Nor Liyana Binti Azman
14th Mac 2014
Access Control Attacks Example Backdoor method of bypassing normal authentication, securing
illegal remote access to computer, while attempting to remain undetected.sometimes programmer install a back door so that the
program can be accessed for troubleshooting or other purposesBackdoor is security risk, because there is another
cracker try to find any vulnerability to exploit.Example: Nimda gains through backdoor left by Code
Red.http://www.youtube.com/watch?v=7ZwGvFu9WhY
Spoofing Attacks
attacker pretends to be someone else in order gain access to restricted resources or steal information.
type of attack can take a variety of different forms; for instance, an attacker can impersonate the Internet Protocol (IP) address of a legitimate user in order to get into their accounts.
http://www.youtube.com/watch?v=z8ySsaRMcI8
Access Control Attacks Example
Spoofing Attacks
Man-In-The-Middle
the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection.
It is an attack on mutual authentication
http://www.youtube.com/watch?v=N86xJpna9Js
Access Control Attacks Example
Man-In-The-Middle
Replay
A form of network attack which a valid data transmission is maliciously repeated or delayed
Example: messages from an authorized user who is logging into a network may be captured by an attacker and resent (replayed) the next day
Video:
http://www.youtube.com/watch?v=kBCr-vYdgNo
Access Control Attacks Example
TCP hijacking
a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user.
Session hijacking takes advantage of that practice by intruding in real time, during a session.
Video: http://www.youtube.com/watch?v=s_XD8heYNrc
Access Control Attacks Example
THANKS A LOT