OV 2- 1Copyright © 2005 Element K Content LLC. All rights reserved.

Security Threats

Social Engineering Software-based Threats Hardware-based Threats

OV 2- 2Copyright © 2005 Element K Content LLC. All rights reserved.

A Social Engineering Attack

Attacker

Target

User namePassword

22

11 1. Attacker obtains credentials from user

2. Attacker uses credentials to mount attack

OV 2- 3Copyright © 2005 Element K Content LLC. All rights reserved.

Hackers, Crackers, and Attackers

Cracker AttackerHacker

OV 2- 4Copyright © 2005 Element K Content LLC. All rights reserved.

Attacker Types

Internal attacker Hacktivist Data thief Script kiddie Electronic vandal Cyberterrorist

OV 2- 5Copyright © 2005 Element K Content LLC. All rights reserved.

A Software Attack

Application Operatingsystem

Protocol

OV 2- 6Copyright © 2005 Element K Content LLC. All rights reserved.

A Port Scanning Attack

Port Protocol State

21 FTP Open

53 DNS Closed

80 HTTP Open

110 POP3 Closed

119 NNTP Closed

443 HTTPS Open

OV 2- 7Copyright © 2005 Element K Content LLC. All rights reserved.

An Eavesdropping Attack

OV 2- 8Copyright © 2005 Element K Content LLC. All rights reserved.

An IP Spoofing Attack

IP Packet

Target192.168.0.77

Real IP address:10.10.10.25

Real IP address:10.10.10.25

Source IP address: 192.168.0.10Destination IP address: 192.168.0.77

Source IP address: 192.168.0.10Destination IP address: 192.168.0.77

OV 2- 9Copyright © 2005 Element K Content LLC. All rights reserved.

A Hijacking Attack

OV 2- 10Copyright © 2005 Element K Content LLC. All rights reserved.

A Replay Attack

10:00 A.M.10:00 A.M.

1:00 P.M.1:00 P.M.

OV 2- 11Copyright © 2005 Element K Content LLC. All rights reserved.

A Man-in-the-Middle Attack

OV 2- 12Copyright © 2005 Element K Content LLC. All rights reserved.

A DoS Attack

OV 2- 13Copyright © 2005 Element K Content LLC. All rights reserved.

A DDoS Attack

DronesDrones

OV 2- 14Copyright © 2005 Element K Content LLC. All rights reserved.

Types of DoS Attacks

Smurf Buffer overflow SYN flood

OV 2- 15Copyright © 2005 Element K Content LLC. All rights reserved.

A Malicious Code Attack

OV 2- 16Copyright © 2005 Element K Content LLC. All rights reserved.

Types of Malicious Code

Viruses Worms Trojans Logic Bombs

OV 2- 17Copyright © 2005 Element K Content LLC. All rights reserved.

Default Security Attacks

OV 2- 18Copyright © 2005 Element K Content LLC. All rights reserved.

A Software Exploitation Attack

Known flaw Known flaw

OV 2- 19Copyright © 2005 Element K Content LLC. All rights reserved.

Types of Software Exploitation Attacks

Buffer overflow Mathematical Weak keys

OV 2- 20Copyright © 2005 Element K Content LLC. All rights reserved.

Misuse of Privilege Attacks

Administrative user

OV 2- 21Copyright © 2005 Element K Content LLC. All rights reserved.

A Password Attack

xxxxxxxxxxPxxxxxxxxPassxxxxxPass1234!Pass1234

OV 2- 22Copyright © 2005 Element K Content LLC. All rights reserved.

Types of Password Attacks

Guessing Stealing Brute force Dictionary Birthday

xxxxxxxxxxPxxxxxxxxPassxxxxxPass1234!Pass1234

OV 2- 23Copyright © 2005 Element K Content LLC. All rights reserved.

A Backdoor Attack

Backdooraccount

OV 2- 24Copyright © 2005 Element K Content LLC. All rights reserved.

Hardware Attacks

OV 2- 25Copyright © 2005 Element K Content LLC. All rights reserved.

Reflective Questions

1. What type of attack do you think is most dangerous?

2. Which type of attack do you think it might be most difficult to guard against?