Contenu connexe Plus de Karwan Mustafa Kareem (9) Introduction to Computer and Network Security1. 1
By: Msc. Karwan M. Kareem
2015 - 2016
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Chapter 1: Introduction to
Computer and Network Security
Faculty of Physical and Basic Education
Computer Science
2. Topics
1945
1964
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
2
History of Computer Security
What is security?
Why is information technology security important?
Who would want to break into my computer at home?
Goals of computer security (security principles)
Scope of Computer Security
Computer security concepts
Type of Security
Famous hackers
Hacking and Why do hacker hack?
What are some common attacks?
Network Attacks
• Packet sniffing tools
Web attacks
OS, application and software attacks
Social Engineering
Password attack or password cracking
Computer security issues
Ways to protect computer
3. History of Computer Security
Rear
finds
Navy
She l
“deb
1945
dmiral Grace Murray Hopper
a moth among the relays of a
computer and calls it a “bug.”
atercreatesthe
ugging.”
term
1964
AT&T starts monitoring toll calls to
catch “phonefreaks,” or “phreakers,”
who obtain free phone calls by the use
of tone-producing “blue boxes.” The
monitoringends in 1970, resulting in
200 convictions.
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
3
4. John Draper, A.K.A. “Captain
Crunch,” discovers that
free phone calls
can be made with the use of a
blue box and a plastic toy
whistle that comes in Cap’n
Crunch cereal boxes. The whistle
1972
2600-hertzduplicatesa
tone to unlock AT&T’s
network.
phone
1979
The first computer “worm” is created
at “Xerox’s Palo Alto Research Center".
The program is meant to make
computersmore efficient, but later
hackers modify worms into computer
viruses that destroy or alter data.
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
History of Computer Security
4
5. 1983 contact
us for
vaccination
Fred Cohen, a Universityof
Southern California doctoral
1986student, comes up
“computer
with term
virus.”
The first PC virus, “the Brain,”
is created. The Brain, however
is not destructive, and the
creators included their contact
informationwith it.
1987The Alameda,
Cascade,
Jerusalem, Lehigh,
and Miami viruses
are created.
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
History of Computer Security
5
6. 1988
Aworm is uploaded to ARPANET (Advanced
Research Projects Agency Network), the
ancestor of the Internet, disabling about
6,000 computers
by replicating itself and filling their memory
banks. Robert Morris, who created and
unleashed the virus out of boredom, received
X
X
three years’ probation and a $10,000 penalty.
The first
self-modifying
viruses are created.
1990
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
History of Computer Security
6
7. Concept, the first Microsoft Word-based
virus, spreads worldwideusing macro
commands. The virus is spread by
1995
opening an infected Word document.
1998
2000“Solar Sunrise” occurs when hackers
500take control of over
government, military, and private
computer systems. Authorities
eventually learn that two California
teenagers coordinated the attacks.
Hackers use computers
at the University of
California-Santa Barbara to
crash Amazon,Yahoo, eBay,
and other websites by
flooding their sites with tra
c.
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
History of Computer Security
7
8. 2001
$2 billion in damageThe Code Red wormcauses
by infecting Microsoft Windows NT and Windows2000 server
software. The virus attempts to use all infected computersto
attack the White House website simultaneously,
but the worm’s code is deciphered in time and the attack is blocked.
2005 Users of computers infected with PoisonIvy find
their computers remotely controlled via the virus.
The remote access trojan is used to attack not only
personal computers, but chemicaland defense
companies as well.
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
History of Computer Security
8
9. 2006
Between 469,000 and 1 million
computers are infected by the Nyxem virus,
which overwrites files on the third of every
month. The virus is spread by email attachments
and targets files with extensions
such as .doc, .xls, .ppt, .zip, .pdf, etc.
2007
The Storm Worm virus (actuallya trojan) is
sent to unsuspecting
with headlines about
disaster. Within three
individuals via emails
a recent European days
of its release the
8% of all infections.virus accounts for
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
History of Computer Security
9
10. 2008
* * *
The Koobface virus spreads through email and social
networking sites like Facebook. Once infected, a
computer sends its users ads for phony software.
Money is exchanged but
products are never delivered.
2009
The Conficker (a.k.a Downadup or Kido) worm, best known for
stealing financial data and passwords, infect millions
of computers. The complexity and infection rate leads to the
assembly of an alliance of experts just to stop the complex virus.
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
History of Computer Security
10
11. 2010Stuxnet, a virus created for industrial and
economic attacks,is discovered. The worm
targets systems used to run nuclear power
plants and water facilities and is so large and
complex, estimates suggest it was developed
by the U.S. or Israeli governments and
took more than 10 years to develop.
The Ramnit virus is used to steal over
2011 45,000 passwords and accounts
on Facebook. The virus attaches itself to
a legitimate file, infects a computer, and
runs an invisible browser to connect with
a hacker.
********
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
History of Computer Security
11
12. 2012
The Heartbleed bug takes advantage of
a flaw in the OpenSSL security software
library in order to access passwords,
encrypted communications, and other
sensitive data. Millions of secure servers
are exposed to the virus, which in turn
a ects billions of people.
Between Nov. 27 - Dec. 15, the
personal data of 70
million FB customers
2013
is stolen when hackers gain access to Targets’
servers. Target discovers the breach on Dec. 13,
the event is leaked on Dec. 18, and Target publicly
announces it the next day.
********
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
History of Computer Security
12
13. 2014
One dozen Russian hackers steal more than
1.2 billion matching passwords
and usernames, and over 500
million email address.
The heist is accomplished using viruses to test and
exploit vulnerabilities in websites’ SQL code.
*******
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
History of Computer Security
13
14. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
What is security?
Computer Security
Computer security is the process of preventing and detecting unauthorized use of
your computer.
Prevention measures help you to stop unauthorized users (also known as
"intruders") from accessing any part of your computer system.
Detection helps you to determine whether or not someone attempted to break
into your system, if they were successful, and what they may have done.
Data Security
Data security is the practice of keeping data protected from corruption and
Unauthorized access. The focus behind data security is to ensure privacy while
protecting personal or corporate data.
Information technology security
Information technology security is the process of protecting computers, networks,
programs and data from unintended or unauthorized access, change or destruction.
14
15. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Why is information technology security important?
Why should I care about computer security?
We use computers for everything from banking and investing to shopping and
communicating with others through email or chat programs.
Governments, military, corporations, financial institutions, hospitals and other
businesses collect, process and store a great deal of confidential information on
computers.
Transmit that data across networks to other computers.
With the growing volume and sophistication of computer and network attacks.
ongoing attention is required to protect sensitive business and personal
information, as well as safeguard national security.
During a Senate hearing in March 2013, the nation's top intelligence officials
warned that information technology attacks and digital spying are the top threat to
national security, eclipsing terrorism.
15
16. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Who would want to break into my computer at home?
Who would want to break into my computer at home?
Intruders (also referred to as hackers, attackers, or crackers)
may not care about your identity.
they want to gain control of your computer so they can
use it to launch attacks on other computer systems.
Having control of your computer gives them the ability to
hide their true location as they launch attacks.
Even if you have a computer connected to the Internet
only to play the latest games or to send email to friends and
family, your computer may be a target.
Intruders may be able to watch all your actions on the computer, or cause damage to
your computer by reformatting your hard drive or changing your data.
16
17. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Goals of computer security (security principles)
Coals of Computer security (security principles)
Integrity التأكدمنصحةالمعلومات
Assurance that the information is authentic and complete.
Integrity is the principle of protecting information against
improper modification.
Confidentiality ّةيسرالمعلومات
The information must just be accessible to the authorized people.
Confidentiality is the principle of protecting information from disclosure to
unauthorized entities.
Access control, and cryptographic encryption of data over a network or on a
storage device are common techniques for achieving confidentiality.
Availability توفرالمعلومات
Assurance that the systems responsible for delivering, storing and processing
information are accessible when needed, by those who need them.
Reliability
Computers should work without having unexpected problems
Authentication
Guarantee that only authorized persons can access to the resources
17
18. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Scope of Computer Security
Scope of computer security
18
19. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Computer security concepts
Computer security concepts
Passive Attack
attempts to learn or make use
of information from the system
but does not affect system
resources.
Two types of passive attacks are:
• Release of message contents
• Traffic analysis.
Active Attack
Modification of the data stream
or the creation of a false stream
Four types of active attacks
• Masquerade
• Replay
• Modification of messages
• Denial of service.
19
20. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Computer security concepts
Computer security concepts
Computer security risk
A computer security risk is any event or action that could cause a loss of or
damage to computer hardware, software, data, information, or processing
capability.
Computer crime
Any illegal act involving a computer generally is referred to as a computer crime.
Cracker
A cracker is someone with extensive computer knowledge who accesses a
computer or network illegally , someone whose purpose is to destroy data, steal
information, or other malicious action
The general view is that, while hackers build things, crackers break things.
Cyber terrorist
A cyber terrorist is someone who uses the Internet or network to destroy or
damage computers for political reasons.
Rootkit
A rootkit is a program that hides in a computer and allows someone from a
remote location to take full control of the computer.
20
21. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Type of Security
Types of Security
Network Security
System and software security
Physical Security
Network security
Network security refers to any activities designed to protect your network.
Specifically, these activities protect the usability, reliability, integrity, and safety of
your network and data.
Effective network security targets a variety of threats and stops them from
entering or spreading on your network.
Physical security
Physical security is the protection of personnel, hardware, programs, networks,
and data from physical circumstances and events that could cause serious losses or
damage to data.
This includes protection
From fire, natural disasters,
burglary, theft, vandalism,
and terrorism.
21
22. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Type of computer hackers
Hacker
In the computer security context, a hacker is someone who seeks and exploits
weaknesses in a computer system or computer network. “a clever programmer“.
Hackers may be motivated by a multitude of reasons, such as profit, protest,
challenge or enjoyment.
Type of computer hackers
white hat hacker
The term "white hat" refers to an ethical computer hacker, or a computer
security expert, who specializes in hack testing to ensure the security of an
organization's information systems.
White hat hacker breaks security for non-malicious reasons, perhaps to test their
own security system .
Black hat hacker
Black hat hacker known as crackers or dark-side hackers. someone violating
computer or Internet security maliciously or for illegal personal gain.
Gray hat hacker
A gray hat hacker is a combination of a black hat and a white hat hacker.
22
23. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Famous hackers
Some of most famous hackers
Kevin Mitnick
An American computer security
consultant, Kevin David Mitnick is one
of the most notorious hackers of the
20th century.
He got involved in several computer
and communications-related crimes and
even became one of the most wanted
computer criminals in the United States.
At a very young age of 12, Kevin
Mitnick begun to use his social
engineering skills to circumvent the
punch card system used in Los Angeles
buses.
Kevin Poulsen
A news editor at Wired.com,
Kevin Lee Poulsen is a former
hacker.
He hacked the telephone lines of
the Los Angeles-based radio
station KIIS-FM.
After he was released from
prison, he decided to leave the
computer programming world and
become a journalist to distance
himself from his criminal past.
23
24. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Famous hackers
Mike Calce
Michael Demon Calce, also
known as the MafiaBoy of
cyberspace, was a high school
apprentice at West Island.
He got involved in a series of
publicized denial-of-service attacks
against some of the largest
commercial websites, including
Yahoo!, eBay, CNN, Amazon.com
and Dell, Inc.
Chad Davis
An American hacker who is
among the most notorious
cybercriminals of the 20th century.
He founded Global Hell, and
authored the hacking of the
websites of some of the largest
organizations and corporations in
the United states.
He was the man behind the
vandalism of the homepage of The
White House and the US Army with
a message saying “Global Hell will
not die.”
24
25. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Hacking and Why do hacker hack?
Why do Hackers hack?
For things. Yes, breaking into a computer is great for
getting information.
For fun. Hacking is a game to prove how smart you
are. The more defenses, anti-virus, anti-spyware and
firewalls you can destroy the smarter you are.
Hacking to steal. Another reason to hack a system is
to steal information or money.
For vengeance. Destroy enemy’s computer network
during the war
For guilt.
For nothing. Sometimes, you hack without meaning
too. Or you join a gang to see what it's like. Before you
know it, you're hooked. Don't do it.
Hacking The Process of attempting to gain or successfully gaining, unauthorized access
to computer resources is called Hacking “obtaining access to a computer system
without authority”.
25
26. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
What are some common attacks?
What are some common attacks?
Network Attacks
• Packet sniffing
• man-in-the-middle
• DNS hacking
Web attacks
• Phishing
• SQL Injection
• Cross Site Scripting
OS, applications and software attacks
• Virus
• Trojan
• Worms
• Rootkits
• Buffer Overflow
Not all hackers are evil wrongdoers trying to steal your info
Ethical Hackers, Consultants, Penetration testers, Researchers
Need to know
Networking
Web Programming
Operating Systems
Programming languages and compilers
Social Engineering
(NOT social networking)
26
27. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Network Attacks
Network Attacks
Packet Sniffing
Internet traffic consists of data “packets”,
and these can be “sniffed”
Leads to other attacks such as
password sniffing, cookie
stealing session hijacking,
information stealing
Man in the Middle
Insert a router in the path between client
and server, and change the packets as they
pass through
DNS hijacking
Insert malicious routes into DNS tables to
send traffic for genuine sites to malicious
sites
27
28. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Packet sniffing tools
Wireshark
Wireshark is one of the network packet
analyzer. A network packet analyzer will try to
capture network packets and tries to display that
packet data as detailed as possible.
Attacker can use Wireshark to
analyze network packets, password
sniffing, cookie stealing, session
hijacking and information stealing.
You could think of a
network packet analyzer as
a measuring device used to
examine what’s going on
inside a network
cable
28
29. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Packet sniffing tools
Wifislax
Wifislax is a Slackware-based Linux distribution designed for wireless hacking
and forensics.
It contains a large number of security and forensics tools, which transforms
it into a pentesting (penetration testing).
29
It can run as a live CD
or installed in your
laptop saving personal
settings.
By default, the boot
options are in Spanish,
which is not surprising,
considering that the
developers are from
Spain..
30. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Web attacks
Web attacks
Phishing
An evil website pretends to be a trusted website.
Example:
You type, by mistake, “mibank.com” instead of
“mybank.com”
mibank.com designs the site to look like
mybank.com so the user types in their info as
usual
BAD! Now an evil person has your info!
SQL Injection
• Malicious SQL statements are inserted into an
entry field for execution (e.g. to dump the database
contents to the attacker).
• Used to attack data-driven applications.
• Can be used to attack any type of SQL database.
Cross Site Scripting
Writing a complex JavaScript program that steals
data left by other sites that you have visited in same
browsing session.
Need to know
Web Programming
JavaScript
SQL or PlSQL
30
31. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Packet sniffing tools
Acunetix
Acunetix Vulnerability Scanner automatically
crawls and scans custom-built websites and web
applications for SQL Injection, XSS, XXE, SSRF, Host
Header Attacks & over 500 other web
vulnerabilities..
Acunetix Vulnerability Scanner able
to scan and test any application, no
matter what web technology it’s
written in.. Like php, asp, jsp, ajax,
Jqery, java script and so on ..
Acunetix able to detect SQL
Injection, XSS and over 500
other types of web application
vulnerabilities..
31
Acunetix provides reports
help developers to quickly
identify a web application’s
threat surface, detect what
needs to be fixed..
32. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
OS, application and software attacks
OS, applications and software attacks
Computer Virus
• Definition
- Computer program “Piece of code” that
automatically reproduces itself.
- It’s attached to other programs or files, but
requires user intervention to propagate.
• Background
- There are estimated 30,000 computer viruses in
existence
-Over 300 new ones are created each month
-Today almost 87% of all viruses are spread through
the internet
• Infection (targets/carriers)
- Executable files
- Boot sectors
- Documents (macros), scripts (web pages), etc.
• Propagation
is made by the user. The mechanisms are storage
elements, mails, downloaded files or shared folders
Need to know
Computer Architecture
programming
Viruses can increase their
chances of spreading to other
computers by infecting files on a
network file system or a file
system that is accessed by
another computer..
32
33. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
OS, application and software attacks
Computer Virus
• Symptoms of Virus Attack
- Computer runs slower then usual
- Computer no longer boots up
- Screen sometimes flicker
- PC speaker beeps periodically
- System crashes for no reason
- Files/directories sometimes disappear
-Denial of Service (DOS)
• Typical things that some current personal computer
viruses do
- Display a message.
- Erase files
- Scramble data on a hard disk
- Cause erratic screen behavior
- Halt the PC
- Many viruses do nothing obvious at all except
spread!
33
34. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Packet sniffing tools
Halabjay
Halabjay Virus is an Kurdish malware which is
developed by kurd-intruder to test and analyze
computer virus behaviors..
It’s attached to other programs or
files, but requires user intervention to
propagate..
Halabjay virus able to control
hardware parts like cd driver,
USB, mouse and keyboard..
34
Halabjay virus able to
control logical part of the
computer such as operating
system and computer
applications ..
35. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
OS, application and software attacks
Worm
• Definition
-Piece of code that automatically reproduces itself
over the network. It doesn’t need the user
intervention to propagate (autonomous).
• Infection
-Via buffer overflow, file sharing, configuration
errors and other vulnerabilities.
• Target selection algorithm
-Email addresses, DNS, IP, network neighborhood
• Payload
- Malicious programs
-Backdoor, DDoS agent, etc.
• Anatomy of Worms
- Attack Mechanism
- Payload
- New target selection
35
36. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
OS, application and software attacks
Worm
• Harmful effects of Worms
-A worm uses a compromised system to spread through email, file
sharing networks, instant messenger, online chats and
unprotected network shares.
- Infects files, corrupts installed applications and damages the
entire system.
- Steals or discloses sensitive personal information, Valuable
documents, passwords, etc.
- The worm installs a backdoor or drops other dangerous parasite.
- Connection speed & System performance.
• Type of worms
- Conficker Worm
- Email and Instant Message Worms
- Internet Worms (Morris Worm)
- IRC Worms
- File-Sharing Network Worms
- Slapper Worm
36
37. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
OS, application and software attacks
Trojans
• A Trojan horse or Trojan, is a destructive program that masquerades as
an application.
- The Trojan Horse, at first glance will appear to be useful software
but will actually do damage once installed or run on your computer.
-Trojans are also known to create a backdoor on your computer that
gives malicious users access to your system.
- Unlike viruses and worms, Trojans do not reproduce by infecting
other files nor do they self-replicate.
- Some well known Trojans: Net-bus, Girl friend, Back orrifice
,Flooder, Vundo Trojan etc.
• Types of Trojans
- Remote access Trojans
- Password sending Trojans
- Key _loggers
- Destructive
- Denial of service(DOS) Attack Trojans
- Mail-Bomb Trojans
- Proxy-Wingate Trojans
- FTP Trojans
- Software Detection Trojans
37
38. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
OS, application and software attacks
Trojans
• What Trojans can do?
Use of the machine as part of a Botnet (e.g. to perform automated
spamming or to distribute Denial-of-service.)
Uninstallation of software, including third-party router drivers.
Downloading or uploading of files on the network hdd.
Watching the user’s screen.
Spreading other malware? Such as viruses. In this case? The
Trojan horse is called a dropper or vector.
Modification or deletion of files.
Data theft(e.g. retrieving username or postal code information)
Erasing or overwriting data on a computer.
Encrypting files in a crypto viral extortion attack.
Crashing the computer.
Corrupting files in a subtle way.
Setting up networks of zombie computers in order to launch
Dodos attacks or send spam.
38
39. Online mobile spy
Spy to mobile...
All the information from the cell phone is sent to your account
over the Internet. If you'd like to track a cell phone in real time,
be sure it has an active Internet connection.
When you sign in, you'll be able to check the phone's incoming
and outgoing SMS messages, call history, contact list, current
location and previous tracks.
39
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
OS, application and software attacks
40. you'll be able to check the phone's incoming and
outgoing SMS messages..
40
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
OS, application and software attacks
41. you'll be able to check
the phone's call history..
41
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
you'll be able to check
the contact list..
OS, application and software attacks
42. you'll be able to check the current location like accuracy,
speed, altitude and previous tracks..
42
© University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
OS, application and software attacks
43. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Social Engineering
Social Engineering
• Definition
- Manipulating a person or persons to detect and steal confidential
data and information.
- It is a way for criminals to gain access to information systems. The
purpose of social engineering is usually to secretly install spyware,
other malicious software or to trick persons into handing over
passwords and/or other sensitive financial or personal information.
• What are they looking for ?
- Obtaining simple information such as your pet's name, where
you're from, the places you've visited; information that you'd give
out freely to your friends.
- Some have a 'secret question' you have to answer, if you cannot
remember your username or password. The questions seem pretty
tough for an outsider looking into trying to hack into your account.
What's the name of your first pet?
What is your maiden name?
When was your mother/father born?
Where were you born?
43
44. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Password attack or password cracking
Password cracking
Password cracking is the process of guessing or recovering a
password from stored locations or from data transmission system.
It is used to get a password for unauthorized access or to recover a
forgotten password.
In penetration “hack” testing, it is used to check the security of an
application.
Password cracking methods are Guessing, Dictionary attacks and
Rainbow Tables.
• Guessing
Find or guess a user’s identifier (Find user ids)
Get encrypted or hashed passwords or password files
Encrypt or hash the trial passwords
See if there is a match
• Rainbow Tables
Uses a large number of hashed passwords without having a
dictionary.
Innovative algorithm, that can find passwords fast!
e.g. 14 character alphanumeric passwords are found in
about 4-10 minutes of computing using a 1GB rainbow table
Need to know
- Data structures
- Algorithms
- Cryptography
44
45. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Computer security issues
Computer Security Issues
Vulnerability is a point where a system is susceptible to attack " is a mistake
in hardware or software that can be directly used by a hacker to gain access to a
system or network”.
Vulnerabilities can lead to:
- Unauthorized access ( attacker can login, read files, and make changes
to the system).
- Denial of service against host ( attacker can crash the system, disable
services, etc..).
- Denial of services against network ( attacker can disrupt routing, flood
the network, etc..).
A threat is a possible danger to the system. The danger might be a person (a
system cracker or a spy), a thing (a faulty piece of equipment), or an event (a
fire or a flood) that might exploit a vulnerability of the system.
Countermeasures are techniques for protecting your system.
means used to deal with security attacks like prevent, detect
and recover.
The relationship among threats, controls, and vulnerabilities:
A threat is blocked by control of a vulnerability.
45
46. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Ways to protect computer
Ways to protect computer
Get the latest Anti-Virus Software.
Update the virus database in your anti-virus program regularly
(each month or by the direction of the manufacturer).
Not to open any unknown source downloads. To prevent attacks.
Be sure do a full back up of your system on a regular basis. A backup file is a
copy of a file which is kept in case anything happens to the ..
original file. Back-up systems often use: Grandfather – Father – Son
principal.
Use file-level and share-level security.
Use a Host-Based Firewall as well as Personal firewall software that
analyzes and controls incoming/outgoing packets: A personal firewall is
an application which controls network traffic to and from a computer,
permitting or denying communications. E.g. BlackICE™ PC Protection.
46
47. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Ways to protect computer
Download files only from trusted sites
Remember to do a virus scan for them after peripheral devices are connected to
your computer.
Use disk encryption: There are many third-party products available that will
allow you to encrypt an entire disk. Examples include PGP Whole Disk
Encryption and Drive Crypt.
Make use of a public key infrastructure: A PKI enables users to securely and
privately exchange data through the use of a public and a private cryptographic key
pair that is obtained and shared through a trusted authority.
Hide data with steganography: You can use a steganography program to hide
data inside other data.
Software safeguards include giving users:
A user identity and a password.
Some unique physical trait (biometrics)
47
48. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Ways to protect computer
Some game cracks and key gens can contain Trojans so beware.
Avoid downloading attachments with the suffix .exe on the end. These are
executable files, which are often used to send viruses, worms and Trojan horses.
Don't open unknown attachments in emails or do a virus scan after opening
them.
Use a Mal-ware and Ad-ware Scanner.
Don't allow your web browser to automatically run programs, such as MS Word
or other programs through its e-mail program. Configure your browser to launch
WordPad or Notepad instead.
Configure your web browsers to disable ActiveX, Java, and Javascript.
A personal firewall should be run on any system that is not behind a corporate
firewall. This should be done on any computer that connects to the internet.
48
49. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
Ways to protect computer
Encryption for your calls:
RedPhone : makes private communication simple. Free, world-wide, end-to-
end encryption for your calls, securing your conversations so that nobody can
listen in.
RedPhone uses your normal phone number to make and receive calls, so
you don't need yet another identifier.
49
All RedPhone calls are free,
including long distance and
international.
Free and Open Source,
enabling anyone to verify
its security by auditing
the code.
RedPhone calls are
encrypted end-to-end.
50. © University of Sulaimani, Faculty of Physical & Basic Education, Department of Computer Science 2015 / 2016
END
END…
Any questions..?
Hope you have been happy
Thank you
By: Msc. Karwan M. Kareem
2015 - 2016
50
Notes de l'éditeur As mentioned, the assets of a computer system can be categorized as hardware, software, data, and communication lines and networks. We briefly describe these four categories and relate these to the concepts of integrity, confidentiality, and availability, as illustrated here in Figure 1.3.
Hardware - A major threat = is the threat to availability. Hardware is the most vulnerable to attack and the least susceptible to automated controls. Threats include accidental and deliberate damage to equipment as well as theft. Theft of CDROMs and DVDs can lead to loss of confidentiality. Physical and administrative security measures are needed to deal with these threats.
Software - includes the operating system, utilities, and application programs. A key threat is an attack on availability. Software is often easy to delete. Software can also be altered or damaged to render it useless. Careful software configuration management can maintain high availability. A more difficult problem is software modification (e.g. from virus/worm) that results in a program that still functions but that behaves differently than before, which is a threat to integrity/authenticity.
Data - involves files and other forms of data controlled by individuals, groups, and business organizations. Security concerns with respect to data are broad, encompassing availability, secrecy, and integrity. In the case of availability, the concern is with the destruction of data files, which can occur either accidentally or maliciously. The obvious concern with secrecy is the unauthorized reading of data files or databases. A less obvious secrecy threat involves the analysis of data and manifests itself in the use of so-called statistical databases, which provide summary or aggregate information. Finally, data integrity is a major concern in most installations. Modifications to data files can have consequences ranging from minor to disastrous.
Password Problems
Users choose passwords that are easy to remember and often choose the same sequence of characters as they have for their userIDs.
Users also frequently select names of family members, their pets, or their favorite sports team for their passwords.
Improving Passwords
To complicate the attacker’s job:
Mix uppercase and lowercase characters.
Include numbers and special characters in passwords.