Warning:
JavaScript is turned OFF. None of the links on this page will work until it is reactivated.
If you need help turning JavaScript On, click here.
This Concept Map, created with IHMC CmapTools, has information related to: Chapter 7, can be detected two ways: (1) host-based (2) network-based. Software commands exist (cpm or check promiscuous mode in UNIX) that can run on individual host machines to tell if NIC is running in promiscuous mode. Network-based solutions check for presence of running processes and log files, both of which sniffer programs consume a lot of. Sophisticated intruders hide their tracks by disguising the process and/or cleaning up the log files. Best countermeasure against sniffing is end-to-end, or user-to-user encryption. Network administrators can help by closing SNMP (Simple Network Management Protocol) or community options. to detect Hijacking a technique that takes advantage of a weakness (trust relationships) in the TCP/IP protocol stack, and the way headers are constructed. Hijacking involves use of tools that subvert the stack's header information. Someone might want to do this in order to spoof a fake message or send a payload inside the header field to the wrong port., Network Security Protecting network & telecommunications equipment, protecting network servers and transmissions, combatting eavesdropping, controlling access from untrusted networks, firewalls, and detecting intrusions System Security User access and authentication controls, assignment of privilege, maintaining file and filesystem integrity, backups, monitoring processes, log-keeping, and auditing ???? Classes of Attackes, Cryptography is the art of encoding information in a format that only the intended recipients can access. Cryptography can also be employed to provide a proof of the authenticity of information, in a manner analogous to the use of the signatures in conventional transactions. also Cryptography is the study of mathematical techniques related to aspects of information security Cryptographic goals Confidentiality – prevent eavesdropping Data integrity – prevent change in data Authentication – prevent substituting document Non-repudiation – guarantee signature, Classes of Attackes involves Leakage Tampering Vandalism Eavesdropping Masquerading Message tampering Replaying Denial of service, Network Security Protecting network & telecommunications equipment, protecting network servers and transmissions, combatting eavesdropping, controlling access from untrusted networks, firewalls, and detecting intrusions System Security User access and authentication controls, assignment of privilege, maintaining file and filesystem integrity, backups, monitoring processes, log-keeping, and auditing ???? Network Security is different from system security since the attacker is mainly interested in sniffing, snooping, sweeping, or just plain looking around in order to gain information about a computing infrastructure., Leakage Tampering Vandalism Eavesdropping Masquerading Message tampering Replaying Denial of service meaning -Leakage-Acquisition of information by unathorized recipients -Tampering-Unauthorized alteration of information -Vandalism-Interference with proper operation of system w/o gain for the perpetrator -Eavesdropping-Obtaining copies of messages without authority -Masquerading-Sending or receiving messages using identity of another w/o their authority -Message tampering-Intercepting messages and altering their contents before passing them on to the intended recipient -Replaying-Storing intercepted messages and sending them at a later date Encryption cannot defend against this -Denial of service-Flooding a channel or other resource with messages in order to deny access for others., Types of Threats sniffing; hijacking; back doors; trojans; and social engineering. standard spyware techniques. Denial of Service contains Sniffing- is the interception of data packets traversing a network. -sniffer program works at Ethernet layer in combination with network interface cards (NIC) captures all traffic traveling to & from an Internet host site. -If any Ethernet NIC cards are in promiscuous mode (easily done remotely via a sniffer program), the sniffer program will pick up any and all communication packets floating by anywhere near the Internet host site. -A sniffer placed on any backbone device, inter-network link, or network aggregation point will be able to monitor a whole lot of traffic. , can be detected two ways: (1) host-based (2) network-based. Software commands exist (cpm or check promiscuous mode in UNIX) that can run on individual host machines to tell if NIC is running in promiscuous mode. Network-based solutions check for presence of running processes and log files, both of which sniffer programs consume a lot of. Sophisticated intruders hide their tracks by disguising the process and/or cleaning up the log files. Best countermeasure against sniffing is end-to-end, or user-to-user encryption. Network administrators can help by closing SNMP (Simple Network Management Protocol) or community options. to detect Sniffing- is the interception of data packets traversing a network. -sniffer program works at Ethernet layer in combination with network interface cards (NIC) captures all traffic traveling to & from an Internet host site. -If any Ethernet NIC cards are in promiscuous mode (easily done remotely via a sniffer program), the sniffer program will pick up any and all communication packets floating by anywhere near the Internet host site. -A sniffer placed on any backbone device, inter-network link, or network aggregation point will be able to monitor a whole lot of traffic. , Sniffing- is the interception of data packets traversing a network. -sniffer program works at Ethernet layer in combination with network interface cards (NIC) captures all traffic traveling to & from an Internet host site. -If any Ethernet NIC cards are in promiscuous mode (easily done remotely via a sniffer program), the sniffer program will pick up any and all communication packets floating by anywhere near the Internet host site. -A sniffer placed on any backbone device, inter-network link, or network aggregation point will be able to monitor a whole lot of traffic. and 5 layer model of TCP/IP Header added at each Layer, credentials: are a set of evidence provided by a principal when requesting access to a resource -delegation- a useful form of credential is one that entitles a principal, or a process acting for a principal, to perform an action with the authority of another principal ???? Firewalls: protect intranets, performing filtering actions on incoming and outgoing communications., Cryptography is the art of encoding information in a format that only the intended recipients can access. Cryptography can also be employed to provide a proof of the authenticity of information, in a manner analogous to the use of the signatures in conventional transactions. also access control: -protection domains- is an execution environment shared by a collection of processes, capabilities are held by each process according to the domain in which it is located, access control lists is stored with each resource contains access for each domain, -implementation-digital signatures, credentials and public key certs provide crytographic basis for secure access control, The only protection is early use of a cryptographic checksum (or binary file digital signature) procedure. definition Cryptography is the art of encoding information in a format that only the intended recipients can access. Cryptography can also be employed to provide a proof of the authenticity of information, in a manner analogous to the use of the signatures in conventional transactions., Trojans programs that look like ordinary software, but actually perform unintended or malicious actions behind the scenes when launched. Most remote control spyware programs are of this type, as are various login programs that look just like a user's regular login screen. Protection against The only protection is early use of a cryptographic checksum (or binary file digital signature) procedure. , Cryptography is the art of encoding information in a format that only the intended recipients can access. Cryptography can also be employed to provide a proof of the authenticity of information, in a manner analogous to the use of the signatures in conventional transactions. also uses of cryptography: -secrecy and integrity- -authentication- using checksum, key exchanges are vunerable to man in the middle attacks -digital signatures- are based on an irreversible binding to the message or doc of a secret known only to the signer, digest is a fixed length value computed by applying a secure digest function, which is similar to a checksum, Trojans programs that look like ordinary software, but actually perform unintended or malicious actions behind the scenes when launched. Most remote control spyware programs are of this type, as are various login programs that look just like a user's regular login screen. and Backdoors accounts left by manufacturers and vendors on devices that allow them to bypass a locked-out or clueless system administrator in case of emergency. Every network device comes shipped with more than one default username and password, and these built-in accounts offer administrative privileges to anyone who finds them. Examples of generic usernames & passwords are: manager, security, admin, debug, monitor, and guest. Router configuration files are usually located on UDP port 69 and easily downloaded via Trivial File Transfer Protocol (TFTP).