Attack

1
Attack

• Data Network Security Chapter 2

2
Learning Objective

• By the end of this sessions, students should be
  able to-
• Understand the meaning of vulnerabilities,
  threats and attack
• Understand method used in attack
• Identify and defines general types of computer
  attack

3
Topics

• Vulnerabilities, Threats, Attack, and Controls
• Method, Opportunity, and Motive
• Computer Criminals
• Types of Attacks

4
Why Attack?

• Test the computer systems how the systems could
  malfunction.
• Improve the design can withstand any problem had
  been identified.
• Analyze the systems from a security perspective
  detect and diminish

5
Vulnerabilities, Threats, Attack, and Controls
6
Vulnerabilities

• A weakness in the computer/security systems in
  procedure, design, implementation
• Which allow an attacker to violate the integrity
  of the systems
• Example inadequate password management, easy
  access to a facility, weak cryptography, computer
  virus, or code injection(stack overflow, sql
  injection, etc), a software flaw, an open port

7
Threats

• Danger of an attack to computer systems
• Set of situation/condition that has a potential
  to cause loss or harm
• Examples Human error, hardware design flaws,
  software failures,
• Even natural disaster also can be consider as a
  threats.

8
Threats vs Vulnerabilities
VULNERABILITIES
THREATS IS UNREALIZED
THREATS
9
Attack

• Set of action which exploit the vulnerabilities
  to penetrate the systems.
• Can be launched by another system sends an
  overwhelming messages, virtually shutting down
  the other system.
• Denial-of-service flood server with more
  messages than they can handle

10
Control

• An action, device, procedure, or technique that
  removes or reduces a vulnerability.
• Control is concerned with modifying parameters in
  and causing actions to be taken
• by the end systems, intermediate systems, and
  sub-networks that make up the network to be
  managed
• Issues in network control
• what to control?
• define what is to be controlled
• how to control?
• how to cause actions to be performed

11
Control
CONTROL THE VULNERABILITY
VULNERABILITIES
THREATS

• A threat is blocked by control of a
  vulnerabilities

12
Control

• To control we must know about the Security
  Threats
• Four kinds of Security Threats
• Interception
• Interruption
• Modification
• Fabrication

13
Security Threats
14
Security Threats

• Interruption
• destroyed or becomes unavailable or unusable
• threat to availability
• Interception
• an unauthorized party gains access
• threat to confidentiality
• Modification
• an unauthorized party makes modification
• threat to integrity
• Fabrication
• an unauthorized party inserts false information
• Masquerade
• an entity pretends to be a different entity

14
15
Types of Security Threats
15
16
Security Threats and Network Assets
16
17
Method, Opportunity and Motive
18
Method, Opportunity and Motive

• Method the skill, knowledge, tools, and other
  things which to be able to pull off the attack
• Opportunity the time and access to accomplish
  the attack
• Motive a reason to want to perform this attack
  against this system
• Deny any of these MOM, attack will not occur not
  an easy job!!

19
MOM

• Knowledge os a systems usually is widely
  available.
• Especially on the system with detailed
  specification published.
• Even not attacker can purchase and experiment
  with it.
• Opportunity is there!!, only time and inclination
  limit the attacker

20
MOM ...

• It is difficult to determine motive for an
  attack.
• Some time an attacker may just focus on an
  attractive target law enforcement
• Or because they are easy to attack University

21
Computer Criminals
22
Computer Criminal

• Bad Guy! Shabby clothes? looked mean? sinister?
• But wear business suits, have university degree,
  appear to be pillars of their communities.
• Commit any crime involving a computer or aided by
  the use of one
• Category into amateurs, cracker or maliciuos
  hackers, career criminals, terrorist.