Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 9: Intruders and Viruses - Coggle Diagram
Chapter 9: Intruders and Viruses
Intruders
classes of intruders
Masquerader
An individual who is not authoris
ed to use the computer (outsider)
M
Misfeasor
A legitimate user who accesses unauthorized data, programs, or resources (insider)
M
Clandestine user
An individual who seizes supervisory control of the system and uses this control to evade and access controls or to suppress audit collection (either)
C
via
network
local
Intrusion Techniques
aim
to increase privileges on system
basic attack terminology
target acquisition and information gathering
initial access
privilege escalation
4.covering tracks
key goal
acquire password
password file
can be protected with
one-way encryption
Access control
techniques for guessing passwords
try default passwords
try all short passwords
try all the word in an electronic dictionary
try use phone numbers, social security number, street number
Password capture
watching over shoulder as password is entered
using a trojan horse program to collect
monitoring an insecure network login
telnet, FTP, web, email
extracting recorded info after successful login
Password selecting strategies
User education
Computer-generated passwords
Reactive password checking
Proactive password checking
Password Management
users supply
login - determines privileges of that user
password - to identify them
password often stored encrypted
Unix uses multiple DES (variant with salt)
more recent systems use crypto hash function
is a front-line defence against intruders
Managing Passwords
need policies and good user education
ensure every account has a default password
ensure user change the default passwords to something they can remember
protect password file from general access
set technical policies to enforce good passwords
minimum length (>6)
req a mix of upper & lower case letters, numbers, punctuation
block know dictionary words
stages of a Network Intrusion
Scan the network
Run "exploit" scripts against open ports
Get access to shell program which is "suid" (has "root" privileges.)
Download from Hacker Web
site special version of systems files that will let Cracker have free access in the future without his CPU time or disk storage space being noticed by auditing programs
Use IRC (Internet Relay Chat) to invite friends to the feast.
Intrusion Detection
detect intusion to
block if detected quickly
act as deterrant
collect info to improve security
type
statistical anomly detection
threshold
count occurences of specifc event over time
if exceed reasonable value assume intrusion
alone is a crude & ineffective detector
profile based
characterize past behavior of users
detect significant deviations from this
profile usually multi-parameter
rule-based detection
anomaly
penetration identification