COE444 Lect1 Intro 2s

Lecture 1: Introduction
COE444 Computer Security
Dr. Fadi Aloul
Dr. Fadi Aloul. COE444. Page 7
Now What?
Mon Wed
Introduction
Jan 23 25 1
Authentication & Authorization
Feb 30 1 2
6 8 3
Physical Security
13 15 4
Cryptography
20 22 5 Midterm Exam #1
Mar 27 1 6 Network Security
6 8 7 Wireless Security
13 15 8 DOS Attacks & Malware
20 22 9 Email & Web Security
27 29 10
IDS & Firewalls
Apr 3 5 11
Midterm Exam #2
10 12 12
OS Security
17 19 13
24 26 14
Program Security
May 1 3 15
Disaster Recovery & Sec. Mgmt
8 10 16 Ethical & Legal Issues in Security
COE 444: Computer Security American University of Sharjah
Dr. Fadi Aloul Page 8
1
3.7B Internet Users in the World (2016)

Internet Growth Rate 2000-2016

2
Security News in International Media
Last year was the first year that

proceeds from cyber crime were
greater than proceeds from the sale of
illegal drugs, and that was, I believe,
over US$180 billion
- U.S. Dept. of Treasury, 2006

Security News in UAE Media

3
Number of Received Complaints
Almost 1 complaint every 2 minutes!

4
Yearly Dollar Loss in Millions

Examples of Cyber Victims
Media
Governments
Banks
Mostly
Universities
Targeted Attacks
Nuclear Plants
Oil & Gas Few
Telco Opportunistic Attacks
.

5
Examples of Cybercrime Attackers
CyberActivists CyberWarSoldiers
CyberGangs CyberScriptKiddies

Latest Hacking Groups .
Th3j35t3r (The Jester)
LulzSec
6
Why Increase in Attacks?
Internal&ExternalThreats FreePublicTutorials&Tools
IncreaseinMobileDevices Cybercrime&PrivacyLaws

Security Vulnerabilities
Technology Process People

7
Lecture Objectives
1. Recent computer crimes

2. Current attacks, attackers, and victims
3. General steps in a cyber attack
4. Simple steps to protect your system

Cyber Crime The beginning 1988
Robert Morris, a graduate of

Cornell University, released
The Internet Worm
(or the Morris Worm).
The worm infected 10 percent of
the machines (approximately
6,000) connected to the Internet
at that time.
The virus caused an estimated
$100 million in damage

8
Cyber Crime - 1994
In 1994, Vladimir Levin, of

St. Petersburg, made a
number of bank transfers.
When he and his accomplices
were caught, they had
transferred an estimated $10
million.
Eventually all but about
$400,000 was recovered.
Citibank was one of the
attacked banks.

Cyber Crime - 1994
In February, Kevin Mitnick is

arrested for a second time.
He is charged with stealing
20,000 credit card numbers.
Known for Social Engineering
attacks
He eventually spends four years
in jail
On his release his parole
conditions demand that he
avoid contact with computers
and mobile phones.

9
Cyber Crime - 1999
Melissa Virus
written by David Smith
Best known of the early
macro type of virus that
attaches itself to documents,
which contain programs with
a limited macro programming
capability.
Infected about a million
computers and caused an
estimated $80 million in
damages.

Cyber Crime - 2000
The worm spread via e-mail

with the subject line
ILOVEYOU.
The number of infected
machines worldwide may
have been as high as 45
million.
Similar to the Melissa virus,
the Love Letter Worm spread
via attachment to e-mails. In
this case, instead of utilizing
macros, the attachments were
VBScript programs.

10
Cyber Crime - 2002
Adil Shakour (18 years old)

accessed several computers
without authorization, e.g.
Eglin Air Force Base
(where he defaced the web site)
Accenture (a Chicago-based
management consulting and
technology services company)
Sandia National Laboratories
(a Department of Energy facility)
Cheaptaxforms.com (stole $7000)

Cyber Crime - 2003
The Slammer worm

Microsoft issued a patch before the worm release
Infected 120,000 computers in 24 hours
Took advantage of buffer overflow in Microsofts SQL servers.

11
FBI Statistics
Of all the computer crimes, only 1% are detected, and 7% of
the detected crimes are reported (why?).

Why Are Enterprises Worried of Security Breaches?
Lost 21% of enterprises are worried

about a decline in stock price
Assets [resulting from a security breach]
Lost -- Forrester, April 2006

Aligning Data Protection
Reputation Priorities with Risks
Lost
Customer Loyalty
Lost
Revenue
12
Lecture Objectives


Traditional Attacks
System Penetration
Steal, delete, or change information (Active Attack)
Use the machine for malicious reasons (Passive
Attack)
Denial-of-Service Attacks
When hackers cant break into the
system, stop legitimate users from
accessing it

13
Who Executes These Attacks?
1. Malware
Virus, Worms, Trojan horses, etc.
2. Intruders
Hackers (8~12%) access computer system without
authorization
White hats report problem to vendor
Black hats goal is to cause harm
Gray hats may conduct illegal activities for ethical reasons
Script kiddies (85~90%) hacker with no experience
Elite hackers (1~2%) can discover new vulnerabilities
Ethical hackers break into a system to assess its security
(typically paid consultants)
(also known as Penetration Testers)

Level of Experience

14
Who Executes These Attacks?
3. Insiders
Are more dangerous than outside intruders.
Can cause immediate damage to an organization.
Most security is designed to protect against outside intruders
Besides employees, insiders also include a number of other
individuals who have physical access to facilities.

Who is Attacked?
When a computer system is attacked, it is either

Specific Target
Attacker chooses the target not because of the hardware or
software the organization is running but for some other reason,
such as a political reason.
Targeted attacks are more difficult and take more time than
attacks on a target of opportunity.
Opportunistic Target
Site has a hardware or software that is vulnerable to a specific
exploit.
The attackers, in this case, are not targeting the organization.
Instead, they have learned of a vulnerability and are looking for
an organization with this vulnerability that they can exploit.

15
Lecture Objectives


Steps in an Attack
The steps an attacker takes in attempting to penetrate a

targeted network are similar to the ones that a security
consultant performing a penetration test would take.
The attacker will need to gather as much information

about the organization as possible (how?)
Known as Profiling or Reconnaissance Phase

Passive Profiling
Use information available online
Active Profiling
Directly interact with the victim. Your identity might be revealed

16
URL: http://www.google.com
index of /private + "Parent Directory"


17
For Internal Use Only + site:juniper.net

URL: http://www.google.com Filter Options
For Internal Use Only
For Internal Use Only + site:edu

18
URL: http://www.internic.com

Tool: Whois information lookup

Registrant:
targetcompany (targetcompany-DOM)
# Street Address
City, Province
State, Pin, Country
Domain Name: targetcompany.COM
Administrative Contact:
Surname, Name (SNIDNo-ORG) targetcompany@domain.com
targetcompany (targetcompany-DOM) # Street Address
City, Province, State, Pin, Country
Telephone: XXXXX Fax XXXXX
Technical Contact:
Surname, Name (SNIDNo-ORG) targetcompany@domain.com
targetcompany (targetcompany-DOM) # Street Address
City, Province, State, Pin, Country
Telephone: XXXXX Fax XXXXX
Domain servers in listed order:

NS1.WEBHOST.COM XXX.XXX.XXX.XXX
NS2.WEBHOST.COM XXX.XXX.XXX.XXX
* E. H.

19
Tool: SmartWhois information lookup
SmartWhois is a useful network

information utility that allows you to find
out all available information about an IP
address, host name, or domain, including
country, state or province, city, name of
the network provider, administrator and
technical support contact information
Unlike standard Whois utilities,

SmartWhois can find the
information about a computer
located in any part of the world,
intelligently querying the right
database and delivering all the
related records within a few
seconds.
* E. H.
Tool: nslookup information lookup
Nslookup is a program to query

Internet domain name servers.
Displays information that can be used
to diagnose Domain Name System
(DNS) infrastructure.

20
Steps in an Attack
Ping Sweep The first step in the technical

part of an attack is often to
Port Scan determine what target systems
are available and active.
Determine OS
This is often done with a ping
Vuln. Information sweep, which sends a ping
(an ICMP echo request) to the
target machine. If the machine
Attacking System
responds, it is reachable.

Tool: ping check if machine is alive

21
Tool: Pinger check if machine is alive
- Ping send out an ICMP Echo Request packet and

awaits an ICMP Echo Reply message from an
active machine.
- Alternatively, TCP/UDP packets are sent if
incoming ICMP messages are blocked.
- Ping helps in assessing network traffic by time
stamping each packet.
- Ping can also be used for resolving host names.
- Ping can be used to check if machine is alive
* E. H.
Steps in an Attack
Ping Sweep This will help identify the ports

that are open, which gives an
Port Scan indication of the services
running on the target machine.
Determine OS
Vuln. Information
Attacking System

22
Tool: nmap Port Scanner (Windows/Linux)
Ping Scan nmap sP host

Port Scan nmap sT host
Stealth Port Scan nmap sS host
Specify ports: -p 1-100

Specify hosts: 192.168.1.100-150
Tool: nmap Port Scanner (Windows/Linux)
* E. H.

23
ShieldsUP Scans Your PC for Open Ports


24

Steps in an Attack
Attacker needs to determine the

Ping Sweep operating system running on
the target machine and specific
application programs
Port Scan
Determine OS Known as Finger Printing

phase
Vuln. Information
Attacking System

25
URL: http://www.netcraft.com

URL: http://uptime.netcraft.com/

26


27
Steps in an Attack
There are numerous web sites that

provide information on vulnerabilities in
Ping Sweep specific application programs and
operating systems.
Port Scan
In addition to information about specific
vulnerabilities, some sites may also
Determine OS provide tools that can be used to exploit
vulnerabilities.
Vuln. Information
An attacker can search for known
vulnerabilities and tools that exploit
Attacking System them, download the information and
tools, and then use them against a site.

Vulnerability Info: http://packetstormsecurity.org/

28
Scanner: http://www.parosproxy.org

Steps in an Attack
Ping Sweep The attack may be successful if

the administrator for the
Port Scan targeted system has not
installed the correct patch.
Determine OS
The attacker will move on to the
Vuln. Information next possible vulnerability if the
patch has been installed.
Attacking System

29
Minimizing Avenues of Attack
Understanding the steps an attacker will take enables to

limit the exposure of the system and minimize the avenues
an attacker might possibly exploit.
Steps an administrator can take to minimize the possible

attacks:
Ensure that all patches for the operating system and the
applications are installed.
Limit the services running on a system.
Provide as little information as possible on an organization
Stay up-to-date with latest vulnerabilities information.

Search online & read reports

Snort Free Intrusion Detection System

30
Security Certifications

Lecture 1 Tools
www.internic.net
Check domain information
www.netcraft.com
Check website information (OS, Web Server Type, etc)
Ping, Pinger
Check if machine is alive
Traceroute
Check the servers located between origin and destination
Nmap, NetBrute, NetScan, SuperScan
Port scanner
Smart Whois, Nslookup, Whois
Check domain information

31

COE444 Lect1 Intro 2s

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

COE444 Lect1 Intro 2s

Uploaded by

Copyright:

Available Formats

Lecture 1: Introduction

COE444 Computer Security

Dr. Fadi Aloul

Dr. Fadi Aloul. COE444. Page 7

COE 444: Computer Security American University of Sharjah

Internet Growth Rate 2000-2016

COE 444: Computer Security American University of Sharjah

Last year was the first year that

COE 444: Computer Security American University of Sharjah

Security News in UAE Media

COE 444: Computer Security American University of Sharjah

Number of Received Complaints

Almost 1 complaint every 2 minutes!

COE 444: Computer Security American University of Sharjah

Examples of Cyber Victims

COE 444: Computer Security American University of Sharjah

COE 444: Computer Security American University of Sharjah

Latest Hacking Groups .

Th3j35t3r (The Jester)

COE 444: Computer Security American University of Sharjah

Technology Process People

COE 444: Computer Security American University of Sharjah

1. Recent computer crimes

COE 444: Computer Security American University of Sharjah

Cyber Crime The beginning 1988

Robert Morris, a graduate of

COE 444: Computer Security American University of Sharjah

In 1994, Vladimir Levin, of

COE 444: Computer Security American University of Sharjah

Cyber Crime - 1994

In February, Kevin Mitnick is

COE 444: Computer Security American University of Sharjah

COE 444: Computer Security American University of Sharjah

Cyber Crime - 2000

The worm spread via e-mail

COE 444: Computer Security American University of Sharjah

Adil Shakour (18 years old)

COE 444: Computer Security American University of Sharjah

Cyber Crime - 2003

The Slammer worm

COE 444: Computer Security American University of Sharjah

COE 444: Computer Security American University of Sharjah

Why Are Enterprises Worried of Security Breaches?

Lost 21% of enterprises are worried

Lost -- Forrester, April 2006

1. Recent computer crimes

COE 444: Computer Security American University of Sharjah

COE 444: Computer Security American University of Sharjah

COE 444: Computer Security American University of Sharjah

COE 444: Computer Security American University of Sharjah

COE 444: Computer Security American University of Sharjah

When a computer system is attacked, it is either

COE 444: Computer Security American University of Sharjah

1. Recent computer crimes

COE 444: Computer Security American University of Sharjah

The steps an attacker takes in attempting to penetrate a

The attacker will need to gather as much information

Known as Profiling or Reconnaissance Phase

COE 444: Computer Security American University of Sharjah

index of /private + "Parent Directory"

COE 444: Computer Security American University of Sharjah

COE 444: Computer Security American University of Sharjah

For Internal Use Only + site:juniper.net