Security Attack Refers to a Process Whereby a Person Compromise Your Computer by Installing Harmful Malicious Software in Your Computer Without Your Knowledge

March 22, 2018 | Author: Janaka Vidurinda | Category: Denial Of Service Attack, Key (Cryptography), Public Key Cryptography, Encryption, Malware


Comments



Description

Security attack refers to a process whereby a person compromise your computer by installing harmful malicious software in your computerwithout your knowledge. These malicious software includes viruses, spywares, adwares, and trojan horses. These software often deletes certain vital files on your computer, making your computer to function abnormally, spying on your online surfing habits, and cause advertisements to pop up on your screen when you are online. Web definitions o (security mechanisms) Elements of software, firmware, hardware, or procedures included in a system used to satisfy the security requirements for that system. o A technical tool or technique that is used to implement a security service. A mechanism might operate by itself, or in conjunction with others, to provide a particular service. Examples of security mechanisms include access control lists, cryptography, and digital signatures. Example for active and passive attack Internet security threats/vulnerabilities are divided into passive and active attacks. Examples of passive attacks are: network analysis, eavesdropping and traffic analysis. Active attacks include: brute-force attack, masquerading, packet replay, message modification, unauthorized access through the Internet or web-based services, denial of service, dial-in penetration attacks, e-mail bombing and spamming, and e-mail spoofing. Well I wrote the article about viruses and said that I will write this article about the types of attacks and how to protect yourself against these attacks. There are alot of different attacks but I'm going to cover only these:           Eavesdropping Snooping Interception Modification Attacks Repudiation Attacks Denial-of-service (DoS) Attacks Distributed denial-of-service (DDoS) Attacks Back door Attacks Spoofing Attacks Man-in-the-Middle Attacks or even your file cabinets.This is similar to a DoS attack. The ping of death operates by sending Internet control message protocol (ICMP) packets that are lrger than the system can handle. Two of the most common are the ping of death and the buffer overflow attack. a coworker may overhear your dinner plans because your speaker phone is set too loud. These attacks exploit the inherent weaknesses of dedicated networks such as DSL and Cable. systems. This type of attack amplifies the concepts of DoS attacks by using multiple computer systems to conduct the attack against a single organization. Denial-of-service Attacks .  Replay Attacks Password Guessing Attacks Eavesdropping . It also includes attackers listening in on your network traffic.This is when someone looks through your files in the hopes of finding something interesting whether it is electronic or on paper. In a networked environment.This involves the deletion. applications. For example. The attack . Microsoft. alter credit card records. they can look under your keyboard for post-It-notes. These permanently attached systems have little. The last thing a person on an intercept mission wants is to be discovered. In the case of physical snooping people might inspect your dumpster. These attacks can deny access to information. Its generally a passive attack. These attacks can be very hard to detect. Several types of attacks can occur in this category. recycling bins.This can be either an active or passive process. Snooping . Distributed Denial-of-service Attacks . someone might access your email server and inflammatory information to others under the guise of one of your top managers. A common DoS attack is to open as many TCP sessions as possible.They prevent access to resources by users by users authorized to use those resources. DoS attacks are common on the internet. sPing is an example of ping of death. or communications. The opportunity to overhear a conversation is coupled with the carelessness of the parties in the conversation. or look for scraps of paper tracked to your bulletin board. involves someone searching through your electronic files trying to find something interesting. An attacker may try to bring down an e-commerce website to prevent or deny usage by legitimate customers. change grades in a class. From the perspective of interception. The motivation of this type of attack may be to plant information. This type of attack is fairly easy to accomplish because most email systems don't check outbound email for validity. or alteration of information in an unauthorized manner that is intended to appear genuine to the user. slapper and slammer are attacks that took advantage of buffer overflows. for example. The attacker can load an attack program onto dozens or even hundreds of computer systems that use DSL or Cable modems. These these attacks are often widely publicized in the media. Active interception might include putting a computer system between sender and receiver to capture information as it is sent. Website defacements are a common form of modification attacks. or something similar.This is the process of listening in or overhearing parts of a conversation. and AT&T. Modification Attacks . this process is covert. A DoS attack on a system crashes the operation system (a simple reboot may restore the server to normal operation). protection. Repudiation Attacks . Interception . Intercept missions can occur for years without the knowledge of the intercept parties. if any.This makes data or information to appear to be invalid or misleading (Which can even be worse). a passive interception might involve someone who routinely monitors network traffic. This type of attack is called TCP SYN flood DoS attack. where they have hit large companies such as Amazon. This information might prove embarrassing to your company and possibly do irreparable harm. insertion. Computer snooping on the other hand. Repudiation attacks like modification attacks usually begin as access attacks. Code red. Buffer overflow attacks attempt to put more data into the buffer than it can handle. This can be fairly sophisticated. Replay Attacks . Man-in-the-Middle Attacks . logon and password information is sent over the network between the client and the authentication system.program lies dormant on these computers until they get attack signal from the master computer. Spoofing Attacks . anti-virus software. The program may allow a certain user to log in without a password or gain administrative privileges. The most popular spoofing attacks today are IP spoofing and DNS spoofing.These are becoming quite common. and a good Intrusion Detection System (IDS). The server responds back to the software. Back Orifice (Which has been updated to work with windows server 2003 as well as erlier versions). and NetDevil. and circumvent any time sensitivity. Replay attacks are used for access or modification attacks. In a distributed environment.This is an attempt by someone or something to masquerade as someone else. This involves placing a piece of software between a server and the user that neither the server administrators nor the user are aware of. This software intercepts data and then send the information to the server as if nothing is wrong. The goal of IP spoofing is to make the data look like it came from a trusted host when it really didn't. The attacker can capture this information and replay it later. I will write another article in which I will cover only TCP and UDP attacks such as:    Sniffing Port Scanning TCP Syn or TCP ACk Attack . the original term back door referred to troubleshooting and developer hooks into systems. The DNS server is given information about a name server that it thinks is legitimate when it isn't. This can also occur security certificates from systems such as kerberos: The attacker resubmits the certificate. and several tools exist in the public domain to execute them. but it can be used as the starting point of a modification attack. .This can have two different meanings. The second type of back door refers to gaining access to a network and inserting a program or utility that creates an entrance for an attacker. There are many more.Dictionary attack: This uses a dictionary of common words to attempt to find the users password. These back doors allow them to examine operations inside the code while the program is running. This occur when information is captured over a network. This occurs over a long period. thinking it's communicating with the legitimate client. During the development of a complicated operating system or application. there you have it. Back door Attacks . most anti-virus software will recognize these attacks. be complex and have password lockout policies. This type of attack is also an access attack.This occur when an account is attacked repeatedly. Password Guessing Attacks . they should be longer than two or three characters (Six should be the bare minimum). Fortunately. This can send users to a website other than the one they wanted to go to. To make passwords more difficult to guess. These attacks are initially carried out to gain passwords for an access or modification attack. that will prevent ICMP flooding. This type of attack is usually considered as an access attack. This signal triggers these systems which launch an attack simultaneously on the target network or system. A number of tools exist to create a back door attack such as. Subseven. programmers add back doors or maintenance hooks. Tell your firewall to drop ICMP packets. Dictionary attacks can be automated. The attacking software continues sending information to the server and so forth.Brute-force attack: Attempt to guess a password until a successful guess occurs. Well. This is accomplished by sending possible passwords to an account in a systematic manner. With DNS spoofing. the only way basically to prevent these types of attacks is to get a good firewall. There are two types of password guessing attacks: . hoping to be validated by the authentication system.NetBus. applications used and general online activity. That is just what the Intruder spyware does. Attackers are able to access lists of 'zombie' PC's and activate them to help execute DoS (denial-ofservice) attacks against Web sites. There are literally tens of thousands of computers on the Internet which are infected with some type of 'bot' and don't even realize it. An application filter can be used to block Intruder's communication and render it inoperative. Should anyone trace the attack back to its source. Once it has gathered enough data. Its main function is to log keystrokes made on infected computers. the info (which often includes passwords and usernames) gets sent to the author's remote servers for further review. What is Intruder? Process Name: Intruder Process Owner: Unknown Description: Intruder refers to a keylogger spyware program. Experiencing Intruder related errors? Run a WINDOWS REGISTRY SCAN NOW to find out what´s wrong. Improve PC protection to keep Intruder at a safe distance. they will find an unwitting victim rather than the true attacker.     TCP Sequence number attack TCP Hijacking ICMP Attacks Smurf Attacks ICMP Tunelling Malware Malware. sites visited. The Intruder spyware is also capable of monitoring online chats. Computers that are infected with a 'bot' are generally referred to as 'zombies'. Intruder finds protected systems tough to attack and often fail to install. short for malicious software. is software designed to secretly access a computer system without the owner's informed consent What Is a Bot (or Zombie)? A 'bot' is a type of malware which allows an attacker to gain complete control over the affected computer. Malicious Software Indicator: Spyware?: Yes Virus?: No Trojan?: No . This program should be disabled and deleted upon discovery to ensure PC stability and security. host phishing attack Web sites or send out thousands of spam email messages. Recommendation: Nobody wants their every move watched. what protocols are used. what ports and devices generally connect to each other. and local packets that escaped can create a significantly high false-alarm rate. such as identifying problems with security [1] policies.and alert the administrator or user when traffic is detected which is anomalous(not normal). IDPSes [1] have become a necessary addition to the security infrastructure of nearly every organization. organizations use IDPSes for other purposes. [edit]Limitations  [2] Noise can severely limit an Intrusion detection system's effectiveness. Outdated signature databases can leave the IDS vulnerable to new strategies. Some systems may attempt to stop an intrusion attempt but this is neither required nor [1] expected of a monitoring system. [edit]Signature-based [2] IDS Signature based IDS monitors packets in the Network and compares with pre-configured and predetermined attack patterns known as signatures. Real attacks are often so far below the false-alarm rate that they are often missed and ignored.Why your PC may be at risk with Intruder: Is It a System Process?: No Does It Use the Network?: Yes Is It Hardware Related?: No Does It Eat Up Valuable PC Memory?: N/A An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a Management [1] Station. Bad packets generated from software bugs. [3]  It is not uncommon for the number of real attacks to be far below the false-alarm rate. and reporting attempts. A constantly changing library of signatures is needed to mitigate threats. [3] . In addition. Statistical anomaly-based IDS A statistical anomaly-based IDS determines normal network activity like what sort of bandwidth is generally used. The issue is that there will be lag between the new threat discovered and Signature being applied in IDS for detecting the threat. Intrusion detection and prevention systems (IDPS) are primarily [1] focused on identifying possible incidents. and deterring individuals from violating security policies. During this lag time your IDS will be unable to identify the threat. documenting existing threats. corrupt DNS data. [3]  Many attacks are geared for specific versions of software that are usually outdated. logging information about them. Hashing Algorithm The key in public-key encryption is based on a hash value. You have already told a trusted friend that the code is "Shift by 2". The same goes for computers.634.000. Symmetric-key encryption is essentially the same as a secret code that each of the two computers must know in order to decode the information. A 128-bit number has a possible 2 . then it would be very easy to calculate the value 10. Here's a simple example: Input number 10. of course.000).633.667 and 143.667.000.000. The DES uses a 56-bit key.402. can have more than 300. Symmetric-key requires that you know which computers will be talking to each other so you can install the key on each one.000. but that's the basic idea. Symmetric Key Just like two Spartan generals sending messages to each other.300. The important thing about a hash value is that it is nearly impossible to derive the original input number without knowing the data used to create the hash value. approved for use in the 1970s. Caesar's Cipher Julius Caesar also used a similar substitution technique.000.525.000. but. Most people believe that AES will be a sufficient encryption standard for a long time coming: A 128-bit key.746. Because computers have become increasingly faster since the '70s. DES has since been replaced by the Advanced Encryption Standard (AES).384. each computer has a secret key (code) that it can use to encrypt a packet of information before it is sent over the network to another computer.000.although a 56-bit key offers more than 70 quadrillion possible combinations (70. the hash value is a summary of the original value. So "A" becomes "C.000. the keys are usually much longer.669.000. Essentially.000. the text is also broken up into even groups in order to make the size of each word less obvious.000.000.000. for instance.or 256-bit keys. computers using symmetric-key encryption to send information between each other must have the same key.000. The code provides the key to decoding the message. 192. Your friend gets the message and decodes it. shifting three letters up.823.000.074. he'd write down "FURVV LQJWK HUXEL FRQ" instead. Think of it like this: You create a coded message to send to a friend in which each letter is substituted with the letter that is two down from it in the alphabet.000.381 came from the multiplication of 10. In symmetric-key encryption." and "B" becomes "D".000. This is a value that is computed from a base input number using a hashing algorithm. If he wanted to say "CROSSING THE RUBICON. an attack of brute force (simply trying every possible combination in order to find the right key) could easily decipher encrypted data in a short while.667 Hashing algorithm Input # x 143 Hash value 1. including 40-bit or even 128128 bit numbers. Anyone else who sees the message will see only nonsense. security experts no longer consider DES secure -.000. But if you knew that the multiplier was 143.000 different combinations -.000.525. . which uses 128-.209." for instance. The first major symmetric algorithm developed for computers in the United States was the Data Encryption Standard (DES).000.this would be like trying to find one particular grain of sand in the Sahara Desert. Public keys generally use complex algorithms and very large hash values for encrypting.000. As you can see.000.000.381 You can see how hard it would be to determine that the value 1. or 3.000.000 key combinations [source: CES Communications]. Public-key encryption is actually much more complex than this example.000. anyone who picks it up can't read it without the private key. which allows you to encrypt almost anything. To implement public-key encryption on a large scale. The sending computer encrypts the document with a symmetric key. . an attacker can easily pluck the necessary data from the stream. a paper published in the journal IEEE Transactions on Information Theory. The receiving computer uses its private key to decode the symmetric key. 11 and so on) of long length. It confirms that each computer is in fact who it says it is. and then provides the public keys of each computer to the other. 7. One very popular public-key encryption program is Pretty Good Privacy (PGP). This makes the system extremely secure. provided by the originating computer. 5. Although a message sent from one computer to another won't be secure since the public key used for encryption is published and available to anyone. This is where digital certificates come in. Also known as asymmetric-key encryption. To decode an encrypted message. public-key encryption uses two different keys at once -. It then uses the symmetric key to decode the document. such as 2." addressed this problem and offered up a solution: public-key encryption. and its own private key. otherwise.Public Key Encryption One of the weaknesses some point out about symmetric key encryption is that two users attempting to communicate with each other need a secure way to do so. then encrypts the symmetric key with the public key of the receiving computer. A digital certificate is basically a unique piece of code or a large number that says that the Web server is trusted by an independent source known as a certificate authority. such as a secure Web server might need. In November 1976. meaning there are nearly infinite possibilities for keys. titled "New Directions in Cryptography.a combination of a private key and a public key. The certificate authority acts as a middleman that both computers trust. requires a different approach. because there is essentially an infinite number of prime numbers available. 3. The private key is known only to your computer. a computer must use the public key. The key pair is based on prime numbers (numbers that only have divisors of itself and one. while the public key is given by your computer to any computer that wants to communicate securely with it.
Copyright © 2024 DOKUMEN.SITE Inc.