Click here to load reader
Upload
hafiza-abas
View
120
Download
3
Embed Size (px)
DESCRIPTION
Access Control Attacks by Nor Liyana Binti Azman
Citation preview
Nor Liyana Binti Azman
14th Mac 2014
Access Control Attacks Example Backdoor method of bypassing normal authentication, securing
illegal remote access to computer, while attempting to remain undetected.sometimes programmer install a back door so that the
program can be accessed for troubleshooting or other purposesBackdoor is security risk, because there is another
cracker try to find any vulnerability to exploit.Example: Nimda gains through backdoor left by Code
Red.http://www.youtube.com/watch?v=7ZwGvFu9WhY
Spoofing Attacks
attacker pretends to be someone else in order gain access to restricted resources or steal information.
type of attack can take a variety of different forms; for instance, an attacker can impersonate the Internet Protocol (IP) address of a legitimate user in order to get into their accounts.
http://www.youtube.com/watch?v=z8ySsaRMcI8
Access Control Attacks Example
Spoofing Attacks
Man-In-The-Middle
the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection.
It is an attack on mutual authentication
http://www.youtube.com/watch?v=N86xJpna9Js
Access Control Attacks Example
Man-In-The-Middle
Replay
A form of network attack which a valid data transmission is maliciously repeated or delayed
Example: messages from an authorized user who is logging into a network may be captured by an attacker and resent (replayed) the next day
Video:
http://www.youtube.com/watch?v=kBCr-vYdgNo
Access Control Attacks Example
TCP hijacking
a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user.
Session hijacking takes advantage of that practice by intruding in real time, during a session.
Video: http://www.youtube.com/watch?v=s_XD8heYNrc
Access Control Attacks Example
THANKS A LOT