Transcript Application of Networks

I’ll help you access your email.
What’s your email password?
Ooh. It’s not working. Ah.
There’s a cable disconnected
here. Wonder who did that?
What’s your login password?
I’m just testing something.
Email attacks
or verbal social attacks
Email Message
To: Fred
From: Sys [email protected]
14. Security
WWW page:
Text book:
Message:
For System Administrative purposes,
please send me your password.
http:/www.dcs.napier.ac.uk/~bill/cnds/index.html
Mastering Networks (Chapter 14)
14.1
Security
Typical problems
Users sending a file of the wrong format to
the system printer (such as sending a binary
file). Another typical one is where there is a
problem on a networked printer (such as lack
of paper), but the user keeps re-sending the
same print job.
Users deleting the contents of sub-directories,
or moving files from one place to another
(typically, these days, with the dragging of a
mouse cursor). This problem can be reduced
by regular backups.
Users deleting important system files (in a PC,
these are normally AUTOEXEC.BAT and
CONFIG.SYS). This can be overcome by the
system administrator protecting important
system files, such as making them read-only or
hidden.
Users telling other people their user
passwords or not changing a password from
the initial default one. This can be overcome by
the system administrator forcing the user to
change their password at given time periods.
Security
Data protection. This is typically where sensitive or
commercially important information is kept. It might include
information databases, design files or source code files. One
method of reducing this risk to encrypt important files with a
password and/or some form of data encryption.
Software protection. This involves protecting all the
software packages from damage or from being misconfigured.
A misconfigured software package can cause as much damage
as a physical attack on a system, because it can take a long time
to find the problem.
Physical system protection. This involves protecting
systems from intruders who might physically attack the
systems. Normally, important systems are locked in rooms and
then within locked rack-mounted cabinets.
Transmission protection. This involves a hacker tampering
with a transmission connection. It might involve tapping into a
network connection or total disconnection. Tapping can be
avoided by many methods, including using optical fibres which
are almost impossible to tap into (as it would typically involve
sawing through a cable with hundreds of fibre cables, which
would each have to be connected back as they were
connected initially). Underground cables can avoid total
disconnection, or its damage can be reduced by having
redundant paths (such as different connections to the
Internet).
14.2
Hacking methods
Hacking methods
IP spoofing. Involves a hacker stealing an authorised IP address, and using it. See Slide 4.
Packet-sniffing. Listens from TCP/IP. See Slide 5/6.
Password attack. Hacker runs programs which determine the password of a user. Once into
the system the hacker can then move onto other, more trusted, users.
Sequence number prediction attacks. In TCP communications an initial TCP sequence
number is used to start the communications (based on the sender’s clock). The hacker can
then predict the sequence numbers that would follow the initial connection.
Session hi-jacking attacks. Hacker taps into a conversation between two computers. A
remote trusted user could start the conversation, but the hacker could continue it.
Shared library attacks. See Slide 7.
Social Engineering attacks. Typically a hacker uses social methods to determine a user’s
password. See Slide 8.
Technological vulnerability attack. The hacker attacks a vulnerable part of the system,
such as rebooting the computer, spreading viruses, etc.
Trust-access attacks. Hacker adds their system to one of the trusted systems. The hacker
can then get full administrator privileges.
14.3
IP spoofing
Computer
allowed access
IP address: w.x.y.z
Network
gateway
Hacker steals the allowed IP
address and uses it
to get into the network
Disallowed access
IP address: w.x.y.z
14.4
Packet sniffing
Hacker
(opens all TCP/IP
packets addressed to
Client)
Communication
with a network
server
Client
Packet
sniffer
14.5
Packet sniffing with TELNET
‘TELNET sys.com’
‘Login:’
‘fred_b’
‘Password:’
‘’qwerty’
User logs into a
remote system, without
knowing the a hacker is
listening to all communications
Hacker listens to
the TELNET connection
and determines the
password as it is sent as
text
14.6
Shared library attack
Mr. Hacker
tampers with the local
or networked libraries
Dynamic libraries,
such as:
- WINSOCK.DLL (PC)
- USER32.DLL (PC)
Static libraries,
such as:
-WIN32API.LIB (PC)
- X11.lib (UNIX)
User accesses dynamic
libraries when running
an application program
User accesses static
libraries when compiling
an application program
Mr. Hacker possibly receive all communications
sent, or even sees a mirror of the users screen
14.7
Social Engineering attack
I’ll help you access your email.
What’s your email password?
Ooh. It’s not working. Ah.
There’s a cable disconnected
here. Wonder who did that?
What’s your login password?
I’m just testing something.
Email attacks
or verbal social attacks
Email Message
To: Fred
From: Sys [email protected]
Message:
For System Administrative purposes,
please send me your password.
14.8
Hacker problems
Modifying search paths. All systems set up a search
path in which the system looks into to find the required
executable. For example, in a UNIX system, a typical
search path is /bin, /usr/bin, and so on. A hacker can change
the search paths for a user and then replace standard
programs with ones that have been modified. For example,
the hacker could replace the email program for one that
sends emails directly to the hacker or any directory
listings could be sent to the hacker’s screen.
Modifying shared libraries.As discussed previously.
Running processor intensive task which slows the
system down; this task will be run in the background and
will generally not be seen by the user. The hacker can
further attack the system by adding the processor
intensive task to the system start-up file (such as the rc
file on a UNIX system).
Running network intensive tasks which will slow the
network down, and typically slow down all the connected
computers. As with the processor intensive task, the
networking intensive task can be added to the system
start-up file.
Infecting the system with a virus or worm.
14.9
Passwords
Use slightly unusual names, such as vinegarwine, dancertop or helpcuddle. Do not
use names of a wife, husband, child or pet. Many users, especially ones who know the
user, can easily guess the user’s password.
Use numbers after the name, such as vinedrink55 and applefox32. This makes the
password difficult to crack as users are normally only allowed a few chances to login
correctly before they are logged out (and a bad login event written to a bad login
file).
Have several passwords which are changed at regular intervals. This is especially
important for system managers. Every so often, these passwords should be changed
to new ones.
Make the password at least six characters long. This stops ‘hackers’ from
watching the movement of the user’s fingers when they login, or from running a
program which tries every permutation of characters. Every character added,
multiplies the number of combinations by a great factor (for example, if just the
characters from ‘a’ to ‘z’ and ‘0’ to ‘9’ are taken then every character added increases
the number of combinations by a factor of 36).
Change some letters for numbers, or special characters. Typically, ‘o’ becomes a
0 (zero), ‘i’ becomes 1 (one), ‘s’ becomes 5 (five), spaces become ‘$’, ‘b’ becomes ‘6’,
and so on. So a password of ‘silly password’ might become ‘5illy$pa55w0rd’ (the user
makes a rule for ‘s’ and ‘o’). The user must obviously remember the rule that has
been used for changing the letters to other characters. This method overcomes the
technique of hackers and hacker programs, where combinations of words from a
dictionary are hashed to try and make the hashed password.