This document discusses various internet security threats such as hijacked web servers, denial-of-service attacks, cross-site scripting, email spoofing, and trap doors. It provides details on how these threats are carried out and potential defensive measures. The key threats are hijacking web servers to plant hostile code, denial-of-service attacks which try to interrupt services, cross-site scripting which injects scripts to steal cookies or phish users, email spoofing which forges sender addresses in spam/phishing, and trap doors which bypass authentication. Internet security aims to establish rules against such attacks over the insecure internet.
2. Introduction…
• The Internet represents an insecure channel for
exchanging information leading to a high risk
of intrusion or fraud, such as phishing.
• Internet security is a branch of computer
security specifically involving browser security but
also network security on a more general level.
• Its objective is to establish rules and measures to
use against attacks over the Internet.
3. Need for Internet Security…
• Today, internet is stuffed with different types of
sensitive data
• The internet is packed with threats from hackers. They
can
• crash your system,
• Acquire access to your personal information and can
result in monetary losses.
So,
• You need internet security to keep information and
systems safe from malicious software and individuals.
4. What are the main security-related
threats on the Internet
Today?
• Hijacked web servers
• Denial-of-Service Attacks
• Cross Site Scripting
• Trap Doors
• Email Spoofing
6. Web Server Hijacking…
• Attacker gains access and changes contents of web
server.
• Can be very bad:
• Attacker can plant hostile applets.
• Attacker can plant data sniffers
• Attacker can use compromised machine to take over
internal system.
• Usually outsiders.
• Nearly impossible to trace.
7. How do they do it?
• Administrative passwords captured by a password
sniffer.
• Utilize known vulnerability:
• Buffer overflow.
• Use web server CGI script to steal /etc/passwd file,
then crack passwords.
• Mount the web server’s filesystem.
8. Defensive Measures…
• Patch known bugs.
• Don’t run unnecessary services on the web server.
• Monitor system for signs of penetration
• Intrusion detection systems
• Make frequent backups.
• Have a hot spare ready.
10. What is Denial-of-Service
attack?
• A denial-of-service (DoS) attack is an attempt to
make a machine or network resource unavailable
to its intended users.
• Although the means to carry out and targets of a
DoS attack may vary, it generally consists of efforts
to temporarily or indefinitely interrupt or suspend
services of a host connected to the Internet.
• Costs money and reputation
• Lost Sales
• Damage to reputation
11. How it is done?
• Send a lot of requests
(HTTP, or SMTP requests)
• Easy to trace.
• Relatively easy to defend against with TCP/IP blocking at
router.
• Attack routers
• Attack DNS
13. Cross-Site Scripting…
• Cross-site scripting (XSS) is a type of computer
security vulnerability which enables attackers
to inject client-side script into Web pages viewed
by other users.
• Cross-site scripting carried out on websites
accounted for roughly 84% of all security threats
documented by Symantec as of 2007.
• Their effect may vary depending on the sensitivity
of the data handled by the vulnerable site.
14. XSS Attacks - Stealing Cookie
• What is cookie?
• Used by the web applications for authenticating,
tracking, and maintaining specific information
about users
• Once a cookie is saved on your computer, only the
website that created the cookie can read it
• How it is done?
• Attacker injects script that reads the site’s cookie
• Scripts sends the cookie to attacker
• Attacker can now log into the site as the victim
15. Some other XSS Attacks…
• Defacement
• Attacker injects script that automatically redirects
victims to attacker’s site
<script>
document.location = “http://evil.com”;
</script>
• Phishing
• Fake page asks for user’s credentials or other sensitive
information( e.g. fake paypal page)
• The data is sent to the attacker’s site
17. Email Spoofing…
• Email spoofing is the creation of email messages
with a forged sender address - something which is
simple to do because the core protocols do no
authentication.
• Spam and phishing emails typically use such
spoofing to mislead the recipient about the origin
of the message.
18. Prevention measures…
• A number of measures to address spoofing are
available, but it is likely that almost half of all
domains still do not have such measures in place.
• However, as of 2013, 60% of consumer mailboxes
worldwide used measures to protect themselves
against this.
• Although email spoofing is often effective in forging
the sender's real email address, the IP
address source computer sending the mail can
generally be identified from the "Received:" lines in
the email header.
20. Trap doors…
• Method of bypassing normal authentication
methods
• Remains hidden to casual inspection
• Can be a new program to be installed
• Can modify an existing program
• Also known as Back Doors
21. Trap Door Examples…
• 2003, an attempt was made to create a backdoor in
the Linux Kernel
• Early versions of the Sobig Virus in 2003 installed
backdoors to send its spam.
• MyDoom virus in early 2004 created a backdoor on
port 3127 to send spam
23. Conclusions…
• Keep server and third-party applications and library
up-to-date
• Do not trust user input
• Review code & design and identify possible
weaknesses
• Monitor run-time activity to detect ongoing
attacks/probes