Download to read offline
![2
Kinds of Threats
Kinds of threats:
Interception
an unauthorized party (human or not) gains access
to an asset
Interruption
an asset becomes lost, unavailable, or unusable
Modification
an unauthorized party changes the state of an
asset
Fabrication
an unauthorized party counterfeits an asset
[Pfleeger & Pfleeger]
Examples?](https://image.slidesharecdn.com/threats-250829132837-b1c54ffd/75/Threats-in-cyber-security-Local-shared-national-ppt-2-2048.jpg)
![3
Levels of Vulnerabilities / Threats
(reversed order to illustrate interdependencies)
D) for other assets (resources)
including. people using data, s/w, h/w
C) for data
„on top” of s/w, since used by s/w
B) for software
„on top” of h/w, since run on h/w
A) for hardware
[Pfleeger & Pfleeger]](https://image.slidesharecdn.com/threats-250829132837-b1c54ffd/75/Threats-in-cyber-security-Local-shared-national-ppt-3-2048.jpg)
![4
A) Hardware Level of Vulnerabilities /
Threats
Add / remove a h/w device
Ex: Snooping, wiretapping
Snoop = to look around a place secretly in order to discover things
about it or the people connected with it. [Cambridge Dictionary of
American English]
Ex: Modification, alteration of a system
...
Physical attacks on h/w => need physical security: locks and
guards
Accidental (dropped PC box) or voluntary (bombing a
computer room)
Theft / destruction
Damage the machine (spilled coffe, mice, real bugs)
Steal the machine
„Machinicide:” Axe / hammer the machine
...](https://image.slidesharecdn.com/threats-250829132837-b1c54ffd/75/Threats-in-cyber-security-Local-shared-national-ppt-4-2048.jpg)
![5
Example of Snooping:
Wardriving / Warwalking, Warchalking,
Wardriving/warwalking -- driving/walking
around with a wireless-enabled notebook
looking for unsecured wireless LANs
Warchalking -- using chalk markings to show
the presence and vulnerabilities of wireless
networks nearby
E.g., a circled "W” -- indicates a WLAN
protected by Wired Equivalent Privacy (WEP)
encryption
[Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]](https://image.slidesharecdn.com/threats-250829132837-b1c54ffd/75/Threats-in-cyber-security-Local-shared-national-ppt-5-2048.jpg)
![7
Types of Malicious Code
Bacterium - A specialized form of virus which does not attach to a specific file. Usage obscure.
Logic bomb - Malicious [program] logic that activates when specified conditions are met.
Usually intended to cause denial of service or otherwise damage system resources.
Trapdoor - A hidden computer flaw known to an intruder, or a hidden computer mechanism
(usually software) installed by an intruder, who can activate the trap door to gain access to the
computer without being blocked by security services or mechanisms.
Trojan horse - A computer program that appears to have a useful function, but also has a
hidden and potentially malicious function that evades security mechanisms, sometimes by
exploiting legitimate authorizations of a system entity that invokes the program.
Virus - A hidden, self-replicating section of computer software, usually malicious logic, that
propagates by infecting (i.e., inserting a copy of itself into and becoming part of) another
program. A virus cannot run by itself; it requires that its host program be run to make the virus
active.
Worm - A computer program that can run independently, can propagate a complete working
version of itself onto other hosts on a network, and may consume computer resources
destructively.
More types of malicious code exist… [cf. http://www.ietf.org/rfc/rfc2828.txt]](https://image.slidesharecdn.com/threats-250829132837-b1c54ffd/75/Threats-in-cyber-security-Local-shared-national-ppt-7-2048.jpg)
![9
Identity Theft
Cases in 2003:
Credit card skimmers plus drivers license, Florida
Faked social security and INS cards $150-$250
Used 24 aliases – used false id to secure credit cards,
open mail boxes and bank accounts, cash
fraudulently obtained federal income tax refund
checks, and launder the proceeds
Bank employee indicted for stealing depositors'
information to apply over the Internet for loans
$7M loss, Florida: Stole 12,000 cards from restaurants
via computer networks and social engineering
Federal Trade Commission:
http://www.consumer.gov/idtheft/
[Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]](https://image.slidesharecdn.com/threats-250829132837-b1c54ffd/75/Threats-in-cyber-security-Local-shared-national-ppt-9-2048.jpg)
![11
Ways of Attacking Data CIA
Examples of Attacks on Data Confidentiality
Tapping / snooping
Examples of Attacks on Data Integrity
Modification: salami attack -> little bits add up
E.g/ „shave off” the fractions of cents after interest calculations
Fabrication: replay data -> send the same thing again
E.g., a computer criminal replays a salary deposit to his account
Examples of Attacks on Data Availability
Delay vs. „full” DoS
Examples of Repudiation Attacks on Data:
Data origin repudiation: „I never sent it”
Repudiation = refusal to acknowledge or pay a debt or honor a
contract (especially by public authorities).
[http://www.onelook.com]
Data receipt repudiation: „I never got it”](https://image.slidesharecdn.com/threats-250829132837-b1c54ffd/75/Threats-in-cyber-security-Local-shared-national-ppt-11-2048.jpg)
More Related Content
Similar to Threats in cyber security Local, shared, national.ppt
Threats in cyber security Local, shared, national.ppt
- 1. 1 Threat Spectrum Localthreats Recreational hackers Institutional hackers Shared threats Organized crime Industrial espionage Terrorism National security threats National intelligence Info warriors
- 2. 2 Kinds of Threats Kinds of threats: Interception an unauthorized party (human or not) gains access to an asset Interruption an asset becomes lost, unavailable, or unusable Modification an unauthorized party changes the state of an asset Fabrication an unauthorized party counterfeits an asset [Pfleeger & Pfleeger] Examples?
- 3. 3 Levels of Vulnerabilities/ Threats (reversed order to illustrate interdependencies) D) for other assets (resources) including. people using data, s/w, h/w C) for data „on top” of s/w, since used by s/w B) for software „on top” of h/w, since run on h/w A) for hardware [Pfleeger & Pfleeger]
- 4. 4 A) Hardware Levelof Vulnerabilities / Threats Add / remove a h/w device Ex: Snooping, wiretapping Snoop = to look around a place secretly in order to discover things about it or the people connected with it. [Cambridge Dictionary of American English] Ex: Modification, alteration of a system ... Physical attacks on h/w => need physical security: locks and guards Accidental (dropped PC box) or voluntary (bombing a computer room) Theft / destruction Damage the machine (spilled coffe, mice, real bugs) Steal the machine „Machinicide:” Axe / hammer the machine ...
- 5. 5 Example of Snooping: Wardriving/ Warwalking, Warchalking, Wardriving/warwalking -- driving/walking around with a wireless-enabled notebook looking for unsecured wireless LANs Warchalking -- using chalk markings to show the presence and vulnerabilities of wireless networks nearby E.g., a circled "W” -- indicates a WLAN protected by Wired Equivalent Privacy (WEP) encryption [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
- 6. 6 B) Software Levelof Vulnerabilities / Threats Software Deletion Easy to delete needed software by mistake To prevent this: use configuration management software Software Modification Trojan Horses, , Viruses, Logic Bombs, Trapdoors, Information Leaks (via covert channels), ... Software Theft Unauthorized copying via P2P, etc.
- 7. 7 Types of MaliciousCode Bacterium - A specialized form of virus which does not attach to a specific file. Usage obscure. Logic bomb - Malicious [program] logic that activates when specified conditions are met. Usually intended to cause denial of service or otherwise damage system resources. Trapdoor - A hidden computer flaw known to an intruder, or a hidden computer mechanism (usually software) installed by an intruder, who can activate the trap door to gain access to the computer without being blocked by security services or mechanisms. Trojan horse - A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. Virus - A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting (i.e., inserting a copy of itself into and becoming part of) another program. A virus cannot run by itself; it requires that its host program be run to make the virus active. Worm - A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. More types of malicious code exist… [cf. http://www.ietf.org/rfc/rfc2828.txt]
- 8. 8 C) Data Levelof Vulnerabilities / Threats How valuable is your data? Credit card info vs. your home phone number Source code Visible data vs. context „2345” -> Phone extension or a part of SSN? Adequate protection Cryptography Good if intractable for a long time Threat of Identity Theft Cf. Federal Trade Commission: http://www.consumer.gov/idtheft/
- 9. 9 Identity Theft Casesin 2003: Credit card skimmers plus drivers license, Florida Faked social security and INS cards $150-$250 Used 24 aliases – used false id to secure credit cards, open mail boxes and bank accounts, cash fraudulently obtained federal income tax refund checks, and launder the proceeds Bank employee indicted for stealing depositors' information to apply over the Internet for loans $7M loss, Florida: Stole 12,000 cards from restaurants via computer networks and social engineering Federal Trade Commission: http://www.consumer.gov/idtheft/ [Barbara Edicott-Popovsky and Deborah Frincke, CSSE592/492, U. Washington]
- 10. 10 Types of Attackson Data CIA Disclosure Attack on data confidentiality Unauthorized modification / deception E.g., providing wrong data (attack on data integrity) Disruption DoS (attack on data availability) Usurpation Unauthorized use of services (attack on data confidentiality, integrity or availability)
- 11. 11 Ways of AttackingData CIA Examples of Attacks on Data Confidentiality Tapping / snooping Examples of Attacks on Data Integrity Modification: salami attack -> little bits add up E.g/ „shave off” the fractions of cents after interest calculations Fabrication: replay data -> send the same thing again E.g., a computer criminal replays a salary deposit to his account Examples of Attacks on Data Availability Delay vs. „full” DoS Examples of Repudiation Attacks on Data: Data origin repudiation: „I never sent it” Repudiation = refusal to acknowledge or pay a debt or honor a contract (especially by public authorities). [http://www.onelook.com] Data receipt repudiation: „I never got it”
- 12. 12 D) Vulnerab./Threats atOther Exposure Points Network vulnerabilities / threats Networks multiply vulnerabilties and threats, due to: their complexity => easier to make design/implem./usage mistakes „bringing close” physically distant attackers Esp. wireless (sub)networks Access vulnerabilities / threats Stealing cycles, bandwidth Malicious physical access Denial of access to legitimate users People vulnerabilities / threats Crucial weak points in security too often, the weakest links in a security chain Honest insiders subjected to skillful social engineering Disgruntled employees
- 13. 13 5. Attackers Attackersneed MOM Method Skill, knowledge, tools, etc. with which to pull off an attack Opportunity Time and access to accomplish an attack Motive Reason to perform an attack
Editor's Notes
- #7 FIRST, you must begin to think of malicious logic as more than just a virus. Some of this malicious code act as delivery agents. Others act as triggers. Regardless of their method of use, operational capability or intent - - All malicious code can be evaluated in the context of three principles: Understanding these principle allows for successful countermeasures which we will touch on later for each type of code. - Delivery Method or System Access - Trigger or Initiation Mechanism - Payload or effect on system