SlideShare une entreprise Scribd logo

Internet security-Group 3

Télécharger en tant que PPTX, PDF
J
jolenekey
Technologie
1  sur  10
What is DoS? DoS or “Denial of Service” attack is where a single host attacker attempts to make a computer resource unavailable by either injecting a computer virus or flooding the network with useless traffic.
What is DDoS? DDoS or “Distributed Denial of Service” attack is a type of tactic used to attack a victim from multiple compromised computers simultaneously. The attacker installs a virus or Trojan software on compromised systems, and uses them to flood a victims network in a way that the victim’s server cannot handle.
How is DDoS Done? Common Forms of DDoS Attacks Include: Ping of Death is where an attacker sends a ping packet larger than the maximum IP a computer system can handle causing the system to crash. Ping of Flood, where an attacker overwhelms the target’s network with ICMP(Internet Control Message Protocol) Echo request packets. This consumes a high amount of bandwidth on low to mid-speed networks down to a crawl. Mail Bomb is when an unauthorized users send a large number of email messages with large attachments to a particular mail server, causing the disk space to become full and results in denied email services to other users. Teardrop Attack creates a stream of IP fragments with their offset field overloaded. The destination host attempts to reassemble the fragments causing it to crash or reboot.
Is DDoS A Real Threat? On Christmas Eve 2012 a DDoS attack on a bank in California resulted in a $900,000 Cyberheist. The cyber attackers used the Gameover Trojan. There were approximately 62 helpers that flooded a company’s system allowing the attackers to remotely controle the victims computer with malware and hide numerous fraudulent bank transfers in amounts ranging from $4,000 to $100,000. http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000- cyberheist/ On March 22, 2013, the largest DDoS ever hit the CloudFlare Network, a host for spam fighting. While most attacks have a ceiling of around 100 Gbps, their network was hit with 120 Gbps. CloudFlare’s providers were then hit with a massive 300 Gbps DDoS. The result was serious internet congestion in Europe and Asia. http://www.esecurityplanet.com/network-security/the-largest-ddos-ever- hits-the-internet.html
What Is A Botnet? A botnet is a collection of Internet connected programs communicating with other similar programs in order to perform tasks. These tasks can be as simple as controlling an internet relay chat or as complex as a node on a distributed denial of service (DDoS) attack. The term botnet is derived from two common words - robot and network. There are two different types of botnets illegal and legal botnets. A legal botnet has several IRC, or Internet Relay Chat bots that set channel modes on other bots and users while keeping IRC channels free from unwanted users. An illegal botnet targets comprised computers whose security defenses have been breached. The controller of the illegal botnet is able to direct the activities of the compromised computers through communication channels.
Botnet That Has Been Taken Down The Bamital botnet, which took people’s search results and took them to dangerous websites that could install malware onto their computer, steal their personal information, or fraudulently charge businesses for online advertisement clicks was taken down by Microsoft and Symantec. They used a combined legal and technical action to take down Bamital. On January 31, Microsoft filed for a lawsuit supported by a declaration from Symantec against the botnet’s operators to stop all the communication lines between the botnet and the malware-infected computers under its control. The court granted Microsoft’s request and on February 6, Microsoft was escorted by the U.S. Marshals Service to take evidence from the web-hosting facilities in Virginia and New Jersey.
What is DNS? Domain Name System (DNS) A large database of unique IP addresses that corresponds with domain names. In essence, DNS is simply a database that links meaningful names (known as host names), such as http://www.microsoft.com, to a specific IP address, such as 192.168.124.1. Simply linking addresses to names is just the beginning, though, because DNS has many more features in addition to host-name-to-address mapping.
"DNS Cache Poisoning" - DNS cache poisoning: An exploit in which the DNS database is changed in such a way that a URL no longer connects to the correct Web site. - DNS cache poisoning is also a tool of hackers who want to direct users to sites infected with worms or keyloggers.
Shutting Down the Internet To completely shut down the Internet in the U.S.A, it would require someone with the ability to cause damage to the infrastructure of all the ISP's (Internet Service Provider) major networks which is virtually impossible to do because there are too many paths into and out of the country, too many independent providers who would have to be coerced or damaged. It could possibly be done if multiple governments coordinated together to shut down all the ISPs at the same time. The Internet is resilient and difficult to take down completely because it is decentralized. There is no company or government that owns the Internet. The Internet is not in a specific location but is spread out all over the world.

Recommandé

Internet security
Internet securityInternet security
Internet securityمحمد عدنان أبو ورد
 
CEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of ServiceCEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of ServiceAvirot Mitamura
 
A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...IGEEKS TECHNOLOGIES
 
Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Venkatesh Prabhu
 
DDoS dengan LOIC, HOIC dan Slowloris.pl
DDoS dengan LOIC, HOIC dan Slowloris.plDDoS dengan LOIC, HOIC dan Slowloris.pl
DDoS dengan LOIC, HOIC dan Slowloris.plGani Amanda Abdulah
 
Collision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsCollision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsBerescu Ionut
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attackMohammad Reza Mousavinasr
 

Recommandé

Internet security
Internet securityInternet security
Internet securityمحمد عدنان أبو ورد
 
CEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of ServiceCEH - Module 10 : Denial of Service
CEH - Module 10 : Denial of ServiceAvirot Mitamura
 
A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...A system for denial of-service attack detection based on multivariate correla...
A system for denial of-service attack detection based on multivariate correla...IGEEKS TECHNOLOGIES
 
Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Cloud computing security policy framework for mitigating denial of service at...
Cloud computing security policy framework for mitigating denial of service at...Venkatesh Prabhu
 
DDoS dengan LOIC, HOIC dan Slowloris.pl
DDoS dengan LOIC, HOIC dan Slowloris.plDDoS dengan LOIC, HOIC dan Slowloris.pl
DDoS dengan LOIC, HOIC dan Slowloris.plGani Amanda Abdulah
 
Collision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsCollision vulnerability for hash data structures in web platforms
Collision vulnerability for hash data structures in web platformsBerescu Ionut
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident HandlingMarcelo Silva
 
An introduction to denial of service attack
An introduction to denial of service attackAn introduction to denial of service attack
An introduction to denial of service attackMohammad Reza Mousavinasr
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackRashi Dhagat
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dosleminhvuong
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksBrent Muir
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksPascal Flöschel
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Infographic: A Anatomy of A DDoS Attack
Infographic: A Anatomy of A DDoS AttackInfographic: A Anatomy of A DDoS Attack
Infographic: A Anatomy of A DDoS AttackCheapSSLsecurity
 
Teaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakTeaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakShelly Sanchez Terrell
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerLuminary Labs
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Contenu connexe

En vedette

Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackRashi Dhagat
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service AttacksBrent Muir
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationPavel Odintsov
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS AttacksAmazon Web Services
 
Infographic: A Anatomy of A DDoS Attack
Infographic: A Anatomy of A DDoS AttackInfographic: A Anatomy of A DDoS Attack
Infographic: A Anatomy of A DDoS AttackCheapSSLsecurity
 
Teaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakTeaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakShelly Sanchez Terrell
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerLuminary Labs
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 

En vedette (13)

Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Module 9 Dos
Module 9 DosModule 9 Dos
Module 9 Dos
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
Distributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And MitigationDistributed Denial of Service Attack - Detection And Mitigation
Distributed Denial of Service Attack - Detection And Mitigation
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks(SEC306) Defending Against DDoS Attacks
(SEC306) Defending Against DDoS Attacks
 
Denial of Service Attacks
Denial of Service AttacksDenial of Service Attacks
Denial of Service Attacks
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Infographic: A Anatomy of A DDoS Attack
Infographic: A Anatomy of A DDoS AttackInfographic: A Anatomy of A DDoS Attack
Infographic: A Anatomy of A DDoS Attack
 
Teaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & TextspeakTeaching Students with Emojis, Emoticons, & Textspeak
Teaching Students with Emojis, Emoticons, & Textspeak
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI Explainer
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
 

Dernier

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Dernier (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 

Internet security-Group 3

  • 1.
  • 2. What is DoS? DoS or “Denial of Service” attack is where a single host attacker attempts to make a computer resource unavailable by either injecting a computer virus or flooding the network with useless traffic.
  • 3. What is DDoS? DDoS or “Distributed Denial of Service” attack is a type of tactic used to attack a victim from multiple compromised computers simultaneously. The attacker installs a virus or Trojan software on compromised systems, and uses them to flood a victims network in a way that the victim’s server cannot handle.
  • 4. How is DDoS Done? Common Forms of DDoS Attacks Include: Ping of Death is where an attacker sends a ping packet larger than the maximum IP a computer system can handle causing the system to crash. Ping of Flood, where an attacker overwhelms the target’s network with ICMP(Internet Control Message Protocol) Echo request packets. This consumes a high amount of bandwidth on low to mid-speed networks down to a crawl. Mail Bomb is when an unauthorized users send a large number of email messages with large attachments to a particular mail server, causing the disk space to become full and results in denied email services to other users. Teardrop Attack creates a stream of IP fragments with their offset field overloaded. The destination host attempts to reassemble the fragments causing it to crash or reboot.
  • 5. Is DDoS A Real Threat? On Christmas Eve 2012 a DDoS attack on a bank in California resulted in a $900,000 Cyberheist. The cyber attackers used the Gameover Trojan. There were approximately 62 helpers that flooded a company’s system allowing the attackers to remotely controle the victims computer with malware and hide numerous fraudulent bank transfers in amounts ranging from $4,000 to $100,000. http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000- cyberheist/ On March 22, 2013, the largest DDoS ever hit the CloudFlare Network, a host for spam fighting. While most attacks have a ceiling of around 100 Gbps, their network was hit with 120 Gbps. CloudFlare’s providers were then hit with a massive 300 Gbps DDoS. The result was serious internet congestion in Europe and Asia. http://www.esecurityplanet.com/network-security/the-largest-ddos-ever- hits-the-internet.html
  • 6. What Is A Botnet? A botnet is a collection of Internet connected programs communicating with other similar programs in order to perform tasks. These tasks can be as simple as controlling an internet relay chat or as complex as a node on a distributed denial of service (DDoS) attack. The term botnet is derived from two common words - robot and network. There are two different types of botnets illegal and legal botnets. A legal botnet has several IRC, or Internet Relay Chat bots that set channel modes on other bots and users while keeping IRC channels free from unwanted users. An illegal botnet targets comprised computers whose security defenses have been breached. The controller of the illegal botnet is able to direct the activities of the compromised computers through communication channels.
  • 7. Botnet That Has Been Taken Down The Bamital botnet, which took people’s search results and took them to dangerous websites that could install malware onto their computer, steal their personal information, or fraudulently charge businesses for online advertisement clicks was taken down by Microsoft and Symantec. They used a combined legal and technical action to take down Bamital. On January 31, Microsoft filed for a lawsuit supported by a declaration from Symantec against the botnet’s operators to stop all the communication lines between the botnet and the malware-infected computers under its control. The court granted Microsoft’s request and on February 6, Microsoft was escorted by the U.S. Marshals Service to take evidence from the web-hosting facilities in Virginia and New Jersey.
  • 8. What is DNS? Domain Name System (DNS) A large database of unique IP addresses that corresponds with domain names. In essence, DNS is simply a database that links meaningful names (known as host names), such as http://www.microsoft.com, to a specific IP address, such as 192.168.124.1. Simply linking addresses to names is just the beginning, though, because DNS has many more features in addition to host-name-to-address mapping.
  • 9. "DNS Cache Poisoning" - DNS cache poisoning: An exploit in which the DNS database is changed in such a way that a URL no longer connects to the correct Web site. - DNS cache poisoning is also a tool of hackers who want to direct users to sites infected with worms or keyloggers.
  • 10. Shutting Down the Internet To completely shut down the Internet in the U.S.A, it would require someone with the ability to cause damage to the infrastructure of all the ISP's (Internet Service Provider) major networks which is virtually impossible to do because there are too many paths into and out of the country, too many independent providers who would have to be coerced or damaged. It could possibly be done if multiple governments coordinated together to shut down all the ISPs at the same time. The Internet is resilient and difficult to take down completely because it is decentralized. There is no company or government that owns the Internet. The Internet is not in a specific location but is spread out all over the world.