Seminar4_2010 - Seminar 4 Intruders Fabian Ng 1 Outline...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Fabian Ng 1 Seminar 4 Intruders
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Fabian Ng 2 Outline Intruders Intrusion Techniques Password Protection Password Selection Strategies Intrusion Detection Viruses and Related Threats Malicious Programs The Nature of Viruses Antivirus Approaches Advanced Antivirus Techniques
Background image of page 2
Fabian Ng 3 Intruders Three classes of intruders: Masquerader : unauthorized individual who exploits  legitimate user’s account (outsider) Misfeasor : legitimate user, who misuses his or her  privileges (insider) Clandestine user : individual who seizes supervisory  control and uses it to evade auditing or access controls  (insider or outsider)
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Fabian Ng 4 Objective : “ to gain access to a system or to increase the range of  privileges accessible on a system.  In order to do this, the  intruders will need to get access to, and perhaps modify,  protected information on a system”  Intruders intruder
Background image of page 4
Fabian Ng 5 Intrusion Techniques System maintain a file that associates a password  with each authorized user. Password file can be protected with: One-way encryption: the system only stores the  encrypted passwords.  When a user presents a password,  the system will encrypt the password and compare it  with the stored value for verification. Access Control Access  : to the password file is  limited to one or very few accounts.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Fabian Ng 6 Intrusion Techniques Techniques for guessing passwords: Try default passwords. Try all short words, 1 to 3 characters long. Try all the words in an electronic dictionary(60,000). Collect information about the user’s hobbies, family names,  birthday, etc. Try user’s phone number, social security number, street address,  etc. Try all license plate numbers (MUP103). Use a Trojan horse Tap the line between a remote user and the host system. Prevention : Enforce good password selection (Ij4Gf4Se%f#)?? g u e s s a t t a c k
Background image of page 6
Fabian Ng 7 Intrusion Detection If prevention fails, the next best things one may hope for is  detection  
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 The motivations behind a good intrusion mechanism are as follows: 1.  Quick Detection  : If an intrusion can be easily detected, the  intruder could be ejected out of the system and the damage well  contained. 2. Deterrent  : An effective detection system could serve as a good  deterrence, thus become a prevention measure as well. 3. Collection of techniques: Via good detection mechanism, data  can be collected for analysis.  This may lead to better means of deterring  intrusions. Intrusion Detection
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 09/06/2010 for the course IT ICt211 taught by Professor Tan during the Spring '10 term at Singapore Institute of Management.

Page1 / 32

Seminar4_2010 - Seminar 4 Intruders Fabian Ng 1 Outline...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online