Slide 1Slide 2Slide 3Slide 4Growing NetworksSlide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38HOME NETWORK SECURITY – EMPHASIS ON WEB SPOOFING CS 265 SHALINI RAMESHTOPICS •Crisis •Computer Crimes•Types of Spoofing•Web Spoofing - working - short term solutions - long term solutions •General Precautions•Internet has grown very fast and security has lagged behind.•Legions of hackers have emerged as impedance to entering the hackers club is low.•It is hard to trace the perpetrator of cyber attacks since the real identities are camouflaged.•It is very hard to track down people because of the ubiquity of the network.•Large scale failures of internet can have a catastrophic impact on the economy which relies heavily on electronic transactions. Crisis•Some of the sites which have been compromised–U.S. Department of Commerce–NASA–CIA–Greenpeace–Motorola–UNICEF–Church of Christ …•Some sites which have been rendered ineffective–Yahoo–Microsoft–Amazon …Why Security?Growing NetworksWired & Wireless NetworksProtocol- is a well defined specification that allows computers to communicate across a network.Internet Protocol – can be thought of as a common language of computers on the internet.IP address – every computer on the internet has an IP address associated with it. But this address may change over time due to-Dialing into ISPConnected behind a network firewallConnected to a broadband service using dynamic IP addressing.TECHNOLOGYDial-up BroadbandConnection type Dial on demand Always onIP addressChanges on each callStatic or infrequently changingRelative connection speedLow HighRemote control potentialComputer must be dialed in to control remotely Computer is always connected, so remote control can occur anytimeISP-provided securityLittle or none Little or noneWhat can intruders do?•Attackers can gain control of the system and launch attacks on other systems.•They can hide their true location and attack high profile computer system in government or financial institutions.•Intruders can program in such a way, where they can watch all the actions a person does.•Reformat the hard disc and change the data of a good guy.Intentional misuse of your computer1. Trojan horse programs 2. Back door and remote administration programs 3. Denial of service 4. Being an intermediary for another attack 5. Unprotected Windows shares 6. Mobile code (Java, JavaScript, and ActiveX) 7. Cross-site scripting 8. Email spoofing 9. Email-borne viruses 10.Hidden file extensions 11.Chat clients 12.Packet sniffingTrojan horse programs:•Intruder tricks the computer user into installing “back door” programs.•Intruder gets easy access to the system without the user’s knowledge.•Intruder can change the system configuration •He can infect the computer with virus.Back door and remote administration programs:•Mostly windows computers are vulnerable to this attack.•3 tools which are commonly used by intruders to gain control are BACKORIFICE, NETBUS and SUBSEVEN.Denial of service•This attack causes the user’s computer to crash or it becomes very busy processing data, that the owner of the computer becomes unable to use it.Unprotected windows shares•Unprotected windows networking shares can be exploited by the intruders in an automated way to place tools on a large number of windows-leased computers attached to the internet.•Site security on the internet is inter- dependent.•Another threat is that worms and virus propagate thro’ unprotected windows networks.Eg: 911 wormMobile code ( java / java script /activex )•These programming languages let web developers to write code and they are executed on the browser.•This code can be used by intruders to gather information about various things, the user does on the internet.Email borne virusesViruses and other types of malicious code mostly spread thro’ attachments with email messages.The user should never run a program which he has received from an unauthorized address.Cross-site scriptingA bad guy may attach a script to something and send it to a website. Later when the web-site responds to the user, the malicious script is transferred to the user’s browser.The many ways this can happen is-•Following links in web pages, email messages without knowing what the link is.•Using interactive forms on an untrustworthy website•Participating in online discussion groups, where users can post text containing HTML tags only.Definition:An attacker alters his identity so that some one thinks he is some one else–Email, User ID, IP Address, …–Attacker exploits trust relation between user and networked machines to gain access to machinesTypes of Spoofing:1. IP Spoofing:2. Email Spoofing3. Web Spoofing4. Frame SpoofingSpoofingEmail Spoofing pretending to be somebody else in emails.IP Spoofing pretending to be somebody else’s machine( pretending to be the trusted intranet host with a particular IP address )Frame Spoofing attacker inserts a frame into the web-page. one of the user frames can be controlled by an attacker while the others are normal.DETAILS ABOUT WEB – SPOOFING web – spoofing pretending to be somebody else’s website.• It is an internet security attack that could endanger the privacy of world wide web users and the integrity of their data.•Today’s browsers like internet –explorer and Netscape navigator are vulnerable to this attack.•Almost unnoticeable to web page visitor•Changes are so small and buried in thousands of lines of html source code.•www.ebay.com becomes www.ebey.com12345Request URLRequestURLSend requestedURLRewrite pageRewritten page sent VICTIMATTACKERWWW SERVERClassic example ofMan-in–the-middleWorking1.Attacker registers a web address matching an entity.2.Eg; amazone.com , ebey.com3.Web- spoofing allows the attacker to create a “shadow copy” of the entire world wide web.4.The user accesses this shadow web thro’ the attacker’s machine.5.The attacker gets hold of all the personal information like user-ids, passwords, financial statements.6.Another major drawback is that the attacker can send false or misleading data to the web servers in the user’s name or vice-versa.7.In other
View Full Document
Unlocking...