Security Chapter 9 Updated January 2009 boXU Zhengchuan Fudan University
Chapter 9 Updated January 2009 XU Zhengchuan Fudan University Security
The Threat Environment
The Threat Environment
Figure 9-1: CSI/FBI Survey Companies face many Attacks There are many Viruses(and other malware) types of attacks Insider abuse of net access In Order of Laptop theft Decreasing Frequency Unauthorized access by insiders Denial-of-service attacks System penetration Sabotage Theft of proprietary information Fraud Telecoms eavesdropping and active wiretaps
3 Figure 9-1: CSI/FBI Survey • Companies Face Many Attacks – Viruses (and other malware) – Insider abuse of net access – Laptop theft – Unauthorized access by insiders – Denial-of-service attacks – System penetration – Sabotage – Theft of proprietary information – Fraud – Telecoms eavesdropping and active wiretaps In Order of Decreasing Frequency There are many types of attacks
Figure 9-1: CSI/FBI Survey Very Common Successful Incidents Viruses and other malware Insider abuse of net access Laptop theft LOW-Frequency /High-Damage Attacks Theft of proprietary information($2.7 M per incident) Denial-of-service attacks ($1.4 M per incident)
4 Figure 9-1: CSI/FBI Survey • Very Common Successful Incidents – Viruses and other malware – Insider abuse of net access – Laptop theft • Low-Frequency / High-Damage Attacks – Theft of proprietary information ($2.7 M per incident) – Denial-of-service attacks ($1.4 M per incident)
Figure 9-2: Malware Malware A general name for evil software Viruses Pieces of code that attach to other programs When infected programs execute, the virus executes Infect other programs on the computer Spread to other computers by e-mail attachments, IM peer-to-peer file transfers, etc Antivirus programs are needed to scan arriving files Also scans for other malware 5
5 Figure 9-2: Malware • Malware – A general name for evil software • Viruses – Pieces of code that attach to other programs – When infected programs execute, the virus executes – Infect other programs on the computer – Spread to other computers by e-mail attachments, IM, peer-to-peer file transfers, etc. – Antivirus programs are needed to scan arriving files • Also scans for other malware
Figure 9-2: Malware Worms Stand-alone programs that do not need to attach to other programs Can propagate like viruses through e-mail, etc But this require human gullibility, which is slow In addition, vulnerability-enabled worms jump to victim hosts directl Can do this because hosts have vulnerabilities Vulnerability-enabled worms can spread with amazing speed Vendors develop patches for vulnerabilities but companies often fail or are slow to apply them 6
6 Figure 9-2: Malware • Worms – Stand-alone programs that do not need to attach to other programs – Can propagate like viruses through e-mail, etc. • But this require human gullibility, which is slow – In addition, vulnerability-enabled worms jump to victim hosts directly • Can do this because hosts have vulnerabilities • Vulnerability-enabled worms can spread with amazing speed • Vendors develop patches for vulnerabilities but companies often fail or are slow to apply them
Figure 9-2: Malware Payloads After propagation viruses and worms execute their payloads(damage code Payloads erase hard disks, send users to pornography sites if they mistype URLS Trojan horses are exploitation programs that disguise themselves as system files
7 Figure 9-2: Malware • Payloads – After propagation, viruses and worms execute their payloads (damage code) – Payloads erase hard disks, send users to pornography sites if they mistype URLs – Trojan horses are exploitation programs that disguise themselves as system files
Figure 9-2: Malware · Attacks on Individuals Social engineering is tricking the victim into doing something against his or her interests Spam is unsolicited commercial e-mail Credit card number theft is performed by carders Identity theft is collecting enough data to impersonate the victim in large financial transactions Fraud involves get-rich-quick schemes, medical scams 8
8 Figure 9-2: Malware • Attacks on Individuals – Social engineering is tricking the victim into doing something against his or her interests – Spam is unsolicited commercial e-mail – Credit card number theft is performed by carders – Identity theft is collecting enough data to impersonate the victim in large financial transactions – Fraud involves get-rich-quick schemes, medical scams
Figure 9-2: Malware · Attacks on Individuals Adware pops up advertisements Spyware collects sensitive data and sends it to an attacker Phishing: sophisticated social engineering attack in which an authentic-looking e-mail or website entices the user to enter his or her username, password, or other sensitive information 9
9 Figure 9-2: Malware • Attacks on Individuals – Adware pops up advertisements – Spyware collects sensitive data and sends it to an attacker – Phishing: sophisticated social engineering attack in which an authentic-looking e-mail or website entices the user to enter his or her username, password, or other sensitive information
Figure 9-3: Human Break-Ins(Hacking) Human Break-Ins Viruses and worms rely on one main attack method Humans can keep trying different approaches until they succeed Hacking Hacking is breaking into a computer Hacking is intentionally using a computer resource without authorization or in excess of authorization 10
10 Figure 9-3: Human Break-Ins (Hacking) • Human Break-Ins – Viruses and worms rely on one main attack method – Humans can keep trying different approaches until they succeed • Hacking – Hacking is breaking into a computer – Hacking is intentionally using a computer resource without authorization or in excess of authorization