33 Security Attacks

epgp books

 

 

 

Learning Objectives

  • To discuss the concept of attacks in network security
  • To Know about various web attacks
  • To learn about Social Engineering and its vulnerabilities
  • To understand the protection mechanism

34.1. Need for Security

 

Increased reliance on Information technology with or without the use of networks has made need for security a must. The use of IT has changed our lives drastically. We depend on E-mail, Internet banking, and several other governmental activities that use IT. Increased use of E-Commerce and the World Wide Web on the Internet as a vast repository of various kinds of information (immigration databases, flight tickets, stock markets etc.)

 

34.2. Security Concerns

Systems connected by networks are more prone to attacks and also suffer more as a result of the attacks than stand-alone systems (Reasons?). Concerns such as the following are common

  • How do I know the party I am talking on the network is really the one I want to talk?
  • How can I be assured that no one else is listening and learning the data that I send over a network
  • Can I ever stay relaxed that no hacker can enter my network and play havoc?

34.3. Attacks, Services and Mechanisms

  • Security Attack: Any action that compromises the security of information.
  • Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
  • Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms

Security Attacks

 

Interruption: This is an attack on availability

 

Interception: This is an attack on confidentiality

 

Modification: This is an attack on integrity

 

Fabrication: This is an attack on authenticity

 

34.4 Passive and active attacks

  • Passive attacks

–  No modification of content or fabrication

 

– Eavesdropping to learn contents or other information (transfer patterns, traffic flows etc.)

  • Active attacks

–  Modification of content and/or participation in communication to

  • Impersonate legitimate parties
  • Modify the content in transit

Launch denial of service attacks

 

Security Services

 

  • A security service is a service provided by the protocol layer of a communicating system (X.800)
  • 5 Categories
    •  Authentication
    •  Access Control
    •  Data confidentiality
    •   Data Integrity
    •   Nonrepudiation (and Availability)
  • Authentication (Peer entity authentication and Data origin authentication)
    • Ensuring the proper identification of entities and origins of data before communication
  • Access control
    • Preventing unauthorized access to system resources
  • Confidentiality
    •   Preventing disclosure to unauthorized parties

34.5. Anatomy of Web Attacks

 

1.      Attacker breaks into a legitimate website and posts malware

 

Malware is no longer exclusive to malicious Web sites.Today it is common place for legitimate mainstream Web sites to act as parasitic hosts that serve up malware to their unsuspecting visitors.

 

2.      Attacking end-user machines.

 

Malware on a Web site makes its way down on to a user’s machine when that user visits the host Web site. “Drive-by-download” – happens automatically with no user interaction required. Additional techniques which do require some input from the user, but in practice are equally, if not more so, effective.

  1. Leveraging end user machines for malicious activity.

The most malicious activities begin once new malware has established a presence on a user’s machine.

 

How Do Websites Get Infected?

  • It used to be malware was only on illicit sites such as adult material and pirated software
    • Targeted users looking with short-term needs
  • Today legitimate and mainstream websites are targets
    • Complexity of websites – combination of many different Web content sources, dynamically constructed using many different scripting technologies, plug-in components, and databases
  • Web advertisements
    •  Usually third party
    •  A webpage can have content coming from 10-20 different domains

How are legitimate Web sites compromised?

 

1.  SQL Injection Attacks

  •  Finding flaws in Web sites that have databases running behind them.
  • A poorly validated input field in a Web input form may allow an attacker to insert additional SQL instructions which may then be passed directly into the backend database
  •  Trojan.Asprox and IFRAME Tag
  1. Malicious Advertisements
  • Many Web sites today display advertisements hosted by third-party advertising sites
  •  Volume of ads published automatically makes detection difficult
  •  Random appearances further compounds the detection
  1. Search Engine Result Redirection
  1. Attacks on the backend virtual hosting companies
  1. Vulnerabilities in the Web server or forum hosting software
  1. Cross-site scripting (XSS) attacks

GETTING ONTO A USER’S COMPUTER

 

 

34.6. Automatic Attack Exposure

  • Techniques used to deliver malware from Websites to a users computer.
  • Exposure
    •  Browsing a website
    •  No user interaction is required
    •  Executable content is automatically downloaded

34.7. Typical Sequence of Events

  • Attacker compromises a good website
  • Visit website
  • Redirected to a bad website
  • Corrupt code is downloaded
  • Installed on the computer
  • Corrupt software takes control

34.8. Attack Toolkits

  • Profiling the victim
    • Based on the Specific Operating System
    • Browser Type
  • Timing the attack
    • Attack only once every hour
  • Geographical variances
    •   Regional attacks on users
  • Selective use of vulnerabilities
    • Based on the protection of the users
  • Random attacks
    •   No pattern, no reason, unpredictable

   “Click Jacking”

  • The click of link executes the attacker’s code
  • Often leading the person to a malicious website.

Frequency of Attacks

  • Thousands of times every day
  • In 2008
    • 18 million infection attempts
    •   Continues to increase

Social Engineering

 

•      People are tricked into performing actions they would not otherwise want to perform

34.9. Types of Social Engineering Attacks

  • Fake Codec
  • Malicious Peer-to-Peer (P2P) Files
  • Malicious Advertisements
  • Fake Scanner Web Page
  • Blog Spam
  • Other Attack Vectors

   Fake Codec

  • User is prompted to install a missing codec
  • Codec is actually malware code
    •  Usually a trojan horse

Malicious Peer-to-Peer (P2P) Files

 

Malware authors bind content into popular applications. Files named after celebrities, popular bands. Uploaded to popular P2P sites where they are downloaded by unsuspecting users which are openly available how-to materials on the internet. Details how to build and distribute malware Pay-Per-Install malware is available.

Malicious Advertisements

 

Malware authors advertise their fake codecs to unsuspecting users by using legitimate advertising channels and Sponsored links pointed to pages masked as legitimate downloads for official versions of software. Advertising providers have taken notice, but this is difficult to mitigate owing to volume

 

Fake Scanner Web Page

  • Create a web site or product that misrepresents the truth
    •  JavaScript pop-ups notifying of false need to install operating system updates
    • Tools that claim to scan for and remove images, etc.

 

 

 

 

 

 

 

 

 

 

 

Other Attack Vectors

 

•      Spam

 

Emails contain links directing people to drive by download, fake scanner/codec, and malware sites

 

•      Pirated software sites

 

Pirated versions of software are bundled with or comprised solely of trojan horses

What happens to your computer?

  • Leading Malware: Misleading Applications

Also referred to as rogueware, scareware

  • Intentionally misrepresent security issues
  • Social engineering to entice product purchase
  • Malware activities:

Prevent users from navigating to legitimate antivirus vendors

 

Prevents itself from being uninstalled

 

    Pops up warnings that the system is infected and that the software needs to be purchased in order to clean system

 

Other Malware Activities

  • Stealing personal information

Keyloggers

  • capture username, passwords for various sites

Banking, Shopping, Gaming and email accounts

  • Capture credit card numbers
  • Botnet proliferation

Remote control to coordinate large scale attacks

 

Software Protection

 

•      Update and Patch Software

 

–  Get latest OS, Browser, Application patches

 

–  Browswer Plug-in updates often forgotten

 

•      Endpoint Protection Software

 

–  Heuristic File Protection

 

–  Intrusion prevention system – prevent drive by

 

–  Behavioral monitoring

 

•      Update Protection Software Subscription

 

–  70000 virus variants possible in a week

Behavioral Protection

  • Be Suspicious

–  Avoid things that seem too good to be true

 

–  Use safe search functionality in browsers

 

  • Adopt Strong Password Policy

–  Use mixture of letters, number, and symbols

 

–  Change passwords frequently

 

–  Use unique passwords for different sites

 

  • Prevention is the key

–  Reduce or Eliminate the Vulnerability

 

–  Adaptive experienced based techniques

 

–  Be proactive in protecting systems

 

–  Cheaper to prevent than the repair infected systems

 

Summary

  • Understood concept of attacks in network security
  • Discussed about various web attacks
  • Learnt about Social Engineering and its vulnerabilities
  • Illustrated the various protection mechanisms
you can view video on Security Attacks