2. Topics of Discussion
• Reconnaissance
Gain information about a system
• Vulnerabilities
Attributes of a system that can be maliciously
exploited
• Attacks
Procedures to exploit vulnerabilities
Reference 1
4. War Dialing (Reconnaissance)
• Method
Dial a range of phone
numbers searching for
modem
• Motivation
Locate potential targets
• Detection
Detection impossible
outside of the telephony
infrastructure
• Defense
Disconnect unessential
modems from outgoing
phone lines
Reference 2
5. War Driving (Reconnaissance)
• Method
Surveillance of wireless
signals in a region
• Motivation
Find wireless traffic
• Detection
Can only be detected by
physical surveillance
• Defense
Limit geographic access to
wireless signal
Reference 3
6. Port Scanning (Reconnaissance)
• Method
Send out a SYN packet,
check for response
• Motivation
Find potential targets
• Detection
Traffic analysis
• Defense
Close/silence ports
Reference 4
7. Probing (Reconnaissance)
• Method
Send packets to ports
• Motivation
Find specific port
information
• Detection
Traffic analysis
• Defense
Close/silence ports
8. Packet Sniffing (Reconnaissance)
• Method
Capture and analyze
packets traveling across
a network interface
• Motivation
Gain access to information
traveling on the network
• Detection
None
• Defense
Use encryption to
minimize cleartext on
the network
Reference 5
10. Backdoors (Vulnerabilities)
• Bypass normal means of authentication
• Hidden from casual inspection
• Installed separately or integrated into
software
Reference 6
11. Code Exploits (Vulnerabilities)
• Use of poor coding practices left uncaught by
testing
• Defense: In depth unit and integration testing
12. Eavesdropping (Vulnerability)
• Data transmitted without encryption can be
captured and read by parties other than the
sender and receiver
• Defense: Use of strong cryptography to
minimize cleartext on the network
13. Indirect Attacks (Vulnerabilities)
• Internet users’ machines can be infected with
zombies and made to perform attacks
• The puppet master is left undetected
• Defense: Train internet users to prevent
zombies and penalize zombie owners
14. Social Engineering (Vulnerability)
• Manipulate the weakest link of cybersecurity
– the user – to gain access to otherwise
prohibited resources
• Defense: Train personnel to resist the tactics
of software engineering
Reference 7
16. Password Cracks: Brute Force
• Method
Trying all combinations of
legal symbols as
username/password
pairs
• Motivation
Gain access to system
• Detection
Frequent attempts to
authenticate
• Defense
Lockouts – temporary and
permanent
Reference 8
17. Password Cracks: Dictionary Attack
• Method
Trying all entries in a
collection of strings
• Motivation
Gain access to system,
faster than brute force
• Detection
Frequent attempts to
authenticate
• Defense
– Lockouts – temporary
and permanent
– Complex passwords
Reference 8
18. Password Cracks: Hybrid Attack
• Method
Trying all entries in a collection
of strings adding numbers
and symbols concatenating
them with each other and or
numbers
• Motivation
Gain access to system, faster
than brute force, more likely
than just dictionary attack
• Detection
Frequent attempts to
authenticate
• Defense
Lockouts – temporary and
permanent
Reference 8
19. Password Cracks: l0phtcrack
• Method
Gain access to operating
system’s hash table and
perform cracking
remotely
• Motivation
Gain access to system,
cracking elsewhere – no
lockouts
• Detection
Detecting reading of hash
table
• Defense
Limit access to system
Reference 8
20. Web Attacks: Source Viewing
• Method
Read source code for
valuable information
• Motivation
Find passwords or
commented out URL
• Detection
None
• Defense
None
21. Web Attacks: URL Modification
• Method
Manipulating URL to find
pages not normally
accessible
• Motivation
Gain access to normally
private directories or
pages
• Detection
Check website URL logs
• Defense
Add access requirements
22. Web Attacks: Post Data
• Method
Change post data to get
desired results
• Motivation
Change information being
sent in your favor
• Detection
None
• Defense
Verify post data on
receiving end
23. Web Attacks: Database Attack
• Method
Sending dangerous queries
to database
• Motivation
Denial of service
• Detection
Check database for strange
records
• Defense
Filter database queries
Reference 9
24. Web Attacks: Database Insertion
• Method
Form multiple queries to a
database through forms
• Motivation
Insert information into a
table that might be
unsafe
• Detection
Check database logs
• Defense
Filter database queries,
make them quotesafe
Reference 9
25. Web Attacks: Meta Data
• Method
Use meta characters to
make malicious input
• Motivation
Possibly reveal script or
other useful information
• Detection
Website logs
• Defense
Filter input of meta
characters
Reference 10
26. Physical Attack: Damage
• Method
Attack the computer with
an axe
• Motivation
Disable the computer
• Detection
Video Camera
• Defense
Locked doors and placed
security guards
27. Physical Attack: Disconnect
• Method
Interrupt connection
between two elements
of the network
• Motivation
Disable the network
• Detection
Pings
• Defense
Locked doors and placed
security guards
28. Physical Attack: Reroute
• Method
Pass network signal
through additional
devices
• Motivation
Monitor traffic or spoof a
portion of the network
• Detection
Camera
• Defense
Locked doors and placed
security guards
29. Physical Attack: Spoof MAC & IP
• Method
Identify MAC address of
target and replicate
• Motivation
Deny target from receiving
traffic
• Detection
Monitoring ARP requests
and checking logs
• Defense
None as of now
30. Worms & Virus: File Infectors
• Method
Infects executables by
inserting itself into them
• Motivation
Damage files and spread
• Detection
Virus scan or strange
computer behavior
• Defense
Antivirus, being cautious
on the internet
Reference 10
31. Worms & Virus: Partition-sector Infectors
• Method
– Moves partition sector
– Replaces with self
– On boot executes and
calls original information
• Motivation
Damage files and spread
• Detection
Virus scan or strange
computer behavior
• Defense
Antivirus, being cautious
on the internet
Reference 10
32. Worms & Virus: Boot-sector virus
• Method
Replaces boot loader, and
spreads to hard drive
and floppies
• Motivation
Damage files and spread
• Detection
Virus scan or strange
computer behavior
• Defense
Antivirus, being cautious
on the internet
Reference 10
33. Worms & Virus: Companion Virus
• Method
Locates executables and
mimics names, changing
the extensions
• Motivation
Damage files and spread
• Detection
Virus scan or strange
computer behavior
• Defense
Antivirus, being cautious
on the internet
Reference 10
34. Worms & Virus: Macro Virus
• Method
Infects documents, when
document is accessed,
macro executes in
application
• Motivation
Damage files and spread
• Detection
Virus scan or strange
computer behavior
• Defense
Antivirus, being cautious
on the internet
Reference 10
35. Worms & Virus: Worms
• Method
Replicates
• Motivation
Variable motivations
• Detection
Virus scan or strange
computer behavior
• Defense
Antivirus, being cautious
on the internet
Reference 11
36. Logic Bomb
• Method
Discreetly install “time bomb”
and prevent detonation if
necessary
• Motivation
Revenge, synchronized attack,
securing get away
• Detection
Strange computer behavior
• Defense
– Keep and monitor logs
– Monitor computer systems
closely
37. Buffer Overflow
• Method
Pass too much information to
the buffer with poor checking
• Motivation
Modify to information and/or
execute arbitrary code
• Detection
Logs
• Defense
– Check input size before
copying to buffer
– Guard return address against
overwrite
– Invalidate stack to execute
instructions
Reference 12 & 13
38. Phishing
• Method
Request information from a
mass audience, collect
response from the gullible
• Motivation
Gain important information
• Detection
Careful examination of requests
for information
• Defense
Distribute on a need to know
basis
39. Bots & Zombies
• Method
Installed by virus or worm, allow
remote unreserved access to
the system
• Motivation
Gain access to additional
resources, hiding your
identity
• Detection
– Network analysis
– Virus scans
– Notice unusual behavior
• Defense
Install security patches and be
careful what you download
40. Spyware, Adware, and Malware
• Method
Installed either willingly by the
user via ActiveX or as part of
a virus package
• Motivation
– Gain information about the
user
– Serve users advertisements
• Detection
– Network analysis
– Abnormal computer behavior
• Defense
Virus / adware / spyware /
malware scans
41. Hardware Keyloggers
• Method
Attach it to a computer
• Motivation
Record user names,
passwords, and other
private information
• Detection
Check physical connections
• Defense
Cameras and guards
42. Eavesdropping
• Method
– Record packets to the
network
– Attempt to decrypt encrypted
packets
• Motivation
Gain access to user data
• Detection
None
• Defense
Strong cryptography
43. Playback Attack
• Method
– Record packets to the
network
– Resend packets without
decryption
• Motivation
Mimic legitimate commands
• Detection
Network analysis
• Defense
Time stamps
44. DDoS: CPU attack
• Method
Send data that requires
cryptography to process
• Motivation
Occupy the CPU preventing
normal operations
• Detection
Network analysis
• Defense
None
Reference 14
45. DDoS: Memory attack
• Method
Send data that requires the
allocation of memory
• Motivation
Take up resources, crashing the
server when they are
exhausted
• Detection
Network analysis
• Defense
None
Reference 14