Denial of Service Attacks (Cont..

)
DDoS - A typical DDoS attack proceeds as follows:
 Compromise as many networked computers as possible
 Install special software in the compromised computers to carry
out a DoS attack at a certain time later
 Issue an attack command to every zombie computer to launch a
DoS attack on the same target at the same time
 Spam Mail
 Spam mails are uninvited email messages, which may be commercial
messages or phishing messages

 While not intended to bring the user’s computer out of service, spam mails
do consume computing resources

 Spamming also occurs in Web search engines, Instant Messaging, blogs, cell
phone messaging, and other network applications

Defense method – spam fillers are software solutions to detect and block spam
mails from reaching the user’s mailbox
 Malicious Software
 Software intended to harm computers is malicious software. Malicious
software is also referred to as malware
Virus
Worms [Standalone]
Trojan horses
Logic bombs
Backdoors
Spyware [Browser Hijacking]
 Malicious Software (Cont..)
Viruses and Worms
• A computer virus is a piece of software that can reproduce itself. A virus
is not a standalone program.
• It must attach itself to another program or another file. A program or
file that contains a virus is called an infected host
• A computer worm is also a piece of software that can reproduce itself.
Unlike a virus, a worm is a standalone program.
Defense method
 Do not download software from distrusted Web sites or other sources

 Do not open any executable file given to you by someone you do not know

 Make sure software patches are installed and up to date

 Malicious Software (Cont..)

Trojan Horse
 Trojan horses are software programs that appear to do one thing, but
secretly also perform other tasks
 Trojan horses often disguise themselves as desirable and harmless software
applications to lure (Layman) people to download them

Defense method – The same measures of combating viruses and worms can
also be used to combat Trojan horses. Virus scans can also detect, quarantine,
and delete Trojan horses
 Malicious Software (Cont..)
Logic Bombs
 Logic bombs are subroutines or instructions embedded in a program.
Their execution are triggered by conditional statements

Defense method
 Employers should take care of their employees, so that none would be
tempted to place a logic bomb
 Project managers should hire an outside company or form a special team of
reviewers from a different group of people other than the developer to review
the source code
 Relevant laws should be established so that employees who planted logic
bombs will face criminal charges
 Malicious Software (Cont..)
Backdoors
 Backdoors are secret entrance points to a program
 They may be inserted by software developers to provide a short cut to
enter a password-protected program when attempting to modify or debug
code

Defense method
check source code by an independent team
 Malicious Software (Cont..)
Spyware
 Spyware is a type of software that installs itself on the user’s computer
 Spyware is often used to monitor what users do and to harass them with
popup commercial messages

 Browser Hijacking - is a technique that changes the settings of the user’s

browsers

 Zombieware - software that takes over the user’s computer and turns it into
a zombie for launching DDoS attacks or into a relay which carries out
harmful activities such as sending spam email or spreading viruses.
 Malicious Software (Cont..)
Spyware (Cont..)
 Spyware can also do a list of other things, including
 Monitoring – monitor and report to a web server or to the attacker’s machine a user’s
surfing habits and patterns.
 Password sniffing – sniff user passwords by logging users’ keystrokes using a
keystroke logger
 Adware – software that automatically displays advertising materials on the user’s
computer screen.

Defense method – use anti-spyware software to detect and block spyware

e.g. “Pop-up Blocker” in our browsers.
 Attacker Profiles
Hackers
 Computer hackers are people with special knowledge of computer systems.
 They are interested in subtle details of software, algorithms, and system
configurations
 Black-Hat Hackers – hack computing systems for their own benefit

 White-Hat Hackers – hack computing systems for the purpose of

searching for security loopholes and developing solutions

 Grey-Hat Hackers – wear a white hat most of the time, but may also

wear a black hat occasionally

 When discovering security vulnerabilities in a software product, white-hat
hackers and grey-hat hackers would often work directly with the vendors of
products to help fix the problems
 Attacker Profiles (Cont..)

Script Kiddies

 Script kiddies are people who use scripts and programs developed by
black-hat hackers to attack other people’s computers

 Even though they do not know how to write hacking tools or understand
how an existing hacking tool works, script kiddies could inflict a lot of damage
 Attacker Profiles (Cont..)

Cyber Spies
 Collecting intelligence through intercepted network communications is the
job of cyber spies
 Countries have intelligence agencies
 Military organizations have intelligence units (WWII example)
 National Security Agency (NSA)

 Central Intelligence Agency (CIA)

 They intercept network communications and decipher encrypted messages

 Basic Security Model
 The basic security model consists of four components:
 Cryptosystems

 Firewalls

 Anti-malicious-software systems (AMS software)

 Intrusion detection system (IDS)

 Basic Security Model (Cont..)
Cryptosystems
 Basic Security Model (Cont..)
Cryptanalysis
 Find useful information from ciphertext data
 e.g. analyzing statistical structure

Defense method
 Use longer keys and stronger encryption algorithm
 Example Security Resources
 CERT
 www.cert.org
 SANS Institute
 www.scans.org
 Microsoft Security
 www.microsoft.com/security/default.mspx
 NTBugtraq
 www.ntbugtraq.com