Embed Size (px)
DESCRIPTION
Access control attacks
Citation preview
Nor Liyana Binti Azman
14th Mac 2014
Access Control Attacks Example Backdoor
method of bypassing normal authentication, securing illegal remote access to computer, while attempting to remain undetected.
sometimes programmer install a back door so that the program can be accessed for troubleshooting or other purposes
Backdoor is security risk, because there is another cracker try to find any vulnerability to exploit.
Example: Nimda gains through backdoor left by Code Red.
http://www.youtube.com/watch?v=7ZwGvFu9WhY
Spoofing Attacks
attacker pretends to be someone else in order gain access to restricted resources or steal information.
type of attack can take a variety of different forms; for instance, an attacker can impersonate the Internet Protocol (IP) address of a legitimate user in order to get into their accounts.
http://www.youtube.com/watch?v=z8ySsaRMcI8
Access Control Attacks Example
Spoofing Attacks
Man-In-The-Middle
the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection.
It is an attack on mutual authentication
http://www.youtube.com/watch?v=N86xJpna9Js
Access Control Attacks Example
Man-In-The-Middle
Replay
A form of network attack which a valid data transmission is maliciously repeated or delayed
Example: messages from an authorized user who is logging into a network may be captured by an attacker and resent (replayed) the next day
Video:
http://www.youtube.com/watch?v=kBCr-vYdgNo
Access Control Attacks Example
TCP hijacking
a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user.
Session hijacking takes advantage of that practice by intruding in real time, during a session.
Video: http://www.youtube.com/watch?v=s_XD8heYNrc
Access Control Attacks Example
THANKS A LOT
