5223-4223Sp08Ch15

5223-4223Sp08Ch15 - Information Assurance Management TCOM...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
(c) 2008 Charles G. Gray 1 Information Assurance Management TCOM 5223/MSIS 4223 Attacks and Malware Chapter 15 27 March 2008 Charles G. Gray
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
(c) 2008 Charles G. Gray 2 Please turn OFF all cell phones and similar devices. They cause problems with the audio for distance learning students.
Background image of page 2
(c) 2008 Charles G. Gray 3 Objectives Describe computer and network attacks, including denial-of-service, spoofing, hijacking, and password guessing Describe malicious software, including viruses, worms, Trojans and logic bombs Explain how social engineering can be used as a means to gain access to computers and networks Understand the importance of auditing and what should be audited
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
(c) 2008 Charles G. Gray 4 Attack Methods and Targets Viruses may be the most talked-about methods, they are not the only avenues to attack computer systems and networks Each type of attack threatens one or more of the three security objectives C onfidentiality I ntegrity A vailability
Background image of page 4
(c) 2008 Charles G. Gray 5 Attack Categories Specific software An application or the operating system itself Facilitated by a programming oversight/error or “bug” in the code Typically the result of poor or non-existent testing Specific protocol or service Attempt to use the protocol for something other than its intended purpose (mail relay) Targets may be - Defined – a very specific target/purpose Target of opportunity – go after anything
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
(c) 2008 Charles G. Gray 6 Denial-of-Service Attack Attacker attempts to deny authorized users access to the target computer system or network Can also be used with other actions to gain unauthorized access to a computer or network DDOS carried out by “zombies” or “bots” Machines that have been compromised in advance preparation for the attack
Background image of page 6
(c) 2008 Charles G. Gray 7 Establishing a TCP Connection System 1 sends a SYN (for SYNchronize) message System 2 responds with a SYN/ACK message (Acknowledgement) System 1 responds with an ACK message and communication begins
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
(c) 2008 Charles G. Gray 8 Normal SYN Handshake Figure 15-1
Background image of page 8
(c) 2008 Charles G. Gray 9 DOS Attack by SYN Flooding Exploits the three-way handshake used to establish connections between two systems Attacker sends a SYN request to the target with a spoofed IP address The target responds (to the fake address) with the SYN/ACK message And then waits, and waits, and waits and waits for the ACK to come from the attacker – which it never does Results in a “half open” condition First described in Phrack Magazine in 1996
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
(c) 2008 Charles G. Gray 10 SYN Flood Backscatter Attack The “spoofed” IP address is a real one Belongs to the target Bots (“zombies”) attack multiple intermediate targets All respond with a SYN/ACK message to the target See http://www.crime-research.org/library/grcdo for the saga of an attack against Steve Gibson (a self-styled “expert) by a 13-year old boy (“Wicked” – not a “Script Kiddie”)
Background image of page 10
(c) 2008 Charles G. Gray 11 SYN Flood Attack
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
(c) 2008 Charles G. Gray
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/07/2009 for the course MGT 3453 taught by Professor David during the Spring '09 term at Oklahoma State.

Page1 / 49

5223-4223Sp08Ch15 - Information Assurance Management TCOM...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online