoofing (phishing)

3.b

Genuine URL; Site: niit.edu.pk;

directory: src; file: login.php

https://webmail.niit.edu.pk/src/login.php

1

https://webmail.niit.org.pk/src/login.php

HACKED

Victim.ID

**************HACKEDHACKED

The second-level domain is .org and not

.edu; faked website

https://webmail.niit.org.pk/src/login.php

2

https://webmail.niit.edu.tk/src/login.php

3The first-level domain

is .tk and not .pk; faked website

https://webmail.niit.edu.tk/src/login.php

HACKED

Victim.ID

**************HACKEDHACKED

https://202.125.111.57/src/login.php

The IP address does not correspond to

webmail.niit.edu.pk; faked website

https://202.128.111.87/src/login.php

4 HACKED

Victim.ID

**************HACKEDHACKED

DNS Spoofing

3.c

IP Spoofing3.d

MAC Spoofing3.e

DNS spoofing

WWW

Tell me the IP address of www.niit.edu.pk?

WWW

DNS

Request

WWW

Reply

The IP address of www.niit.edu.pk is 110.125.157.198

DNS spoofingWWW

DNS

The IP address of www.niit.edu.pk is 110.125.157.198 Fake NIIT site

Private network

192.168.1.0/24

MAC/ IP spoofing

.254

00:aa:bb:cc:dd:ee:ff

.1

.25400:aa:bb:cc:dd:ee:ff

Malicious node

The malicious node can pretend to be another

node

Network-based attacks4where the attacker pretends to be something he/she/it is not

WormsDenial of Service attacks

Denial of Service attacks

Social Engineering5Targets the weakest component of a security system---the users

Non-technical hacking

Greeting card phishing

Lottery winning phishing

How to protect against security attacks?

6

Use an Internet Firewall

Apply the latest updates

Use up-to-date Anti-virus

Opening trusted files only

X X

Protecting against spyware

Passwords and locking systems when unused

Backing up data

1. Using an Internet Firewall

2. Installing the latest OS updates

3. Using Antivirus with updated virus database

4. Opening trusted files only

5. Protecting against spyware

6. Using good passwords and locking system

Security protection---Recall

1. Basic security terminology2. Malware---attacks on integrity and confidentialityo Viruses, Trojan Horses, Spyware and Key-loggers

3. Spoofing attacks---attacks on authenticityo URL, DNS, IP, MAC, Email spoofing

4. Network-based attacks---attacks on availabilityo DoS attack, worms

5. Social engineering attackso Phishing, greetings card, lottery win, etc.

6. How to protect against these attacks?o Firewall, Anti-virus, Education, Precautions, Best practices

7. Conclusions

Conclusions

???Questions/

Confusions?

Credits/ Acknowledgement can be found

at the course website:

http://tinyurl.com/5hb8pp