Attacks Ch2

  • View
    222

  • Download
    0

Embed Size (px)

Text of Attacks Ch2

  • 8/13/2019 Attacks Ch2

    1/26

    Chapter 2

    Types of Attacks

    1

  • 8/13/2019 Attacks Ch2

    2/26

  • 8/13/2019 Attacks Ch2

    3/26

  • 8/13/2019 Attacks Ch2

    4/26

    Definition of Access Attacks

    An Access Attack is an attempt to gaininformation that the intruder is notauthorized to see.

    This attack may occur on stationary data ordata in transit.

    These types of attacks are attacks againstthe confidentiality of the information.

    4

  • 8/13/2019 Attacks Ch2

    5/26

    Access Attack: SNOOPING

    Snooping is looking through information filesin the hope of finding something that is ofvalue.

    If on paper , the intruder will open draws to dothe snooping.

    If on a computer system , the intruder willopen files to do the same type of snooping.

    5

  • 8/13/2019 Attacks Ch2

    6/26

    Access Attack: Eavesdropping

    Eavesdropping is the act of listening to aconversation that is not their right to be partof.

    Wireless networks are especially prone toeavesdropping.

    Wireless networks bring with them manysecurity issues.

    6

  • 8/13/2019 Attacks Ch2

    7/26

    Access Attack: Interception

    Unlike eavesdropping, interception is an

    attack against the information. Intruders insert themselves in the path of

    information. Once the information is captured and

    examined, the attacker may decide to allowthe information to continue or not.

    7

  • 8/13/2019 Attacks Ch2

    8/26

    How are Attacks Accomplished

    Access attacks take different forms dependingon whether the information is stored on paperor electronically in a computer system.

    Paper records Filing cabinets, desks,drawers, printers, faxes, etc.

    Electronic Records Servers, PCs, CD -ROMS,backup tapes, disks, etc

    8

  • 8/13/2019 Attacks Ch2

    9/26

    Types of Theft

    Access can be achieved by physically

    stealing the storage media. What is a Sniffer?

    A sniffer is a computer that is configured to

    capture all traffic on the network. A sniffer is used to capture user IDs,

    Passwords and other access controls.9

  • 8/13/2019 Attacks Ch2

    10/26

    Interception Challenge

    Information access using interception isvery difficult.

    On the internet, this could be done bycausing a name resolution change.

    This is achieved by causing a computer to

    resolve to an incorrect address. The traffic sent to the attackers system

    instead of the real destination. BANKING INSTITUTION ATTACKS

    10

  • 8/13/2019 Attacks Ch2

    11/26

    How is Interception Done?

    Interception can be accomplished by an

    attacker taking over a session already inprogress. This type of attack is best performed against

    interactive traffic such as telnet. The attacker allows the legitimate user to

    begin the session with the server and thenuses specialized software to take over the

    session. 11

  • 8/13/2019 Attacks Ch2

    12/26

    Modification Attacks

    A modification attack is an attempt to

    modify information that an attacker is notauthorized to modify.

    Such an attack can occur wherever the

    information resides, stationary or intransit. This type of attack is an attack against the

    integrity of the information. 12

  • 8/13/2019 Attacks Ch2

    13/26

    Modification: Changes

    This type of attack involves changing existing

    information. Ie: Changing an employees salary Changing an employees bank records

    The information is not removed, moved, justsimply modified.

    13

  • 8/13/2019 Attacks Ch2

    14/26

    Modification: Insertion

    An insertion attack is the addition of

    information to existing information. This is especially effective when used on

    historical information that is yet to be

    acted upon. For instance, an attacker may add lines to

    bank records clearing accrued debt.

    14

  • 8/13/2019 Attacks Ch2

    15/26

    Modification: Deletion

    A deletion attack is the removal of existinginformation.

    An attacker may remove records of a banktransaction that indicate a due date for debtpayment.

    It is a common practice for attackers to delete

    information in transit. How can we tell it is happening?

    CRC CHECKING

    15

  • 8/13/2019 Attacks Ch2

    16/26

    Modification Attacks in General

    It is more difficult to mount a modificationattack on information in transit.

    Attackers normally execute an interceptionattack against the traffic .

    Then change the information before passing iton to the destination.

    16

  • 8/13/2019 Attacks Ch2

    17/26

    Definition of Denial of Service

    Denial of Service (DoS) are attacks that denyuse of resources to legitimate users.

    DoS attacks generally do not allow theattacker to access or modify information onthe computer system.

    DoS attacks are simple but may be crippling tocertain organizations.

    17

  • 8/13/2019 Attacks Ch2

    18/26

    Denial of Access to Information A DoS attack against information causes that

    information to be unavailable, which causesdenial of access to information.

    This situation is especially important when thelocation of information has been changed.

    18

  • 8/13/2019 Attacks Ch2

    19/26

    Denial of Access to Applications These DoS attacks target applications that

    manipulate or display information. For instance an attacker may choose to target

    Microsoft Outlook & as a result all electroniccorrespondence is interupted.

    19

  • 8/13/2019 Attacks Ch2

    20/26

    Denial of Access to Systems

    A common attack is to bring down a

    computer system. This type of DoS results in the halting of all

    processes in an organization which relies

    on electronic transactions. What is an example of this type of Attack?

    SHUTDOWN20

  • 8/13/2019 Attacks Ch2

    21/26

    Denial of Access to Communications

    DoS attacks against communications are very

    common. Examples range from cutting a wire to jamming radio communications or floodingnetworks with excessive traffic.

    In these attacks, the target is the medium ofcommunication and not the information.

    21

  • 8/13/2019 Attacks Ch2

    22/26

    Denial of Service in General

    DoS attacks are primarily attacks againstcomputer systems and networks.

    This is not to say that no DoS attacks takeplace against information on paper:

    Intercepting a BANK van that carry trustdocuments.

    22

  • 8/13/2019 Attacks Ch2

    23/26

    Definition of Repudiation Attacks

    A repudiation attack is an attack against

    the accountability of information. Attackers attempt to give FALSE

    information or deny a real event or

    transaction from occurring.

    23

  • 8/13/2019 Attacks Ch2

    24/26

    Masquerading Attack

    This is an attempt to act like or impersonate

    someone else or some other system. This attack can occur in personal

    communications, in transactions or in system

    to system communications.

    24

  • 8/13/2019 Attacks Ch2

    25/26

    Denying an Event

    Denying an event is simply disavowing that

    the action was taken as it was logged. For instance, you receive a bill telling you that

    you made credit card purchase, when in fact

    you didnt.

    25

  • 8/13/2019 Attacks Ch2

    26/26

    How is Repudiation Attacks Done?

    an example of a Repudiation Attack?

    The from address of an email can bechanged at will by the sender.

    NOTE: Denying an event in the electronic

    world is much easier than in the physicalworld. WHY?

    THERE ARE NO SIGNATURES26