11SECURING INFORMATION SYSTEMSBUS3500 - Abdou Illia - Fall 2012(November 5-7, 2012)2LEARNING GOALS Understand security attacks’ preps Discuss the major threats to information systems. Discuss protection systems3The Security Problem 2007 Computer Crime and Security Survey 90% of large companies and government agencies reported computer security breach 80% reported sizeable financial loss Only 40% indicated security attacks came from outside the company 85% reported as victim of computer virus24Webserver needs:- Network (or Server) Operating System-TCP/IP- Domain name (e.g. eiu.edu)- Internet access - IP Address (e.g. 139.67.8.3)User PC needs:- Workstation Operating System-TCP/IP- Web browser (e.g. Internet Explorer)- Internet access (e.g. thru an ISP)- IP Address (e.g. 128.150.50.9)Internet (www) operation - ReviewNetworkWeb BrowserPacketRouterPacketRouteWebserverSoftware5Test Your Internet knowledge Your business has 10 employees. You just bought 10 desktop computers and subscribed to Internet DSL service. Which of the following will be needed to connect the computers to the Internet and navigate the World Wide Web?a) A server operating systemb) Workstations operating systemsc) TCP/IP protocold) Web browserse) Domain names6TCP/IP-based Communications Requesting a web page from eiu.edu:http://www.eiu.eduWeb browserFormatting Prg.Packet CreatorSignal GeneratorGet index.php in default folder from eiu.eduTransmission media010100100010000010001000100100010010From: 123.12.2.1:1234To: 139.67.14.54:80010100100010000…….Computer 1 (User PC)Computer 2 (web server)37TCP/IP Packet TCP/IP Packets or computer messages have two parts: Communications protocols Actual message to be deliveredSource IP Address: 123.12.2.1Source Program: Web Browser 1234Destination IP Address: 139.67.14.54Destination Program: Server Program 80Formatting scheme: ASCIIGet index.phpFrom: server eiu.eduLocation: Home directoryProtocols tell the receiving computer: - Sender’s ID - How to read the messageMessage to be delivered8Received: from hotmail.com (bay103-f21.bay103.hotmail.com [65.54.174.31])by barracuda1.eiu.edu (Spam Firewall) with ESMTP id B10BA1F52DCfor <[email protected]>; Wed, 8 Feb 2006 18:14:59 -0600 (CST)Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;Wed, 8 Feb 2006 16:14:58 -0800Message-ID: <[email protected]>Received: from 65.54.174.200 by by103fd.bay103.hotmail.msn.com with HTTP;Thu, 09 Feb 2006 00:14:58 GMTX-Originating-IP: [192.30.202.14]X-Originating-Email: [[email protected]]X-Sender: [email protected]: <10E30E5174081747AF9452F4411465410C5BB560@excma01.cmamdm.enterprise.corp>X-PH: V4.4@ux1From: <[email protected]>To: [email protected]: RE: FW: Same cell#Subject: RE: FW: Same cell#Date: Thu, 09 Feb 2006 00:14:58 +0000Mime-Version: 1.0Content-Type: text/plain; format=flowedX-OriginalArrivalTime: 09 Feb 2006 00:14:58.0614 (UTC) FILETIME=[DCA31D60:01C62D0D]X-Virus-Scanned: by Barracuda Spam Firewall at eiu.eduX-Barracuda-Spam-Score: 0.00Hi,I just wanted to let you know that I have received the packet you sent.9Test Your TCP/IP knowledge You have received an email from a potential business partner who pretends to be overseas. Which of the following could help determine the location of the computer he/she used to send the message?a) Check the domain name that appears after the @ in the sender’s email addressb) The destination IP addressc) The Source IP address that appears in the communication protocols’ part of the emailFrom: [email protected]: [email protected]: meeting____________________Hi,I couldn’t make it to the meeting because I am overseas in business.410Attack strategy Scanning Ping messages (To know if a potential target exist, is connected to the network, and is responsive) Supervisory messages (To know if victim available) Tracert, Traceroute (to know about the route that leads to target) Check the Internet (e.g. www.cert.org) for latest systems vulnerabilities Use Brute Force attack or Dictionary attack Trying different usernames and passwords in an attempt to “break” a password and gain an unauthorized access. Use Social engineering strategy to get other information By tricking employees to provide passwords, keys and other info. over the telephone By phishing i.e. misleading people to provide confidential info through emails, fake websites, etc.11Recent Social engineering targeting EIU12Attack strategy (cont.) Examining Collected data Users login names and password IP addresses of potential victims What programs are running on target computers Different programs have different weaknesses Potential victim’s operating systems, version number, etc. Deciding types of attacks Examples: DoS attacks targeting computers with older operating systems Content attacks using identified Open Mail servers & collected emails System intrusion on improperly configured servers Launch the attacks513Test Your Attacks Strategy Knowledge An attacker is preparing an attack. He got the IP address of a potential target. Which of the following could he use in order to determine whether or not the potential target exist, is connected to the network, and is maybe responsive?a) Do some scanning using the connected commandb) Use the tracert commandc) Do some scanning by sending ping messages to the target computerd) None of the above Which of the following has more chance of succeeding?a) An attack launched by a hacker using a computer that is not part of the target corporate network. b) An attack launched by a hacker using a computer that is part of the target corporate network.c) a and b have the same chance of succeeding14Major security threats Denial of Service (DoS) attacks The attacker makes a target (usually a server) crash in order to deny service to legitimate users Content attack Sending messages with illicit or malicious content System intrusion Getting unauthorized access to a network15Denial of Service (DoS) attacks There are two major types of DoS attacks Single-message DoS attacks Tear-Drop DoS attacks In Single-message DoS Target crashes upon receiving a single “deadly” attack message In Tear-Drop DoS The target slows down or crashes as a result of receiving more request messages than it can handle.616Tear Drop DoS Intentionally sending a