usc-csci530-f08-l08

usc-csci530-f08-l08 - USC CSci530 Computer Security Systems...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  USC CSci530 Computer Security Systems Lecture notes Fall 2008 Dr. Clifford Neuman University of Southern California Information Sciences Institute
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  CSci530: Computer Security Systems Lecture 8 – 17 October 2008 Malicious Code Dr. Clifford Neuman University of Southern California Information Sciences Institute
Background image of page 2
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Vulnerabilities, Threats, Attacks Vulnerability A weakness or problem that can potentially be exploited. Threat Software, systems, or people capable of exploiting a vulnerability. Attack An attempt to exploit a vulnerability Intrusion Successful application of threat against a vulnerability.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Vulnerabilities Exploits of coding errors Buffer overflows Format strings / Special Formatting SQL Injection Overflows
Background image of page 4
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Vulnerabilities Logic attacks SMTP Password Anonymous FTP (WUFTP) Browser weaknesses Cross site scripting
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Vulnerabilities Attacks through the network ARP spoofing Denial of Service DNS Cache Poisoning Weak perimeters Alternate paths
Background image of page 6
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Vulnerabilities Protocol attacks WEP Weaknesses SMTP server problems Just not designed for security Crypto attacks MD5 Has collisions RC4 attacks WEP
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  Classes of Malicious Code (Criteria 1) How propagated Trojan Horses Embedded in useful program that others will want to run. Covert secondary effect. Viruses When program started will try to propagate itself. Worms Exploits bugs to infect running programs. Infection is immediate. COVERED LAST LECTURE
Background image of page 8
Copyright © 1995-2008 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE  The perceived effect Viruses Propagation and payload Worms Propagation and payload Spyware Reports back to others Zombies Controllable from elsewhere Classes of Malicious Code (Criteria 2) COVERED LAST LECTURE
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/21/2010 for the course CS 530 at USC.

Page1 / 56

usc-csci530-f08-l08 - USC CSci530 Computer Security Systems...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online