Upload
darren-elliott
View
215
Download
1
Tags:
Embed Size (px)
Citation preview
OV 2- 1Copyright © 2005 Element K Content LLC. All rights reserved.
Security Threats
Social Engineering Software-based Threats Hardware-based Threats
OV 2- 2Copyright © 2005 Element K Content LLC. All rights reserved.
A Social Engineering Attack
Attacker
Target
User namePassword
22
11 1. Attacker obtains credentials from user
2. Attacker uses credentials to mount attack
OV 2- 3Copyright © 2005 Element K Content LLC. All rights reserved.
Hackers, Crackers, and Attackers
Cracker AttackerHacker
OV 2- 4Copyright © 2005 Element K Content LLC. All rights reserved.
Attacker Types
Internal attacker Hacktivist Data thief Script kiddie Electronic vandal Cyberterrorist
OV 2- 5Copyright © 2005 Element K Content LLC. All rights reserved.
A Software Attack
Application Operatingsystem
Protocol
OV 2- 6Copyright © 2005 Element K Content LLC. All rights reserved.
A Port Scanning Attack
Port Protocol State
21 FTP Open
53 DNS Closed
80 HTTP Open
110 POP3 Closed
119 NNTP Closed
443 HTTPS Open
OV 2- 7Copyright © 2005 Element K Content LLC. All rights reserved.
An Eavesdropping Attack
OV 2- 8Copyright © 2005 Element K Content LLC. All rights reserved.
An IP Spoofing Attack
IP Packet
Target192.168.0.77
Real IP address:10.10.10.25
Real IP address:10.10.10.25
Source IP address: 192.168.0.10Destination IP address: 192.168.0.77
Source IP address: 192.168.0.10Destination IP address: 192.168.0.77
OV 2- 9Copyright © 2005 Element K Content LLC. All rights reserved.
A Hijacking Attack
OV 2- 10Copyright © 2005 Element K Content LLC. All rights reserved.
A Replay Attack
10:00 A.M.10:00 A.M.
1:00 P.M.1:00 P.M.
OV 2- 11Copyright © 2005 Element K Content LLC. All rights reserved.
A Man-in-the-Middle Attack
OV 2- 12Copyright © 2005 Element K Content LLC. All rights reserved.
A DoS Attack
OV 2- 13Copyright © 2005 Element K Content LLC. All rights reserved.
A DDoS Attack
DronesDrones
OV 2- 14Copyright © 2005 Element K Content LLC. All rights reserved.
Types of DoS Attacks
Smurf Buffer overflow SYN flood
OV 2- 15Copyright © 2005 Element K Content LLC. All rights reserved.
A Malicious Code Attack
OV 2- 16Copyright © 2005 Element K Content LLC. All rights reserved.
Types of Malicious Code
Viruses Worms Trojans Logic Bombs
OV 2- 17Copyright © 2005 Element K Content LLC. All rights reserved.
Default Security Attacks
OV 2- 18Copyright © 2005 Element K Content LLC. All rights reserved.
A Software Exploitation Attack
Known flaw Known flaw
OV 2- 19Copyright © 2005 Element K Content LLC. All rights reserved.
Types of Software Exploitation Attacks
Buffer overflow Mathematical Weak keys
OV 2- 20Copyright © 2005 Element K Content LLC. All rights reserved.
Misuse of Privilege Attacks
Administrative user
OV 2- 21Copyright © 2005 Element K Content LLC. All rights reserved.
A Password Attack
xxxxxxxxxxPxxxxxxxxPassxxxxxPass1234!Pass1234
OV 2- 22Copyright © 2005 Element K Content LLC. All rights reserved.
Types of Password Attacks
Guessing Stealing Brute force Dictionary Birthday
xxxxxxxxxxPxxxxxxxxPassxxxxxPass1234!Pass1234
OV 2- 23Copyright © 2005 Element K Content LLC. All rights reserved.
A Backdoor Attack
Backdooraccount
OV 2- 24Copyright © 2005 Element K Content LLC. All rights reserved.
Hardware Attacks
OV 2- 25Copyright © 2005 Element K Content LLC. All rights reserved.
Reflective Questions
1. What type of attack do you think is most dangerous?
2. Which type of attack do you think it might be most difficult to guard against?