week12 final
TRANSCRIPT
1. Basic security terminology
2. Malware---attacks on integrity and confidentialityo Viruses, Trojan Horses, Spyware and Key-loggers
3. Spoofing attacks---attacks on authenticityo URL, DNS, IP, MAC, Email/ Caller ID spoofing
4. Network-based attacks---attacks on availabilityo DoS attack, worms
5. Social engineering attackso Phishing, greetings card, lottery win, etc.
6. How to protect/mitigate against these attacks?o Firewall, Anti-virus, Precautions, Best practices
Today’s lecture outline
Basic terminology1Security jargon
Vulnerability, threat, attack;
Hacker, cracker;
Black hats versus White hats
1. “CIA” triad of security requirements:o Confidentiality (Privacy)o Integrity (Authorization)o Availability
2. Other core security requirements:o Authenticityo Non-repudiability
Information Security Basics
Reproduced with permission. Please visit www.SecurityCartoon.com for more material
Brain Virus (Pakistani Flu) 1986
Credit: http://en.wikipedia.org/wiki/Brain_(computer_virus)
The first computer virus
Spoofing Attacks3where the attacker impersonates some one elseEmail spoofingURL spoofingDNS spoofingIP spoofingMAC spoofing
Genuine URL; Site: niit.edu.pk;
directory: src; file: login.php
https://webmail.niit.edu.pk/src/login.php
1
https://webmail.niit.org.pk/src/login.php
HACKED
Victim.ID
**************HACKEDHACKED
The second-level domain is .org and not
.edu; faked website
https://webmail.niit.org.pk/src/login.php
2
https://webmail.niit.edu.tk/src/login.php
3The first-level domain
is .tk and not .pk; faked website
https://webmail.niit.edu.tk/src/login.php
HACKED
Victim.ID
**************HACKEDHACKED
https://202.125.111.57/src/login.php
The IP address does not correspond to
webmail.niit.edu.pk; faked website
https://202.128.111.87/src/login.php
4 HACKED
Victim.ID
**************HACKEDHACKED
WWW
Reply
The IP address of www.niit.edu.pk is 110.125.157.198
DNS spoofingWWW
DNS
The IP address of www.niit.edu.pk is 110.125.157.198 Fake NIIT site
Private network
192.168.1.0/24
MAC/ IP spoofing
.254
00:aa:bb:cc:dd:ee:ff
.1
.25400:aa:bb:cc:dd:ee:ff
Malicious node
The malicious node can pretend to be another
node
Network-based attacks4where the attacker pretends to be something he/she/it is not
WormsDenial of Service attacks
1. Using an Internet Firewall
2. Installing the latest OS updates
3. Using Antivirus with updated virus database
4. Opening trusted files only
5. Protecting against spyware
6. Using good passwords and locking system
Security protection---Recall
1. Basic security terminology2. Malware---attacks on integrity and confidentialityo Viruses, Trojan Horses, Spyware and Key-loggers
3. Spoofing attacks---attacks on authenticityo URL, DNS, IP, MAC, Email spoofing
4. Network-based attacks---attacks on availabilityo DoS attack, worms
5. Social engineering attackso Phishing, greetings card, lottery win, etc.
6. How to protect against these attacks?o Firewall, Anti-virus, Education, Precautions, Best practices
7. Conclusions
Conclusions
???Questions/
Confusions?
Credits/ Acknowledgement can be found
at the course website:
http://tinyurl.com/5hb8pp